Friday FOSS Week in Review
We may be paranoid but they are out to get us
In week three (or is it week four?) of the Spy vs. Spy scandal, the Obama folks keep saying things like “what’s the big deal?” while trying to convince us that the secret oversight court called FISA (we prefer “the Star Chamber”) has nothing but our constitutional rights in mind when it rubber stamps requests to secretly steal our [...]
Continue reading Microsoft Nemesis Dies, SCO Lives & More…
Back in March and April, when the Java browser plugin was getting hammered with security holes that were being exploited in the wild, we conducted a couple of unscientific polls here on FOSS Force to determine how our visitors were handling this security crisis.
To call the problems that Java was experiencing at the time a “crisis” is not an exaggeration. If you’ll remember, the situation [...]
Continue reading FOSS Force Poll: We Don’t Trust Oracle Or Java
We’re not ready to tell you we think it’s safe to reactivate your Java browser plugin–in fact, just the opposite–but we will say that Oracle is at least giving the appearance they’re now serious about addressing browser-side Java’s safety. Early last week they issued a security patch that fixed either 41 or 42 Java security issues, depending on what website you’re reading.
Excuse us if we [...]
Continue reading Oracle Serious About Java Security–Maybe
Guess what? We’re hearing reports this morning that the black hats are continuing to take advantage of security vulnerabilities in Java. Of course they are. That’s what black hats do. We’re also hearing from security experts that browser side Java isn’t likely to be made secure in the near future.
Oracle’s management of Java since obtaining it from Sun has been nothing short of a joke. [...]
Continue reading Java Remains Unsafe–Not Likely To Be Fixed Soon
It would seem that Oracle is getting serious about addressing security issues in Java. Late Monday the company pushed Java 7 Update 17 that fixes two security holes that were already being exploited in the wild.
The vulnerabilities addressed in Monday’s patch had been known since at least February 1 and were originally scheduled to be fixed in a scheduled security update in April, according to a security blog on the Oracle website:
Continue reading Oracle Patches 2 Java Holes–At Least 5 Remain