Feeds

Articles about Java

Resident Evil zombie takeover

Multi-platform Java bot marshals ZOMBIE FORCE against spammers

Miscreants have brewed a multi-platform strain of malware capable of infecting Windows, Mac OS and Linux PCs. The evil bot, which surfaced in early January, was written entirely in Java and designed to take advantage of the CVE-2013-2465 vulnerability (a Java flaw patched by Oracle last June) to infect victims. The malware - …
John Leyden, 30 Jan 2014

Exploits no more! Firefox 26 blocks all Java plugins by default

The latest release of the Firefox web browser, version 26, now blocks Java software on all websites by default unless the user specifically authorizes the Java plugin to run. The change has been a long time coming. The Mozilla Foundation had originally planned to make click-to-run the default for all versions of the Java plugin …
Neil McAllister, 10 Dec 2013
Java logo

Twitter, ARM voted on to Java steering committee

Twitter and ARM have been voted onto the executive of the Java Community Process (JCP), the committee that considers and oversees changes to Java. The JCP holds elections for its executive each year. Members are either “ratified” or “elected”. The former category appears to go to organisations with obvious stakes in Java's …
Simon Sharwood, 30 Oct 2013
Java logo

Reality check: Java 8 finally catches a multi-core break

Two years later than planned, Oracle has made Java ready for a multi-core processor world. The database giant has announced general availability of Java 8, calling it a “major new release”. Java 8 is important because it’s the base spec for Java Enterprise Edition, as well as feeding the free and open-source implementation of …
Gavin Clarke, 20 Mar 2014

COFFEE AND DANISH HELL: National ID system cockup forces insecure Java on Danes

A bungled IT upgrade has downed Denmark's universal NemID login system, forcing people to stay on an insecure version of Java if they want to carry out online banking, check their insurance, or retrieve tax return information. Problems with NemID were first reported on Tuesday, and on Thursday the NATS IT consultancy behind the …
Jack Clark, 17 Oct 2013
The Register breaking news

Biz bods STILL don't patch hacker's delight Java and Flash

A whopping 81 per cent of businesses run outdated Java while two in five (40 per cent) have not updated Flash, according to the latest figures from net security firm Websense. Websense warns that failing to apply patches that address vulnerabilities in hacker favourites such as Flash and Java leaves these business at risk of …
John Leyden, 10 Sep 2013
A cup of tea

Red Hat ships piping hot Ceylon to curry favor with Java-weary devs

After more than three years of development, Red Hat has released version 1.0.0 of Ceylon, its homebrewed, open-source programming language that's designed to be a replacement for Java. Early on, Ceylon was billed as a "Java killer" by some, but lead developer Gavin King has denied that doing away with Oracle's platform was ever …
Neil McAllister, 13 Nov 2013
padlock

Java bug burns Borg

Cisco has asked users of its Secure Access Control System 5.5 or lower to implement an urgent patch, as it has spotted several problems with its RMI implementation. There are three independent bugs: one privilege escalation vuln (CVE ID CVE-2014-0649, here), an unauthenticated user access vulnerability (CVE 2014-0648 here), and …
Testing Java

Oracle ships Java 8 Developer Preview for testing, 18 months late

Oracle has shipped the Developer Preview of the much-delayed Java Development Kit (JDK) Version 8, the reference implementation of the Java SE 8 Platform. "If you've been watching JDK 8 evolve from afar then now is an excellent time to download a build and try it out – the sooner the better!" Oracle's chief Java architect Mark …
Neil McAllister, 11 Sep 2013
More flaws found in Java

Oracle drops shedload of CRITICAL vuln-busting Java patches

Oracle's autumn batch of quarterly updates included no fewer than 127 security fixes, including 51 for Java alone. The arrival of the Critical Patch Update (CPU) from Oracle means pretty much all of the enterprise server packages from the software giant need patching. Oracle Database Server, Oracle E-Business Suite, Oracle …
John Leyden, 16 Oct 2013
More flaws found in Java

