Items tagged with Java
Google has beaten Oracle in what became a protracted legal battle over the use of the latter's Java APIs in the former's Android mobile operating system. Oracle had sought $9.3 billion in damages, but any hopes of winning a big payday from Google were mostly dashed on Thursday when a U.S. jury unanimously sided with Google in the dispute. Oracle took issue with Google injecting certain parts of its Java platform into Android, the world's leading mobile OS (by market share), without a license agreement. The dispute led to a lawsuit being filed in 2010 that stated "in at least several instances, Android computer program code was also directly copied from copyrighted Oracle America code." Two years...
Read more...
Oracle is hoping to score a major damages award from Google in court. Specifically, Oracle wants Google to fork over $9.3 billion, the amount Oracle claims Google now owes it for injecting certain parts of its Java platform into Android, the world's leading mobile operating system (by market share), without a license agreement.The dispute between Oracle and Google is one that's been going on for over a half a decade. Oracle initially sued Google in 2010, stating at the time that "in at least several instances, Android computer program code also was directly copied from copyrighted Oracle America code." It took two years for that case to go to trial, and when it finally did in 2012, a jury ruled...
Read more...
It now looks as though we can chalk up yet another win for computer users around the globe, as Oracle has announced that it is “moving to a plugin-free web” from this point forward. And thankfully, that means that demise of the hated Java browser plugin. Like Adobe Flash, the Java plugin has long been a dangerous security risk for Windows and Mac computers, with hackers taking advantage of poor coding to deliver malicious payloads. Oracle has finally seen the writing on the wall, stating in a blog post that it will “deprecate the Java browser plugin in JDK 9.” Oracle goes on to explain that the plugin “will be removed from the Oracle JDK and JRE in a future Java SE release.”(Image Source: Rob...
Read more...
If you don't pay close attention, you may end up switching your default search engine without realizing it. That's the whole idea, really. During Yahoo's annual shareholder meeting on Wednesday, company boss Marissa Mayer talked about how search was in Yahoo's DNA and always will be. More importantly, she announced a three-year partnership with Oracle aimed at getting more users to try Yahoo's search engine. As part of the partnership, Yahoo will be the default search provider for Oracle's Java software. What this means is when you install or update Java, the software will ask permission to change your browser's default search engine and homepage to Yahoo. The option to change both will be selected...
Read more...
Oracle sued Google over its use of Java to build the Android operating system a few years ago, but Google won the case. However, an appeals court has overturned that ruling, finding that “the declaring code and the structure, sequence, and organization of the API packages are entitled to copyright protection”. This ruling is a big deal because it could severely limit what software makers can safely do without getting sued and could hamper innovation. Google is of course displeased with the ruling, but others in the industry are none too happy either. Image credit: orangesparrow/Flickr Bryan Cantrill, CTO of Joyent, told Wired that the notion that you can copyright APIs is a perverted...
Read more...
As if Yahoo needed more bad press after the slow-boil frustration that is the new Yahoo Mail, at least one security firm found that the company’s homepage served up malicious ads to potentially millions of users, with likely thousands infected. Security firm Fox IT, which operates Security Operations Center service ProtACT reported that for a period starting on December 30th (possibly earlier) and stretching to around January 3rd (when the malicious traffic started to die off), visitors to Yahoo.com were served malicious ads that redirected them to domains that pointed to a single IP address in the Netherlands where they were hit with the Magnitude exploit kit. Fox IT's estimate of infections...
Read more...
Massive Open Online Courses, better known as MOOCs, are getting some traction in the education community - and we’re not just saying that because Oxford Dictionaries online added the term last week. The challenge to creating true MOOCs has been in the Open part of Massive Open Online Course: making all aspects of the course are freely available to students. Rupert Murdoch’s new Amplify MOOC is launching this year, providing schools and students with a credible AP computer science MOOC. The AP CS MOOC is a two-semester course in which your assignments are graded individually and you receive an overall grade at the end of the class. The AP CS MOOC, which is geared at high school students...
Read more...
