Articles about Java

Oracle slings 193 patches, nixes exploited Java zero day

Oracle has poured cold coffee on a recent Java zero-day that's already under active attack, with just one of the critical patches it's released to address 193 holes in its sprawling product suite. The zero day is the most urgent fix of the lot and of the two dozen other Java patches present among Big Red's quarterly patch …
Darren Pauli, 16 Jul 2015

Java jockeys join Flash fans in the 0-day exploit club

Trend Micro has issued predictable-but-sensible advice that Java should be switched off, because there's a zero-day being exploited in the wild. Trend malware researchers Brooks Li and Feike Hacquebord said the exploit will hose systems running the latest Java platform. Because there's no patch, they added users should disable …
Darren Pauli, 13 Jul 2015
A lamb

Devs to pour Java into Amazon's cloud after AWS Lambda update

Amazon Web Services has expanded its AWS Lambda programming model to support functions written in Java, the cloud kingpin said on Monday. Lambda, which allows developers to run event-driven code directly on Amazon's cloud without managing any application infrastructure, launched in November 2014 and initially only supported code …
Neil McAllister, 16 Jun 2015

Google App Engine Java sandbox is leaking, say researchers

Security Explorations hacker Adam Gowdiak says three partial Java sandbox security holes still exist in Google App Engine. Gowdiak says the problems stem from buggy implementations and lax security checks that mean evildoers could gain access to the Google cloud's Java environment. He dropped exploitation code after the ad …
Darren Pauli, 18 May 2015

Yahoo! displaces Ask in Oracle's Java update crapware parade

At the annual Yahoo! shareholder's meeting, CEO Marissa Mayer unveiled her new strategy for making the struggling web portal popular again by buying its way into Oracle's Java upgrade software. Begining with the next Java update, Yahoo! will replace the current invitation to make Ask your default search engine. Instead, you'll …
Iain Thomson, 25 Jun 2015
Star Trek: "Let That Be Your Last Battlefield"

Google, Oracle's endless Java copyright battle extended to ... 2016

The long-running copyright dispute between Oracle and Google over the latter's use of the Java language APIs in its Android operating system will likely drag on for another year or more, based on the latest developments in the case in a US federal court. Reuters reports that US District Judge William Alsup, who has been …
Neil McAllister, 31 Jul 2015
Red's Java house by https://www.flickr.com/photos/enerva/ CC 2.0 attribution https://creativecommons.org/licenses/by/2.0/

Oracle proposes to deliver Java 9 SDK on September 22nd, 2016

Oracle's chief architect of the Java Platform Group, Mark Reinhold, has outlined a “proposed schedule for JDK 9” that will see it delivered on Thursday, September 22nd, 2016. Reinhold's post on the topic offers the following development milestones: 10 December 2015: Feature Complete 04 February 2016: All Tests Run 25 February …
Simon Sharwood, 13 May 2015

Bite my shiny metal Ask: Java for OS X crapware storm brewing

Mac fans now have one more thing in common with their Windows-using bosses: their Oracle Java updates now try to smuggle in Ask's browser toolbar. The upgrade, version 8u40 of Java for OS X, tragically tries to install the plugin, which hijacks the user's default web search engine and homepage to Ask.com. Windows users of the …
Shaun Nichols, 06 Mar 2015
US Supreme Court

Supreme Court ignores Google's whinging in Java copyright suit

The US Supreme Court has declined to hear Google's appeal of Oracle's case against it in the matter of the Java API copyrights, leaving it up to a lower court to decide what - if any - damages Google owes. Google was hoping the Supremes would weigh in on the issue of whether software APIs are copyrightable under current US …
Neil McAllister, 29 Jun 2015
Good riddance to bad Java

Chrome version 42 will pour your Java coffee down the drain: Plugin blocked by default

The latest release of the Chrome web browser, version 42, will block Oracle's Java plugin by default as well as other extensions that use the deprecated NPAPI. The Chrome 42 – available now – brings about the end of official support for NPAPI, a move that will render various plugins incompatible with the browser. Among those …
Shaun Nichols, 14 Apr 2015
Good riddance to bad Java