It's about time: Java update includes tool for blocking drive-by exploits

Oracle's latest update to the Java SE Development Kit (JDK) version 7 adds new security features designed to help businesses avoid being stung by critical vulnerabilities in out-of-date versions of Java. After a string of embarrassing Java security flaws was disclosed by independent researchers, Oracle has made addressing …
Neil McAllister, 13 Sep 2013
Java logo

Oracle to lop off Java's least secure bits to save servers

Oracle has acknowledged Java's recent security problems and outlined three new security initiatives to set things to rights. The first may not please everyone, as the company has committed to including Java updates among the quarterly Oracle Critical Patch Update it provides for all its products, as of the October 2013 update. …
Simon Sharwood, 03 Jun 2013
The Register breaking news

Java still vulnerable despite recent patches

Just days after the latest fix, another Java vulnerability has emerged. Described in this Full Disclosure post, the Reflection API flaw affects all versions of Java SE 7 and, according to researcher Adam Gowdiak, “can be used to achieve a complete Java security sandbox bypass on a target system”. As always, the victim would …
More flaws found in Java

Critical Java SE update due Tuesday fixes 40 flaws

Thought your Java security woes were behind you? Think again. Oracle is planning to release a Critical Patch Update on Tuesday that affects multiple versions of Java, and it's another doozy. According to Oracle's security announcement, the patch pack addresses 40 different vulnerabilities. All update levels of Java SE 5, 6, and …
Neil McAllister, 14 Jun 2013

Oracle pours hot, steaming Java into heterogeneous heaven

The future of heterogeneous computing, in which CPUs and GPUs transparently share memory and seamlessly share tasks, has taken another step to fruition: Oracle has joined the HSA – heterogeneous systems architecture – Foundation, with the intent of making Java fully HSA-compliant. "Our intent at Oracle ... is to make [Java] the …
Rik Myslewski, 13 Nov 2013
Greg Luck, CTO at Hazelcast

Hazelcast signs Java speed king to its in-memory data-grid crew

In-memory data-grid specialist Hazelcast has landed the guru behind Java caching framework Ehcache as its chief technology officer. Greg Luck is joining Hazelcast to refine its in-memory data-grid product for enterprises and to develop paid-for packages. Luck is famous for leading Ehcache, the most widely used Java cache …
Gavin Clarke, 21 Jan 2014

Java EE 7 melds HTML5 with enterprise apps

Oracle has announced public availability of Java EE 7, the first major release of the enterprise formulation of Java since the database giant took control of the platform in 2010. The last version shipped way back in 2009. Support for HTML5 and related technologies is one of the key themes of this release. Among the new APIs …
Neil McAllister, 13 Jun 2013
management consumerisation

Java or .NET bod in the Midlands? Congrats - you've got a DOUBLE DIGIT payrise

IT contractors are being treated to whopping great annual pay rises of up to 13 per cent, a survey has revealed. While the rest of the world makes do with rock bottom wages, tech bods working in the financial services sector are finding their pay packets shoot skywards due to heavy demand for their skills, according to the …
Jasper Hamill, 25 Feb 2014
The Register breaking news

Oracle blocks security hole with quick, hot 'n' premature Java update

Oracle has brought forward the timetable of an upcoming Java security update by two weeks in order to block off an in-the-wild security hole. The update, originally scheduled for 19 February, was released a fortnight early on Friday because of "active exploitation 'in the wild' of one of the vulnerabilities affecting the Java …
John Leyden, 04 Feb 2013

Java, Android were THE wide-open barn doors of security in 2013 - report

While it was another tough year for network security all around, 2013 was particularly hard on users of Java and Android, new research from Cisco has found. According to the networking giant's latest Annual Security Report, Java flaws were responsible for 91 per cent of all web-based exploits in 2013. Meanwhile, fully 99 per …
Neil McAllister, 17 Jan 2014
Android

