Oracle

(get it in RSS or Atom)

No Heartbleed holes in Java, but here comes a sea of patches anyway

hb-no-250

Oracle's quarterly Patch Tuesday updates are out.

Java gets 37 fixes, 35 of them what Oracle calls "Remote Exploit without Authentication".

The silver lining? No Heartbleed bug in Java Standard Edition...

Browsers pwned, Korean megabreach, hackers phoiled, and Chet Chat turns 4! [VIDEO]

2014-03-15-pwned-250

Which browser plugin withstood PWN2OWN? How big was the latest South Korean megabreach? What happens when hackers attack phishers?

Find out in 60 Second Security...

PWN2OWN Day Two - Chrome and Safari join the losers

p2o-d2-250

Here are the PWN2OWN results from Day Two, and an overview of the final payouts.

Chrome and Safari didn't get picked for Day One, but both of them were pwned on Day Two - twice for Chrome and once for Safari....

PWN2OWN Day One - Reader, IE, Flash and Firefox felled, Java left standing

p2o-250

PWN2OWN Day One results are in!

The target that sounded easiest - Oracle Java, with prize money less than a third of the supposedly much tougher IE 11 - was the only one left standing at the end of the first half...

SSCC 134 - Patching, foisting, hacking and obfuscating [PODCAST]

sscc-134-thumb-250

Here's our latest security podcast, featuring Sophos experts Chester Wisniewski and Paul Ducklin.

Join the dynamic duo as they turn the latest news into a quarter-hour podcast that is informative, entertaining and educational.

Oracle and Java, Apple and the FTC, Google and privacy - 60 Sec Security [VIDEO]

2014-01-18-thermostat-250

Why was this month's Java update a "must patch"? Should in-app purchases be allowed to target children? Is it a good idea to give Google control of your home?

Find out in 60 Second Security for 18 Jan 2014

SSCC 130 - Botnets, banking, breaches, patching and the Mavericks controversy [PODCAST]

sscc-130-thumb-250

What's the best way to deal with botnets? Should you use your bank's mobile app? Why all these data breaches? What about Patch Tuesday? Do you really *have* to update your Mac to Mavericks?

Listen as Chet and Duck dissect and explore the week's security stories...

Patch Tuesday - get ready for the January 2014 Security Trifecta!

pt-jan-2104-250

In January 2014, Patch Tuesday coincides for Oracle, Adobe and Microsoft.

Here's what you'll be up against in the opening fixture of the 2014 Patching Season...

SSCC 120 - Vulnerabilities, backdoors, crypto done right, and crypto done wrong [PODCAST]

sscc-120-thumb-250

Ah, the irony! Good crypto from the bad guys, and bad crypto from the good guys...

Chet and Duck turn the latest security news into an insightful, amusing and educational discussion in the latest episode of their two-weekly podcast.

Oracle releases 127 security fixes, 51 for Java alone

oraclejava-250

Oracle has released its quarterly software update fixing more than 100 security vulnerabilities in its products. Java is at risk from more than 50 flaws, so it is time to update immediately if you still use it.

Oracle Java fails at security in new and creative ways

CC-Oracle-PeterMakinski250

Oracle is about to release a new "feature" in its Java Runtime Environment (JRE) that allows enterprises (or anyone else) to turn off security features for backward compatibility.

Monday review - the hot 18 stories of the week

Monday review

Get yourself up to date with everything we've written in the last seven days - it's weekly roundup time.

Oracle ships giant raft of patches - but none of them for Java

0-250

Oracle's latest Patch Tuesday has come and gone, with the database-and-more behmoth putting out patches for 89 vulnerabilities.

This is the last time that Java and the rest of Oracle's product set will get scheduled updates separately...

Monday review - the hot 20 stories of the week

Monday review

Missed anything last week? Don't worry, here's a little roundup of everything we wrote.

LinkedIn unhacked, Microsoft bounties, Java in your browser - 60 Sec Security [VIDEO]

bounty-250

It's that time again - time for this week's 60 Second Security, our fun-but serious "security news with a conscience" video series.

Give it a spin...it'll only take a minute.

Oracle and Apple update Java - zapping browser Java would already have blocked 92.5% of the risk

oraclejava-250

As promised last week, Oracle shipped a Critical Patch Update for Java on Tuesday 18 June 2013.

Apple, which offers its own builds of Java, updated at the same time.

Paul Ducklin takes a look...

Monday review - the hot 16 stories of the week

Monday review

Get yourself up to date with everything we've written in the last seven days - it's weekly roundup time.

Get ready! Oracle to fix 40 holes in Java on Tuesday, 18 June 2013

There's a Java update coming next Tuesday, 18 June 2013, and you might as well get ready for it now if you haven't already.

Oracle has fixed 40 holes, all but three of them remotely exploitable.

Botnet smackdown, Oracle on Java, Passwords you can eat - 60 Sec Security [VIDEO]

2013-06-08-citadel-250

Here's our latest 60 Second Security video.

From botnet takedowns to authentication tokens you swallow...here's the latest security news in a easily digestible format!

Not good enough, Oracle - promises to secure Java are too little, too late

coffee-cup_thumb

In a big fat blog post, Oracle has promised to work harder to make Java more secure. But given the flood of high-profile, heavily-exploited vulnerabilities that have bobbed to the surface, can Oracle save this piece of software from drowning in bad vibes?