itwbennett writes: "No sooner does Oracle issue a patch for one Java hole, then a new one (or in this case 5) is discovered. On Monday, Adam Gowdiak of the Polish security firm Security Exploration claimed in a post on the Full-Disclosure security discussion list that he has found five new Java vulnerabilities. When combined, the five vulnerabilities can be used to 'gain a complete Java security sandbox bypass' in the environment running the vulnerable version of Java."
itwbennett writes: "From the ITworld article: 'Java EE (Enterprise Edition) programmers will have to wait a bit longer before they can use JCache, a long-desired standard caching API (application programming interface) for the language, as its development has missed 'critical deadlines' and will not be included in the upcoming Java EE 7. 'This is undoubtedly disappointing to many of you as the community indicated strong support for JCache in the well-participated Java EE 7 survey,' Oracle said in an official blog post on Thursday. 'However, the consensus on both the Java EE 7 and JCache EGs was that it is best to not hold up Java EE 7 any further.''"
itwbennett writes: "From the article: 'Security researchers from Poland-based security firm Security Explorations claim to have discovered a vulnerability in the Java 7 security update released Thursday that can be exploited to escape the Java sandbox and execute arbitrary code on the underlying system. Security Explorations sent a report about the vulnerability to Oracle on Friday together with a proof-of-concept exploit, Adam Gowdiak, the security company's founder and CEO said Friday via email.'"
itwbennett writes: "Reaction to the outcome of the Oracle vs. Google Trial has been generally postive, but Java creator James Gosling isn't so happy: 'For those of us at Sun who felt trampled-on and abused by Google's callous self-righteousness, I would have preferred a different outcome — not from the court case as much as from events of years past,' Gosling wrote on his personal blog."
itwbennett writes: "IDG News Service is reporting that the U.S. Court of Appeals for the Federal Circuit has denied Google's petition to keep a 2010 email written by Google engineer Tim Lindholm out of the lawsuit that Oracle filed against Google over Java violations in Android. In his now-famous email, Lindholm sais that engineers were asked by Google co-founders Larry Page and Sergey Brin to 'investigate what technical alternatives exist to Java for Android and Chrome.' Slashdot readers will remember that the trial has been 'put on indefinite hold by the trial judge, until Oracle comes up with a credible methodology for figuring alleged damages.'"
itwbennett writes: "Google suffered a big setback in its patent dispute with Oracle last week when a judge denied Google's request to keep an internal email out of the case record. The email, written by a Google engineer, could suggest to a jury that Google knew it needed a license to use Sun's — now Oracle's — Java technology in Android. The irony, of course, is that the email might never have seen the light of day if the search tools used to identify documents covered by attorney-client privilege had done their job, legal experts said. 'If they had found that document and put it on the privilege log, it might very well not have been an issue' says Stephen Hall, a partner with the law firm Bradley Arant Boult Cummings. The trial, which was set to begin Oct. 31 has been postponed until next year."
itwbennett writes: "Oracle has released a new Java security update to address multiple vulnerabilities, including one exploited during a recently disclosed attack that can allow eavesdropping on encrypted communications. Identified as CVE-2011-3389, that vulnerability nearly led to Firefox developers banning Java from the browser. Mozilla officially announced on Tuesday that blocking Java is off the table for now, especially since Oracle released a fix for the vulnerability. 'We will not be blocking vulnerable versions of Java at this time, though we will continue to monitor for incidents of this vulnerability being exploited in the wild,' the browser maker said."
itwbennett writes: "Apparently, Oracle's president, Safra Catz, and Google's head of mobile, Andy Rubin, aren't senior enough to attend a court mediation session. Judge William Alsup, who is overseeing the dispute between the two companies, wants the Larrys to go head to head instead. Oracle agreed with part of Alsup's recommendation, saying in a Wednesday evening filing that, 'Oracle believes the prospects for a successful mediation will be far greater if Google's executive-level representative is a superior to Mr. Rubin, who is the architect of Google's Android strategy — the strategy that gives rise to this case.' Oracle also noted that Rubin has represented Google in past, failed mediations."
itwbennett writes: "When last we left the Oracle/Google patent infringement saga, Oracle had been ordered by Judge William Alsup to lower its claim for damages to $100 million, give or take. Today Judge Alsup denied Google's attempt to get a potentially damaging e-mail redacted. 'What we've actually been asked to do by Larry and Sergey is to investigate what technology alternatives exist to Java for Android and Chrome,' Google engineer Tim Lindholm wrote in the Aug. 2010 e-mail. 'We've been over a hundred of these and think they all suck. We conclude that we need to negotiate a license for Java.'"
itwbennett writes: "Back in April, Google and Oracle both submitted proposals to reduce the number of claims in their Java patent infringement lawsuit, with hopes of bringing the case to a speedier conclusion. But now the federal judge overseeing the lawsuit has said it might be necessary to delay a trial until U.S. authorities finish re-examining a number of Oracle's patents, a process that could take years. According to USPTO figures, re-examinations take an average of 26 months to complete, but in reality the process can take three or four years, and some have been in process for 10 years."
itwbennett writes: "Google and Oracle each submitted proposals on Friday to reduce the number of claims in their Java patent infringement lawsuit, which could help bring the case to a speedier conclusion. Earlier this month, lawyers for the two companies gave Judge William Alsup of the U.S. District Court in San Francisco a crash course in Java to prepare him for a claim construction conference."
itwbennett writes: "Lawyers for Oracle and Google gave Judge William Alsup of the U.S. District Court in San Francisco an overview of Java and why it was invented, and an explanation of terms such as bytecode, compiler, class library and machine-readable code. The tutorial was to prepare him for a claim construction conference in two weeks, where he'll have to sort out disputes between the two sides about how language in Oracle's Java patents should be interpreted. At one point an attorney for Google, Scott Weingaertner, described how a typical computer is made up of applications, an OS and the hardware underneath. 'I understand that much,' Alsup said, asking him to move on. But he had to ask several questions to grasp some aspects of Java, including the concept of Java class libraries. 'Coming into today's hearing, I couldn't understand what was meant by a class,' he admitted."
itwbennett writes: "Starting last month, Oracle began bundling the McAfee Security Scan Plus with its Java updates for the Windows operating system. The software is installed by default with the Java update, so unless users notice and uncheck the McAfee installation box as they're updating Java, they'll end up downloading McAfee's software too."