Jan 29
No company or web service is probably as painfully aware of the need to keep data safe and private than the likes of Facebook, who holds a virtual copy of … Continue reading
Aug 15
Earlier this month, it surfaced that Bitcoin wallets based on Android were vulnerable to being robbed, something Bitcoin.org warned users about in a security advisory. In the advisory, the organization stated that the problem originated from a security issue regarding the randomly-generated secure numbers, and it was the fault of Android, meaning a wallet created […]
May 16
Google’s 2013 developer conference this year didn’t give immediate attention to Glass, at least not at its one and only keynote address – but behind the scenes, development ran deep. Speaking together at a developer chat session centered on “Building Glassware” with what the company calls its Google Mirror API, Jenny Murphy and Alain Vongsouvanh made the case for the future.
Alain Vongsouvanh is a Developer Programs Engineer on Google Glass and the Google Mirror API. Jenny Murphy is also a Developer Programs Engineer for Glass with Google and both of these folks help developers work with the code that brings Google Glass apps to life.
Timeline and Menu
“The Mirror API is one managed through requests made through connections. The main one is a Timeline text card.” This connection is separate from a Gmail connection and separate from a Map connection – it exists as its own element unique to Glass. The most basic setup here is with text and an image.
Customizing these cards are as simple as writing HTML code, but it’s not as all-inclusive as, say, a Chrome web browser-displayed webpage. Google provides a Playground where tests and development can be done, offering here basic templates for developers and allowing them to start from scratch.
This system offers a variety of basic menu items like back and send, and developers are able to create custom menu items like “Complete!” The theme here is simplicity – this development environment is as simple as writing a bit of Java – not something someone off the street will be able to pick up in no time without any knowledge of creating with code, but certainly something that’s simple for a web developer or creator of apps for smart devices.
Contacts
Contacts is a system that a user will share to – just like they are on an Android smartphone. Developers can create a Contact Resource where they’ll have to set an ID that corresponds to a user, users, or a third party app. By default, a shareable element will trigger a list of apps and elements that are compatible with sharing.
Subscriptions and Locations
With Subscriptions, developers will be bringing forward notifications about changes. Instead of you posting to the API, the API will post to the device – input rather than output, so to speak. The developer will specify elements like Collection, User Token, Token Verification, and a Callback URL where needed.
A developer working with Subscriptions in Glass will be working with Timeline as well as Locations – this means they’ve got to account for both how the element is posted and what’s being posted, where it came from and what it’s doing.
Cat Facts
With an extremely simple Glassware app by the name of Cat Facts, Vongsouvanh showed how each of the five different elements in the Mirror API. Below you’ll see his explanation of how it’s not always necessary to work with all five of these bits and pieces, but how even something so simple as this app will be working with more than one.
Google Glass developers make Mirror API simple with Cat Facts is written by Chris Burns & originally posted on SlashGear.
© 2005 – 2012, SlashGear. All right reserved.
May 04
Jagex, the developers of the infamous web-browser MMORPG RuneScape, has decided that it’s time to put Java away and welcome in HTML5. The game developer knew that in order for the next sequel of RuneScape, RuneScape 3, to be successful, it needed to transition into a new engine. It considered Adobe Flash, but Flash didn’t enough power to run the game, and it thought of Microsoft Silverlight, but Silverlight is limited only to Internet Explorer.
The only other option for Jagex to choose was HTML5. While HTML5 is still deemed “unready” by many developers, Jagex viewed it as the only viable option to launch their next biggest game. According to Jagex CEO Mark Gerhard, “there were no easy answers”, and HTML5 began to look more and more appealing. Gerhard knows that HTML5 isn’t ready yet, and that early adopters of RuneScape 3 may suffer, but as the game’s developers worked more and more with HTML5, they began to grow fond of it.
Jagex got in touch with both Google and Mozilla to work on HTML5, and both companies were helpful in working with the developer to optimize RuneScape for HTML5. Google provided a couple of HTML5 releases to guide Jagex along the way, and Mozilla worked with Jagex to “company proof Firefox” and make it more capable of handling the game. However, development on Internet Explorer has yet to begin.
According to Gerhard, high-end machines are capable of handling RuneScape 3, and currently, 70% of all RuneScape players will be able to handle the new game. While 70% is a good number, Jagex is looking to make the game capable of running smoothly at at least 30 FPS for all players when it officially launches over the summer. Also on the plus side of working with HTML5, there is a possibility that RuneScape 3 could be brought to mobile devices in the future, however, we’ll have to wait and see.
[via Gamasutra]
RuneScape 3 drops Java in favor of HTML5 is written by Brian Sin & originally posted on SlashGear.
