itb-nz logo
Story image

Oracle preparing Java statement in wake of accusations

30 Aug 2012

Oracle is expected to comment on the Java software security breach as researchers claim they knew about vulnerabilities since April.

The Java software security scare caused many industry experts to urge users to disable the software in their browsers after becoming open to indefensible hacker attacks.

Oracle initially declined to comment on the security scare but a spokesperson for the company believes advice is on the way as security researchers claim the company knew since April about the existence of two unlatched Java 7 vulnerabilities.

According to Computer World, Adam Gowdiak, the founder and CEO of Polish security firm Security Explorations, says Oracle knew of the problems after his company reported 19 Java 7n security issues on April 2 this year.

The company says it continued to report Java 7 vulnerabilities in the following months with the total number reaching 29.

"We demonstrated 16 full Java SE 7 sandbox compromises with the use of our bugs," Gowdiak says.

"Although we stay in touch with Oracle and the communication process has been quite flawless so far, we don't know why Oracle left so many serious bugs for the Oct. CPU."

The widely installed free software from Oracle opens computers to security threats which experts say are impossible to combat.

While Oracle has yet to comment on the security breach, warnings from Rapid 7, AlienVault and other online security companies advised users to immediately disable Java software with the system currently sitting on 97% of enterprise desktops.

Experts say a flaw in the latest version of Java is allowing a second piece of software called ‘Poison Ivy’ to let hackers gain control of an infected computer and form an attack.

"If exploited, the attacker will be able to perform any action the victim can perform on the victim's machine," said Tod Beardsley, engineering manager Rapid 7.

Computers can get infected without their users' knowledge through visiting any website which has been compromised by hackers.

Rapid7 has set up a web page informing users of the risks.

Link image
The dos and don'ts of protecting a remote workforce
This exclusive monthly webcast series explores all of the possible security pitfalls of working remotely, and the best solutions to use to avoid falling victim to them.More
Story image
The changing economics in enterprise IT
Whether purchasing an asset, procuring a service or migrating workloads to the cloud, it’s imperative to view data as one of your organisation’s most important assets.More
Link image
Network visibility: Why TAPs reign supreme compared to SPAN ports
TAPs are hardware components that connect into the cabling infrastructure to copy packets for monitoring purposes. So why are they better than SPAN ports?More
Story image
One Identity & Ping Identity join forces on identity management
The partnership brings together Ping Identity's access management technology with One Identity’s identity governance and administration (IGA) technology.More
Link image
Driving cloud cost efficiency with performance monitoring
Cloud infrastructure sprawl sneaks up on organisations through a series of individual decisions that in aggregate become inefficient. Thomas Dittmer shares how performance monitoring helped TravelSupermarket reduce cloud costs by 50%More
Story image
Video: 10 Minute IT Jams - Who is Milestone Systems?
In this interview, Techday speaks with Milestone Systems director of Asia Pacific sales Jordan Cullis, who discusses the ins and outs of the company's solutions, its focus on certain product development trends, and the company's infrastructure and resources.More