Jan 082013
 

java logo

Java is on the wane, at least according to one outfit that keeps on eye on the ever-changing world of computer programming languages.

For more than a decade, it has dominated the Tiobe Programming Community Index — a snapshot of software developer enthusiasm that looks at things like internet search results to measure how much buzz different languages have. But lately, Java has been slipping. In fact, it’s been overtaken by the C programming language — a 40-year-old dinosaur that’s still popular with Unix developers and people who develop software for simple embedded systems like DVD players or alarm monitors.

“C is not number one because it is rising, but it is because Java is falling down,” says Paul Jansen, managing director with Tiobe Software, writing in an e-mail interview. Jansen’s company compiles the programming index.

According to Jansen, Java — once the hottest of the programming languages — took a serious detour when Oracle bought it, along with its creator-company, Sun Microsystems, three years ago.

MORE:  Is Java Losing Its Mojo? | Wired Enterprise | Wired.com.

 

 


 

Sep 262012
 

Researchers have discovered a Java flaw that would let hackers bypass critical security measures in all recent versions of the software. The flaw was announced today by Security Explorations, the same team that recently found a security hole in Java SE 7 letting attackers take complete control of PCs. But this latest exploit affects Java SE 5, 6, and 7—the last eight years worth of Java software.

“The impact of this issue is critical—we were able to successfully exploit it and achieve a complete Java security sandbox bypass in the environment of Java SE 5, 6, and 7,” Adam Gowdiak of Security Explorations wrote, claiming the hole puts “one billion users” at risk.

Gowdiak wrote that Security Explorations successfully pulled off the exploit on a fully patched Windows 7 32-bit computer in Firefox, Chrome, Internet Explorer, Opera, and Safari. Although testing was limited to Windows 7 32-bit, Gowdiak told Computerworld that the flaw would be exploitable on any machine with Java 5, 6, or 7 enabled (whether it’s Windows 7 64-bit, Mac OS X, Linux, or Solaris).

MOREYet another Java flaw allows “complete” bypass of security sandbox | Ars Technica.

 


Aug 272012
 

A vulnerability in the latest version of Oracle’s Java software framework is under active attack, and the damage is likely to get worse thanks to the availability of reliable exploit code that works on a variety of browsers and computer platforms, security experts warn.

The flaw in Java version 1.7 was reported on Sunday afternoon by FireEye security researcher Atif Mushtaq. A separate post published on Monday by researchers Andre M. DiMino and Mila Parkour said the number of attacks, which appear to install the Poison Ivy Remote Access Trojan, were low. But they went on to note that the typical delay in issuing Java patches, combined with the circulation of exploit code, meant it was only a matter of time until the vulnerability is exploited more widely by other attackers.

Members of Rapid7, the security company that helps maintain the open-source Metasploit exploit framework used by penetration testers and hackers, said they have already developed an exploit that works against Windows 7. They are in the process of testing it against the Microsoft Internet Explorer, Mozilla Firefox, and Google Chrome browsers running on other operating systems, including Ubuntu Linux 10.04 and Windows XP. They went on to suggest that users should disable Java until a patch plugging the gaping hole is released.

“As a user, you should take this problem seriously, because there is currently no patch from Oracle,” a Rapid7 exploit developer wrote in a blog post. “For now, our recommendation is to completely disable Java until a fix is available.”

MORE:  Critical flaw under active attack prompts calls to disable Java | Ars Technica.