Featured Articles

KitKat has more than a fifth of Android users

KitKat has more than a fifth of Android users

Android 4.4 is now running on more than a fifth of Android devices, according to Google’s latest figures.

More...
Nvidia introduces five new Quadro cards

Nvidia introduces five new Quadro cards

Nvidia has revamped its Quadro professional graphics line-up with a total of five new cards, two of which are based on…

More...
AMD Tonga XT graphics cards come later

AMD Tonga XT graphics cards come later

According to sources who wish to remain unnamed, we should see an AMD Tonga XT-based graphics card launched sometime in September.

More...
Nvidia Maxwell Geforce 800 comes in September

Nvidia Maxwell Geforce 800 comes in September

Nvidia was always cautious when talking about upcoming Maxwell parts, the first of which was launched back in March and based…

More...
Aerocool Dead Silence reviewed

Aerocool Dead Silence reviewed

Aerocool is well known for its gamer cases with aggressive styling. However, the Dead Silence chassis offers consumers a new choice,…

More...
Frontpage Slideshow | Copyright © 2006-2010 orks, a business unit of Nuevvo Webware Ltd.
Friday, 04 April 2014 11:46

More holes in Javascript

Written by Nick Farrell



The holes were small, they had to count them all

Polish researchers have released technical details and attack code for 30 security issues affecting Oracle's Java Cloud Service. Some of the flaws make it possible for attackers to read or modify users' sensitive data or to execute malicious code. 

Security Explorations said it would normally withhold public airings until after any vulnerabilities have been fixed. But apparently Oracle representatives failed to resolve some of the more crucial issues including bypasses of the Java security sandbox, bypasses of Java whitelisting rules, the use of shared WebLogic server administrator passwords, and the availability of plain-text use passwords stored in some systems.

Oracle apparently has admitted to the researchers that it cannot promise whether it will be communicating resolution of security vulnerabilities affecting their cloud data centres in the future.

Adam Gowdiak, CEO of Security Explorations said Oracle unveiled the Java Cloud Service in 2011 and held it up as a way to better compete against Salesforce.com. The 30 security issues disclosed by Security Explorations can be found here

Nick Farrell

E-mail: This e-mail address is being protected from spambots. You need JavaScript enabled to view it
blog comments powered by Disqus

 

Facebook activity

Latest Commented Articles

Recent Comments