Sign up for our Technology Newsletter 
Will Google Stop Using Java?
Google is so hacked off with Oracle’s java antics it is seriously considering taking it out of Android and replacing it with Apple’s open sauce Swift software.
While we would have thought that there would be little choice between Oracle and Apple as evil software outfits, the fact that Apple uncharacteristically made Swift open source might make life a bit brighter for Google. At the moment Oracle is suing Google for silly money for its Java use in Android.
Swift was created as a replacement for Objective C, and is pretty easy-to-write. It was introduced at WWDC 2014, and has major support from IBM as well as a variety of major apps like Lyft, Pixelmator and Vimeo that have all rebuilt iOS apps with Swift.
But since Apple open sourced Swift, Google, Facebook and Uber have al said that they are interested in it. Taking Java out of Android is a big job. Google would also have to make its entire standard library Swift-ready, and support the language in APIs and SDKs. Some low-level Android APIs are C++, which Swift cannot bridge to. Higher level Java APIs would also have to be re-written.
Of course if it did all this, Apple might realize that its biggest rival was using its own software to club it to death. It might not be be so nice about allowing Swift out to play and eventually Google have to fork Swift and dump the Apple version. This would probably result in an anst-ridden moan album about how life is so unfair which makes a fortune while scoring passive agressive revenge on the dumpee.
Courtesy-Fud
Pawn Storm Hacking Develops New Tools For Cyberespionage
Comments Off on Pawn Storm Hacking Develops New Tools For Cyberespionage
A Russian cyberespionage group known as Pawn Storm has made use of new tools in an ongoing attack campaign against defense contractors with the goal of defeating network isolation policies.
Since August, the group has been engaged in an attack campaign focused on defense contractors, according to security researchers from Kaspersky Lab.
During this operation, the group has used a new version of a backdoor program called AZZY and a new set of data-stealing modules. One of those modules monitors for USB storage devices plugged into the computer and steals files from them based on rules defined by the attackers.
The Kaspersky Lab researchers believe that this module’s goal is to defeat so-called network air gaps, network segments where sensitive data is stored and which are not connected to the Internet to limit their risk of compromise.
However, it’s fairly common for employees in organizations that use such network isolation policies to move data from air-gapped computers to their workstations using USB thumb drives.
Pawn Storm joins other sophisticated cyberespionage groups, like Equation and Flame, that are known to have used malware designed to defeat network air gaps.
“Over the last year, the Sofacy group has increased its activity almost tenfold when compared to previous years, becoming one of the most prolific, agile and dynamic threat actors in the arena,” the Kaspersky researchers said in a blog post. “This activity spiked in July 2015, when the group dropped two completely new exploits, an Office and Java zero-day.”
Source- http://www.thegurureview.net/aroundnet-category/pawn-storm-hacking-group-develops-new-tools-for-cyberespionage.html
Can Oracle Make Money Off Android?
Database outfit Oracle’s moves to try and copyright APIs appear to be part of an attempt for Oracle to make money on Android.
Oracle has asked a U.S. judge for permission to update its copyright lawsuit against Google to include the Android which it claims contains its Java APIs.
Oracle sued Google five years ago and is seeking roughly $1 billion in copyright claims if it manages to convince a court that its APIs are in Android it could up the damages by several billions.
Oracle wrote in a letter to Judge William Alsup on Wednesday that the record of the first trial does not reflect any of these developments in the market, including Google’s dramatically enhanced market position in search engine advertising and the overall financial results from its continuing and expanded infringement.
Last month, the US Supreme Court upheld an appeals court’s ruling that allows Oracle to seek licensing fees for the use of some of the Java language. Google had said it should use Java APIs without paying a fee.
Is Yahoo Growing?
July 9, 2015 by admin
Filed under Around The Net
Comments Off on Is Yahoo Growing?
Yahoo’s share gains since November from a partnership with Mozilla may be a clue about whether the search company can gain new users through the just-announced contract to change Internet Explorer’s and Chrome’s default search through installations of Oracle’s Java.
Although the news of the Yahoo-Oracle partnership got the lion’s share of attention, CEO Marissa Mayer also used last week’s shareholder meeting to mention the Mozilla pact.
The five-year contract with Mozilla, the maker of Firefox, has boosted Yahoo’s share of the U.S. search market, but growth has stalled for the last three months, according to measurement company comScore.
On Wednesday, Mayer asserted that the Mozilla deal — negotiated last fall — was “profitable,” but didn’t provide any numbers to back that up. Neither Yahoo nor Mozilla has disclosed how much the former paid to become Firefox’s default search engine in the U.S.
