Category: Java


Android 4.4.3 KitKat update reportedly coming soon

After a never-before-seen version of KitKat has been spotted a few days ago – version KTU65 – suggesting that Google may release at least one more KitKat update before moving to a new Android OS version, a new tweet from known developer LlabTooFeR says that Android 4.4.3 may be just around the corner, with version KTU72B identified as the upcoming software update.

“Android 4.4.3 is under testing. Build number is KTU72B,” the developer wrote. “Probably it will fix known camera bug.” This KitKat version’s code name suggests this build (dated March 13) is newer than the previous one (dated March 6,) although the developer did not share any details as to when Google will actually release it.

Similarly, it’s not clear whether the update will bring any new features, on top of the expected camera fix for the Nexus 5, and whether it will be available to other devices as well. Still, this appears to be first time these newly discovered KitKat builds are associated with “Android 4.4.3.”

The latest KitKat software version available to Android users is KOT49H (Android 4.4.2), although only some devices have been updated so far, including Nexus tablets and smartphones. A recent report said that Google will unveil Android 4.5 this summer, likely together with new Nexus devices – the company is rumored to ship at least one new tablet this year, with rumors indicating that a Nexus device with an 8.9-inch may be in the works.

Source: BGR

Latest Java software opens PCs to hackers: experts

Computer security firms are urging PC users to disable Java software in their browsers, saying the widely installed, free software from Oracle Corp opens machines to hacker attacks and there is no way to defend against them.

The warnings, which began emerging over the weekend from Rapid7, AlienVault and other cyber security firms, are likely to unnerve a PC community scrambling to fend off growing security threats from hackers, viruses and malware.

Researchers have identified code that attacks machines by exploiting a newly discovered flaw in the latest version of Java. Once in, a second piece of software called “Poison Ivy” is released that lets hackers gain control of the infected computer, said Jaime Blasco, a research manager with AlienVault Labs.

Several security firms advised users to immediately disable Java software — installed in some form on the vast majority of personal computers around the world — in their Internet browsers. Oracle says that Java sits on 97 percent of enterprise desktops.

“If exploited, the attacker will be able to perform any action the victim can perform on the victim’s machine,” said Tod Beardsley, an engineering manager with Rapid7’s Metasploit division.

Computers can get infected without their users’ knowledge simply by a visit to any website that has been compromised by hackers, said Joshua Drake, a senior research scientist with the security firm Accuvant.

Java is a computer language that enables programmers to write one set of code to run on virtually any type of machine. It is widely used on the Internet so that Web developers can make their sites accessible from multiple browsers running on Microsoft Windows PCs or Macs from Apple Inc.

An Oracle spokeswoman said she could not immediately comment on the matter.

Security experts recommended that users not enable Java for universal use on their browsers. Instead, they said it was safest to allow use of Java browser plug-ins on a case-by-case basis when prompted for permission by trusted programs such as GoToMeeting, a Web-based collaboration tool from Citrix Systems Inc

Rapid7 has set up a web page that tells users whether their browser has a Java plug-in installed that is vulnerable to attack: www.isjavaexploitable.com

Source: Reuters

Ryan says: I would recommend updating to the latest version of Java.  The latest version of Java Runtime Environment JRE-64-bit is here. For users with older computers, try downloading the latest version in 32-bit.

Half a million Mac computers ‘infected with malware

More than half a million Apple computers have been infected with the Flashback Trojan, according to a Russian anti-virus firm.

Its report claims that about 600,000 Macs have installed the malware – potentially allowing them to be hijacked and used as a “botnet”.

The firm, Dr Web, says that more than half that number are based in the US.

Apple has released a security update, but users who have not installed the patch remain exposed.

Flashback was first detected last September when anti-virus researchers flagged up software masquerading itself as a Flash Player update. Once downloaded it deactivated some of the computer’s security software.

Later versions of the malware exploited weaknesses in the Java programming language to allow the code to be installed from bogus sites without the user’s permission.

Dr Web said that once the Trojan was installed it sent a message to the intruder’s control server with a unique ID to identify the infected machine.

“By introducing the code criminals are potentially able to control the machine,” the firm’s chief executive Boris Sharov told the BBC.

“We stress the word potential as we have never seen any malicious activity since we hijacked the botnet to take it out of criminals’ hands. However, we know people create viruses to get money.

“The largest amounts of bots – based on the IP addresses we identified – are in the US, Canada, UK and Australia, so it appears to have targeted English-speaking people.”

Dr Web also notes that 274 of the infected computers it detected appeared to be located in Cupertino, California – home to Apple’s headquarters.

Java’s developer, Oracle, issued a fix to the vulnerability on 14 February, but this did not work on Macintoshes as Apple manages Java updates to its computers.