You have to give a little credit to Google; just a couple of days after Bitcoin announced that it found vulnerabilities with Android wallets, the Android dev team figured out the root cause of the problem and issued patches to developers. (Google credited Soo Hyeon Kim and Daewan Han of ETRI and Dong Hoon Lee of Korea University for the heads-up.) “We have now determined that applications which use the Java Cryptography Architecture (JCA) for key generation, signing, or random number generation may not receive cryptographically strong values on Android devices due to improper initialization of the underlying PRNG,” wrote Android Security Engineer Alex Klyubin in a blog post. “Applications...
Read more...
Do you use Java? If so, be aware that Oracle just released its "June 2013 Critical Update for Java SE," a collection of code that provides 40 new security fixes. All but three of them are security holes that can be exploited from a remote location without any kind of authentication. Four of the vulnerabilities affect client and server deployments, while 34 only affect client deployments, Oracle said, adding that Java users should waste no time applying the update. "Oracle recommends that this Critical Patch Update be applied as soon as possible because it includes fixes for a number of severe vulnerabilities," Oracle said in a statement. "Note that the vulnerabilities fixed in this Critical Patch...
Read more...
Another day, another issue with Java. In a world that is becoming increasingly fraught with privacy invasions and security breaches, Java has been a term that's been popping up in negative fashion of late. Now, Apple has shot out a new batch of security patches for OS X, one of which covers up a flaw that "allowed Java Web Start applications to run even when users had Java disabled in the browser." OS X 10.8.3 fixed a total of 21 issues in terms of security, and it also throws in a fresh edition of the malware removal tool for Apple rigs. In an Apple advisory: "Visiting a maliciously crafted website could allow a Java Web Start application to be launched automatically even if the Java plug-in...
Read more...
You've got to love hacker conferences. Software vulnerabilities are never going away, that much is obvious, but it's with competitions at hacker conferences where we can really see just how vulnerable the software we use every single day is. Putting this into perspective, prior to the Pwn2Own conference in Canada, Google patched-up ten bugs in Chrome - six of which were considered severe. Despite that, Chrome was hit with a zero-day during the conference that granted code execution in the browser's sandbox renderer process. Chrome is hardly the only guilty party, however. Equally-severe exploits were presented for IE 10 under Windows 8, IE 9 under Windows 7, Firefox under Windows 7...
Read more...
Is there a world record for number of software vulnerabilities exposed within the span of a single month? If so, I'm willing to bet that Oracle's Java is the clear winner. We've reported on many Java happenings over the past couple of months, and it doesn't look like the fun is going to end anytime soon. Security firm FireEye is responsible for the latest finding, noting that this zero-day exploit has been successfully executed using Java 1.6 update 41 and the most recent 1.7 update 15. It takes advantage of a vulnerability that might allow someone to overwrite bits of data Java has stored in the RAM - such as the area that tells it whether or not the security manager is enabled. While success...
Read more...
Microsoft has just joined the small list of companies that have experienced a cyberattack this past month, made all the more interesting due to the fact that it's the same one that Apple and Facebook suffered. Compared to Facebook's informative post, Microsoft's could be considered minimal, with the bulk of what's important seen below: "Consistent with our security response practices, we chose not to make a statement during the initial information gathering process. During our investigation, we found a small number of computers, including some in our Mac business unit, that were infected by malicious software using techniques similar to those documented by other organizations. We have no...
Read more...
If our not-too-subtle hint a couple of weeks ago about the perils of having Java installed wasn't enough to convince you to uninstall, you should waste no time in heading on over to the official site and grabbing the latest version (7u13). When it comes to Java, the Swiss-cheese of the software world, it's important to snag updates whenever they're rolled-out - but this one is in a league of its own. Oracle managed to pack 50 fixes with this single update - the largest bulk of fixes ever seen in the software's history. For those interested in getting into the nitty gritty of what's been patched up, you can head on over to this very in-depth advisory page. Given the number of holes and exploits...
Read more...
When Oracle released its Java Update 11 earlier this week, it patched several zero-day exploits that security researchers had previously identified. Nevertheless, a number of firms still recommended uninstalling Java due to a number of remaining bugs. It's taken less than a week for new flaws to surface -- and these are issues that hadn't previously been identified. Adam Gowdiak, of Security Explorations, noticed that while Update 11 fixed some outstanding issues, it did nothing to repair a flaw in the Java MbeanInstantiator that still allows for the execution of malicious code. Oracle's decision to leave the problem less-than-fixed inspired Adam Gowdiak, of Security Explorations, to go looking...
