Addressing last weeks Securi-Tay conference hosted by the Abertay Ethical Hacking Society in Scotland, Stephen Tomkinson from the NCC Group detailed how Blu-ray players can do more than play videos; they can open up a new attack surface for the hacker. Tomkinson demonstrated a new tool that had been released in order to enable the investigation of embedded network devices, and used the network exposed features on a common Blu-ray player as an example. He showed how an innocent looking Blu-ray disc can actually circumvent sandboxes and present the hacker with control of the underlying systems. Of course, that innocent …

Member Avatar
+2 forum 0

Java vulnerabilities have hardly been out of the news during the last year. Here at DaniWeb we've covered a number of the stories as they surfaced: [Java in the cross-hairs: the security debate rolls on](http://www.daniweb.com/software-development/java/news/445532/java-in-the-cross-hairs-the-security-debate-rolls-on), [Is Java 7 still insecure? Oracle Patch doesn't fix underlying vulnerability](http://www.daniweb.com/software-development/java/threads/432479/is-java-7-still-insecure-oracle-patch-doesnt-fix-underlying-vulnerability), [Update my insecure Java plug-in? Meh, say 72% of users](http://www.daniweb.com/software-development/java/threads/446989/update-my-insecure-java-plug-in-meh-say-72-of-users) and [WARNING: New zero-day for Java 6u41 and Java 7u15](http://www.daniweb.com/software-development/java/threads/449198/warning-new-zero-day-for-java-6u41-and-java-7u15). It's the latter two that are pertinent as to why I'm covering the whole Java exploits story again. It would appear that the CVE-2013-2463 vulnerability in the Java 2D subcomponent is still problematical, even …

Member Avatar
Member Avatar
+3 forum 1

Last week saw the discovery of YAJE: Yet Another Java Exploit. Sadly, Java vulnerabilities are neither new nor uncommon and the bad guys are quick to exploit them in the wild. Some claim that Oracle is in too much of a rush to extricate itself from this unholy mess and while being quick to patch whatever vulnerability is currently making the media headlines is still leaving far too many insecurities in the software unfixed. But does that mean it's time to give up on Java? ![dweb-java01](/attachments/small/0/dweb-java01.jpg "align-right") AlienVault's Head of Labs, Jaime Blasco, reproduced the latest exploit in a previously …

Member Avatar
Member Avatar
+3 forum 6

[ATTACH=RIGHT]16645[/ATTACH]Oracle announced Thursday evening (August 12) that they would be filing a lawsuit against Google, claiming that their Android phone software infringes upon patents and copyrights of their Java software, which they acquired when they purchased Sun Microsystems in January for $7.4 billion. "In developing Android, Google knowingly, directly and repeatedly infringed Oracle's Java-related intellectual property. This lawsuit seeks appropriate remedies for their infringement," Oracle spokeswoman Karen Tillman said in an official statement. The lawsuit, filed in the U.S. District Court in San Francisco, alleges that Google “willfully and deliberately” infringed upon seven Java patents and has even gone so …

Member Avatar
Member Avatar
+5 forum 4

Just because security holes and vulnerabilities get reported to software vendors doesn't mean they are actually patched. A new report from IBM's X-Force security team found that of all the software holes reported in the first half of this year, more than half are still unpatched. IBM's X-Force report is published twice per year and provides an in-depth look at software security from across the spectrum of developers. So far this year, the bug catchers are doing better than the bug squashers. More bugs are being reported, but more are going unpatched. In the first six months of 2010, 4,396 …

Member Avatar
Member Avatar
+0 forum 1

Hewlett-Packard today [url=http://www.hp.com/hpinfo/newsroom/press/2010/100426xa.html]announced[/url] updates to [url=https://h10078.www1.hp.com/cda/hpms/display/main/hpms_content.jsp?zn=bto&cp=1-11-127-24^1185_4000_100&jumpid=reg_R1002_USEN]Service Test Management 10.5[/url] and [url=https://h10078.www1.hp.com/cda/hpms/display/main/hpms_content.jsp?zn=bto&cp=1-11-127-24^1352_4000_100__]Functional Testing 10.0[/url]--its quality assurance tools for software testers--that the company says are now better equipped to help development teams find defects earlier and cover code for Adobe Flex/Flash, Ajax, Microsoft Silverlight and other rich client technologies. New in Functional Testing 10, which is part of Mercury's ever-popular Quick-Test Pro, is the ability to easily test dynamic Web 2.0 applications and features. The update is implemented in the so-called Web 2.0 Extensibility Accelerator, which the company says "provides a Visual Studio-like IDE that accelerates and facilitates the design, development and …

