Subject: General Tech | January 31, 2016 - 12:05 AM | Scott Michaud
Tagged: web browser, web, shockwave flash, shockwave director, oracle, Java
After decades of semi-ubiquitous usage, Oracle has announced plans to stop providing the Java plug-in for web browsers. It will still be available in the upcoming Java 9 platform, but classified as a deprecated feature.
Java, Shockwave Director, and Shockwave Flash filled in a huge gap in Web standards during the late 90s and early 2000s. Plug-ins were about the only way to access files, per-pixel 2D animation functions, and even access to 3D graphics hardware. Web browsers can do almost all of that now, albeit file input and output is limited to individual files, because you don't want every website to be able to read and write files (and site-specific data lockers with APIs like IndexedDB and Web Storage) on the user's hard drive without the user's explicit control.
As such, browsers are trying to kill off native plug-ins. This could be a problem for games like Battlefield 3 and 4, which (Update Jan 30th @ 7:51pm: Used to... it's apparently been a while. Thanks wileecyte in the comments.) require plug-ins to launch the native application, but the browser vendors have been expressing their desires for quite some time. Even companies that are heavily invested in plug-ins for their products, like Oracle, are finally giving up.
Subject: Mobile | December 31, 2015 - 04:09 AM | Scott Michaud
Tagged: Android, oracle, google, Java, openjdk
The Android ecosystem was built atop a Java-like framework, although a native development kit was added later. Oracle, current owner of the Java copyrights and trademarks, was not too happy with this. The two companies, Google and Oracle, were in a legal battle for the last three-and-a-half years. The courts have not ruled overwhelmingly in favor of either side.
Google is now replacing their implementation with one that is derived from OpenJDK. Officially, this is so Google has more say in how the language evolves. This would also circumvent all legal issues, because OpenJDK is supported by Oracle, but Google is not commenting on that advantage. They are in an ongoing legal battle, so that is not surprising. It wouldn't immunize them from damages that are ruled for existing products. Changing now only limits the number of products that infringe, if it is eventually ruled illegal, and remove an awkward gap where nothing is legal until a fix is implemented.
From a performance and feature standpoint, the two JDKs are supposedly equivalent nowadays.
Subject: General Tech | March 5, 2013 - 11:26 AM | Tim Verry
Tagged: security, patch, mcrat trojan, Java, exploit
Java developer Oracle recently released a patch to its Java Platform Standard Edition client to address two exploits used by attackers to install the McRAT trojan onto users machines. Specifically, Oracle is issuing the patch for vulnerabilities CVE-2013-1493 and CVE-2013-0809.
The vulnerabilities were related to Java running in a web browser. When users visit a malicious web site with vulnerable versions of Java installed, attackers are able to remote execute the McRAT trojan. That trojan was subsequently used to download additional malware to further compromise the machines in question. According to Oracle, the vulnerability was first discovered on February 1st, 2013 but did not make it in time to be rolled into that month’s scheduled update. As a result, Oracle slated it for inclusion in the Java platform update on April 16, 2013, but reconsidered after seeing exploits using these vulnerabilities in the wild. While servers and standalone Java installations are not affected, consumers will need to apply the patch via Java SE’s automatic updater or by manually installing the patch from this page. Currently, all Java SE versions prior to this patch are affected, including JDK and JRE 7 Update 15, 6 Update 41, and 5.0 Update 40 (or earlier).
Oracle states that the patch is a critically important update, and users should update as soon as possible. If you have not already applied the update (or given up on Java and uninstalled it completely--heh), start up Java and check for updates to grab the patch.
Subject: General Tech | April 6, 2012 - 02:47 AM | Tim Verry
Tagged: apple, OS X, Java, trojan, flashback, botnet
Recently, word of a java bug that allowed malware -- namely a trojan known as “Flashback” -- to sneak onto OS X machines started making its way around the Internet. This piece of malicious code even managed to get its claws into Apple’s OS X operating system. Bit-Tech reports that a Russian anti-virus company known as Dr.Web has identified more than 550,000 OS X computers as taking part in a botnet -- a network of computers executing malicious code in unison, which can be used to DDoS websites, assist in harvesting information, and recruit new members to the nefarious network.
Located primarily in the United States, Canada, and the UK the Flashback trojan infected a number of computers and granted immediate access to the attackers. They estimate 56.6% of the infected computers were located in the US while 19.8% were in Canada and 12.8% where stationed int he UK. This makes for a very widespread infection, and it has taken Apple a few weeks to push out a patch.
If you are reading this on a Mac, don’t panic. Be sure to apply the recent Apple update, and double check that your Java version you are running is Java 6 update 31. Even if you are on a Windows machine, make sure you are using the latest version of Java to keep you as secure as possible. Identifying if you are already affected is a bit tricky, but Digital Trends has posted instructions on how to find out if you are infected and provided links to several methods of virtual bug spray to get rid of the malware.
While this does not suddenly mean OS X is a buggy wasteland full of vulnerabilities as some articles have suggested, it is a gentle (and rather horrid for those that are infected) reminder to be safe out there on the Internet and that a little anti-virus combined with safe browsing habits can go a long way to keeping you safe whether you are a Windows, Mac, or Linux user. Even if it is AV that you only run every now and then and doesn’t run all the time, it can provide a bit of piece of mind by letting you know your system is clean. Also, if you have to use Java, keep it updated along with all your other programs.