Items tagged with Java
Google has beaten Oracle in what became a protracted legal battle over the use of the latter's Java APIs in the former's Android mobile operating system. Oracle had sought $9.3 billion in damages, but any hopes of winning a big payday from Google were mostly dashed on Thursday when a U.S. jury unanimously sided with Google in the dispute. Oracle took issue with Google injecting certain parts of its Java platform into Android, the world's leading mobile OS (by market share), without a license agreement. The dispute led to a lawsuit being filed in 2010 that stated "in at least several instances, Android computer program code was also directly copied from copyrighted Oracle America code." Two years...
Read more...
Oracle is hoping to score a major damages award from Google in court. Specifically, Oracle wants Google to fork over $9.3 billion, the amount Oracle claims Google now owes it for injecting certain parts of its Java platform into Android, the world's leading mobile operating system (by market share), without a license agreement.The dispute between Oracle and Google is one that's been going on for over a half a decade. Oracle initially sued Google in 2010, stating at the time that "in at least several instances, Android computer program code also was directly copied from copyrighted Oracle America code." It took two years for that case to go to trial, and when it finally did in 2012, a jury ruled...
Read more...
It now looks as though we can chalk up yet another win for computer users around the globe, as Oracle has announced that it is “moving to a plugin-free web” from this point forward. And thankfully, that means that demise of the hated Java browser plugin. Like Adobe Flash, the Java plugin has long been a dangerous security risk for Windows and Mac computers, with hackers taking advantage of poor coding to deliver malicious payloads. Oracle has finally seen the writing on the wall, stating in a blog post that it will “deprecate the Java browser plugin in JDK 9.” Oracle goes on to explain that the plugin “will be removed from the Oracle JDK and JRE in a future Java SE release.”(Image Source: Rob...
Read more...
If you don't pay close attention, you may end up switching your default search engine without realizing it. That's the whole idea, really. During Yahoo's annual shareholder meeting on Wednesday, company boss Marissa Mayer talked about how search was in Yahoo's DNA and always will be. More importantly, she announced a three-year partnership with Oracle aimed at getting more users to try Yahoo's search engine. As part of the partnership, Yahoo will be the default search provider for Oracle's Java software. What this means is when you install or update Java, the software will ask permission to change your browser's default search engine and homepage to Yahoo. The option to change both will be selected...
Read more...
Oracle sued Google over its use of Java to build the Android operating system a few years ago, but Google won the case. However, an appeals court has overturned that ruling, finding that “the declaring code and the structure, sequence, and organization of the API packages are entitled to copyright protection”. This ruling is a big deal because it could severely limit what software makers can safely do without getting sued and could hamper innovation. Google is of course displeased with the ruling, but others in the industry are none too happy either. Image credit: orangesparrow/Flickr Bryan Cantrill, CTO of Joyent, told Wired that the notion that you can copyright APIs is a perverted...
Read more...
As if Yahoo needed more bad press after the slow-boil frustration that is the new Yahoo Mail, at least one security firm found that the company’s homepage served up malicious ads to potentially millions of users, with likely thousands infected. Security firm Fox IT, which operates Security Operations Center service ProtACT reported that for a period starting on December 30th (possibly earlier) and stretching to around January 3rd (when the malicious traffic started to die off), visitors to Yahoo.com were served malicious ads that redirected them to domains that pointed to a single IP address in the Netherlands where they were hit with the Magnitude exploit kit. Fox IT's estimate of infections...
Read more...
Massive Open Online Courses, better known as MOOCs, are getting some traction in the education community - and we’re not just saying that because Oxford Dictionaries online added the term last week. The challenge to creating true MOOCs has been in the Open part of Massive Open Online Course: making all aspects of the course are freely available to students. Rupert Murdoch’s new Amplify MOOC is launching this year, providing schools and students with a credible AP computer science MOOC. The AP CS MOOC is a two-semester course in which your assignments are graded individually and you receive an overall grade at the end of the class. The AP CS MOOC, which is geared at high school students...
