Posts tagged as “security”

The Robo Cloud Is Coming

By Christine Hall on March 10, 2013 |

I was just getting used to yesterday and suddenly it’s tomorrow.

Am I the only one who worries that we’re going a little too fast in our move to bring robotics into everyday life? Shouldn’t we sit down as a group and ask first, “Is this really something we want to do?” Maybe I’ve read too much science fiction, or maybe it’s those images from The Matrix that I just can’t get out of my mind. Or maybe it’s the memory from 2001 of the mentally ill computer with self awareness, Hal, trying to convince Dave that it was all a misunderstanding and that he promises to be good if only he’s not disconnected from his power source.

Christine Hall

Christine Hall has been a journalist since 1971. In 2001, she began writing a weekly consumer computer column and started covering Linux and FOSS in 2002 after making the switch to GNU/Linux. Follow her on Twitter: @BrideOfLinux

FOSSForce.com

Oracle Patches 2 Java Holes–At Least 5 Remain

By Christine Hall on March 6, 2013 |

Browsers, Internet, News and Security

It would seem that Oracle is getting serious about addressing security issues in Java. Late Monday the company pushed Java 7 Update 17 that fixes two security holes that were already being exploited in the wild.

The vulnerabilities addressed in Monday’s patch had been known since at least February 1 and were originally scheduled to be fixed in a scheduled security update in April, according to a security blog on the Oracle website:

Christine Hall

FOSSForce.com

Five, Count ‘Em, Five New Security Holes In Java

By Christine Hall on March 5, 2013 |

Browsers, Internet, News and Security

Those who thought it was safe to re-up Java on their browsers will need to go back and turn it off again.

If you listen to us, after you do you’ll never turn it back on. Browser side Java has been made pretty much obsolete by newer technologies, which means you don’t need it, especially since it’s proving to be about as easy to keep secure as ActiveX, sandbox or no. Here at FOSS Force, we haven’t had it enabled on our browsers for years, with no noticeable problems when we surf the web.

You may remember that back on January 10th it was announced that Java had a security vulnerability that was already being exploited in the wild. This security hole was serious enough to prompt the U.S. Department of Homeland Security to suggest that browser side Java be turned-off on all computers.

Christine Hall

FOSSForce.com

Avast AV Finds Malware On LA Times Website

By Christine Hall on February 13, 2013 |

Browsers, News and Security

This morning the Prague based antivirus company Avast! pushed notification to it’s subscribers of the presence of malware on the LA Times website. The notification came by way of a link to a blog on the antivirus company’s site delivered with the morning’s virus signature update. According to the blog’s writer, Brian Krebs, the Times site has been affected for about a month and a half. The problem is not site wide and only affects visitors to a small section of the site:

“…Fortunately for most of the users, only one of the low-profile websites was infected, so the assumed number of the infected people is not really high. But! I checked yesterday’s stats, then day-before-yesterday and the result was a bit of shocker! We have consecutive reports of malicious iframes on their sub-site from 23rd of December and it is still working there while I’m writing this blog.”

Christine Hall

FOSSForce.com

Java: Where Oracle, Twitter and Black Hats Meet

By Christine Hall on February 5, 2013 |

Internet, News and Security

Back on January 24th, Oracle was sitting on their hands after issuing incomplete patches to ~~not~~ handle security issues in Java, issues bad enough to evoke dire warnings from the U.S. Department of Homeland Security. I opined on that day that Ellison’s hired help needed to get off their duffs and come up with a good fix quick, even if Java has turned-out to be a puppy Larry Ellison no longer wants to keep. Evidently, somebody in Deadwood City felt the same way, as Oracle pushed a patch this past Friday addressing 50 security holes in the beleaguered programming language.

Wait a minutes, did I just write that the patch addressed 50 security holes? I’ve got a five pound block of Swiss cheese in the fridge that has fewer holes than that. I think if I was Larry Ellison I would be ashamed to admit I’d allowed that many security vulnerabilities to accrue unfixed while any project was under my care. I think I’d fix ten a day or something in five separate patches and try to make it look like I had my security eagles working overtime finding new holes ahead of the bad guys.

Christine Hall

FOSSForce.com

Will Oracle Wake Up & Smell the Java?

By Christine Hall on January 24, 2013 |

Business, Security and Software

Does Oracle not know their own code?

I’m talking about Java. You know, the write-once-run-anywhere platform that seems to be severely broken from a security viewpoint, rendering it more than useless when used inside a browser.

