It seems that the stars might finally align to remove one of the largest security holes in the history of… well history itself. Oracle is announcing that it is finally getting rid of the Java Browser Plug-in… sometime. According to a blog post on the Oracle page they are aware that most (if not all) browsers are already blocking plug-ins like the one in the Java Runtime Environment. These are for security, stability and performance, and really should have been done a long time ago. Over the last few years the Java browser plug-in (along with Flash) has been the vector of choice for many web-based attacks.
The Google-Oracle fight has been going on for a long time now and has had a few ups and downs in the course of the case. The original premise of the case is that Google was able to speed up development through the reuse of nine (9) lines of code that Oracle claims are protected by copyright. One judge agreed that this was absurd, but his decision was thrown out on appeal. Now, the Department of Justice is throwing their two cents into the mix at the request of the Supreme Court. Their commentary is quite interesting…
When you think of exploits and hacks two names jump into most security experts’ minds; Flash and Java. These two plug-ins have caused more problems for internet users than just about anything else. When you look for the root cause of many common malware applications (for lack of a better word) you will find that they most commonly get in through one of these two plug-ins with. So when we hear about one of these two finally (and we mean finally) getting an update to cover some of the numerous security flaws we think it is news worthy.
Mozilla has announced that the initial default values on their browser will force Internet users to manually enable plug-ins on every page that uses them. Firefox will therefore block attachments like Microsoft Silverlight, Adobe's Reader, Apple QuickTime, and Oracle Java. As a reason for this decision in Mozilla said they are doing this for improvements of security, stability and performance of the browser.
There is nothing like finding a new bug in a patch that is meant to fix another one. This appears to be something that Oracle has done though. After releasing a rushed security patch for a rather serious vulnerability in Java the same company that found the first flaw, Security Explorations, has found another one. The first flaw affected any web browser that had the Java plug-in running and extended across multiple operating systems as well. It was the sort of flaw that everyone remembers when the security of someone’s products is brought up. Having a single major vulnerability in your software (and with malware that uses it in the wild) is bad enough, but to find another one in your most recent version is just bad news.
Remember the Google V Oracle case? You know that one that had Oracle’s Larry Ellison (and his pack of lawyers) attempting to show how nine-lines of code made it possible for Google to meet a deadline? Oh you do remember, ok well when we left the story the Jury had made one important decision and half of another. They had agreed that Google did not violate Oracle’s Java patents at all while building Android, but in an earlier decision could not agree if APIs (Application Programing Interfaces) were protected under copyright. They did say that if they were, well then Google was guilty.
Time for the Google news (much like many of our combined reports of Apple’s doings). This time we have a couple of things to talk about. The first is the penultimate decision in the Google Vs Oracle case, followed by a complaint by the RIAA about how little Google is doing to flight piracy and rounding things out with a complaint against Microsoft and Nokia in the EU for patent trolling. Sounds like a lot of fun so let’s get started.
Although we have reported on many patent trials and covered quite a few legal messes (Samsung and Apple come to mind). There are not really that many that we have felt very strongly about one way or the other. We have our opinions about all of them, but in the end most suits are about money and leverage so even the losers will end up getting concessions. However, the Oracle Vs. Google patent/copyright case was one that had us more than a little interested.
Ok, we love the Judge in the Google V Oracle trail. This is a judge that has not drunk any of the Kool-Aid that either Google or Oracle has offered him. He has kept things pretty straight and even cautioned both sides on making what appear to be foolish decisions. If you remember Oracle is claiming that Google copied nine lines of code that were used to develop Android. They are claiming that Google benefited from this and also that they did this intentionally due to deadlines.
So the Jury in the Oracle V Google trial has reached a partial verdict. The headlines for this are all over the place ranging from Google found guilty to Google trial moves to the next step. As usual the truth is somewhere in the middle of these two extremes. In fact Google was found to have infringed on Copyright for the Java API, but not for Java Documentation. The Jury reached no conclusion on Google’s fair use claims or the claim that APIs cannot be copyrighted.