Minecraft debuts new block – one that blocks Java crapware, that is

Oracle may be sticking with its plan to bundle unwanted software with its Java installer and updates, but Minecraft players soon shouldn't have to worry about it, thanks to a new launcher for the popular Java-based game. Minecraft maker Mojang – now a division of Microsoft – has been rolling out the new launcher over the past …
Neil McAllister, 09 Mar 2015
More flaws found in Java

Azul tackles Oracle with open-source Java for Internet of Stuff

Azul Systems has added a new, ultra-compact entry to its portfolio of alternative Java environments, taking a run at Oracle for the lucrative mobile, embedded, and Internet of Things (IoT) markets. Zulu Embedded is a stripped-down sibling of Zulu, Azul's certified, cross-platform build of OpenJDK – Oracle's open source reference …
Neil McAllister, 25 Mar 2015
Oracle's Java is 20 years old

Celebrating 20 years of juicy Java. Just don’t mention Android

Oracle is celebrating 20 years of Java, which was officially announced at the SunWorld conference in San Francisco on May 23 1995. Java 1.0a2 was made available to download. In addition, Netscape’s Marc Andreessen came on stage to announce that Java would be integrated into the Navigator web browser. The origins of Java go back …
Tim Anderson, 22 May 2015
More flaws found in Java

No, modular Java isn't dead. It'll be in Java 9 – honest

Despite significant delays, Oracle is once again moving forward with Project Jigsaw, a major undertaking that aims to allow Java developers to break their programs down into independent, interoperable modules. Jigsaw was first intended to be a major features of Java 8. By 2012 Big O decided that waiting for Jigsaw to be ready …
Neil McAllister, 03 Jul 2014
Crop of doctor with pen and clipboard

Microsoft offers checkups for Java web apps with Azure-backed code profiling service

In its latest nod to cross-platform application development, Microsoft has opened its Visual Studio Application Insights cloud software telemetry service to Java developers. The software giant announced the new Applications Insights SDK for Java in time for the EclipseCon North America 2015 conference, taking place in San …
Neil McAllister, 09 Mar 2015
Groovy programming language

Groovy Java guy off for Restlet

Guillaume Laforge, leader of the Groovy project, is joining Restlet, a small company which supports the open source Restlet framework. The Restlet framework is used by Java developers to create web APIs, such as those which provide cloud services to mobile and web applications. It takes its name from REST (Representational State …
Tim Anderson, 02 Mar 2015

65 patches later and Java STILL breaks stuff

Software tool vendors are complaining that recent updates to Java are breaking their environments. The problem seems to be in JVM's bytecode verification, in Java 8, Update 11 and Java 7, Update 65. According to InfoQ, developers running into the bug include JRebel (from ZeroTurnaround), the Groovy programming language, the …
Good riddance to bad Java

NINETY PER CENT of Java black hats migrate to footling Flash

RSA 2015 Almost every Java-hacking black hat is now popping Adobe Flash, after Microsoft's hard-line patch policy made it harder to target software such as Java. The stricken scum now face a choice: work harder to find Java zero-days or abandon ship and start exploiting old Flash bugs. Redmond's security brains trust – Tim Rains, Matt …
Darren Pauli, 27 Apr 2015
Good riddance to bad Java

Oracle's piping hot new pot of Java takes out the trash (faster)

Oracle's latest update to the Java Development Kit doesn't add any new language features or change any APIs, but it still includes a number of enhancements that should please Java developers and users. Released on Tuesday – a couple of weeks ahead of Java SE 8's first birthday – Java Development Kit 8 Update 40 (JDK 8u40) …
Neil McAllister, 04 Mar 2015
The US White House. Pic: Roman Boed

White House forced to wade into Oracle vs Google Java bickerfest

Update The Obama administration is backing Oracle in its long-running legal battle against Google over the Chocolate Factory's alleged infringement of Java copyrights. Oracle brought the case against Google in 2012, claiming it had breached copyright in its Java software when creating its Android mobile operating system. Google …
Kat Hall, 27 May 2015
A Simple XMLFilter class

