Yahoo! Pushing Java Version Released in 2008

[slgrieb]

From today's krebsonsecurity.com blog, here's a story that provides more evidence that large companies still aren't taking security seriously. Yahoo's Site Builder is using an ancient version of Java. As usual with most of Brian's blogs, the commentary is interesting and definitely a cut above the run of the mill.

http://krebsonsecurity.com/2013/02/y...08/#more-18411

[Niclo Iste]

Of course they don't, look at the place I worked at, who couldn't take accountability for their lacking security blamed it on the guy who quit that knew more than all of them. Honestly this is exactly why I want to go free-lance again and focus on disaster recovery/triage of large companies who don't know how to handle infectors and believe that if the antivirus isn't detecting anything, then all is good.

[Ferrit]

Its dam sad thats for sure

[Niclo Iste]

Oh look another company who liked to pretend they didn't have issues..... http://krebsonsecurity.com/2013/02/e...ks/#more-18881

You know, it's like having a conversation with someone about their seat belts being defective and them countering with a response of "I buckle up all the time and i haven't wrecked yet so they must work."

[slgrieb]

Particularly interesting stat from Sophos in the article: "80 percent of the Web sites where the company detects malicious content are innocent, legitimate sites that have been hacked." Nothing disturbing there.

Still, the L.A Times response contains a real gem of stupidity: "The sub-domain generates only advertising content and does not contain any customer information." Right. It only facilitated infecting user computers with malware that could accomplish the same goal, so no worries, eh?

[slgrieb]

Are we on a roll this week, or what? http://www.zdnet.com/ios-6-1-lock-sc...ty-7000011314/

http://krebsonsecurity.com/2013/02/s...re/#more-18884