Syber Group
Toll Free : 855-568-TSTG(8784)
Subscribe To : Envelop Twitter Facebook Feed linkedin

Javascript Security Flaws Discovered

April 24, 2014 by  
Filed under Computing

Comments Off on Javascript Security Flaws Discovered

Polish researchers have released technical details and attack code for 30 security issues affecting Oracle’s Java Cloud Service. Some of the flaws make it possible for attackers to read or modify users’ sensitive data or to execute malicious code.

Security Explorations said it would normally withhold public airings until after any vulnerability has been fixed. But apparently Oracle representatives failed to resolve some of the more crucial issues including bypasses of the Java security sandbox, bypasses of Java whitelisting rules, the use of shared WebLogic server administrator passwords, and the availability of plain-text use passwords stored in some systems.

Oracle apparently has admitted to the researchers that it cannot promise whether it will be communicating resolution of security vulnerabilities affecting their cloud data centres in the future.

Adam Gowdiak, CEO of Security Explorations said Oracle unveiled the Java Cloud Service in 2011 and held it up as a way to better compete against Salesforce.com.

Source

Java 6 Security Hole Found

September 6, 2013 by  
Filed under Security

Comments Off on Java 6 Security Hole Found

Security firms are urging users of Oracle’s Java 6 software to upgrade to Java 7 as soon as possible to avoid becoming the victims of active cyber attacks.

F-secure senior analyst Timo Hirvonen warned about the exploit this weekend over Twitter, advising that he had found an exploit in the wild actively targeting an unpatched vulnerability in Java 6, named CVE-2013-2463.

PoC for CVE-2013-2463 was released last week, now it’s exploited in the wild. No patch for JRE6… Uninstall or upgrade to JRE7 update 25.

— Timo Hirvonen (@TimoHirvonen) August 26, 2013

CVE-2013-2463 was addressed by Oracle in the June 2013 Critical Patch Update for Java 7. Java 6 has the same vulnerability, as Oracle acknowledged in the update, but since Java 6 became unsupported in April 2013, there is no patch for the Java 6 vulnerability.

Cloud security provider Qualys described the bug as an “implicit zero-day vulnerability”. The firm’s CTO Wolfgang Kandek said he had seen it included in the spreading Neutrino exploit kit threat, which “guarantees that it will find widespread adoption”.

“We know about its existence, but do not have a patch at hand,” Kandek said in a blog post. “This happens each time a software package loses support and we track these instances in Qualysguard with our ‘EOL/Obsolete’ detections, in this case.

“In addition, we still see very high rates of Java 6 installed, a bit over 50 percent, which means many organisations are vulnerable.”

Like F-secure, Kandek recommended that any users with Java 6 upgrade to Java 7 as soon as they can.

“Without doubt, organisations should update to Java 7 where possible, meaning that IT administrators need to verify with their vendors if an upgrade path exists,” he added.

Source

SOA’s New API Goes To The Cloud

May 14, 2013 by  
Filed under Computing

Comments Off on SOA’s New API Goes To The Cloud

SOA Software has launched an application programming interface (API) gateway today that allows businesses to expose their API’s with a built-in cloud based developer community, helping to grow their services and make it quicker for them to get up and running.

The firm’s CTO Alistair Farquharson said the API Gateway is unique due to it being a new concept in API and SOA management, aiming to “deliver new advantages in the application-level security space”.

“The new API Gateway provides monitory, security, and more uniquely, a developer community as well, so kind of a turnkey approach to an API gateway where a customer can buy that product, get it up and running, expose their API and expose the developer community to the outside world,” Farquharson said.

“[It will] support and manage the porting of mobile applications or web apps or B2B partnerships.”

Farquharson explained that there are three main components within the Gateway, which SOA Software has termed a “unified services gateway”, including a runtime component, a policy manager, and a developer community.

The runtime component handles the message traffic, whereas the policy manager component is capable of managing a range of different policies, such as threat protection, authentication, authorisation, anti-virus, monitorin, auditing, logging, for example.

“The whole objective here is to get a customer up and running with API’s as quickly as possible to meet some kind of a business need that they have, whether that’s mobile an application initiative or a web application, integration or syndication,” Farquharson added.

The third component is the API’s cloud-based “developer community”, which exposes an organisation to the outside world so developers can come take a look at its API, read its documentation, and see what APIs it has to figure out how to interact with them.

It’s this component that sets SOA Software’s Gateway apart form other firms doing similar appliances on the market, claims Farquharson.

“It essentially becomes the developer site for your organisation, with it all running on a single appliance which is rather unique,”  he added.

“The interesting thing about the gateway is that it does API’s as well as services [that are] needed for mobile devices so you have old and the new  encapsulated in the single appliance, which is very important to our customers.”

The developer community is offered through the API as a service, “like the Salesforce of APIs”, Farquharson said.

“Developers can go there and build their community and it provides them with high level service and availability and saglobla infrastructure and leverage the strength of their community to get themselves going.”

Source

AMD And Oracle Join Forces

October 12, 2012 by  
Filed under Computing

Comments Off on AMD And Oracle Join Forces

AMD is taking part in the OpenJDK project “Sumatra” in collaboration with Oracle.

The project aims to bring heterogeneous computing capabilities to Java for servers and clouds. It will look at how the Java virtual machine, language and APIs, can be spruced up to allow applications to take advantage of GPU acceleration, either in discrete graphics cards or in high-performance graphics processor cores such as those found in AMD APUs.

Manju Hegde, corporate vice president heterogeneous applications and developer solutions at AMD said that the OpenJDK Project represents the next step towards bringing heterogeneous computing to millions of Java developers. AMD has an established track record of collaboration with open-software development communities from OpenCL to the heterogeneous system architecture (HSA) foundation, and with this initiative we will help further the development of graphics acceleration within the Java community, he said.

Source…

Oracle Vs. Google Gets Postponed

October 26, 2011 by  
Filed under Computing

Comments Off on Oracle Vs. Google Gets Postponed

The US Court has postponed the trial that could see an agreement reached between Oracle and Google over the use of Java in the Android operating system.

The case has been in court for over a year and was expected to finish at the end of October, but yesterday US District Judge William Alsup put it on hold.

According to Reuters the decision had been expected, but perhaps less likely was the judge’s other bit of news, that he might hand the case over to another judge.

Perhaps no one expected the case to go on this long, or perhaps it was just whoever controls Alsup’s diary, as he explained that he has another criminal trial to deal with, one that might last until February next year.

“Your case is huge and needs the attention of somebody who can give it more time than I can,” Alsup said, despite his familiarity with the case.

Source…

Oracle Claims It Lost Over 1 Billion

October 1, 2011 by  
Filed under Computing

Comments Off on Oracle Claims It Lost Over 1 Billion

Oracle now estimates it has lost $1.16bn from Google’s alleged copyright and patent infringement by the Android operating system.

Last year Oracle sued Google claiming that its popular Android operating system infringed Java patents and copyrights. Since then the two sides have been trying to come to an agreement on any damages Google might have to pay.

Initially Oracle claimed $6.1bn from Google, but Judge William Alsup quickly told Oracle to come back with something more realistic. Oracle did just that yesterday with a figure $2.2bn, a figure that Google has urged the court to reject. Now Oracle claims it has lost $1.16bn due to Google’s Android, though this figure is not related to the damages claim it made yesterday.

Google on the other hand has claimed that Oracle’s expert witness Iain Cockburn, who calculated the damages, was a little too zealous in adding up his figures. Judge Alsup has already rebuked Google twice, once for trying to downplay the significance of Android and a second time for trying to use failed licensing talks with Sun to reduce any damage award.

Read More…..