First time accepted submitter radudragusin writes "IEEE suffered a data breach which I discovered on September 18. For a few days I was uncertain what to do with the information and the data. Yesterday I let them know, and they fixed (at least partially) the problem. The usernames and passwords kept in plaintext were publicly available on their FTP server for at least one month prior to my discovery. Among the almost 100.000 compromised users are Apple, Google, IBM, Oracle and Samsung employees, as well as researchers from NASA, Stanford and many other places. I did not and will not make the raw data available, but I took the liberty to analyse it briefly."

hypnosec writes "Just yesterday Apple released updates to fix Java vulnerabilities, but it seems the patch doesn't actually target the recently discovered high-profile Java bug that has been the talk of the web during the last two weeks. The two updates – Java for OS X 2012-005 for OS X Lion and Java for Mac OS X 10.6 Update 10 for Mountain Lion, are meant to tackle the vulnerability described in CVE-2012-0547. But according to KerbsOnSecurity, it seems Cupertino hasn't addressed the recent mega-vulnerabilities in Java as described in CVE-2012-4681." Update: 09/07 12:00 GMT by S : As readers have pointed out, these updates address flaws in Java 6, which is the version Apple maintains. The recently-reported Java vulnerabilities primarily affect Java 7, the patching of which is handled solely by Oracle. Nothing to see here.

eldavojohn writes "You may recall the news that Google would not be paying Oracle for Oracle's intellectual property claims against the search giant. Instead, Google requested $4.03 million for lawyer fees in the case. The judge denied some $2.9 million of those fees and instead settled on $1.13 million as an appropriate number for legal costs. Although this is relative peanuts to the two giants, Groklaw breaks the ruling down into more minute detail for anyone curious on what risks and repercussions are involved with patent trolling."

PCM2 writes "The Register reports that Security Explorations' Adam Gowdiak says there is still an exploitable vulnerability in the Java SE 7 Update 7 that Oracle shipped as an emergency patch yesterday. 'As in the case of the earlier vulnerabilities, Gowdiak says, this flaw allows an attacker to bypass the Java security sandbox completely, making it possible to install malware or execute malicious code on affected systems.'"

First time accepted submitter JavaBear writes "Oracle have just released the u7 release of their Java 7. From the article: 'In response to the findings of a recent vulnerability in Java 7 that was being exploited by malware developers, Oracle has released an official patch that takes care of the problem. In the past week, a new vulnerability was unveiled in Oracle's Java 7 runtime, which has been used by hackers in targeted attacks on Windows-based systems. Similar to the recent Flashback malware in OS X, this vulnerability allows criminals to create a drive-by hack where the only action needed to compromise a system is to visit a rogue Web page that hosts a malicious Java applet."

dutchwhizzman writes "Polish security researcher Adam Gowdiak submitted bug reports months ago for the current Java 7 zero-day exploit that's wreaking havoc all over the Internet. It seems that Oracle can't — or won't? — take such reports seriously. Is it really time to ditch Oracle's Java and go for an open source VM?"

tsu doh nimh writes "A new exploit for a zero-day vulnerability in Oracle's Java JRE version 7 and above is making the rounds. A Metasploit module is now available to attack the flaw, and word in the underground is that it will soon be incorporated into BlackHole, a widely used browser exploit pack. KrebsOnSecurity.com talked to the BlackHole developer, who said the Java exploit would be worth at least $100,000 if sold privately. Instead, this vulnerability appears to have been first spotted in targeted/espionage attacks that used the exploit to drop the remote control malware Poison Ivy, according to experts from Deep End Research. Because Oracle has put Java on a quarterly patch cycle, and the next cycle is not scheduled until October, experts have devised and are selectively releasing an unofficial patch for the flaw."

mpol writes "Sergei from MariaDB speculated on some changes within MySQL 5.5.27. It seems new testcases aren't included with MySQL any more, which leaves developers depending on it in the cold. 'Does this mean that test cases are no longer open source? Oracle did not reply to my question. But indeed, there is evidence that this guess is true. For example, this commit mail shows that new test cases, indeed, go in this "internal" directory, which is not included in the MySQL source distribution.' On a similar note, updates for the version history on Launchpad are not being updated anymore. What is Oracle's plan here? And is alienating the developer community just not seen as a problem at Oracle?"

itwbennett writes "Earlier this month, the judge in the Oracle v. Google trial ordered the companies to disclose the names of bloggers and reporters who had taken payments from them. Not surprisingly, both companies have denied making direct payments to writers (with the exception of Florian Mueller of FOSSPatents, whose relationship to Oracle was disclosed in April). But Oracle has tattled on Google regarding some indirect connections. In particular, Oracle called out Ed Black for an article he wrote about the case for Forbes. And Jonathan Band, co-author of the book, 'Interfaces on Trial 2.0,' which Google cited in its April 3, 2012 copyright brief." Groklaw has an in-depth look at the filings. Oracle's fingerpointing is based in part on this BBC article and this piece at The Recorder, both of which they entered into evidence. Google's filing (PDF) affirmed that they have not paid media for articles or done any quid pro quo in exchange for coverage. However, they acknowledged that many people receive money from Google through other means (the company's philanthropy, ad business, etc.), and asked the judge if he wanted further details about those instances.

