Posts tagged as “security”

FOSS Force Poll: We Don’t Trust Oracle Or Java

By FOSS Force on May 14, 2013 |

Back in March and April, when the Java browser plugin was getting hammered with security holes that were being exploited in the wild, we conducted a couple of unscientific polls here on FOSS Force to determine how our visitors were handling this security crisis.

To call the problems that Java was experiencing at the time a “crisis” is not an exaggeration. If you’ll remember, the situation was considered so serious that here in the U.S., the Department of Homeland Security was urging everyone to disable the Java plugin.

These two Java polls were among the first we conducted on FOSS Force and received about the fewest votes of any polls we’ve conducted so far. Undoubtedly, this was partially due to the fact that we were just beginning to conduct polls on the site, and so polling here was something new to our visitors. Also, our articles on Java security issues received a smaller number of page views than most articles we publish. However, low readership notwithstanding, we will continue to cover serious security issues, because we think it’s important that we do so.

Why Schools Require MS Office; Nokia Plays Rope-A-Dope & More…

By FOSS Force on May 10, 2013 |

Browsers, Business, Humor, Internet, Media, News, Potpourri, Security and Software

Friday FOSS Week in Review

Pretty fonts coming to Linux?

Most of us here at FOSS Force have been using various flavors of Linux for thirteen years or so. During that time we’ve gotten used to reading comments on the ugliness of fonts in Linux, especially when it comes to browsers.

We’ve never particularly understood this or noticed any homeliness in regards to Linux fonts. Of course, we’ve also never been able to understand reviewers who write about how unexciting they find fonts like Times New Roman or Ariel to be. In our experience, Hunter Thompson is brilliant and compelling no matter what font is being used to render his rants, while Tom Wolfe is a pompous ass, no matter how humble a typeface used to display his insufferable prose.

Spy vs. Spy; Wikipedia Sports New DB & More…

By FOSS Force on May 3, 2013 |

Browsers, Distros, Humor, Internet, News, Politics, Security and Software

Friday FOSS Week in Review

Goodbye to Fuduntu, hello to FuSE

We already knew, of course, that Fuduntu was history, that the beloved distro was to be no more, evidently due to the fact that it was becoming nearly impossible to support GNOME 2 in any sort of meaningful way. We also knew there’d been talk among the developers at Fuduntu of continuing with a new distro. Well, now it’s a done deal and most of the developers of Fuduntu will be working on a new distro based on openSUSE.

Senate To Kill Current Version Of CISPA

By Christine Hall on April 25, 2013 |

Internet, News, Politics and Security

U.S. News & World Report was the first to announce this afternoon that the Senate will evidently not vote on the cybersecurity bill known as the Cyber Information Sharing and Protection Act or CISPA. According to a report published on their website, the news organization has received assurances of the bill’s death from an unnamed member of the U.S. Senate Committee on Commerce, Science and Transportation that has been considering the bill as passed last week by the House of Representatives:

Christine Hall

Christine Hall has been a journalist since 1971. In 2001, she began writing a weekly consumer computer column and started covering Linux and FOSS in 2002 after making the switch to GNU/Linux. Follow her on Twitter: @BrideOfLinux

FOSSForce.com

Java Remains Unsafe–Not Likely To Be Fixed Soon

By Christine Hall on March 14, 2013 |

Browsers, Internet, Security and Software

Guess what? We’re hearing reports this morning that the black hats are continuing to take advantage of security vulnerabilities in Java. Of course they are. That’s what black hats do. We’re also hearing from security experts that browser side Java isn’t likely to be made secure in the near future.

Oracle’s management of Java since obtaining it from Sun has been nothing short of a joke. It’s about time for them to decide if they want to keep Java or not. If they don’t want it, they need to spin it off or let it die. If they think it’s a valuable part of their software portfolio, they should treat it as such and work overtime to make it safe.

Christine Hall

FOSSForce.com

The Robo Cloud Is Coming

By Christine Hall on March 10, 2013 |

Internet, Potpourri and Security

I was just getting used to yesterday and suddenly it’s tomorrow.

Am I the only one who worries that we’re going a little too fast in our move to bring robotics into everyday life? Shouldn’t we sit down as a group and ask first, “Is this really something we want to do?” Maybe I’ve read too much science fiction, or maybe it’s those images from The Matrix that I just can’t get out of my mind. Or maybe it’s the memory from 2001 of the mentally ill computer with self awareness, Hal, trying to convince Dave that it was all a misunderstanding and that he promises to be good if only he’s not disconnected from his power source.