Apple released its own “security update” on Wednesday – more than eight weeks later. It can be triggered by clicking on the software update icon in the computer’s system preferences panel.

The security firm F-Secure has also posted detailed instructions about how to confirm if a machine is infected and how to remove the Trojan.

Although Apple’s system software limits the actions its computers can take without requesting their users’ permission, some security analysts suggest this latest incident highlights the fact that the machines are not invulnerable.

“People used to say that Apple computers, unlike Windows PCs, can’t ever be infected – but it’s a myth,” said Timur Tsoriev, an analyst at Kaspersky Lab.

Apple could not provide a statement at this time.

Ryan: Download Apple’s security update for the Flashback Trojan here.

Source: BBC News

Oracle plugs 21 dangerous Sun Java security holes

Oracle today issued a security alert to warn about 21 security holes in its widely deployed Java SE and Java for Business products and warned that the flaws are dangerous enough to expose users to remote code execution attacks.

Oracle said the most severe CVSS Base Score for vulnerabilities fixed in this Java patch batch is 10.0, the highest severity rating.

Out of these 21 vulnerabilities, 13 affect Java client deployments. 12 of these 13 vulnerabilities can be exploited through Untrusted Java Web Start applications and Untrusted Java Applets, which run in the Java sandbox with limited privileges. One of these 13 vulnerabilities can be exploited by running a standalone application.

Researcher warns of dangerous Java flaw

According to the advisory, 3 of the 21 vulnerabilities affect client and server deployments and can be exploited through Untrusted Java Web Start applications and Untrusted Java Applets, as well as be exploited by supplying malicious data to APIs in the specified components, such as, for example, through a web service.

Because of the severity of the vulnerabilities in this Java update, Oracle recommends that Java customers apply it “as soon as possible.”

As usual, be careful with those pre-checked bloatware add-ons.

Source: ZDNet

Android source code, Java, and copyright infringement: what’s going on?

So it’s been a fun day of armchair code forensics and legal analysis on the web after Florian Mueller published a piece this morning alleging Google directly copied somewhere between 37 and 44 Java source files in Android. That’s of course a major accusation, seeing as Oracle is currently suing Google for patent and copyright infringement related to Java, and it prompted some extremely harsh technical rebuttals, like this one from ZDNet and this one from Ars Technica. The objections in short: the files in question are test files, aren’t important, probably don’t ship with Android, and everyone is making a hullabaloo over nothing.

We’ll just say this straight out: from a technical perspective, these objections are completely valid. The files in question do appear to be test files, some of them were removed, and there’s simply no way of knowing if any of them ended up in a shipping Android handset. But — and this is a big but — that’s just the technical story. From a legal perspective, it seems very likely that these files create increased copyright liability for Google, because the state of our current copyright law doesn’t make exceptions for how source code trees work, or whether or not a script pasted in a different license, or whether these files made it into handsets. The single most relevant legal question is whether or not copying and distributing these files was authorized by Oracle, and the answer clearly appears to be “nope” — even if Oracle licensed the code under the GPL. Why? Because somewhere along the line, Google took Oracle’s code, replaced the GPL language with the incompatible Apache Open Source License, and distributed the code under that license publicly. That’s all it takes — if Google violated the GPL by changing the license, it also infringed Oracle’s underlying copyright. It doesn’t matter if a Google employee, a script, a robot, or Eric Schmidt’s cat made the change — once you’ve created or distributed an unauthorized copy, you’re liable for infringement.*

Why does this matter? Because we’re hearing that Oracle is dead-set on winning this case and eventually extracting a per-handset royalty on every Android handset shipped. In that context, “those files aren’t important!” isn’t a winning or persuasive argument — and the more these little infringements add up, the worse things look for Google. Whether or not these files are a “smoking gun” isn’t the issue — it’s whether Android infringes Oracle’s patents and copyrights, since the consequences either way will be monumental and far-reaching. Ultimately, though, the only person who can resolve all of this for certain is a judge — and it’s going to take a lot more time and research to get there.

Source: Engadget

Oracle Says New Sun SPARC Servers Faster than Any Before

Oracle CEO Larry Ellison says its new SPARC T3-based servers, based on Sun technology, run Oracle databases faster than anything ever before. The software giant (ORCL) completed its $7.3 billion acquisition of Sun Microsystems earlier this year, putting it in direct competition with hardware and server makers IBM and HP.

And now, it seems Oracle is ready for heavy-duty, high-performance action in the server market. At a December 2nd customer event, Ellison introduced the SPARC Supercluster and Solaris-based Exalogic Elastic Cloud System, highlighting plans to cut the trend of customer defections and reinvigorate revenues from Sun hardware.