Member Avatar
Member Avatar
+0 forum 2

What the hell is up with [URL="http://www.oracle.com"]Oracle[/URL] lately? First, they stopped giving away the Solaris operating system and now they have some big announcement planned for next week at the [URL="http://en.oreilly.com/mysql2010"]MySQL Conference[/URL]. Should we hide our wallets before we listen? To me, Oracle has morphed into [URL="http://www.microsoft.com"]Microsoft[/URL] II with all of its acquisitions and now its hold on those of us who use Solaris and [URL="http://www.mysql.com"]MySQL[/URL]. I don't know how loyal I'll continue to be to MySQL, if Oracle does something crazy with it. Yes, they bought it. Yes, it's theirs. But, don't they have some sort of responsibility to …

Member Avatar
Member Avatar
-1 forum 2

It's true. [URL="http://www.oracle.com"]Oracle[/URL] is now, with its acquisition of Sun Microsystems, the world's largest purveyor of open source software. Does that surprise you? It did me too, until I started digging and realized that Oracle has a history of supporting free and open source software. Their support didn't start with their purchase of InnoDB, MySQL or Sun. It goes back into ancient times--Internetly speaking, of course. And, yes, I know that I've taken my share of shots at Oracle and the wonderful Larry Ellison but I also have to own up to the fact that they are good open source …

Member Avatar
Member Avatar
+0 forum 15

With the release last week of [Groovy 1.7](http://groovy.codehaus.org/), developers using the object-oriented scripting language for Java gained access to anonymous inner classes and nested classes, annotations, SQL and other features that could simplify development when mixing Groovy code with Java. Groovy's [Eclipse community](http://groovy.codehaus.org/Eclipse+Plugin) yesterday released Groovy-Eclipse 2.0.0, a nearly rewritten plug-in that it says delivers an Eclipse experience the same as when using Java. "The driving themes for version 2.0.0 have always been to optimize around the common developer actions of editing, building, running and testing code," wrote Groovy language developer Andrew Eisenberg in a [post](http://docs.codehaus.org/display/GROOVY/Groovy-Eclipse+2.0.0+New+and+Noteworthy) describing the release. To …

Member Avatar
+0 forum 0

Tired of parsing all the source code involved in building mobile apps? Or perhaps the approval process for Apple's App Store is getting you down. Or maybe you're an aspiring commercial developer in search of the next must-have platform to tap. If you think Android might be the one, then a new tool from Google is worth a serious look. App Inventor, a tool under development at Google, makes building apps for Android as easy as putting together a child's jigsaw puzzle. [url=http://googleresearch.blogspot.com/2009/07/app-inventor-for-android.html]First announced[/url] on July 31, App Inventor is a [url=http://sites.google.com/site/appinventor/_/rsrc/1250473112889/introduction-to-app-inventor/Picture%2019.png]drag-and-drop environment[/url] that appears to require only the most …

Member Avatar
+0 forum 0

One way to become the "ultimate" of something is to simply declare it. JetBrains, maker of the IntelliJ IDEA Java IDE, on Thursday began previewing [url=http://www.jetbrains.net/confluence/display/IDEADEV/Maia+EAP]IntelliJ IDEA Ultimate Edition[/url], the latest version of its commercial integrated development environment for Linux, Mac OS X and Windows. The "ultimate" designation is presumably to differentiate it from the Community Edition, which is now available as open source. The company had previously offered a free version if IntelliJ IDEA for non-commercial use, but source code was not made available until now. Both are based on the forthcoming version 9 of the IDE, formerly code-named …

