Press "Enter" to skip to content

Posts tagged as “Oracle”

Java: Where Oracle, Twitter and Black Hats Meet


Back on January 24th, Oracle was sitting on their hands after issuing incomplete patches to not handle security issues in Java, issues bad enough to evoke dire warnings from the U.S. Department of Homeland Security. I opined on that day that Ellison’s hired help needed to get off their duffs and come up with a good fix quick, even if Java has turned-out to be a puppy Larry Ellison no longer wants to keep. Evidently, somebody in Deadwood City felt the same way, as Oracle pushed a patch this past Friday addressing 50 security holes in the beleaguered programming language.

Wait a minutes, did I just write that the patch addressed 50 security holes? I’ve got a five pound block of Swiss cheese in the fridge that has fewer holes than that. I think if I was Larry Ellison I would be ashamed to admit I’d allowed that many security vulnerabilities to accrue unfixed while any project was under my care. I think I’d fix ten a day or something in five separate patches and try to make it look like I had my security eagles working overtime finding new holes ahead of the bad guys.

Will Oracle Wake Up & Smell the Java?

Does Oracle not know their own code?

I’m talking about Java. You know, the write-once-run-anywhere platform that seems to be severely broken from a security viewpoint, rendering it more than useless when used inside a browser.

Oracle, the company that’s owned Java since purchasing Sun Microsystems in 2010, seems to be clueless. Back in October the company pushed out a patch to fix some security holes that were already being exploited. There were complaints at the time that they were being secretive, saying little to nothing publicly about the problem, acting as if they were sweeping dust under a rug. Indeed, two months earlier, in August, the founder and CEO of the Polish security firm Security Explorations, Adam Gowdiak, told PCWorld that Oracle had known about the security problem for months:

Christine Hall

Christine Hall has been a journalist since 1971. In 2001, she began writing a weekly consumer computer column and started covering Linux and FOSS in 2002 after making the switch to GNU/Linux. Follow her on Twitter: @BrideOfLinux

Java Still Isn’t Safe – Possible New Vulnerability

I was just guessing on Monday when I said that the Java security patch pushed by Oracle on Sunday was “too little too late.” This appears to have been a lucky good guess on my part, as word is out now that the Java browser plugin still isn’t safe.

At least that’s what Brian Krebs is reporting on his blog Krebs On Security. Evidently there’s a black hat on a hacker forum who’s offering-up info to two buyers on a new vulnerability in the latest and greatest version of Java (that would be version 7, update 11) for the sum of $5,000 each.

Christine Hall

Christine Hall has been a journalist since 1971. In 2001, she began writing a weekly consumer computer column and started covering Linux and FOSS in 2002 after making the switch to GNU/Linux. Follow her on Twitter: @BrideOfLinux

Oracle’s Quick Java Patch–Too Little Too Late?

On Sunday, Oracle pushed an “unscheduled” patch to fix a security hole in Java that had prompted the U.S. Department of Homeland Security to take the unprecedented step of advising all Internet users to disable browser-side Java. The hole was already being exploited in the wild when white hats brought it to the public’s attention last week, mainly being used to install “ransomware.”

Despite Oracle’s assurances that it’s safe for surfers to go back in the water, security experts remain uncertain about the safety of Java. On Information Week, writer Mathew J. Schwartz quotes at least one security expert who gives the security patch a thumbs up:

Christine Hall

Christine Hall has been a journalist since 1971. In 2001, she began writing a weekly consumer computer column and started covering Linux and FOSS in 2002 after making the switch to GNU/Linux. Follow her on Twitter: @BrideOfLinux

Can Penguins Dance on a Dell, Will Reiser File Again, Are Samsung and Intel Going to the Prom?

Friday FOSS Week in Review

The biggest news this week has centered around fears that Linux may become uninstallable on Wintel machines from the big OEM’s. But there’s been more. Some fun stuff. Some silly stuff. Some stuff that might eventually develop into something important…

Secure Boot Has Penguinistas Buzzing

Last week on FWIR I mentioned there was a storm beginning to brew around Windows 8 and secure boot, which could potentially keep Linux from being installed on some computers once they’re implemented. Well, it’s not just brewing anymore, it’s a full fledged storm with hurricane force winds.

Christine Hall

Christine Hall has been a journalist since 1971. In 2001, she began writing a weekly consumer computer column and started covering Linux and FOSS in 2002 after making the switch to GNU/Linux. Follow her on Twitter: @BrideOfLinux

Will Oracle Turn MySQL Into ‘Crippleware?’

Since Oracle obtained MySQL in the Sun takeover, many FOSS folks have been wary of Oracle’s plans for the open source database, a wariness that wasn’t eased by Oracle’s handling of the OpenOffice/LibreOffice split. When a couple of weeks ago we learned that Oracle has added three commercial extensions to MySQL, many figured that was the beginning of the end of MySQL as a free and open project.

According to The Register, the commercial extensions offer “…thread pool scalability, a pluggable API for PAM and Windows authentication, and additions to Oracle VM and Windows Server failover clustering support within MySQL Enterprise.”