Oracle, the company that’s owned Java since purchasing Sun Microsystems in 2010, seems to be clueless. Back in October the company pushed out a patch to fix some security holes that were already being exploited. There were complaints at the time that they were being secretive, saying little to nothing publicly about the problem, acting as if they were sweeping dust under a rug. Indeed, two months earlier, in August, the founder and CEO of the Polish security firm Security Explorations, Adam Gowdiak, told PCWorld that Oracle had known about the security problem for months:

Christine Hall

FOSSForce.com

Dotcom’s New Mega: Not Ready For Primetime

By Christine Hall on January 23, 2013 |

Business, News and Security

It’s funny how things work out. Entrepreneur Kim Schmitz changed his name to “Dotcom” in respect for the technology that made him filthy rich. However, his newest website doesn’t end in dotcom. He doesn’t dare use that top level domain because that would be an open invitation to the U.S. authorities to mess with him. I think Mr. Dotcom would like to be through dealing with the American government if he can. So he’s using .nz, the top level domain code for New Zealand where he resides.

Actually, his new site is a double dot–mega.co.nz, or Mega. Originally, he planned to use the too trippy url Me.ga, using the domain country code for Gabon, a plan that was derailed because the government of Gabon didn’t want to be party to “violating copyrights.” Mr. Dotcom might be excused for suspecting the United States for being an outside instigator in this matter.

Christine Hall

FOSSForce.com

Java Still Isn’t Safe – Possible New Vulnerability

By Christine Hall on January 16, 2013 |

Browsers, Internet, News and Security

I was just guessing on Monday when I said that the Java security patch pushed by Oracle on Sunday was “too little too late.” This appears to have been a lucky good guess on my part, as word is out now that the Java browser plugin still isn’t safe.

At least that’s what Brian Krebs is reporting on his blog Krebs On Security. Evidently there’s a black hat on a hacker forum who’s offering-up info to two buyers on a new vulnerability in the latest and greatest version of Java (that would be version 7, update 11) for the sum of $5,000 each.

Christine Hall

FOSSForce.com

Oracle’s Quick Java Patch–Too Little Too Late?

By Christine Hall on January 14, 2013 |

Browsers, News and Software

On Sunday, Oracle pushed an “unscheduled” patch to fix a security hole in Java that had prompted the U.S. Department of Homeland Security to take the unprecedented step of advising all Internet users to disable browser-side Java. The hole was already being exploited in the wild when white hats brought it to the public’s attention last week, mainly being used to install “ransomware.”

Despite Oracle’s assurances that it’s safe for surfers to go back in the water, security experts remain uncertain about the safety of Java. On Information Week, writer Mathew J. Schwartz quotes at least one security expert who gives the security patch a thumbs up:

Christine Hall

FOSSForce.com

Spy vs. Spy, Spilt Blackberries & Redmond’s Lies

By Christine Hall on October 14, 2011 |

Browsers, Business, Media, Mobile, News and Patents

Friday FOSS Week in Review

It would seem to be another slow week in the FOSS news world. As always however, there were a few tidbits, and the passing of a computer pioneer who’s work has effected everyone who’s ever sat in front of a monitor and keyboard.

U.S. Predator and Reaper Drones Hit by Virus…or Not

We learned on Monday from ars technica that the U.S. Predator and Reaper drone fleet has been hit by a virus. According to the report, the malicious code logs the keystrokes of those in the “cockpit” flying missions over Afghanistan and “other war zones:”

Christine Hall

FOSSForce.com

Nextcloud Summit 2025

KubeCon + CloudNativeCon China

ISC High Performance 2025

ATO Meetup: How AI Can Help Platform Engineers Build Better Platforms

SeaGL (the Seattle GNU/Linux Conference)

Posts tagged as “security”

The Robo Cloud Is Coming

Oracle Patches 2 Java Holes–At Least 5 Remain

Five, Count ‘Em, Five New Security Holes In Java

Avast AV Finds Malware On LA Times Website

Java: Where Oracle, Twitter and Black Hats Meet

Will Oracle Wake Up & Smell the Java?

Dotcom’s New Mega: Not Ready For Primetime

Java Still Isn’t Safe – Possible New Vulnerability

Oracle’s Quick Java Patch–Too Little Too Late?

Spy vs. Spy, Spilt Blackberries & Redmond’s Lies

Friday FOSS Week in Review