'Copyrighted' Java APIs deserve same protection as HARRY POTTER, Oracle tells court

Oracle has asked an appeals court to decide that it does have copyright protection for its Java APIs, which Google used in the creation of its Android operating system, and thereby revive its billion-dollar suit against the firm. Oracle’s lawyer Josh Rosenkranz told the three-judge panel of the US Court of Appeals that Google …

ARM servers to gain boost from ARM, Oracle Java partnership

ARM Holdings on Monday announced that it has entered into a multi-year partnership with Oracle to optimize the Java Platform, Standard Edition (Java SE) for the ARM processor architecture, including 64-bit ARMv8 designs. ARM chips have long dominated the mobile computing biz, but this new effort will focus mainly on improving …
Neil McAllister, 22 Jul 2013
The Register breaking news

Yet another Java zero-day vuln is being exploited

A new Java zero-day vulnerability is being exploited by attackers, and until it is patched everyone should disable Java in their browser. The vulnerability targets browsers that have the latest version of the Java plugin installed – Java v1.6 Update 41 and Java v1.7 Update 15 – malware researchers FireEye reported on Thursday. …
Jack Clark, 01 Mar 2013

Oracle patches Java 0-day, goes to Defcon 2

Oracle has patched the latest Java nasty, suggesting users of the increasingly-flaw-prone product visit java.com pronto to download a new version of the software that addresses the flaw and stops malicious websites gaining control of compromised computers. In a blog post describing the fix, Oracle's Eric P. Maurice may just have …
Simon Sharwood, 13 Jan 2013
OpenJDF logo

Azure inhales open source Java implementation

Microsoft and Azul Systems have hoisted the open source Java implementation OpenJDK onto the Redmond's Azure cloud, giving developers access to the language on Azure's Windows-based cloud services. The news was announced by Azul Systems at the O'Reilly Open Source Convention in Portland, Oregon, on Wednesday. The OpenJDK for …
Jack Clark, 24 Jul 2013
spiders crawl through tunnel of binary numbers

Java applets run wild inside Notes

Attackers with a desire to rummage around inside the PCs of Notes users can do so merely by sending HTML emails containing a Java applet or JavaScript, IBM has admitted in a security advisory. Full Disclosure describes the effects as potentially nasty, saying "This can be used to load arbitrary Java applets from remote sources ( …
Simon Sharwood, 02 May 2013
More flaws found in Java

Java devs warned of pushbutton exploit for buggy Struts framework

Java developers were warned, but they didn't listen. Security researchers at Trend Micro report that old and vulnerable versions of the Apache Struts framework for Java are still in widespread use, and now Chinese hackers are using automated tools to exploit their flaws. The vulnerabilities in question were patched in the July …
Neil McAllister, 15 Aug 2013
The Register breaking news

Oracle slaps critical patch on insecure Java

Oracle has issued a critical update patch for Java as the database giant works to shore up confidence in the widely used code. The security update fixes 42 security flaws, 19 of which merit a 10 (most severe) rating acording to the CVVS metric the company uses to evaluate the software. Along with this, Oracle has also sought to …
Jack Clark, 17 Apr 2013
Java logo

Java open-source frameworks 'pose risk' to biz - report

Open-source programming frameworks revolutionised Java development during the last decade, but not enough people know how to use them properly. That’s according to the CRASH Special Report by CAST that sampled 496 applications with 152 million lines of code and found most apps had been misconfigured. This increased the degree of …
Gavin Clarke, 31 Jan 2013

Java updates too much of a bother? Maybe online banking's just not for you

Security researchers have spotted a surge in attacks against online banking customers, thanks to a new strain of Java-exploiting Trojan Caphaw (aka Shylock). Over the last month or so the malware has targeted customers in at least 24 financial institutions, including Bank of Scotland, Barclays Bank, First Direct, Santander …
John Leyden, 23 Sep 2013
The Register breaking news

