words of wisdom from a systems engineer

Block Flash and Java in your browser today

If you haven’t heard about the wave of security issues caused by Java and Flash in recent months, you must be living under a rock. Attackers are getting smarter by delivering more 0-day exploits that fly under the radar of traditional A/V products and patches from the vendors are lagging behind. How can you attack the problem in the meantime?

Be smart and only enable Flash and Java for the sites you explicitly trust.

Although the whitelisting process may slow you down at first, the number of times you need to whitelist a site will decrease over time. The added security benefit of disabling these plugins far outweighed the minor annoyance of whitelisting for me.

The Naked Security blog from Sophos has instructions for disabling Java in various browsers. For Flash, there are some handy plugins and extensions available for Chrome, Firefox, and Safari.

Keep in mind that Java and Flash vulnerabilities will affect all operating systems in some way. Although much of the malware dropped by vulnerable applications is written for Windows, there are an increasing number of malware variants which are able to infect OS X and Linux. Facebook and Apple are currently working through some compromises on various operating systems.