Google v Oracle: US Supreme Court turns to Obama in Java copyright war

The US Supreme Court hasn't decided whether it will hear arguments in the long-running dispute between Google and Oracle over Java copyrights, and it has asked the Obama administration to weigh in before it makes up its mind. On Monday, the Supremes posted a memo inviting US Solicitor General Donald Verrilli, Jr to "express the …
Neil McAllister, 12 Jan 2015
Slide from Oracle's 2012 case against Google using Java

Google hauls Java-on-Android spat into US Supreme Court

Google's long and bitter dispute with Oracle over the Java implementation in Android is set to go all the way to the US Supreme Court. The court has listed Google's request to have the US Court of Appeals' decision in the case reviewed. The row has been bubbling along since 2011, when Oracle alleged Google owed it “billions” …
Simon Sharwood, 09 Oct 2014
Suitcase bulging with cash

Open-source Java pals Groovy and Grails seek moneybags backer

Two major open source Java projects, Groovy and Grails, are looking for new sponsors. Pivotal, a company which supplies tools for big data analytics and cloud-oriented agile development, has announced the end of its funding for Groovy (a dynamic language that runs on the JVM (Java Virtual Machine) and Grails (a web application …
Tim Anderson, 22 Jan 2015

Big Java security fixes on the way – but not so fast, Windows XP users

As if running Windows XP after Microsoft withdrew support wasn't risky enough, XP users who have Java installed may soon have even more to worry about. Oracle is due to issue its next Critical Patch Update – the massive, quarterly fix-it fests that deliver security updates across the company's entire product line, including Java …
Neil McAllister, 04 Jul 2014

2014 in infosec: Spammers sneak small botnets under the wire, Java is dull

Cisco's annual report on the state of global cybersecurity claims spammers just won't die and are using new tactics to avoid detection by filters; malware programmers are abandoning exploiting Java; and there's a possible silver cloud in the Sony Pictures hacking storm. The networking giant saw malware-carrying spam up 250 per …
Iain Thomson, 20 Jan 2015
ActiveX

Redmond stall means IE Java axe won't swing till September

Microsoft has handed sysadmins a reprieve by delaying the blockage of vulnerable old versions of Java in its flagship Internet Explorer web browser until September. The postponement was made on the back of complaints to Redmond, which only provided a guide to managing the issue on Tuesday. "Based on customer feedback, we have …
Darren Pauli, 14 Aug 2014

Radio 4 and Dr K on programming languages: Full of Java Kool-Aid

Poll Radio 4 has dipped a toe into Lake Geek with a five part series looking at computer languages. Or more accurately the history and reputation of four computer languages: Fortran, Cobol, Basic and Java. Presented by soi-disant girl geek* Aleks Krotoski Aleks Krotoski, the series ("Codes that Changed the World") emphasises the …
Simon Rockman, 14 Apr 2015
Good riddance to bad Java

Now even Internet Explorer will throw lousy old Java into the abyss

Internet Explorer will soon join its rival browsers by automatically blocking old, insecure add-ons – and it's got its eye set squarely on Java. Microsoft said on Wednesday that starting on August 12, Internet Explorer will begin alerting users when web pages try to launch ActiveX controls that are considered out-of-date and …
Neil McAllister, 07 Aug 2014

We SO DO support Java on XP, maybe even JDK 8, says Oracle

Oracle has issued a statement saying that it absolutely does support Java on Windows XP and may even decide to support JDK 8 on the orphan OS. Oracle's post on the issue says "We expect all versions of Java that were supported prior to the Microsoft de-support announcement to continue to work on Windows XP for the foreseeable …
Simon Sharwood, 14 Jul 2014
Resident Evil zombie takeover