Member Avatar
Member Avatar
+1 forum 1

With all the libraries available that have emerged, Java and Ajax applications practically build themselves these days. This week Java tool maker Instantiations added support for Ext GWT to [url=http://www.instantiations.com/gwtdesigner/]GWT Designer 7.2[/url], the latest version of its Eclipse-based drag-and-drop GUI-building environment that can be had for as little as $5 a month. Also known as GXT, [url=http://www.extjs.com/products/gxt/]Ext GWT[/url] builds on the [url=http://code.google.com/webtoolkit/]Google Web Toolkit[/url], adding a slew of customizable UI widgets and CSS-based themes, plus full documentation and backward compatibility. It's made by Ext LLC. And if you're currently building Web apps and you haven't hard of them, a look …

Member Avatar
+1 forum 0

With the release of [url=http://esd.ingres.com/] Ingres Database 9.3[/url] today, the company says it's now easier for developers to migrate their application to the open source system from MySQL, Oracle,SQL Server and Sybase. It does so, the company said, through "improved accessibility of table procedures from within the query" and support for positional parameter notations, making database procedure invocation more flexible. “As the fate of MySQL is currently in the hands of the European Commission, open source community developers and our global business customers and partners are seeking a more stable, reliable open source database,” said Deb Woods, vice president of …

Member Avatar
+0 forum 0

Urbancode today unveiled AnthillPro 3.7, the latest version of its build and deployment automation tool that piles seven popular source code analysis tools onto its [url=http://www.anthillpro.com/html/products/anthillpro/tool-integrations.html]list of third-party integrations[/URL]. There's also support for the GIT repository and DB2 and PostgreSQL databases, the company said today in a statement. Anthill Pro 3.7 began shipping on Sept. 15, but had not been widely announced. Among the most significant features in 3.7 is its plug-in API, which permits organizations to build integrations with third-party or proprietary tools of their choosing, the company said. "With plug-ins, users can create, customize and rapidly update integrations," …

Member Avatar
+0 forum 0

As you probably have heard, Oracle bought Sun for $7.4 billion today. I'm no Larry Ellison fan, because frankly, I think he's a few cards short of a full deck but I think in the long run, this is good for Sun. Not all of Sun but a lot of it. And Linux will get a boost out of it as the operating system of choice. My Sun Predictions/Hopes: [B]1. MySQL and InnoDB Reunite[/B] - Ah, it's good to have these two back together again. Oracle bought InnoDB in 2005--much to my surprise and disappointment--but now with Oracle's purchase of …

Member Avatar
Member Avatar
+0 forum 2

Everyone from techie bloggers to technical journalists to stay-at-home moms are talking about today's big news: [URL="http://www.ibm.com"]IBM[/URL] is trying to buy [URL="http://www.sun.com"]Sun Microsystems[/URL]. Big deal. What's in it for Linux? As a matter of fact, it is a big deal. And an even bigger deal for Linux. Sun owns MySQL, Java, Glassfish, VirtualBox and the Solaris Operating System. It also has its own proprietary hardware known as Sparc but is it a good buy for IBM? On the 'no' side of things, Sun is sinking in the West with no foreseeable chance of rising again in the East. Solaris and …

Member Avatar
Member Avatar
+0 forum 5

With much fanfare Sun announced its new JavaFX platform yesterday, but curiously [URL="http://channelsun.sun.com/video/javafx -- do more!/3856260001"]in a video introducing the platform[/URL], Sun CEO Jonathan Schwartz, made the browser the enemy of content owners, and set up JavaFX as the platform to give developers and content owners direct access to users. I'm not sure I agree with his basic premise. [B]What's So Bad About a Browser?[/B] In his presentation, Schwartz said that the browser developers themselves have become competitors with the web developers and content owners, competing for revenue and attention. "It's been our experience in talking to content owners and …

Member Avatar
+0 forum 0

Research released this week by Evans Data showed that 73 percent of the market currently use or plan to adopt the [url=http://en.wikipedia.org/wiki/Spring_framework]Spring application framework for Java[/url] within the next two years. More remarkable is that 83 percent of companies with 500 or more developers use Spring, according to the study[/url]. So I thought it would be a good time to speak with Rod Johnson, CEO and founder of [url=http://www.springsource.com/]SpringSource[/url], and author of the open source framework that some in the Java community view as a superior alternative to [url=http://en.wikipedia.org/wiki/Enterprise_JavaBean]EJB[/url]. [quote] [B]EddieC[/B]: Why do you think Spring adoption has become so …