Rotten hackers feast on mouldy Java flaws

Most enterprise networks are riddled with vulnerable Java installations, according to a new study whose release coincides with the discovery of another 0-day Java flaw. Less than one per cent of organisations are running the latest version of Java, according to a study by security software firm Bit9. The most frequently …
John Leyden, 22 Jul 2013
The Register breaking news

Apple blocks Java on the Mac over security concerns

It's been a rough couple of weeks for Java. Security issues are dogging the code, the latest fix may cause almost as many problems as it solves, and now Apple has decided to block Java completely. French blog MacGeneration originally picked up the blockade, noticing that an update to Apple's XProtect now blocks all versions of …
Iain Thomson, 01 Feb 2013
The Register breaking news

Nasty nuke-lab data-slurper EVOLVES, now feeds off new Java hole

A piece of malware linked to attacks against governments and organisations involved in hi-tech industries such as space exploration and nuclear power has been adapted to exploit a recently uncovered Java security flaw. NetTraveler has been outfitted to exploit a recently patched Java bug as part of a watering-hole-style attack …
John Leyden, 05 Sep 2013
The Register breaking news

Java 8 release date slips again, now planned for 2014

Oracle has redoubled its efforts to address the recent spate of vulnerabilities related to Java running in web browsers, but the renewed focus on security has had an unfortunate side effect – namely, that Java 8 will no longer ship by its planned September 2013 release date. According to Mark Reinhold, chief architect for Oracle …
Neil McAllister, 18 Apr 2013
Java logo

Apple banishes Java from Mac browsers

Apple has discontinued its own Java plugin, issuing an 'update' that removes it from MacOS and encourages users to instead download Oracle's version of the software. The update, available now and depicted at the bottom of this story, advises users to install new software with the following effect: Java for OS X 2012-006 …
Simon Sharwood, 19 Oct 2012
USB Stress Panic Button

Retiring greybeards force firms to retrain Java, .NET bods as mainframe sysadmins

New IT grads and Java and .NET jockies are being re-trained to run mainframes by big companies desperate to replace a generation of IT staff giving up work. That’s according to Compuware, who has released a study that says CIOs are growing concerned about the looming skills shortage in their mainframe rooms. They are concerned …
Gavin Clarke, 20 Feb 2014
The Register breaking news

Java malware spotted using stolen certificate

If you haven't already run in the latest Java patch (issued yesterday), here's another good reason to do so: someone has turned up an exploit that uses signed code. In this post, Eric Romang looks at a malicious applet that comes with a signature using credentials stolen from Clearesult Consulting in the US. The stolen private …
The Register breaking news

Kill that Java plugin now! New 0-day exploit running wild online

A new Java zero-day security vulnerability is already being actively exploited to compromise PCs. The best way to defend against the attacks is to disable any Java browser plugins on your systems. The offending bug is present in fully patched and up-to-date installations of the Java platform, now overseen by database giant …
John Leyden, 10 Jan 2013
The Register breaking news

Are you in charge of a lot of biz computers? Got Java on them?

Java security vulnerabilities - exploited to hack Apple and Facebook this month - are rife across business computers worldwide, according to new research. The overwhelming majority (94 per cent) of PCs and other endpoints running Java software and surveyed by Websense are vulnerable to at least one Java runtime exploit, …
John Leyden, 26 Mar 2013

New critical Java flaw claimed

Oracle's Java is making a play to wrest back the title of world's leakiest code from Internet Explorer, after Polish researcher Adam Gowdiak claimed another critical flaw exists in the product. The new claim is stated on the Full Disclosure mailing list where Gowdiak writes that the newly-found flaw impacts “all latest versions …
Simon Sharwood, 26 Sep 2012
The Register breaking news