By comScore’s measurement, Yahoo accounted for 12.7% of all U.S. searches in May, the same share it controlled in both March and April. Although that was 2.5 percentage points higher than in November 2014 — before Firefox began urging users to accept Yahoo as the default — and represented a six-month increase of 25%, May’s share was down from the January peak of 13%.
From all indications, Yahoo has gotten as much out of the Firefox deal as it will likely get. The flip-side is that Yahoo has hung onto most of what it grabbed from Google — Firefox’s previous default — even as Google has tried to get users to return.
For May, comScore pegged Google’s share at 64.1%, down one-tenth of a percentage point from the month prior. Microsoft’s share rose that one-tenth of a point to end May at 20.3%. Because Bing powers Yahoo’s search results, Microsoft’s technology accounted for 31.4% of all U.S. searches, still less than half Google’s 65.2%.
Google Goes To The Supreme Court
Google has asked the U.S. Supreme Court to rule on contentious litigation against Oracle arguing that the high court must act to protect innovation in high tech.
Google’s request seeks to overturn an appeals court ruling that found Oracle could copyright APIs of its Java programming language, which Google used to design its Android smartphone operating system.
Oracle sued Google in 2010, claiming that Google had improperly incorporated parts of Java into Android. Oracle wants $1 billion on its copyright claims. Oracle claimed Google’s Android trampled on its rights to the structure of 37 Java APIs. A San Francisco federal judge had decided that Oracle could not claim copyright protection on parts of Java, but earlier this year the U.S. Court of Appeals for the Federal Circuit in Washington disagreed.
In its filing this week, Google said the company would never been able to innovate had the Federal Circuit’s reasoning been in place when the company was formed.
“Early computer companies could have blocked vast amounts of technological development by claiming 95-year copyright monopolies over the basic building blocks of computer design and programming,” Google wrote.
Javascript Security Flaws Discovered
Polish researchers have released technical details and attack code for 30 security issues affecting Oracle’s Java Cloud Service. Some of the flaws make it possible for attackers to read or modify users’ sensitive data or to execute malicious code.
Security Explorations said it would normally withhold public airings until after any vulnerability has been fixed. But apparently Oracle representatives failed to resolve some of the more crucial issues including bypasses of the Java security sandbox, bypasses of Java whitelisting rules, the use of shared WebLogic server administrator passwords, and the availability of plain-text use passwords stored in some systems.
Oracle apparently has admitted to the researchers that it cannot promise whether it will be communicating resolution of security vulnerabilities affecting their cloud data centres in the future.
Adam Gowdiak, CEO of Security Explorations said Oracle unveiled the Java Cloud Service in 2011 and held it up as a way to better compete against Salesforce.com.
Cryptolocker Infects 250K Systems
DELL’s security research team has revealed that a new form of ransomware, dubbed “Cryptolocker” has managed to infect up to 250,000 devices, stealing almost a million dollars in Bitcoins.
“Based on the presented evidence, researchers estimate that 200,000 to 250,000 systems were infected globally in the first 100 days of the CryptoLocker threat,” Dell announced in a Secureworks post.
The firm worked out that if the Cryptolocker ransomware threat actors had sold its 1,216 total Bitcoins (BTC) that they collected from September this year, immediately upon receiving them, they would have earned nearly $380,000.
“If they elected to hold these ransoms, they would be worth nearly $980,000 as of this publication based on the current weighted price of $804/BTC,” Dell said.
Cryptolocker is unique when compared against your average ransomware. Instead of using a custom cryptographic implementation like many other malware families, Cryptolocker uses third-party certified cryptography offered by Microsoft’s CryptoAPI.
“By using a sound implementation and following best practices, the malware authors have created a robust program that is difficult to circumvent,” Dell said.
Conventionally, ransomware prevents victims from using their computers normally and uses social engineering to convince them that failing to follow the malware authors’ instructions will lead to real-world consequences. These consequences, such as owing a fine or facing arrest and prosecution, are presented as being the result of a fabricated indiscretion such as pirating music or downloading illegal pornography.
“Victims of traditional forms of ransomware could ignore the demands and use security software to unlock the system and remove the offending malware,” Dell explained. “Cryptolocker changes this dynamic by aggressively encrypting files on the victim’s system and returning control of the files to the victim only after the ransom is paid.”
Dell said that the earliest samples of Cryptolocker appear to have been released on 5 September this year. However, details about its initial distribution phase are unclear.
“It appears the samples were downloaded from a compromised website located in the United States, either by a version of Cryptolocker that has not been analysed as of this publication, or by a custom downloader created by the same authors,” Dell added.
