Feed aggregator

During this year we wrote only a few times about DDOS(Distributed Denial of Service)atta ...(more)...

The Seven Deadly Sins of Security Vulnerability Reporting pretends to become an easy to follow list, ...(more)...

Reader Alan reported a series of records that are similar to an SQL injection but are obfuscated. Th ...(more)...

I certainly agree that the amount of vulnerabilities is increasing and you have to be able to write ...(more)...

Oracle is canceling Opensolaris project and focusing into Solaris 11. See below: All of Oracl ...(more)...

Information Security, specifically the encryption technology used in BlackBerry, is under fire fr ...(more)...

The Shadowserver Foundation has made available a new and free public service to test the MD5's or SH ...(more)...

LinuxSecurity.com: Linux is inherently not a secure operating system. The reason it's not secure is because Linux was based on the architectural design of UNIX, and the creators of UNIX didn't care about security - it was 1969 after all.

LinuxSecurity.com: A Russian man accused of selling stolen credit card numbers online for nearly a decade has been arrested in Nice, France, and faces charges in an indictment unsealed Wednesday, the U.S. Department of Justice said.

LinuxSecurity.com: We all know how annoying fingerprints on touchscreens can be, but now researchers believe they can actually leave your mobile phone susceptible to hacking.

LinuxSecurity.com: Akamai Technologies continues to study the massive DDoS attacks that brought government websites to a standstill last year. The picture keeps getting uglier, but emergency planning hasn't improved.

LinuxSecurity.com: The organisers of the Black Hat conference series may withhold details of selected talks at future events to avoid pressure from outside groups to cancel them.

LinuxSecurity.com: A server-based botnet that preys on insecure websites is flooding the net with attacks that attempt to guess the login credentials for secure shells protecting Linux boxes, routers, and other network devices.

In a tersely worded press release, Oracle announced that it was suing Google for patent and copyright infringement over its use of the Java programming language for Android development. Neither the press release nor the complaint filed in the US District Court for Northern California go into any significant detail.

"In developing Android, Google knowingly, directly, and repeatedly infringed Oracle's Java-related intellectual property" an Oracle spokesperson said in a statement. "This lawsuit seeks appropriate remedies for their infringement."

Google makes heavy use of Java in the Android software development kit (SDK). Third-party developers code Android apps in Java, which is then translated into bytecode that runs in Dalvik, Google's own custom VM. Google subsequently released the Android Native Development Kit, which allows developers to build Android components with C and C++. It is not intended to replace the Java development model, though, which remains the strongly preferred means of Android development.

Aside from its use of Java syntax, Google's Android SDK implementation is largely independent from Oracle's. It uses its own compiler and runtime tailored specifically for Android.

Originally developed by Sun Microsystems as a "write-once, run anywhere" language, Java became the property of Oracle when it purchased Sun in April 2009. Java was a significant part of the deal for Oracle, as it has been a major player in the world of Java middleware. 

Prior to its acquisition by Oracle, Sun proved hostile to the Harmony Project, the Apache Software Foundation's attempt to build an Apache-licensed Java SE implementation. In addition to Dalvik, Google also uses Harmony's class libraries in Android, which has apparently aroused the ire of Oracle.

In the complaint, a copy of which was posted on VentureBeat, Oracle claims that Android, the Android SDK, and Dalvik all infringe on seven patents owned by the database giant. Oracle also accuses Google of "knowingly, willingly, and unlawfully" copying, preparing, publishing, and distributed its IP.

The fact that Oracle has chosen to sue Google over its implementation is sure to cause concern in the wider Java community.

Oracle did not respond to our requests for comment in time for publication. Google told Ars that it had yet to be served with the complaint and was therefore unable to comment.

Read the comments on this post

eric@arstechnica.com (Eric Bangeman)036441791812191039881439801720540016804504586094149772460257010144465399986010990156495942531855248301887490951372133976010789099119752974430006461394713874180900194659170755847141

Cisco IOS 15.1(2)T is affected by a denial of service (DoS) vulnerability during the TCP establishme ...(more)...

QuickTime 7.6 ...(more)...

Start with a cage containing five monkeys. Inside the cage, hang a banana on a string and place a set of stairs under it. Before long, a monkey will go to the stairs and start to climb towards the...

Read more, after the click.

...(more)...

LinuxSecurity.com: Browsing in "private mode" isn't as private as users think, a researcher said today. "There are some traces left behind [by all browsers] that could reveal some of the sites that you've been to," said Collin Jackson, an assistant research professor at the Silicon Valley campus of Carnegie Mellon University. Jackson, along with three colleagues from Stanford University, will present their findings later today at the Usenix Security Symposium in Washington, D.C.

LinuxSecurity.com: A bug in Facebook's login system allows attackers to match unknown email addresses with users' first and last names, even when they've configured their accounts to make that information private.