Threat Post

Java’s Losing Security Legacy

Java’s code-signing requirements have proven to be a bust, security researchers say, and now even longtime developers are losing faith in the programming language. Why would a software company require ...
Threat Post

Oracle Patches 42 Java Flaws, Adds New Code-Signing Restrictions and Warnings

The latest Java update released Tuesday includes new prompts warning users of potentially malicious applets, in addition to patches for 42 vulnerabilities, all but three of which are remotely ...
InfoWorld

Oracle to Java devs: Stop signing JAR files with MD5

Starting in April, Oracle will treat JAR files signed with the MD5 hashing algorithm as if they were unsigned, which means modern releases of the Java Runtime Environment (JRE) will block those JAR ...
Dark Reading

Researcher Pokes Holes In Java 7 Security

Is the design of Oracle's Java 7 security sandbox backwards? That charge was leveled by programmer Jerry Jongerius, who last week released a Java Code Signing Failure alert detailing how Java security ...
Dark Reading

Java Malicious App Alert System Tricked

Attackers can spoof information relayed by the Java 7 malicious app warning system. So says programmer Jerry Jongerius, who has released a "Java Code Signing Failure" alert detailing how app names ...