Most vulnerable browser plugin? Think Java, not Flash

apple to contribute open source java for mac logo

Adobe’s Flash media plug-in for Web browsers doesn’t exactly have a stellar security record, requiring several urgent security updates to squelch zero-day exploits. However, computer security experts are now calling attention to Java, noting that many Internet users are running browsers with outdated Java implementations that contain serious security holes of their own. In a session at this year’s RSA Conference in San Francisco, Qualys CEO Walfgang Kandek unveiled data that showed that of over 200,000 browsers that visited his company’s BrowserCheck security service between July 2010 and January 2011, some 42 percent were running out-of-date Java plug-ins with known vulnerabilities. The number of people running out of date Flash plug-ins stood at 24 percent. In between came Adobe Reader at 32 percent, followed by Apple QuickTime at 25 percent.

The figures come just as Oracle has released an update to Java which patches some 21 vulnerabilities, 8 of which are considered extremely critical and some 19 of which could be exploited over a networking without valid login credentials. Oracle also issued multiple updates to Java throughout 2010 to address vulnerabilities.

Qualys isn’t the only company to single out Java as a key vulnerability in many users’ systems: in December networking giant Cisco noted (PDF) attacks on Java exceeded attacks against Adobe Reader and Acrobat during 2010, with Java some 3.5 more frequently exploited than malicious PDFs.

Qualys’s browser check system has itself been criticized for requiring users to install a browser plug-in in order to conduct its security audit. Competing services—such as the one built into Mozilla browsers—operate using Javascript.

Product Review

Microsoft’s Surface Laptop 2 launched last year, but already feels old

Released in fall of 2018, the Surface Laptop 2 was competitive at the time but now must deal with new competitors that were announced at CES 2019. How does the popular Surface Laptop 2 hold up six months later?

Is Threadripper dead? If so, AMD has made a huge mistake

Think Threadripper is dead? Think again. AMD's flagship CPU line might not be on this year's roadmap, but it's not dead and could well bring some amazing new enhancements when it returns.
Social Media

6 easy ways to archive all of your favorite Instagram videos

Saving Instagram videos should be just as easy as taking a screenshot. So, we've put together a list of the best apps and tools that save your favorite Instagram videos onto your phone or computer.

Cybercrime gang that stole $100M busted in international effort

A major cybercrime gang that used powerful malware to steal an estimated $100 million from bank accounts has been dismantled following an international effort that spanned six countries.

G-Sync is a game-changer. These are the best monitors with Nvidia's display tech

Looking for a monitor that plays well with Nvidia GPUs? You need G-Sync and we have picked the best G-Sync monitors available. Take a look and find out which monitor works best for your PC upgrade.

Microsoft is discounting this Surface Laptop 2 by a sweet $300

Microsoft is offering a nearly 14-inch Surface Laptop 2 with 256GB of storage at a $300 discount until May 18, 2019. The laptop comes with a PixelSense display, and Intel Core i5 processor and a 720p HD camera.
Product Review

Looking for discrete graphics on the cheap? The Acer Swift 3 will do the trick

The Acer Swift 3 is a tweener laptop that’s not quite budget and not quite premium – and it feels and performs accordingly. It manages to hold its own, though, thanks to its discrete GPU.

The Razer Core X Chroma is the best external GPU you can buy

The third entry in Razer's lineup of external graphics card enclosures, the Core X Chroma, brings together the best of its previous options in a single package. With RGB lighting and extra USB ports, is this the best you can buy?

Google recalls Titan Security Key due to hijack risk

Google is offering a free replacement for the Bluetooth Low Energy version of the Titan Security Key. A misconfiguration was discovered in the device, though hackers looking to exploit the vulnerability will find it difficult to do so.

Whether you want to edit, sign, or append, PDFs, these are the best PDF editors

While there are plenty of PDF editor options online, finding a solution with the tools you need can be tough. Here are the best PDF editors for your editing needs, no matter your budget or operating system.

Give your PC a new lease on life by upgrading its core components

Older PCs can still be great tools for work and play, they just need a little upgrade now and then. Here are the best upgrades you can make to your PC to make it feel fresh and fast once again.

The best software for filing your taxes — because you can never be too early

The best tax software offers a variety of services for saving money, completing your taxes at top speed, or getting advice for more complex tax scenarios that you haven't had to deal with before.

Through the wire, to the limit, to the wall: The 5 best ethernet cables

While our world may be transitioning to wireless connectivity, Ethernet connections are still faster and less prone to lag times than traditional Wi-Fi networks. Here are five of the best Ethernet cables you can buy.

Your amazing PC rig needs an amazing computer case. These are the very best

There's an incredible variety of PC cases on the market, but a few stand above the rest. Any of our five best computer cases will make your desktop look and work great, no matter what your budget is.