Member Avatar
Member Avatar
+0 forum 1

Android's Java front-end gives Google's mobile platform an instant community of app developers and Java-specific tools. But beginning today, there's also a static code scanner that's aware of Android's APIs. [url=http://www.klocwork.com/]Klocwork[/url], which makes automated source code analysis solutions, today began shipping a version of its Insight defect checker that's aware of Android's unique application programming interfaces, and can perform inter-procedural analysis of source code intended for Android. [url=http://www.klocwork.com/products/insight.asp]Klocwork Insight[/url] is a static source code analysis tool for C, C++, C# and Java. According to Klockwork CTO Gwyn Fisher, the US$2750 tool's new capabilities are intended to aid enterprise developers looking …

Member Avatar
+0 forum 0

Support for RESTful Web services, JBoss Seam and Java refactorings and code inspections are among the new features in [url=http://www.jetbrains.com/idea/features/newfeatures.html]IntelliJ IDEA 8[/url], JetBrains' Java IDE for Linux, Mac OS X and Windows that began shipping today. If you're not familiar, JetBrains' raison d'être is to make an integrated development environment that keeps developers productive and integrates tightly with other open source development tools such as Ant, JUnit and Subversion. Among the new productivity features in IntelliJ IDEA 8 according to a [url=http://www.jetbrains.com/idea/features/25-can.html]list of what's new[/url] is an ability to jump from a class to its test case; see which Subversion …

Member Avatar
Member Avatar
+0 forum 1

Attention marketing professionals: Sending cute toys along with press releases is a good way to get me to notice them. I received a package today from Actuate, which makes RIA and business intelligence tools. In addition to news about BIRT-based Actuate 10, which I’ll get to in a minute, the package contained a small Lego robotic space-man kit. I love Legos, and so does my 11-year-old son. He and I have spent countless hours constructing vehicles and small buildings with the small plastic geometric building blocks. A half-dozen fully-constructed space ships and terrestrial vehicles currently adorn Nick’s bedroom, embarking frequently …

Member Avatar
Member Avatar
+0 forum 3

Research In Motion yesterday released new versions of its [url=http://blackberry.com/developers/]BlackBerry development tools[/url], including the BlackBerry Java Development Environment (JDE) Plug-In for Eclipse Beta 2 that's better integrated with the open-source IDE, can perform pre-processing for builds and receives updates through the Eclipse Update Manager. There are also new versions of the BlackBerry Plug-in for Microsoft Visual Studio and BlackBerry MDS Studio, which can stand alone or work through Eclipse. The BlackBerry Plug-in for Visual Studio allows users of Microsoft's IDE to visually construct applications for BlackBerry devices and RIM's [url=http://na.blackberry.com/eng/services/mobile.jsp]Mobile Data System[/url] and application framework. I have seen RIM's drag-and-drop …

Member Avatar
+1 forum 0

Apple this week released an update to its Java Virtual Machine, taking users of Mac OS X 10.4 Tiger and 10.5 Leopard to 1.6.0_07. Depending on your operating system, the patch fixes as many as 27 bugs, and chances are pretty good that you'll benefit. There are separate updaters for [url=http://www.apple.com/support/downloads/javaformacosx104release7.html]Tiger[/url] and [url=http://www.apple.com/support/downloads/javaformacosx105update2.html]Leopard[/url], or you can simply run Apple's Software Update and let the OS figure it out. If you're not sure whether you need to upgrade, an applet at the JavaTester.org Web site will help you [url=http://www.javatester.org/version.html]find out which JVM version you're using[/url] in the browser that you use …

Member Avatar
+0 forum 0

Sun Microsystems managed to fix multiple security vulnerabilities in JDK and JRE months ago now, so why has it taken Apple so long to finally plug pretty much the same Java holes in Mac OS X? Apple has known that its Java implementation has been, quite frankly, screwed since way back when. At least since April, because that is when Sun Microsystems started shipping security updates that fixed the flaws it had uncovered. Fast forward through the summer and, at long last, Apple has finally managed to sort out the problems with its own version of Java and [URL="http://www.apple.com/support/downloads/"]announce updates[/URL] …

