Podcast: Play in new window | Download | Embed
Subscribe: Apple Podcasts | Android |
Subscribe in iTunes | Podcast RSS Feed | Twitter | Email
Etsy’s solution for running java: http://codeascraft.etsy.com/2013/03/18/java-not-even-once/
In episode 11, I made some comments about wiping a compromised system rather than trying to clean it. I saw in my twitter feed a bit ago that the 2013 Shmoocon videos were posted. I looked through and one talk stuck out and I wanted to share here, given my comments: Wipe The Drive – Techniques for malware persistence..
Basically, the presenters show why it’s such a bad idea to simply clean a computer after a virus infection. I like to think this is common knowledge, but I meet people daily who so not understand the reasons behind taking this draconian approach.
Brian Krebs is reporting that a new zero day vulnerability and matching exploit are making the rounds, with no patch or fix in sight.
My recommendation is to consider disabling the java browser plugin or implementing no script with a policy to only allow java originating from intranet sites.
Be careful out there!