Read more...
You have to give a little credit to Google; just a couple of days after Bitcoin announced that it found vulnerabilities with Android wallets, the Android dev team figured out the root cause of the problem and issued patches to developers. (Google credited Soo Hyeon Kim and Daewan Han of ETRI and Dong Hoon Lee of Korea University for the heads-up.) “We have now determined that applications which use the Java Cryptography Architecture (JCA) for key generation, signing, or random number generation may not receive cryptographically strong values on Android devices due to improper initialization of the underlying PRNG,” wrote Android Security Engineer Alex Klyubin in a blog post. “Applications...
Read more...
Do you use Java? If so, be aware that Oracle just released its "June 2013 Critical Update for Java SE," a collection of code that provides 40 new security fixes. All but three of them are security holes that can be exploited from a remote location without any kind of authentication. Four of the vulnerabilities affect client and server deployments, while 34 only affect client deployments, Oracle said, adding that Java users should waste no time applying the update. "Oracle recommends that this Critical Patch Update be applied as soon as possible because it includes fixes for a number of severe vulnerabilities," Oracle said in a statement. "Note that the vulnerabilities fixed in this Critical Patch...
Read more...
Another day, another issue with Java. In a world that is becoming increasingly fraught with privacy invasions and security breaches, Java has been a term that's been popping up in negative fashion of late. Now, Apple has shot out a new batch of security patches for OS X, one of which covers up a flaw that "allowed Java Web Start applications to run even when users had Java disabled in the browser." OS X 10.8.3 fixed a total of 21 issues in terms of security, and it also throws in a fresh edition of the malware removal tool for Apple rigs. In an Apple advisory: "Visiting a maliciously crafted website could allow a Java Web Start application to be launched automatically even if the Java plug-in...
Read more...
You've got to love hacker conferences. Software vulnerabilities are never going away, that much is obvious, but it's with competitions at hacker conferences where we can really see just how vulnerable the software we use every single day is. Putting this into perspective, prior to the Pwn2Own conference in Canada, Google patched-up ten bugs in Chrome - six of which were considered severe. Despite that, Chrome was hit with a zero-day during the conference that granted code execution in the browser's sandbox renderer process. Chrome is hardly the only guilty party, however. Equally-severe exploits were presented for IE 10 under Windows 8, IE 9 under Windows 7, Firefox under Windows 7...
Read more...
Is there a world record for number of software vulnerabilities exposed within the span of a single month? If so, I'm willing to bet that Oracle's Java is the clear winner. We've reported on many Java happenings over the past couple of months, and it doesn't look like the fun is going to end anytime soon. Security firm FireEye is responsible for the latest finding, noting that this zero-day exploit has been successfully executed using Java 1.6 update 41 and the most recent 1.7 update 15. It takes advantage of a vulnerability that might allow someone to overwrite bits of data Java has stored in the RAM - such as the area that tells it whether or not the security manager is enabled. While success...
Read more...
Microsoft has just joined the small list of companies that have experienced a cyberattack this past month, made all the more interesting due to the fact that it's the same one that Apple and Facebook suffered. Compared to Facebook's informative post, Microsoft's could be considered minimal, with the bulk of what's important seen below: "Consistent with our security response practices, we chose not to make a statement during the initial information gathering process. During our investigation, we found a small number of computers, including some in our Mac business unit, that were infected by malicious software using techniques similar to those documented by other organizations. We have no...
Read more...
If our not-too-subtle hint a couple of weeks ago about the perils of having Java installed wasn't enough to convince you to uninstall, you should waste no time in heading on over to the official site and grabbing the latest version (7u13). When it comes to Java, the Swiss-cheese of the software world, it's important to snag updates whenever they're rolled-out - but this one is in a league of its own. Oracle managed to pack 50 fixes with this single update - the largest bulk of fixes ever seen in the software's history. For those interested in getting into the nitty gritty of what's been patched up, you can head on over to this very in-depth advisory page. Given the number of holes and exploits...
Read more...