Andy Updegrove writes "Between 2005 and 2008, an unparalleled standards war was waged between Microsoft, on the one hand, and IBM, Google, Oracle and additional companies on the other. At the heart of the battle were two document formats, one called ODF, developed by OASIS, a standards development consortium, and Open XML, a specification developed by Microsoft. Both were submitted to, and adopted by, global standards groups ISO/IEC. But then Microsoft never fully adopted its own standard. Instead, it implemented what it called 'Transitional Open XML,' which was better adapted for use in connection with documents created using older versions of Office. Yesterday, Microsoft announced in a blog entry that it will finally make it possible for Office users to open, edit and save documents in the format that ISO/IEC approved."

jfruh writes "One of the odder moments during the Oracle v. Google trial over Java patents came when patent blogger Florian Mueller disclosed that he had a 'consulting relationship' with Oracle. Now it looks like we're going to find out which other tech bloggers and journalists were on the payroll of one of the two sides in this epic fight. Judge William Alsup has ordered (PDF) that both parties disclose 'all authors, journalists, commentators or bloggers who have reported or commented on any issues in this case and who have received money (other than normal subscription fees) from the party or its counsel during the pendency of this action.'"

angry tapir writes "SAP has agreed to pay Oracle US$306 million in connection with the corporate-theft case that Oracle filed against it and a former SAP subsidiary in 2007, according to a filing made Thursday in the U.S. District Court for the Northern District of California. The long-running legal dispute centers on illegal downloads of Oracle software and support materials by SAP subsidiary TomorrowNow, which offered lower-cost support services for Oracle software. SAP admitted liability for actions taken by TomorrowNow workers, and a jury awarded Oracle US$1.3 billion in damages in November 2010." The $1.3 billion fine was overturned shortly after, causing more months of litigation.

angry tapir writes "A California court has ordered Oracle to continue porting its software to the Intel Itanium chips used by Hewlett-Packard in a number of its servers. Last year, Oracle, which competes with HP in the hardware market but shares many customers with the vendor, announced it would cease supporting Itanium. HP filed suit in June 2011, maintaining that Oracle was contractually bound to continue supporting Itanium."

CowboyNeal writes "Last week, Oracle announced that they were making Oracle Linux available free of charge, and also provided a script that makes switching to Oracle Linux nearly painless for existing CentOS users. What makes Oracle Linux unique, and why would anyone want to use it? Read on to find out, as I delve into what Oracle Linux has to offer."

An anonymous reader writes "Ex-Sun employees did what Sun/Oracle failed to do since the iPhone launched. They brought Java to iOS and other mobile devices. They are getting major coverage from Forbes, DDJ, hacker news and others. They are taking a unique approach of combining a Swing-like API with a open source and SaaS based solution."

benrothke writes "Anyone who has worked in information technology knows of Gartner. They are one of the leading information technology research and advisory firms. Most of their clients are CIOs and senior IT leaders in corporations and government agencies, high-tech and telecom enterprises. Gartner is huge with over 5,000 associates, over 1, 200 research analysts and consultants and clients in 85 countries. Their revenue in 2011 was nearly $1.5 billion. While Gartner is the world's largest, there are over 650 independent analyst firms worldwide. Barbara French's Directory of Analysts provides a comprehensive list. With all that, very few people understand how Gartner works and what makes them tick. In UP and to the RIGHT: Strategy and Tactics of Analyst Influence: A complete guide to analyst influence, ex-Gartner analyst Richard Stiennon takes the mystery out of Gartner. In particular, a good part of the book deals with Gartner's vaunted Magic Quadrant." Read below for the rest of Ben's review.

MikeatWired writes "Google is seeking $4 million from Oracle to cover the costs it incurred during this spring's epic legal battle over the Android mobile operating system, reports Caleb Garling. In a brief filed in federal court on Thursday night, Google lead counsel Robert Van Nest argued that Oracle is required to pay his company's legal costs because judge and jury ruled in favor of Google on almost every issue during the six-week trial. 'Google prevailed on a substantial part of the litigation,' read Google's brief. '[Oracle] recovered none of the relief it sought in this litigation. Accordingly, Google is the prevailing party and is entitled to recover costs.' Google has not publicly revealed an itemized list of its expenses, but the total bill included $2.9 million spent copying and organizing documents. According to the brief, the company juggled a mind-boggled 97 million documents during the case."

Sique writes "An author of software cannot oppose the resale of his 'used' licenses allowing the use of his programs downloaded from the internet. The exclusive right of distribution of a copy of a computer program covered by such a license is exhausted on its first sale. This was decided [Tuesday] (PDF) by the Court of Justice of the European Union in a case of Used Soft GmbH v. Oracle International Corp.."

snydeq writes "With Adobe's divestment of Flex and mobile Flash and Microsoft's move from Silverlight to Metro, Oracle now seems all alone in believing that a fat client framework — in the form of JavaFX — is a worthwhile investment, writes Andrew Oliver. 'Fewer and fewer options exist for developing purely fat client desktop applications and fewer still for RAD applications with Web-based delivery (aka, "thick clients"). We are on the verge of a purely HTML/JavaScript client world. Or we would be, if it weren't for mobile pushing us back to client-side development.'"

Dupple writes with this quote from a Reuters report: "Hewlett-Packard Co told a judge on Tuesday that Oracle Corp should be ordered to make its software available on HP's Itanium-based servers for as long as HP sells them. Lawyers for HP and Oracle presented closing arguments in a California state court for the first phase in a bitter lawsuit between the two tech giants. ... Oracle decided to stop developing software for use with Itanium last year, saying Intel made it clear that the chip was nearing the end of its life and was shifting its focus to its x86 microprocessor. But HP said it had an agreement with Oracle that support for Itanium would continue, without which the equipment using the chip would become obsolete. HP said that commitment was affirmed when it settled a lawsuit over Oracle's hiring of ousted HP chief executive Mark Hurd. HP seeks up to $4 billion in damages."