The Apple Pips

Inside All Apple Products

Tag: Java (Page 1 of 2)

Google scales tiny mountain to hunt down crypto bugs

Enlarge / The view from Mount Wycheproof. It's not very spectacular. (credit: Prince Roy)

Google's Project Wycheproof is a new effort by Google to improve the security of widely used cryptography code.

Many of the algorithms used in cryptography for encryption, decryption, and authentication are complicated, especially when asymmetric, public key cryptography is being used. Over the years, these complexities have resulted in a wide range of bugs in real crypto libraries and the software that uses them.

Google's ambition with Project Wycheproof is to ensure that these known flaws are eradicated. The open source project contains a number of test cases that check for these known flaws; currently, there are more than 80 tests for 40 different defects. The project is limited in scope and realistically attainable, hence the name that Google has chosen: Mount Wycheproof is a hill that some claim is the world's smallest mountain. Its peak is 237 meters above sea level and just 43 meters above the surrounding plain. Scaling such a mountain is a straightforward proposition.

Read 3 remaining paragraphs | Comments

How Oracle’s business as usual is threatening to kill Java

Coffee break with lots of splashes.

Stop me if you've heard this one before: Oracle has quietly pulled funding and development efforts away from a community-driven technology where customers and partners have invested time and code. It all seems to be happening for no reason other than the tech isn't currently printing money.

It's a familiar pattern for open source projects that have become the property of Oracle. It started with OpenSolaris and continued with OpenOffice.org. And this time, it's happening to Java—more specifically to Java Enterprise Edition (Java EE), the server-side Java technology that is part of hundreds of thousands of Internet and business applications. Java EE even plays an integral role for many apps that aren't otherwise based on Java.

For months as Oracle Corporation's attorneys have battled Google in the courts over the use of Java interfaces in Android's Davlik programming language, Oracle's Java development efforts have slowed. And in the case of Java EE, they've come to a complete halt. The outright freeze has caused concerns among companies that contribute to the Java platform and among other members of the Java community—a population that includes some of Oracle's biggest customers.

Read 54 remaining paragraphs | Comments

Oracle will seek a staggering $9.3 billion in 2nd trial against Google

In a second go-round of its copyright lawsuit against Google, Oracle is hoping to land a knockout blow. A damages report filed last week in federal court reveals that the enterprise-software giant will ask for $9.3 billion in damages.

In its lawsuit, Oracle argues that Google infringed copyrights related to Java when it used 37 Java API packages to create its Android mobile operating system.

The damages it's seeking aren't just more than the Java API packages are worth—it's far more than Oracle paid for the entirety of Sun Microsystems, which was purchased in 2009 for $5.6 billion. By way of comparison, Google parent company Alphabet earned $4.9 billion in profits last quarter, according to IDG News, which reported on the Oracle figures yesterday.

Read 8 remaining paragraphs | Comments

Botched Java patch leaves millions vulnerable to 30-month-old attack

A botched security fix released for the Java software framework 30 months ago has left millions of users vulnerable to attacks that Oracle had claimed were no longer possible, a security researcher said.

The bypass code, which was released Thursday by Polish security firm Security Explorations, contains only minor changes to the original proof-of-concept, according to an e-mail posted to the Full Disclosure security list. Security Explorations released the original exploit in October 2013 following the release of a patch from Oracle. Thursday's bypass changes only four characters from the 2013 code and uses a custom server to work. The bypass means that millions of Java users have remained vulnerable to the flaw, categorized as CVE-2013-5838, despite assurances from Oracle that the attacks were no longer possible.

"We implemented a Proof of Concept code that illustrates the impact of the broken fix described above," Security Explorations researchers wrote in a report. "It has been successfully tested in the environment of Java SE Update 97, Java SE 8 Update 74, and Java SE 9 Early Access Build 108. In all cases, a complete Java security sandbox escape could be achieved."

Read 2 remaining paragraphs | Comments

Microsoft joins the Eclipse foundation, open sources some of its plugins

The Eclipse Foundation, the organization that oversees development of the Eclipse development environment, has a new member: Microsoft announced Tuesday that it is joining so that it can more easily collaborate with the Eclipse community.

Simultaneous with that move, the company open sourced its Team Explorer Everywhere plugin for Eclipse, which allows Eclipse users to use Team Foundation Server for their version control and bug tracking. The code is now up on GitHub. The Team Explorer Everywhere plugin joins the Azure Toolkit for Eclipse, which is already open source.

To further streamline integration with Microsoft's services for Eclipse users, there is new support for Codenvy in Visual Studio Team Services. With the Codenvy extension, VSTS can generate an Eclipse workspace on demand, quickly setting up a virtual machine with all the right plugins and build tools to work on a project. Codenvy VMs can also now be provisioned on Azure thanks to a new Codenvy VM in the Azure Marketplace.

Read 1 remaining paragraphs | Comments

Page 1 of 2

Powered by WordPress & Theme by Anders Norén