Featured Articles

TSMC: Volume production of 16nm FinFET in 2H 2015

TSMC: Volume production of 16nm FinFET in 2H 2015

TSMC has announced that it will begin volume production of 16nm FinFET products in the second half of 2015, in late…

More...
AMD misses earnings targets, announces layoffs

AMD misses earnings targets, announces layoffs

AMD has missed earnings targets and is planning a substantial job cuts. The company reported quarterly earnings yesterday and the street is…

More...
Did Google botch the Nexus 6 and Nexus 9?

Did Google botch the Nexus 6 and Nexus 9?

As expected, Google has finally released the eagerly awaited Nexus 6 phablet and its first 64-bit device, the Nexus 9 tablet.

More...
Gainward GTX 970 Phantom previewed

Gainward GTX 970 Phantom previewed

Nvidia has released two new graphics cards based on its latest Maxwell GPU architecture. The Geforce GTX 970 and Geforce GTX…

More...
EVGA GTX 970 SC ACX 2.0 reviewed

EVGA GTX 970 SC ACX 2.0 reviewed

Nvidia has released two new graphics cards based on its latest Maxwell GPU architecture. The Geforce GTX 970 and Geforce GTX…

More...
Frontpage Slideshow | Copyright © 2006-2010 orks, a business unit of Nuevvo Webware Ltd.
Friday, 04 April 2014 11:46

More holes in Javascript

Written by Nick Farrell



The holes were small, they had to count them all

Polish researchers have released technical details and attack code for 30 security issues affecting Oracle's Java Cloud Service. Some of the flaws make it possible for attackers to read or modify users' sensitive data or to execute malicious code. 

Security Explorations said it would normally withhold public airings until after any vulnerabilities have been fixed. But apparently Oracle representatives failed to resolve some of the more crucial issues including bypasses of the Java security sandbox, bypasses of Java whitelisting rules, the use of shared WebLogic server administrator passwords, and the availability of plain-text use passwords stored in some systems.

Oracle apparently has admitted to the researchers that it cannot promise whether it will be communicating resolution of security vulnerabilities affecting their cloud data centres in the future.

Adam Gowdiak, CEO of Security Explorations said Oracle unveiled the Java Cloud Service in 2011 and held it up as a way to better compete against Salesforce.com. The 30 security issues disclosed by Security Explorations can be found here

Nick Farrell

E-mail: This e-mail address is being protected from spambots. You need JavaScript enabled to view it
blog comments powered by Disqus

 

Facebook activity

Latest Commented Articles

Recent Comments