© 2005 – 2012, SlashGear. All right reserved.
Mar 05
Oracle rolls out patch for Java vulnerabilities, Apple responds with update
Posted in: Today's ChiliAnother day, another Java security alert. In this case, Oracle has released Security Alert CVE-2013-1493, which highlights two vulnerabilities that are particular to Java in browsers. The patch for these issues was originally slated for release in April as part of Oracle’s Critical Patch Update for Java SE. Because the vulnerabilities are being exploited in the wild, however, the company has elected to push out the updates now.
According to Oracle, the two vulnerabilities do not pertain to Java on servers, standalone desktops applications, or embedded Java apps. One of the two issues is being actively exploited in the wild, however, used to install McRat on the victim’s computer. McRat is a trojan that downloads and executes other files.
Oracle urges users to download the update asap, which can be done most easily via auto-update, or by heading over to Java.com and grabbing it manually. In addition, the company reminds users that it recently changed Java’s security level to “High” to help fight against malicious activity. As such, users will need to give an applet permission to run, and need to use judgement when doing so.
In addition, Apple has rolled out an update for OS X 2013-002 that improves security, among other things. The update works by uninstalling the Java applet plug-in Apple provided across all browsers. When the user needs the applets, they’ll need to click “Missing plug-in,” which will take them to the latest Java applet plug-in version to download and install.
[via Oracle]
Oracle rolls out patch for Java vulnerabilities, Apple responds with update is written by Brittany Hillen & originally posted on SlashGear.
© 2005 – 2012, SlashGear. All right reserved.
Mar 01
Java zero-day exploit strikes again
Posted in: Today's ChiliThe Java zero-day exploit has been making the rounds lately, hitting both Facebook and Apple just recently. However, it doesn’t seem to be slowing down anytime soon. A newly discovered zero-day vulnerability in the most recent versions of Java 6 and Java 7 has been discovered, and it allows attackers to install malicious software on vulnerable PCs, specifically a new “McRat” trojan.
Security firm FireEye has detected the vulnerability, and they have “observed successful exploitation” against browsers that are running Java 1.6 update 41 and Java 1.7 update 15. These are the two most recently released versions of Java 6 and Java 7. The vulnerability allows the install of a remote-access trojan called McRat.
However, the attack is only triggered when people with an infected version of the Java browser plugin visit a website that has been infested with the malicious code. Plus, FireEye says that the exploit “is not very reliable,” since it just simply tries to overwrite a large chunk of memory. In other words, hackers can succeed in downloading malicious code onto victims’ computers, but most of the time it fails to actually execute.
FireEye suggest disabling Java until a patch has been applied, or if you don’t use Java, you can simply uninstall the plugin altogether. Last month, Apple employees were targeted by a Java zero-day exploit, and while a handful of company computers were breached into, the company says no personal data was stolen. The same goes for Facebook, which experienced the exploit a few days before.
[via Information Week]
Java zero-day exploit strikes again is written by Craig Lloyd & originally posted on SlashGear.
© 2005 – 2012, SlashGear. All right reserved.
Feb 20
Apple has pushed out a new Java update to address the malware loophole that saw hackers attempt to extract data from the company, stripping out the Apple-provided browser plugin in the process. The update, which follows Apple’s confirmation that a “small number” of its systems had been compromised by an unknown hacking group, basically removes the Java applet plugin from all browsers on an OS X 10.7+ machine.
If the user subsequently wants to access Java applets, they’ll see a “Missing plug-in” warning in the page; clicking that will go to Oracle, to download the newest official version. In the process, the update also removes the Java Preferences application, which Apple says is no longer required.
The malware response follows the identification of several loopholes in Java, one of which allows the hackers to compromise some of Apple’s own systems. “Multiple vulnerabilities existed in Java 1.6.0_37,” the company writes in its security alert, “the most serious of which may allow an untrusted Java applet to execute arbitrary code outside the Java sandbox.”
A Java flaw is believed to have been at the root of Facebook’s hack incident earlier this month, with the social network’s own systems targeted. Oracle itself documented the problem back at the start of February, reacting to security warnings which saw several firms recommend all Java implementations be shut down as a precaution.
Apple maintains that “there was no evidence that any data left” the company, and has pushed out the new update as both a standalone patch and via the Software Update tool in OS X.
Update Java warns Apple after Mac hack is written by Chris Davies & originally posted on SlashGear.
© 2005 – 2012, SlashGear. All right reserved.