Member Avatar
Member Avatar
+0 forum 5

GUIdancer 2.2 Automates Failure Retires If at first you don't succeed, try, try again. Such is the way of GUIdancer 2.2, the latest version of the function-test automation tool from Bredex, which began shipping yesterday. The keyword-driven tool for Java (Swing, SWT and RCP) and HTML can now retry failed test steps using pre-defined test execution variables, according to the company. Version 2.2 is compatible with the Eclipse 3.4--the Ganymede release. GUIdancer can run as an Eclipse plug-in or stand alone. Test cases are now automatically included in projects, enabling testers to reuse keywords across projects and create them quickly …

Member Avatar
+0 forum 0

Microsoft it was disclosed today will become a sponsor of the Apache Software Foundation, forking over US$100,000 a year for theprivilege . In return, Redmond will gain access to the [URL=http://poi.apache.org/]Apache POI[/URL] project, a Java port of file formats of Microsoft's Office suite of applications. Based on Microsoft's history, I have my suspicions about the company's motives. Yes, it's been exhibiting a more open stance of late, but the sting of its exclusionary practices and once-closed file formats remains. But Microsoft has been moving toward opening its formats recently, and I'm willing to believe the move is yet another effort …

Member Avatar
Member Avatar
+0 forum 3

If you’re looking for low-cost GUI-test automation for Java, Qt, Mac OS X and Web applications, here’s a product you might find useful. Have you heard of Squish? It’s an automated function-testing tool from [URL=http://www.froglogic.com/pg?id=Home]Froglogic[/URL]. Released today was Squish 3.4, adding support for the May release of Trolltech’s [URL=http://trolltech.com/company/press-center/Qt4PressRoom]Qt 4.4 GUI framework[/URL], the June release of Eclipse 3.4 Ganymede, and for testing applications using varying GUI technologies from within a single test case. Also new in 3.4 is integration with [URL=http://ant.apache.org/]Apache’s Ant[/URL] build system and the [URL=http://cruisecontrol.sourceforge.net/]CruiseControl[/URL] framework for continuous build and integration process. Qt 4.4 now supports Qt, Java …

Member Avatar
+0 forum 0

It’s like TiVo for Java EE apps. At least, that’s what Replay Solutions says about [URL=http://www.replaysolutions.com/technology/replay-director-java.php]ReplayDirector for Java EE[/URL], which began shipping today. According to claims, it’s unlike other software playback/record products because it virtualizes the execution environment and records not only code, but also program inputs, database transactions and all other server interactions. No changes to source code are required, the company says, and on playback, everything executes as it did during the original execution, recreating precisely any bugs, faults or issues, simplifying root-cause analysis. The tool adds just a little overhead during recording, and plays back execution faster …

Member Avatar
+1 forum 0

SourceLabs is like the L. Ron Hubbard for the software community; it makes a living on developers in need of self-help. The company today added Eclipse projects to Self-Support Suite, its support tool and service for Java and Linux developers. The suite now counts the copious creations of the open source Eclipse community to its own extensive listing of [URL= http://www.sourcelabs.com/?page=java] supported Java projects[/URL], which includes the many libraries of Apache Axis, Struts and Tomcat, Hibernate and the Spring Framework. [URL= http://www.sourcelabs.com/?page=linux] Covered Linux projects [/URL]include CUPS, DHCP, gcc, ext2/ext3 file systems and ext2 utils, the Linux kernel, MySQL, OpenLDAP, …

Member Avatar
+0 forum 0

Virtualization of operating systems is all the rage these days; the benefits to software developers and testers are clear. What if you could virtualize applications? According to [URL=http://www.xenocode.com/]Xenocode[/URL], you can. The company today released [URL=http://www.xenocode.com/Products/Studio/]Virtual Application Studio[/URL], a US$40-per-seat environment that turns an application into a self-contained executable, able to be e-mailed or transported on a USB drive and run on any modern Windows PC. “The big problem is that [developers] have to install the .NET framework on the client machine,” to enable someone without the framework to run their application said Xenocode CEO Kenji Obata in a phone interview. …

Member Avatar
Member Avatar
+0 forum 1

The End.