Read more...
Java is a mess; Oracle’s software has become a popular target of cybercriminals, and news about Java exploits is becoming more and more common, even as the solutions Oracle provides offer little comfort. Wait, it gets worse: According to Kaspersky Labs and security company Seculert, the terrifying and massive Red October botnet espionage campaign that swiped sensitive data from governments worldwide used Java exploits to penetrate some systems. Specifically, the exploit in question is CVE-2011-3544, which is present in Java 7 and 6 (update 27) and allows “remote untrusted Java Web Start applications and untrusted Java applets to affect confidentiality, integrity, and availability...
Read more...
Software vulnerabilities are common, but it’s not every day that the Computer Readiness Team (CERT) at the U.S. Department of Homeland Security steps in and starts warning the public. Not surprisingly, Oracle jumped on the security hole and released an update (Java Update 7u11) that resolves the problem. If you’re running Java (even the Java plug-in in your browser), update now. That said, not everyone is convinced that Java users are completely in the clear after updating to the latest version. Experts agree that the updated version of Java now blocks the zero day exploit (in part by making you click a button to run Java technology present on most websites). But...
Read more...
Consider this a PSA: Oracle is going to patch that hole in Java, the one that security pros discovered last week. Cybercriminals were using a zero-day exploit in Oracle’s Java to deliver malware payloads, steal identities, and take over computers to force them to commit nefarious acts. According to Reuters, Oracle said that “A fix will be available shortly”, which of course begs the question of what “shortly” means, exactly. In an hour? A week? A month? In any case, the exploit apparently only affects Java 7, so users with older versions of the software can breathe a sigh of relief. However, everyone should note well that this is the second major security flaw in...
Read more...
Here we go again. We're not even halfway through the first month of the New Year, and already we're being warned to disable Java. Not as a general practice, mind you (though that's not a bad idea), but because of yet another zero-day exploit spotted in the wild "There appears to be multiple ad networks redirecting to Blackhole sites, amplifying the mass exploitation problem. We have seen ads from legitimate sites, especially in the UK, Brazil, and Russia, redirecting to domains hosting the current Blackhole implementation delivering the Java zero-day. These sites include weather sites, news sites, and of course, adult sites," security firm Kaspersky warned in a blog post. A heat map of...
Read more...
Believe it or not, but Macs are susceptible to security vulnerabilities too, and perhaps erring on the side of caution, Apple has begun removing dated versions of Oracle's Java software from OS X when Mac users upgrade to the latest release. "Java for OS X 2012-006 delivers improved security, reliability, and compatibility by updating Java SE 6 to 1.6.0_37. This update uninstalls the Apple-provided Java applet plug-in from all web browsers," Apple stated on its support website. "To use applets on a web page, click on the region labeled 'Missing plug-in' to go download the latest version of the Java applet plug-in from Oracle." Interestingly, Apple didn't specify exactly what prompted the change,...
Read more...
Tread carefully on the Internet, surf ninja. That's always sound advice, but it's especially important now to be extra cautious, particularly if you use Java. Researchers at Security Explorations discovered a zero-day exploit in multiple versions of Java that could affect over a billion PCs around the globe. Technical details of the exploit are still being withheld, but what we do know is that it affects Java Standard Edition (SE) versions 5, 6, and 7. It's an especially nasty bug that would allow an attacker to worm his way out of the confines of a sandbox, where normally users' main systems are safe from what takes place inside the Virtual Machine. Security Explorations said it conducted successful...
Read more...
Apple can't be too happy about having that Flashback malware news hit over half a million Mac users, and on a percentage basis, that's pretty extreme. But now, hopefully, the past can be the past. A new update in OS X Software Update patches Java, enabling the program (on Lion machines) to stop automatically executing Java applets. Users can still override the new default, and of course, this security patch "removes the most common variants of the Flashback malware." If you've been dealing with the issue, or just cautious not to get it, this update looks like one you shouldn't avoid....
Read more...