Multi-platform Java bot marshals ZOMBIE FORCE against spammers

Miscreants have brewed a multi-platform strain of malware capable of infecting Windows, Mac OS and Linux PCs. The evil bot, which surfaced in early January, was written entirely in Java and designed to take advantage of the CVE-2013-2465 vulnerability (a Java flaw patched by Oracle last June) to infect victims. The malware - …
John Leyden, 30 Jan 2014
Java logo

Twitter, ARM voted on to Java steering committee

Twitter and ARM have been voted onto the executive of the Java Community Process (JCP), the committee that considers and oversees changes to Java. The JCP holds elections for its executive each year. Members are either “ratified” or “elected”. The former category appears to go to organisations with obvious stakes in Java's …
Simon Sharwood, 30 Oct 2013

Exploits no more! Firefox 26 blocks all Java plugins by default

The latest release of the Firefox web browser, version 26, now blocks Java software on all websites by default unless the user specifically authorizes the Java plugin to run. The change has been a long time coming. The Mozilla Foundation had originally planned to make click-to-run the default for all versions of the Java plugin …
Neil McAllister, 10 Dec 2013
Lock security

Student promises Java key to unlock Simplocker ransomware

A university student claims he is set to release a Java application to decrypt the first ransomware to hit Android devices. The Simplelocker ransomware was revealed 7 June by malware analysts at Eset targeting devices in Eastern Europe. It encrypted via AES large swathes of files on Android device SD cards demanding users pay a …
Darren Pauli, 17 Jun 2014
Java logo

Reality check: Java 8 finally catches a multi-core break

Two years later than planned, Oracle has made Java ready for a multi-core processor world. The database giant has announced general availability of Java 8, calling it a “major new release”. Java 8 is important because it’s the base spec for Java Enterprise Edition, as well as feeding the free and open-source implementation of …
Gavin Clarke, 20 Mar 2014

COFFEE AND DANISH HELL: National ID system cockup forces insecure Java on Danes

A bungled IT upgrade has downed Denmark's universal NemID login system, forcing people to stay on an insecure version of Java if they want to carry out online banking, check their insurance, or retrieve tax return information. Problems with NemID were first reported on Tuesday, and on Thursday the NATS IT consultancy behind the …
Jack Clark, 17 Oct 2013
The Register breaking news

Biz bods STILL don't patch hacker's delight Java and Flash

A whopping 81 per cent of businesses run outdated Java while two in five (40 per cent) have not updated Flash, according to the latest figures from net security firm Websense. Websense warns that failing to apply patches that address vulnerabilities in hacker favourites such as Flash and Java leaves these business at risk of …
John Leyden, 10 Sep 2013
Sun open sources Java

Sun of a beach! Java biz founder loses battle to keep his shore private

Vinod Khosla, cofounder of Sun Microsystems and billionaire venture capitalist, has lost his battle for his own private beach after surfers successfully sued him for access. In 2008 Khosla spent $37.5m on a 53-acre property on the San Mateo coast overlooking Martin's Beach, a 200-acre stretch of sand that is much beloved by the …
Iain Thomson, 25 Sep 2014
A cup of tea

Red Hat ships piping hot Ceylon to curry favor with Java-weary devs

After more than three years of development, Red Hat has released version 1.0.0 of Ceylon, its homebrewed, open-source programming language that's designed to be a replacement for Java. Early on, Ceylon was billed as a "Java killer" by some, but lead developer Gavin King has denied that doing away with Oracle's platform was ever …
Neil McAllister, 13 Nov 2013
The Register breaking news

Oracle blocks security hole with quick, hot 'n' premature Java update

Oracle has brought forward the timetable of an upcoming Java security update by two weeks in order to block off an in-the-wild security hole. The update, originally scheduled for 19 February, was released a fortnight early on Friday because of "active exploitation 'in the wild' of one of the vulnerabilities affecting the Java …
John Leyden, 04 Feb 2013
Testing Java