Christine Hall

FOSSForce.com

Oracle Patches 2 Java Holes–At Least 5 Remain

By Christine Hall on March 6, 2013 |

Browsers, Internet, News and Security

It would seem that Oracle is getting serious about addressing security issues in Java. Late Monday the company pushed Java 7 Update 17 that fixes two security holes that were already being exploited in the wild.

The vulnerabilities addressed in Monday’s patch had been known since at least February 1 and were originally scheduled to be fixed in a scheduled security update in April, according to a security blog on the Oracle website:

Christine Hall

FOSSForce.com

Five, Count ‘Em, Five New Security Holes In Java

By Christine Hall on March 5, 2013 |

Browsers, Internet, News and Security

Those who thought it was safe to re-up Java on their browsers will need to go back and turn it off again.

If you listen to us, after you do you’ll never turn it back on. Browser side Java has been made pretty much obsolete by newer technologies, which means you don’t need it, especially since it’s proving to be about as easy to keep secure as ActiveX, sandbox or no. Here at FOSS Force, we haven’t had it enabled on our browsers for years, with no noticeable problems when we surf the web.

You may remember that back on January 10th it was announced that Java had a security vulnerability that was already being exploited in the wild. This security hole was serious enough to prompt the U.S. Department of Homeland Security to suggest that browser side Java be turned-off on all computers.

Christine Hall

FOSSForce.com

Avast AV Finds Malware On LA Times Website

By Christine Hall on February 13, 2013 |

Browsers, News and Security

This morning the Prague based antivirus company Avast! pushed notification to it’s subscribers of the presence of malware on the LA Times website. The notification came by way of a link to a blog on the antivirus company’s site delivered with the morning’s virus signature update. According to the blog’s writer, Brian Krebs, the Times site has been affected for about a month and a half. The problem is not site wide and only affects visitors to a small section of the site:

“…Fortunately for most of the users, only one of the low-profile websites was infected, so the assumed number of the infected people is not really high. But! I checked yesterday’s stats, then day-before-yesterday and the result was a bit of shocker! We have consecutive reports of malicious iframes on their sub-site from 23rd of December and it is still working there while I’m writing this blog.”

Christine Hall

FOSSForce.com

Java: Where Oracle, Twitter and Black Hats Meet

By Christine Hall on February 5, 2013 |

Internet, News and Security

Back on January 24th, Oracle was sitting on their hands after issuing incomplete patches to ~~not~~ handle security issues in Java, issues bad enough to evoke dire warnings from the U.S. Department of Homeland Security. I opined on that day that Ellison’s hired help needed to get off their duffs and come up with a good fix quick, even if Java has turned-out to be a puppy Larry Ellison no longer wants to keep. Evidently, somebody in Deadwood City felt the same way, as Oracle pushed a patch this past Friday addressing 50 security holes in the beleaguered programming language.

Wait a minutes, did I just write that the patch addressed 50 security holes? I’ve got a five pound block of Swiss cheese in the fridge that has fewer holes than that. I think if I was Larry Ellison I would be ashamed to admit I’d allowed that many security vulnerabilities to accrue unfixed while any project was under my care. I think I’d fix ten a day or something in five separate patches and try to make it look like I had my security eagles working overtime finding new holes ahead of the bad guys.

Christine Hall

FOSSForce.com

Will Oracle Wake Up & Smell the Java?

By Christine Hall on January 24, 2013 |

Business, Security and Software

Does Oracle not know their own code?

I’m talking about Java. You know, the write-once-run-anywhere platform that seems to be severely broken from a security viewpoint, rendering it more than useless when used inside a browser.

Oracle, the company that’s owned Java since purchasing Sun Microsystems in 2010, seems to be clueless. Back in October the company pushed out a patch to fix some security holes that were already being exploited. There were complaints at the time that they were being secretive, saying little to nothing publicly about the problem, acting as if they were sweeping dust under a rug. Indeed, two months earlier, in August, the founder and CEO of the Polish security firm Security Explorations, Adam Gowdiak, told PCWorld that Oracle had known about the security problem for months:

Christine Hall

FOSSForce.com