Oracle

(get it in RSS or Atom)

Oracle Java fails at security in new and creative ways

CC-Oracle-PeterMakinski250

Oracle is about to release a new "feature" in its Java Runtime Environment (JRE) that allows enterprises (or anyone else) to turn off security features for backward compatibility.

Monday review - the hot 18 stories of the week

Monday review

Get yourself up to date with everything we've written in the last seven days - it's weekly roundup time.

Oracle ships giant raft of patches - but none of them for Java

0-250

Oracle's latest Patch Tuesday has come and gone, with the database-and-more behmoth putting out patches for 89 vulnerabilities.

This is the last time that Java and the rest of Oracle's product set will get scheduled updates separately...

Monday review - the hot 20 stories of the week

Monday review

Missed anything last week? Don't worry, here's a little roundup of everything we wrote.

LinkedIn unhacked, Microsoft bounties, Java in your browser - 60 Sec Security [VIDEO]

bounty-250

It's that time again - time for this week's 60 Second Security, our fun-but serious "security news with a conscience" video series.

Give it a spin...it'll only take a minute.

Oracle and Apple update Java - zapping browser Java would already have blocked 92.5% of the risk

oraclejava-250

As promised last week, Oracle shipped a Critical Patch Update for Java on Tuesday 18 June 2013.

Apple, which offers its own builds of Java, updated at the same time.

Paul Ducklin takes a look...

Monday review - the hot 16 stories of the week

Monday review

Get yourself up to date with everything we've written in the last seven days - it's weekly roundup time.

Get ready! Oracle to fix 40 holes in Java on Tuesday, 18 June 2013

There's a Java update coming next Tuesday, 18 June 2013, and you might as well get ready for it now if you haven't already.

Oracle has fixed 40 holes, all but three of them remotely exploitable.

Botnet smackdown, Oracle on Java, Passwords you can eat - 60 Sec Security [VIDEO]

2013-06-08-citadel-250

Here's our latest 60 Second Security video.

From botnet takedowns to authentication tokens you swallow...here's the latest security news in a easily digestible format!

Not good enough, Oracle - promises to secure Java are too little, too late

coffee-cup_thumb

In a big fat blog post, Oracle has promised to work harder to make Java more secure. But given the flood of high-profile, heavily-exploited vulnerabilities that have bobbed to the surface, can Oracle save this piece of software from drowning in bad vibes?

Yet another unpatched security hole found in Java

Yet another unpatched security hole found in Java

Just last week you were congratulating yourself for patching your computer against a Java security hole.

Now another zero-day unpatched vulnerability has been found in Oracle's widely used software.

Oracle and Apple ship critical Java updates - get yours today!

java-now-250

The security-beleaguered Java ecosystem usually gets updates just once every four months, in February, June and October.

But this year, Oracle has adapted that schedule a number of times, and this is one of them...

PWN2OWN results Day Two - Adobe Reader and Flash owned, Java felled yet again

PWN2OWN 2013 finished off today.

A second scheduled attack on IE 10 didn't happen, so IE 10 didn't get owned again, but Flash and Reader fell once each, and Java was exploited for the fourth time in two days...

PWN2OWN results Day One - Java, Chrome, IE 10 and Firefox owned

Of the Big Four browsers, only Apple's Safari has so far survived the onslaught of the browser-breakers at PWN2OWN 2013.

Java fell three times today; Adobe's Flash and Reader meet their attackers tomorrow...

Oracle ships out-of-band Java fix, Apple follows suit

Oracle recently published an emergency update for Java, and Apple quickly followed suit for the version of Java it still officially supports.

Paul Ducklin tries to guess where Oracle's Java patch cycle will end up...

Find a new way of exploiting Chrome, IE, Java, etc.. and you could win millions of dollars

Find a new way of exploiting Chrome, IE, Java, etc.. and you could win millions of dollars

Security researchers are gathering in Vancouver at the CanSecWest conference, in the hope of winning substantial cash prizes for finding exploitable vulnerabilities in the likes of Chrome, Internet Explorer and Java.

SSCC 103 - Mandiant report, iOS coders owned, Twitter accounts hacked, and more...

chet-chat-feat

Have your joined thousands of others, and become a loyal listener to the "Chet Chat" yet?

Here's the latest Naked Security podcast, Sophos Security Chet Chat 103, discussing a range of recent and newsworthy topics from the world of computer security.

Monday review - the hot 21 stories of the week

Monday review - the hot 24 stories of the week

Get yourself up to date with everything we've written in the last seven days - it's weekly roundup time.

Oracle on Java - we *will* have Patch Tuesday on 19 Feb 2013 after all

oracle-fix-250

Oracle brought forward its February Patch Tuesday to provide an accelerated fix for some in-the-wild exploits.

But that meant leaving other less vital stuff out, so the pre-empted Patch Tuesday will happen after all, on 19 Feb 2013. Be there!

Another Java update! Oracle brings Patch Tuesday forward to close in-the-wild hole...

"Yet another Java update! Get it while it's hot."

This update was planned for 19 Feb 2013.

But Oracle brought it forward, citing the "active exploitation 'in the wild' of one of the vulnerabilities affecting...desktop browsers".