Dell seems to think that early versions of Cryptolocker were distributed through spam emails targeting business professionals as opposed to home internet users, with the lure often being a ‘consumer complaint’ against the email recipient or their organisation.
Attached to these emails would be a ZIP archive with a random alphabetical filename containing 13 to 17 characters, containing a single executable with the same filename as the ZIP archive but with an EXE extension, so keep your eye out for emails that fit this description.
Java 6 Security Hole Found
Security firms are urging users of Oracle’s Java 6 software to upgrade to Java 7 as soon as possible to avoid becoming the victims of active cyber attacks.
F-secure senior analyst Timo Hirvonen warned about the exploit this weekend over Twitter, advising that he had found an exploit in the wild actively targeting an unpatched vulnerability in Java 6, named CVE-2013-2463.
PoC for CVE-2013-2463 was released last week, now it’s exploited in the wild. No patch for JRE6… Uninstall or upgrade to JRE7 update 25.
— Timo Hirvonen (@TimoHirvonen) August 26, 2013
CVE-2013-2463 was addressed by Oracle in the June 2013 Critical Patch Update for Java 7. Java 6 has the same vulnerability, as Oracle acknowledged in the update, but since Java 6 became unsupported in April 2013, there is no patch for the Java 6 vulnerability.
Cloud security provider Qualys described the bug as an “implicit zero-day vulnerability”. The firm’s CTO Wolfgang Kandek said he had seen it included in the spreading Neutrino exploit kit threat, which “guarantees that it will find widespread adoption”.
“We know about its existence, but do not have a patch at hand,” Kandek said in a blog post. “This happens each time a software package loses support and we track these instances in Qualysguard with our ‘EOL/Obsolete’ detections, in this case.
“In addition, we still see very high rates of Java 6 installed, a bit over 50 percent, which means many organisations are vulnerable.”
Like F-secure, Kandek recommended that any users with Java 6 upgrade to Java 7 as soon as they can.
“Without doubt, organisations should update to Java 7 where possible, meaning that IT administrators need to verify with their vendors if an upgrade path exists,” he added.
Jury Finds Google Liable
May 14, 2012 by admin
Filed under Around The Net
Comments Off on Jury Finds Google Liable
A jury has found Google liable for copyright infringement in its use of Java in Android, but so far has not decided whether that infringement was protected by rules governing “fair use.”
The verdict, delivered Monday after a week of deliberations by the jury, is a partial victory for Oracle in its lawsuit against Google. But Oracle will have to wait longer — possibly for a retrial — to see whether Google will escape liability by claiming fair use.
Google’s attorney, Robert Van Nest, immediately told the judge that Google would file for a mistrial. Google’s argument will be that the same jury must decide both the copyright infringement and fair use issues.
The jury also decided that Sun’s public statements about Java might have suggested to Google that it did not need a license for Java.
But in another setback for Google, it decided there was insufficient evidence to show that Google relied on that information.
Is Apple Taking Work Conditions Seriously?
February 20, 2012 by admin
Filed under Consumer Electronics
Comments Off on Is Apple Taking Work Conditions Seriously?
Apple “takes working conditions very seriously”, the firm’s CEO Tim Cook said at a conference yesterday.
Cook was speaking at a Goldman Sachs technology conference, according to Mac Rumours. He said the company is committed to making sure working conditions are up to standard, and that Apple’s top priority will be to eliminate underage workers. He added, “If we find a supplier that intentionally hires underage labor, it’s a firing offence.”
Cook said, “Apple takes working conditions very seriously, and we have for a very long time. Whether workers are in Europe or Asia or the United States, we care about every worker.”
He added, “I’ve spent a lot of time in factories, personally. Not just as an executive. I worked at a paper mill in Alabama and an aluminium plant in Virginia. Many of our top executives visit factories on a regular basis. We have hundreds of employees based there full time.
“We are very connected to the process and we understand working conditions at a very granular level. I realize that the supply chain is complex and I’m sure that you realise this.
“The issues around it are complex. Our commitment is simple: every worker has the right to a fair and safe work environment, free of discrimination, where they can earn competitive wages and they can voice their concerns freely. Apple’s suppliers must live up to this to do business with Apple.
“No one in our industry is doing more to improve working conditions than Apple. We believe transparency is so very important in this area.”
Yesterday, Apple asked the Fair Labor Association (FLA) to conduct audits at Foxconn’s factories in China. In a statement, Apple said that factories in Shenzhen and Chengdu will be audited at its request. Audits have already begun.