Oracle trowels more plaster over flawed Java browser plugin

Oracle has issued a rare emergency patch to address two vulnerabilities in the Java plugin for web browsers that the company says are being actively exploited. "Due to the severity of these vulnerabilities, and the reported exploitation of CVE-2013-1493 'in the wild,' Oracle strongly recommends that customers apply the updates …
Neil McAllister, 05 Mar 2013
The Register breaking news

RoboVM stirs up another helping of Java for iPhone

The free RoboVM, timidly launched as version 0.0.1, claims to bridge Java code into Objective C - including the native iOS Cocoa Touch APIs - providing greater portability to mobile apps. The release announcement boasts: RoboVM makes it possible to develop native iOS apps that use the CocoaTouch APIs in Java using familiar …
Bill Ray, 25 Jan 2013
The Register breaking news

VXers exploit users' confusion over Java to punt fake update

Cybercrooks have begun distributing an item of malware that poses as a Java security update. Oracle released a new version of Java 7 (Java 7u11) on Sunday (13 January) to addresses zero-day vulnerability that has been exploited in the wild. The update was important because the underlying exploit had been "weaponised" and bundled …
John Leyden, 18 Jan 2013
The Register breaking news

'Silent but deadly' Java security update breaks legacy apps - dev

An application developer reports that the latest Java 7 update "silently" deletes Java 6, breaking applications in the process. Java 7 update 11 was released two weeks ago to deal with an unpatched vulnerability which had gone mainstream with its incorporation into cybercrook toolkits such as the Blackhole Exploit Kit in the …
John Leyden, 31 Jan 2013
The Register breaking news

Latest Java patch is not enough, warns US gov: Axe plugins NOW

Security experts advise users to not run Java in their web browsers despite a patch from Oracle that mitigates a widely exploited security vulnerability. The database giant issued an emergency out-of-band patch on Sunday, but despite this the US Department of Homeland Security continues to warn citizens to disable Java plugins …
John Leyden, 15 Jan 2013
The Register breaking news

Apple FINALLY fills gaping Java hole that pwned its own devs

Apple has belatedly patched a security hole in the Java engine it ships with Mac OS X - the very hole exploited by hackers to infect Apple's own developers, their counterparts at Facebook and scores of other Mac-using companies. The vulnerability allowed miscreants to execute malicious code outside of the limited and supposedly …
John Leyden, 20 Feb 2013
The Register breaking news

Not done yet: Oracle to ship revised Java fix on February 19

If at first you don't succeed, and all that... Oracle now says the emergency Java Critical Patch Update it rushed out the door on February 1 didn't fix all of the issues it had originally intended to address, and that a revised patch including fixes for the remaining flaws will ship on February 19. February 19 had been the …
Neil McAllister, 12 Feb 2013
Java logo

Microsoft latest to 'fess up to Java-based Mac attack

Microsoft appears to be the latest big tech firm to have been hit by cyber attackers targeting Macs with a zero-day Java vulnerability, following a sophisticated campaign which has already infected developers at Facebook and Apple. In a blog post published late last Friday, Microsoft’s GM of Trustworthy Computing Security, Matt …
Phil Muncaster, 25 Feb 2013
The Register breaking news

Facebook devs HACKED in 'sophisticated' Java zero-day attack

Facebook has been hacked, but the company has found no evidence that user data was affected. Facebook's systems were "targeted in a sophisticated attack" in January after some of the company's developers visited a mobile-developer website that had been compromised, the company wrote on Friday afternoon. Malware was installed …
Jack Clark, 15 Feb 2013
The Register breaking news

Red Hat: We still love Java 6, even if Oracle doesn't

Red Hat has announced that it is assuming the leadership of the OpenJDK 6 community, just days after Oracle issued what it said would be the final patch for version 6 of its commercial Java SE 6 Development Kit. Oracle posted JDK 6 Update 43 on Monday as an emergency patch for the latest in a series of severe vulnerabilities …
Neil McAllister, 08 Mar 2013