Oracle ships Java 8 Developer Preview for testing, 18 months late

Oracle has shipped the Developer Preview of the much-delayed Java Development Kit (JDK) Version 8, the reference implementation of the Java SE 8 Platform. "If you've been watching JDK 8 evolve from afar then now is an excellent time to download a build and try it out – the sooner the better!" Oracle's chief Java architect Mark …
Neil McAllister, 11 Sep 2013
The Register breaking news

Java still vulnerable despite recent patches

Just days after the latest fix, another Java vulnerability has emerged. Described in this Full Disclosure post, the Reflection API flaw affects all versions of Java SE 7 and, according to researcher Adam Gowdiak, “can be used to achieve a complete Java security sandbox bypass on a target system”. As always, the victim would …
Java logo

Oracle to lop off Java's least secure bits to save servers

Oracle has acknowledged Java's recent security problems and outlined three new security initiatives to set things to rights. The first may not please everyone, as the company has committed to including Java updates among the quarterly Oracle Critical Patch Update it provides for all its products, as of the October 2013 update. …
Simon Sharwood, 03 Jun 2013
More flaws found in Java

Oracle drops shedload of CRITICAL vuln-busting Java patches

Oracle's autumn batch of quarterly updates included no fewer than 127 security fixes, including 51 for Java alone. The arrival of the Critical Patch Update (CPU) from Oracle means pretty much all of the enterprise server packages from the software giant need patching. Oracle Database Server, Oracle E-Business Suite, Oracle …
John Leyden, 16 Oct 2013
More flaws found in Java

Critical Java SE update due Tuesday fixes 40 flaws

Thought your Java security woes were behind you? Think again. Oracle is planning to release a Critical Patch Update on Tuesday that affects multiple versions of Java, and it's another doozy. According to Oracle's security announcement, the patch pack addresses 40 different vulnerabilities. All update levels of Java SE 5, 6, and …
Neil McAllister, 14 Jun 2013
padlock

Java bug burns Borg

Cisco has asked users of its Secure Access Control System 5.5 or lower to implement an urgent patch, as it has spotted several problems with its RMI implementation. There are three independent bugs: one privilege escalation vuln (CVE ID CVE-2014-0649, here), an unauthenticated user access vulnerability (CVE 2014-0648 here), and …

Java EE 7 melds HTML5 with enterprise apps

Oracle has announced public availability of Java EE 7, the first major release of the enterprise formulation of Java since the database giant took control of the platform in 2010. The last version shipped way back in 2009. Support for HTML5 and related technologies is one of the key themes of this release. Among the new APIs …
Neil McAllister, 13 Jun 2013
More flaws found in Java

It's about time: Java update includes tool for blocking drive-by exploits

Oracle's latest update to the Java SE Development Kit (JDK) version 7 adds new security features designed to help businesses avoid being stung by critical vulnerabilities in out-of-date versions of Java. After a string of embarrassing Java security flaws was disclosed by independent researchers, Oracle has made addressing …
Neil McAllister, 13 Sep 2013

Oracle patches Java 0-day, goes to Defcon 2

Oracle has patched the latest Java nasty, suggesting users of the increasingly-flaw-prone product visit java.com pronto to download a new version of the software that addresses the flaw and stops malicious websites gaining control of compromised computers. In a blog post describing the fix, Oracle's Eric P. Maurice may just have …
Simon Sharwood, 13 Jan 2013
The Register breaking news

Yet another Java zero-day vuln is being exploited

A new Java zero-day vulnerability is being exploited by attackers, and until it is patched everyone should disable Java in their browser. The vulnerability targets browsers that have the latest version of the Java plugin installed – Java v1.6 Update 41 and Java v1.7 Update 15 – malware researchers FireEye reported on Thursday. …
Jack Clark, 01 Mar 2013

Oracle pours hot, steaming Java into heterogeneous heaven

APU13 The future of heterogeneous computing, in which CPUs and GPUs transparently share memory and seamlessly share tasks, has taken another step to fruition: Oracle has joined the HSA – heterogeneous systems architecture – Foundation, with the intent of making Java fully HSA-compliant. "Our intent at Oracle ... is to make [Java] the …
Rik Myslewski, 13 Nov 2013