Feb 19
Last week, Facebook was attacked by a zero-day Java exploit. While the social network said that no personal data was stolen, it’s never too comforting when companies and services get hacked. This week, however, Apple was the target this time around, saying that a “small number” Mac computers have been infected.
Apple has confirmed the news to Reuters and say that they’re currently working with authorities to investigate the attacks, but luckily the Cupertino-based company says that “there was no evidence that any data left Apple.” Apple also plans to release a tool later today that will protect Mac users against the software used in the attacks.
UPDATE: Apple has released a new version of Java meant to plug up the vulnerability. It’s available now on Apple’s support page or through the Software Update tool on OS X.
However, the exploit was said to be spread from a website for software developers, so it seems regular consumers are okay at this point. Apple ended up identifying a small number of systems that were infected, but isolated them immediately to prevent further spreading of the bug. Since newer Macs ship without Java installed, most users shouldn’t worry, but the removal tool should provide a sense of ease anyway,
Similar attacks also targeted The Wall Street Journal, The New York Times, and Twitter just recently. All companies affected said that no critical information was stolen, but of course, that didn’t make the situation much better. Twitter says that 250,000 accounts were hacked, resulting in conscience users to change their passwords right away.
Apple targeted by Java zero-day bug [UPDATE] is written by Craig Lloyd & originally posted on SlashGear.
© 2005 – 2012, SlashGear. All right reserved.
Feb 15
It’s never good when you have to make an official report to the public about a hacker attack your multi-billion dollar social network has had. That’s what’s happened this week as Facebook’s Chief Security Officer Joe Sullivan lets it be known that several engineers on staff with Facebook had been the subject of a zero-day Java exploit. The good news is that no customer data was exposed (that’s your stuff), the bad news is that Facebook wasn’t the only company targeted by this attack.
According to Sullivan, this attack worked as a “watering hole”, using an unnamed “popular mobile developer Web forum” as a trap for unsuspecting visitors. When the first user on Facebook’s engineering team visited the site, that engineer tripped a wire, so to speak, that let the zero-day Java exploit begin to take hold of machines at Facebook. The attack here is related back to a Java exploit documented by Oracle earlier this month.
Similar attacks have been popping up recently in several places, one of them relating to Twitter’s recent incident in which 250,000 account passwords were stolen. Another related event occurred with Mozilla as they made Java instances blocked by default – can’t be too careful!
With the Facebook situation it would appear that even the patch from Oracle wouldn’t have helped the engineers as Sullivan notes that this attack was “injected into the site’s HTML.” In this case any user visiting the site with Java enabled would have been infected, bar none. This situation did allow the hackers to gain access to some “corporate data, email, and come software code.” How much and how serious this breach really was is not being made entirely clear.
What is being made clear by Sullivan is that Facebook’s engineers are attempting to reduce the amount of products they use that are dependent on Java. Of course that’s not the end of the story as the hacking attack community rolls on – a cat and mouse game ensues for all time. Check the timeline below for more Java-related history to see how one bit of software history may be on its way out.
[via Ars Technica]
Facebook security reveals zero-day Java attack is written by Chris Burns & originally posted on SlashGear.
© 2005 – 2012, SlashGear. All right reserved.
Feb 01
Oracle has rolled out its February 2013 Critical Patch Update for Java SE, which addresses dozens of security vulnerabilities. The patch was originally slated for release on February 19, but because of an active exploitation problem that was targeting Java in browsers, the company elected to roll it out early.
The patch update fixes 50 security issues, 44 of which concerned Java in browsers and applets. One of the other fixes concerns the installation of Java Runtime Environment; beyond that, the company says there are additional “in-depth fixes.” Three of the fixes involve both server and client Java deployment, while two of the fixes are for the deployment of JSSE (Java Secure Socket Extension).
Java is notorious for the security risks it poses, which Oracle says is due to its popularity, which makes it a target. Twitter recommended that users disable Java earlier today when it announced that it had been attacked, and Mozilla recently announced that it will be disabling all plugins – including Java – by default to help keep users safe.
The February 2013 Critical Patch Update includes fixes already available through Security Alert CVE-2013-0422. Users can download the update from the Oracle website, or by clicking here. According to Oracle, this update primarily only concerns Java FX and Java client deployments, which is the case with most updates it releases.
[via Oracle]
Oracle releases Java SE’s February 2013 Critical Patch Update is written by Brittany Hillen & originally posted on SlashGear.
© 2005 – 2012, SlashGear. All right reserved.
Who's in charge here?
This is site is run by Sascha Endlicher, M.A., during ungodly late night hours. Wanna know more about him? Connect via Social Media by jumping to about.me/sascha.endlicher.