Oracle’s SPARC Supercluster is billed as a complete infrastructure solution including software, servers, networking and storage, and optimized for running Oracle database RAC environments. Based on the architecture used in Oracle’s new TPC-C world record, the SPARC Supercluster solution utilizes SPARC servers, FlashFire, InfiniBand QDR, Oracle Solaris, and the ZFS Storage Appliance.

Sunnyside Up for Data Centers

Oracle also announced Oracle Exalogic Cloud T3-1B, a new model that aims to bring the strengths of SPARC Solaris servers to Oracle Exalogic Cloud-engineered systems. The new product is designed for large-scale, mission-critical deployments. Oracle tuned the hardware to run Java and non-Java applications.

The Oracle Exalogic Elastic Cloud T3-1B combines SPARC servers running Oracle Solaris 11 Express with InfiniBand-based I/O fabric, the Oracle WebLogic Server, and other enterprise Java-based Oracle middleware products. Oracle said it’s optimized for multi-threaded applications, making way for customers to see increased performance for multi-threaded enterprise Java software, such as Oracle WebLogic Server.

“With the SPARC Solaris model of Oracle Exalogic Elastic Cloud, customers who have standardized on SPARC Solaris can easily obtain the extreme benefits of Oracle Exalogic Elastic Cloud and consolidate their data center while leveraging their existing investment and skills,” said Hasan Rizvi, senior vice president of Oracle Fusion Middleware.

Bigger-Faster-Better Solution

NewsFactor checked in with analyst Charles King at Pund-IT, for his take on the news. King said the performance benchmarks that Oracle is reporting are impressive indeed, however, he cautioned, he’s not going to be “jumping up and down” until he sees a third party replicate the numbers. Still, King said, the new products represent a strong stake in the ground for Oracle, in light of Sun’s recent losses in revenues and market position.

On the upside, King said Oracle needs to give Sun customers “a good reason not to consider other platforms.” A visionary, high-performance, high-scalability, bigger-fast-better solution like those announced last week, he said, demonstrates a level of commitment and investment to “reassure flighty customers that the ship is stayed, back on track, and that things will progress.”

“That said, this kind of high-end, hugely scalable very large system is typically not the kind of product that constitutes any vendor’s bread and butter,” King said. “The bread-and-butter systems are at the end in the volume space. It will be interesting to see the follow on systems for this and how Oracle intends to proceed, not just with these systems, but also with next-generation.”

Fightin’ Words

In response to Ellison’s performance boasts, the Wall Street Journal quotes a prepared statement from HP, characterizing the former Sun computer business as inferior and suggesting that Oracle has used outdated benchmark numbers for HP to make its latest comparisons.

“Customers aren’t fooled by outdated benchmarks, no matter what Oracle says. H-P’s market share results prove it.”

Source: Yahoo! News

Blackberry Tablet confirmed, will support Flash

Rumors of a BlackBerry tablet have been circulating for months, and statements from Rodman & Renshaw analyst Ashok Kumar on Friday have rekindled the discussion with a little bit more accuracy.

A source close to RIM confirmed to Betanews that Kumar’s statements were accurate, including the screen size, and the dual camera setup. But they gave us a bit of additional information that the rumors haven’t covered yet: Flash support.

In May, when Boy Genius Report wrote about it, it was estimated to be 8.9″ in size, and equipped only with Bluetooth or Wi-Fi, making it a companion device to the owner’s BlackBerry, sort of like what Palm attempted with the Foleo.

In June, the Wall Street Journal followed up, saying that the device will have a slide-out keyboard, and will run on “a new version of the BlackBerry operating system…[with] a universal search bar.”

Some of what the Wall Street Journal report discussed can be seen in the BlackBerry 6 video that was released today.

In his note on Friday morning, Kumar said the BlackBerry tablet will actually be a 7″ device with a 1GHz Marvell Processor that has two cameras for video conferencing.

Adobe CEO Shantanu Narayen said Flash 10.1 would be coming to BlackBerry in the second half of 2010, and in June, the company released Flash Player 10.1 to its mobile platform partners; which included support for Android, webOS, Windows Phone, LiMo, MeeGo, Symbian, and, as expected, BlackBerry.

Our source said that the BlackBerry tablet will indeed include Flash, and will have a hardware-based Flash accelerator.

Even though the iPhone is a huge success in the United States, it is still far behind BlackBerry in market share. The shoe is on the other foot in the tablet market, though, where Apple has gotten a strong head start with the iPad, even though the company has outspokenly denied support for Adobe Flash.

While the effect a Flash-supportive BlackBerry tablet will have on the consumer market is unclear, it may prove to be a very desirable companion device for mobile enterprise users.

Unfortunately, our source did not confirm earlier reports about the tablet’s December launch date. However, the holiday season is a beneficial time to launch new hardware, and seasonal buying has done wonders for devices like the Motorola Droid which launched during last year’s holiday season and went on to become the best-selling Android phone to date.

Source: BetaNews