Wednesday, December 23, 2015

Oracle must help its users to destroy old Java versions

It's the first time that the powerful Federal Trade Commission of Unite States admonishes a software manufacturer for irregularities in their security updates. The "winner" is the giant Oracle and we'll see why. We'll talk about the Jupiner case and its relation with the Encryption Wars and about one of the Sweden researchers who has cracked the quantum cryptography. 

The FTC accuses Oracle for making fake statements regarding Java SE security, ensuring the system was safe after the security updates when, actually,  the process didn't erase the old an unsafe versions, installed in the computers, being a serious security problem. Oracle will help its clients to uninstall this old versions or it will face a fine.


Meanwhile, the polemic of the backdoors discovered in the Juniper's firewalls, installed in the majority of World´s corporate networks under American influence continues. According to "Wired", the researchers confirms the backdoors would have been installed on request by the National Security Agency, although it isn't clear if the master password found would be from the Agency too or from foreign agencies that would know the holes and would be using them.

The Encryption Wars

The Juniper case explodes just when the Encryption Wars in Unite States are intensifying and it gives the reason to who complains about making the encryption protections more weak, as the government asked, is making security weaker in the whole World. In that regard, the famous expert Bruce Schneier publishes in his blog today two reflection articles about this topic. Specially relevant is the one titled: "The Second Encryption War is not about Crypto", by Jaap-Henk Hoepman, who warns that what it's fighting here is the interference of the governments in the networks and their monitoring.

Quantum crack

We continue talking about encryption because Sweden researchers announced they made what seems impossible: They have broken the supposedly unbreakable quatum cryptography. According to the publication in "Science Advances", they would have discovered a security hole that allows them to spy the quantum traffic without being detected.

If this happen in 2015, we can't imagine what we'll talking about in December 2016. We'll see wonders, no doubt.


Post a Comment