Items tagged with Java

Consider this a PSA: Oracle is going to patch that hole in Java, the one that security pros discovered last week. Cybercriminals were using a zero-day exploit in Oracle’s Java to deliver malware payloads, steal identities, and take over computers to force them to commit nefarious acts. According to Reuters, Oracle said that “A fix will be available shortly”, which of course begs the question of what “shortly” means, exactly. In an hour? A week? A month? In any case, the exploit apparently only affects Java 7, so users with older versions of the software can breathe... Read more...
Here we go again. We're not even halfway through the first month of the New Year, and already we're being warned to disable Java. Not as a general practice, mind you (though that's not a bad idea), but because of yet another zero-day exploit spotted in the wild "There appears to be multiple ad networks redirecting to Blackhole sites, amplifying the mass exploitation problem. We have seen ads from legitimate sites, especially in the UK, Brazil, and Russia, redirecting to domains hosting the current Blackhole implementation delivering the Java  zero-day. These sites include weather sites, news... Read more...
Believe it or not, but Macs are susceptible to security vulnerabilities too, and perhaps erring on the side of caution, Apple has begun removing dated versions of Oracle's Java software from OS X when Mac users upgrade to the latest release. "Java for OS X 2012-006 delivers improved security, reliability, and compatibility by updating Java SE 6 to 1.6.0_37. This update uninstalls the Apple-provided Java applet plug-in from all web browsers," Apple stated on its support website. "To use applets on a web page, click on the region labeled 'Missing plug-in' to go download the latest version of the... Read more...
Tread carefully on the Internet, surf ninja. That's always sound advice, but it's especially important now to be extra cautious, particularly if you use Java. Researchers at Security Explorations discovered a zero-day exploit in multiple versions of Java that could affect over a billion PCs around the globe. Technical details of the exploit are still being withheld, but what we do know is that it affects Java Standard Edition (SE) versions 5, 6, and 7. It's an especially nasty bug that would allow an attacker to worm his way out of the confines of a sandbox, where normally users' main systems are... Read more...
Apple can't be too happy about having that Flashback malware news hit over half a million Mac users, and on a percentage basis, that's pretty extreme. But now, hopefully, the past can be the past. A new update in OS X Software Update patches Java, enabling the program (on Lion machines) to stop automatically executing Java applets. Users can still override the new default, and of course, this security patch "removes the most common variants of the Flashback malware." If you've been dealing with the issue, or just cautious not to get it, this update looks like one you shouldn't avoid.... Read more...
Opera realizes that wireless carriers are placing limits on how much data is included with many smartphone plans. In an effort to give users the mobile web without going over their data limits, Opera has released the latest version of the Opera Mini browser. The latest version, 6.5, is available for iPhone, iPad, BlackBerry, Symbian S60 and Java-enabled phones. In addition, the Opera Mobile 11.5 browser is now available on Symbian S60. If you're not familiar with Opera Mini and Opera Mobile, both offer cost saving features that help reduce your data consumption. With Opera Mini, remote servers... Read more...
Microsoft's initial declaration that Windows 8 would run on ARM CPUs and early product demonstrations earned the nascent OS a great deal of attention. Since then, however, the company has remained largely silent on the features and capabilities of the new operating system, even as questions regarding the OS's support for legacy software, its UI, and Microsoft's preferred development frameworks all began to mount. The company has launched a new blog that's meant to provide additional details, but its still holding its cards close. Windows 8, according to Steven Sinofsky, "reimagines Windows." The... Read more...
District Court judges are no strangers to outlandish demands or absurd claims, but Google and Oracle have jointly managed to push their case past Ludicrous Speed and into Plaid ("They've gone into plaid!"). In a hearing late last week, District Court Judge William Alsup informed both sides that they are "both asking for the moon and should be more reasonable." The judge questioned Oracle's estimate that Google had caused between $1.6-$6.1B in damages, particularly considering the fact that the lawyer who came up with that figure had been paid $700 an hour by Oracle to do so. At the same time,... Read more...
Android's rise to dominance as a smartphone/tablet OS has reshaped the mobile OS market--but recent actions by both Microsoft and Oracle could damage the operating system's appeal. Oracle and Google are locked in an ongoing lawsuit over Android's alleged infringement on certain Java-related patents, while both Oracle and Microsoft are negotiating licensing agreements with Android device manufacturers. While this is an ongoing situation, pressure has mounted in recent weeks.  Last week, news broke that Microsoft has demanded Samsung pay it $15 per Android device. The deal is similar to one... Read more...
Today, Microsoft released its detailed security report covering the latter half of 2010. Industry tends in general are positive—vulnerability disclosures in 2010 fell 16.5 percent from their 2009 levels and approximately 35 percent from 2006. Microsoft's own share of the vulnerability pie rose from 4.5 percent in 2009 to 7.2 percent in 2010; the company claims this is largely because industry disclosures fell so sharply in just one year. The general decline in disclosures hides sharp changes in the nature of the exploits roaming the Internet. From the report: Malware written in Java has existed... Read more...
The CTO of Mozilla and the platform architect for Microsoft's Internet Explorer are engaging in a little war of words over the format for the next version of the Javascript language. Microsoft's Chris Wilson wants to see an entirely new language supersede the existing version; Mozilla CTO  Brendan Eich wants to supercharge the existing version. "As I've frequently spoken about publicly, compatibility with the current web ecosystem -- not 'breaking the Web' -- is something we take very seriously," Wilson wrote on the Internet Explorer team blog this week. "In our opinion, a revolution in ECMAScript... Read more...
In an attempt to capitalize on the name recognition of Java, which is more well-known to the general public than Sun Microsystems itself, Sun will be changing its stock ticker symbol next week from SUNW to JAVA. "The number of people who know Java swamps the number of people who know Sun," Schwartz wrote. "JAVA is a technology whose value is near infinite to the Internet, and a brand that's inseparably a part of Sun (and our profitability)." Sun estimates that 1 billion consumers recognize the steaming coffee cup symbol of Java, it said in a press release. At... Read more...
Wow. Gangbangers sure are getting nerdy these days. Symantec is warning about what they call "drive-by" web attacks using javascript. Computerworld has the rundown. That's what researchers at Symantec Corp. and Indiana University are saying, after publishing the results of tests that show how attackers could take over your home router using malicious JavaScript code. For the attack to work, the bad guys would need a couple of things to go their way. First, the victim would have to visit a malicious Web site that served up the JavaScript.... Read more...
Early in 2004 IBM challenged Sun to co-develop an open-source implementation of Java. Sun did not immediately warm to the idea. Though IBM has its own implementation of Java and could easily have open-sourced it, IBM believed that any open source version of Java should have Sun involved. At the same time Eric Raymond, president of the Open Source Initiative and one of open source's fathers, backed IBM and called on Sun to contribute Java to the open source community. In Raymond's opinion, the "'Sun Community Source License' promoted proprietary lock-in. He also contended... Read more...
Prev 1 2 3 Next