From the moment this story was published, Oracle’s been working to spin this as “good for FOSS.” The Register article mentioned above quotes Giuseppe Maxia, former MySQL community team member, who predicts the negative response from the FOSS community, which he then pooh-poohed:

Christine Hall

Christine Hall has been a journalist since 1971. In 2001, she began writing a weekly consumer computer column and started covering Linux and FOSS in 2002 after making the switch to GNU/Linux. Follow her on Twitter: @BrideOfLinux

Phone 7 FUD, Windows 8 Lockout, Samsung Takes Off Gloves

Friday FOSS Week in Review

This week’s biggest story in FOSS was the quick changing of the guard over at HP. Although HP isn’t really a FOSS company, they do of course sell Linux servers and were recently considered to be on the verge of becoming a major FOSS player with their webOS. There’s no need to cover any of that here, however, as I posted my viewpoints on this fiasco last night.

DigiNotar Put out of Business by Hackers

You know, when you’re a security firm it pays to have your security in place. I mean, it doesn’t look even a little good when you’re hacked, especially when your business is telling other people how not to get hacked. This is a truth that became much more self evident early this week when Dutch security firm DigiNotar announced they were going into voluntary bankrupcy and putting themselves out of business as the end result of a hacking incident that began last July. It seems that attackers gained access to the firm’s internal systems and issued a slew of fake certificates that allowed the hacker/crackers to impersonate web firms like Google, Facebook, Twitter and Skype. Evidently, the certificates were used to gain access to over 30,000 Google email accounts.

Christine Hall

Christine Hall has been a journalist since 1971. In 2001, she began writing a weekly consumer computer column and started covering Linux and FOSS in 2002 after making the switch to GNU/Linux. Follow her on Twitter: @BrideOfLinux

More Linux Site Hacks, ReactOS Ready to Go, Obama Signs ‘America Invents Act’

Friday FOSS Week in Review

In many ways, FOSS news this week is like a soap opera with lots of stories being continuations from last week’s items. However, there is some new stuff to report. If you’re like me, all FOSS news is interesting….

Bartz Resigns from Yahoo Board

After being fired by telephone last Tuesday, Yahoo’s former CEO Carol Bartz resigned from the Internet company’s board on Friday. According to a Reuters report posted on Yahoo, the resignation was made public on Sunday and first reported by The Wall Street Journal:

Christine Hall

Christine Hall has been a journalist since 1971. In 2001, she began writing a weekly consumer computer column and started covering Linux and FOSS in 2002 after making the switch to GNU/Linux. Follow her on Twitter: @BrideOfLinux

Congress Considers Stepping on Rights, Windows Mobile Share Nil & Whose DNA Is It Anyway?

Friday FOSS Week in Review

With the Black Hat Conference going on in Las Vegas, and with Congress messing around where they shouldn’t, this has been a busy week in the FOSS world. Some of the news is good; some of the news is not so good. I’ll start with a rant…

Proposed Data Retention Bill Would Chill Free Speech

The House will soon be considering a bill that will require ISP’s to maintain logs of their customers Internet use for a 12 month period. As I understand it, the law would include a customer’s browsing history, credit card numbers, etc. The stated purpose of the proposed law is to catch pedophiles visiting child porn sites, but everybody who knows anything about the Internet agrees it won’t be very effective at doing that. What it will do, if enacted, is bring Orwell’s “Big Brother” vision a little closer to home and make your network connected devices look even more like telescreens than they do now.

Christine Hall

Christine Hall has been a journalist since 1971. In 2001, she began writing a weekly consumer computer column and started covering Linux and FOSS in 2002 after making the switch to GNU/Linux. Follow her on Twitter: @BrideOfLinux

Top 10 Reasons Why Larry Ellison Dislikes Red Hat

It’s Thursday, and you know what that means… Time to cover your kids’ eyes and ears – heck, time to keep them away from any online device altogether – because it’s Top 10 day. We still haven’t heard anything from David Letterman’s lawyers, so we figure he’s cool with us stealing his IP. If he sends us one of those “cease and desist” notices, we’ll just claim that the rights to the Top 10 list were given to us by NBC, who said he abandoned them when he bolted to CBS. Anyway, we’ve discovered that the list is a teeny bit funnier if you read it aloud, pretending you’re Mr. Letterman, right Paul?

  1. “JBoss, ha! iBoss, and don’t you forget it!”
  2. “They never offer me a ticket to a Wolfpack game.”
  3. Redmond/Red Hat… I don’t know, there’s something going on there, don’t you think?”
  4. “Whoever heard of a tech giant located in North Carolina? Shouldn’t they be rolling cigarettes or something?”
  5. “Wadaya mean they don’t trust our patches?”

Grocklaw: Schwartz Publicly Praised Android as Java Platform

Yesterday’s column on Android’s Patent Wars was written on Friday and scheduled for publication on Monday. Over the weekend, the folks at Groklaw dug-up an old page from the Wayback Machine that would seem to bode well for Google in their patent fight with Oracle concerning Android and Java.

Christine Hall

Christine Hall has been a journalist since 1971. In 2001, she began writing a weekly consumer computer column and started covering Linux and FOSS in 2002 after making the switch to GNU/Linux. Follow her on Twitter: @BrideOfLinux

Breaking News: