WebProNews

Tag: Oracle

  • Oracle CEO Larry Ellison Steps Down

    Oracle CEO Larry Ellison Steps Down

    Oracle CEO Larry Ellison is stepping down from the position, and will be taking on the roles of executive chairman and CTO.

    Here’s the full statement from Oracle:

    The Oracle (NYSE: ORCL) Board of Directors today announced that it has elected Larry Ellison to the position of Executive Chairman of Oracle’s Board and appointed him the company’s Chief Technology Officer. Jeff Henley, who has served as Oracle’s Chairman for the last 10 years, was appointed Oracle’s Vice Chairman of the Board.

    The Oracle Board also promoted both Safra Catz and Mark Hurd to the position of CEO, Oracle Corporation. All manufacturing, finance, and legal functions will continue to report to Oracle CEO, Safra Catz. All sales, service and vertical industry global business units will continue to report to Oracle CEO, Mark Hurd. All software and hardware engineering functions will continue to report to Oracle Chairman and CTO, Larry Ellison.

    “Safra and Mark will now report to the Oracle Board rather than to me,” said Larry Ellison. “All the other reporting relationships will remain unchanged. The three of us have been working well together for the last several years, and we plan to continue working together for the foreseeable future. Keeping this management team in place has always been a top priority of mine.”

    “Larry has made it very clear that he wants to keep working full time and focus his energy on product engineering, technology development and strategy,” said the Oracle Board’s Presiding Director, Dr. Michael Boskin. “Safra and Mark are exceptional executives who have repeatedly demonstrated their ability to lead, manage and grow the company. The Directors are thrilled that the best senior executive team in the industry will continue to move the company forward into a bright future.”

    According to CNN Money, Ellison earned $78.4 million last year.

    Image via Wikimedia Commons

  • Oracle Buys Micros Systems for $5.3 Billion

    Oracle Buys Micros Systems for $5.3 Billion

    Oracle, no stranger to large acquisitions, has just announced a $5.3 billion buy of Micros Systems – a top provider of both hardware and software for the hospitality industry.

    Oracle says that the acquisition will allow the two companies to “help hotels, food & beverage facilities, and retailers to accelerate innovation, transform their businesses, and delight customers with complete, open and integrated solutions.”

    “Oracle has successfully helped customers across multiple industries, harness the power of cloud, mobile, social, big data and the internet of things to transform their businesses,” said Oracle President Mark Hurd. “We anticipate delivering compelling advantages to companies within the Hospitality and Retail industries with the acquisition of MICROS.”

    Known for their big acquisitions, Oracle has made 11 such purchases in the past year-and-a-half. This $5.3 billion buy is their second-largest in recent history – the largest coming back in 2009 with a $7.4 billion takeover of Sun Microsystems.

    “MICROS has been focused on helping the world’s leading brands in our target markets since we were founded in 1977, including running more than 330,000 sites across 180 countries today,” said Peter Altabef, President and CEO, MICROS. “In combination with Oracle, we expect to help accelerate our customers’ ability to innovate and differentiate their businesses by utilizing Oracle’s technologies, cloud solutions and scale. We are very excited about the great opportunities this will create for our customers and employees.”

    Post by MICROS Systems Inc.

    The deal will close later this year.

    Image via MICROS Systems, Facebook

  • Oracle Linux And Oracle VM Get OpenStack Support

    Oracle Linux And Oracle VM Get OpenStack Support

    Oracle announced OpenStack support for Oracle Linux and Oracle VM. The company introduced a preview of an OpenStack distribution that allows users of either to work with the open source cloud software.

    Oracle says it provides customers with more choices and interoperability while taking advantage of “efficiency, performance, scalability, and security” of its offerings.

    At no extra cost, the distribution comes as part of the Oracle Linux and Oracle VM Premiere Support offerings. Users can install the preview in their test environments with the latest version of Oracle Linux and he beta release of Oracle VM 3.3.

    “Oracle is working closely with the OpenStack community across many areas,” said Wim Coekaerts, senior vice president, Linux and Virtualization Engineering, Oracle. “Oracle will continue to help deliver OpenStack capabilities to enable our customers to more efficiently deploy, manage and support their large Oracle data center deployments.”

    “We are excited to see the OpenStack eco-system growing,” said Mark Collier, chief operating officer, OpenStack Foundation. “As Oracle and others integrate OpenStack into enterprise IT environments, users will have new choices for deploying OpenStack in their data centers.”

    Oracle says customers can use Oracle Linux as the base OS for OpenStack deployments where they can take advantage of Oracle Ksplice’s patching capabilities.

    OpenStack’s compute, network and storage management services can be downloaded from the Oracle Public Yum Server and Unbreakable Linux Network.

    Those who deploy the OpenStack distribution can get Oracle’s enterprise-class support.

    Image via Oracle

  • Software Revenue Rose 4.8% Last Year

    Software Revenue Rose 4.8% Last Year

    The PC market is in a funk, with PC manufacturers scrambling to find a way to make desktop and notebook PCs relevant within the new reality of mobile tablets and smartphones. That doesn’t mean, however, that the software companies providing the applications for the PC market are headed the same way. As businesses and consumers push forward with their already-capable PCs, software sales are still growing.

    Market research firm Gartner today released a new report showing that global software revenue hit $407.3 billion during 2013. This is up 4.8% from the $388.5 billion the industry earned during 2012.

    Though it is clear that the software industry is enduring the hardware shift of the past few years, software itself is also undergoing a major transition. According to Gartner this shift involves companies that are both supporting existing traditional software infrastructures while rolling out new cloud-based solutions and pioneering other subscription-based services. Even many of those PC hardware companies that are struggling to hold back the rising tide of mobile devices are re-configuring their business models to rely more on enterprise software and security services.

    “The software market has been changing shape over the past five years, and cloud is driving the bulk of this change as software vendors acquire and provide applications and infrastructure technology to support the cloud and the internet of things (IoT) movement,” said Joanne Correia, research VP at Gartner. “A clear indicator of this is that for the first time we have a pure cloud vendor in the top 10.”

    The cloud vendor Correia referenced is Salesforce.com, a customer relationship management (CRM) company that provides businesses with cloud-based CRM solutions. Salesforce ranks tenth on Gartner’s list of the top ten software vendors of 2013 ranked by revenue. The company saw its revenues increase by over 33% year-over-year in 2013, up to $3.8 billion.

    The list is led by the perennial heavyweight of the software business, Microsoft, which grew software revenue 6% to hit $65.7 billion in 2013. They are led by Oracle ($29.6 billion), IBM ($29.1%), SAP ($18.5 billion), and Symantec ($6.4 billion). Another heavily cloud-based business, VMware, rose to eighth place on Gartner’s list by increasing revenue 14.1% to $4.8 billion in 2013.

  • Oracle Is Buying BlueKai For Big Data Marketing

    Oracle Is Buying BlueKai For Big Data Marketing

    Oracle announced on Monday that it has signed an agreement to acquire cloud-based big data platform BlueKai, which offers a solution for personalizing marketing campaigns.

    According to Oracle, BlueKai has the “world’s largest third party data marketplace to augment a company’s proprietary customer data with actionable information” with over 700 million profiles.

    The company intends to integrate BlueKai with its Responsys offering for B2C purposes as well as Eloqua for B2B.

    “Modern marketers require new ways of acquiring, centralizing, interpreting, and activating customer data across marketing channels so that they can enhance the customer experience and maximize the return on their marketing spend,” said Steve Miranda, Executive Vice President, Applications Development, at Oracle. “The addition of BlueKai to the Oracle Marketing Cloud enables marketers to act on data across both known customers and new audiences and precisely target customers with a personalized message across all channels.”

    “As a leader in marketing data management, BlueKai’s innovative products convert fragmented and disparate marketing data into high-performance results for companies,” added BlueKai CEO Omar Tawakol. “We are thrilled to join Oracle and extend Oracle’s Customer Experience portfolio to include the industry’s most effective big data cloud platform for marketers.”

    Terms of the deal were not disclosed. AdExchanager estimates it at between $350M and $450M.

    Image via BlueKai

  • Java 8 Still Set to Ship in March

    Java 8 Still Set to Ship in March

    As Oracle continues to improve the Java Development Kit, the company has stated that it will not be pushing back the release of Java SE 8. The update is still on schedule for its March 18 release date. The final Java 8 release candidate should be available starting on January 23.

    Despite Oracle crunching to get Java 8 in shape for the scheduled deadline, the update will still ship with known bugs that coders will not be able to fix before launch. The company is referring to them as non-showstopper bugs and says that it will be delaying fixes on them to ensure Java 8 hits its March release deadline.

    Java 8 was originally scheduled to launch during September 2013, but was delayed due to the numerous java security vulnerabilities uncovered over the past year. Oracle has since stated that it is in the process of fixing decade-old security problems introduced into Java before the company even purchased Sun Microsystems.

    Java 8 will bring numerous features to Java, many of which were originally scheduled to be implemented in Java 7. The largest change will be support for closures (lambda expressions) under “Project Lambda.” Other changes include “Project Coin” implementation that did not make it into Java 7, annotations on Java Types, and a Date and Time API. “Project Nashorn” will also be coming with Java 8, though “Project Jigsaw” has been delayed to Java 9, meaning that modularization will not be coming to have until the scheduled Java SE 9 release in 2016.

    via Java World

  • Oracle Ends Commercial Support For GlassFish

    Oracle Ends Commercial Support For GlassFish

    As part of Oracle’s acquisition of Sun Microsystems, the company also acquired the GlassFish application server project. Since its launch, GlassFish users have enjoyed commercial support for the latest releases of Java Enterprise Edition, but that’s no longer the case.

    Earlier this month, Oracle announced that it would be ending commercial support for GlassFish and Java EE. In other words, there will be no GlassFish Server 4.x with commercial Java EE 7 support. There will, however, be an open source version with GlassFish Server Open Source Edition 4.1 launching in 2014.

    So, what’s an enterprise using GlassFish to do? Oracle says that all your Java EE 7 needs will now be fulfilled by the company’s WebLogic Server service. It says that the the compatibility between the two server types is high and that you should be able to transfer your goods over to WebLogic in no time.

    For more information, here’s what Oracle recommends GlassFish Server customers do to begin the move to WebLogic:

  • Applications developed to Java EE standards can be deployed to both GlassFish Server and Oracle WebLogic Server
  • GlassFish Server and Oracle WebLogic Server have implementation-specific deployment descriptor interoperability (here and here).
  • GlassFish Server 3.x and Oracle WebLogic Server share quite a bit of code, so there are quite a bit of configuration and (extended) feature similarities. Shared code includes JPA, JAX-RS, WebSockets (pre JSR 356 in both cases), CDI, Bean Validation, JSF, JAX-WS, JAXB, and WS-AT.
  • Both Oracle GlassFish Server 3.x and Oracle WebLogic Server 12c support Oracle Access Manager, Oracle Coherence, Oracle Directory Server, Oracle Virtual Directory, Oracle Database, Oracle Enterprise Manager and are entitled to support for the underlying Oracle JDK.

    • Before you think that this means Oracle is giving up on Java EE, you might want to dial it back a bit. The company says that’s it committed to both Java EE and GlassFish more than ever. In fact, it says that focusing entirely on GlassFish Open Source Edition will help its teams “to be more focused on the Java EE platform.”

    [Image: GlassFish/Twitter]
    [h/t: JavaWorld]

  • Oracle Releases Major Patch Update With 127 Fixes

    Oracle Releases Major Patch Update With 127 Fixes

    Oracle has issued a big collection of critical patches for its various offerings. The company says that due to a threat posed by a successful attack, it strongly recommends that customers apply the fixes as soon as possible.

    The update contains a127 new fixes. 51 of them are for Java. Others are for Database, Fusion Middleware, Enterprise Manager, E-Business Suite, Oracle Supply Chain, PeopleSoft, Siebel, iLearning, Oracle Health Sciences Products Suite, Oracle Retail Products Suite, Oracle FlexCube, Oracle Primavera Products Suite, Oracle and Sun Systems Products Suite, Oracle Linux and Virtualization and Oracle MySQL Product Suite.

    “The Oracle Database, Oracle Fusion Middleware, Oracle Enterprise Manager Grid Control, Oracle E-Business Suite Applications, JD Edwards EnterpriseOne, JD Edwards OneWorld Tools, PeopleSoft Enterprise Portal Applications, PeopleSoft Enterprise PeopleTools, Siebel Enterprise, Industry Applications, Primavera and Oracle VM patches in the Critical Patch Updates are cumulative,” Oracle said. “In other words, patches for any of these products included in a Critical Patch Update will include all fixes for that product from the previous Critical Patch Updates. For more information about cumulative and non-cumulative patches, check the patch availability documents in the table below for the respective product groups.”

    “Until you apply the CPU fixes, it may be possible to reduce the risk of successful attack by blocking network protocols required by an attack,” Oracle says. “For attacks that require certain privileges or access to certain packages, removing the privileges or the ability to access the packages from users that do not need the privileges may help reduce the risk of successful attack. Both approaches may break application functionality, so Oracle strongly recommends that customers test changes on non-production systems. Neither approach should be considered a long-term solution as neither corrects the underlying problem.”

    Starting this month, the Java SE Critical Patch update will be released quarterly.

    More on the updates here.

    Image: Oracle

  • Oracle Says It’s Making Progress On Java Security

    Oracle Says It’s Making Progress On Java Security

    Java became somewhat of a punching bag in the security researcher community earlier this year after numerous vulnerabilities were found in the software. After what must have been an embarrassing few months, Oracle announced in June that it would make Java security a priority going forward. So, how’s that working out for them?

    InfoWorld reports that Oracle officials spoke on Java security in late September at the JavaOne technical conference in San Francisco. They said that the main problem with Java security is that most of the vulnerabilities existed long before Oracle purchased Sun Microsystems, and that they’re having to go back and fix decade old problems. It also didn’t help that Java, when under the care of Sun, didn’t receive the kind of security support or funding that Oracle is now pumping into it.

    Of course, the blame can’t fall all on Sun. Oracle’s Vice President of Cloud Applications and Java EE, Cameron Purdy, said that some of the blame falls on Oracle for not building a Java security team fast enough after his company acquired Java in 2010.

    Sun and Oracle may have made some mistakes in keeping Java secure, but the blame for poor Java security ultimately falls on users. Oracle notes that it’s putting out security updates, but it’s up to the user to update to the latest version of Java. If they don’t upgrade, it’s not Oracle’s fault if a hacker uses an exploit to take over their machine.

    With its renewed focus on security, Oracle seems to have gained the favor of developers. One such developer told InfoWorld that Oracle had made a lot of progress over the past year in the field. That progress came in the form of Oracle announcing that it would put out four annual security fixes for Java instead of three. It will also work to release emergency updates whenever a zero-day exploit rears its ugly head.

    [Image: Java]

  • ‘The Billionaire And The Mechanic’ Author Julian Guthrie And Oracle Engineer Joseph Ozanne Talk At Google

    ‘The Billionaire And The Mechanic’ Author Julian Guthrie And Oracle Engineer Joseph Ozanne Talk At Google

    Journalist Julian Guthrie and Oracle engineer Joseph Ozanne recently participated in an At Google Talk discussing Guthrie’s book The Billionaire and the Mechanic: How Larry Ellison and a Car Mechanic Teamed Up to Win Sailing’s Greatest Race, The America’s Cup. Ozanne is the Chief engineer behind Oracle Team USA’s fixed-wing sail in 2010. Google has now made the discussion available online.

    More recent At Google talks here.

  • Oracle Will Make Java Security A Priority Going Forward

    Oracle Will Make Java Security A Priority Going Forward

    To say Java is vulnerable to exploits would be the understatement of the year. In the first two months of 2013, the software was hit with three zero-day exploits. Oracle eventually fixed all of these exploits, but Oracle should have worked harder to make it more secure in the first place. In a better late than never move, the software maker will be doing just that.

    Oracle announced in a blog post that it will align Java with its Critical Patch Update schedule in October of this year. In other words, Oracle will release four annual security fixes for Java instead of the three it releases now. For zero-days and other sudden exploits, Oracle will “retain the ability to issue emergency “out of band” security fixes.”

    The above is part of a larger push to move Java into the Oracle Software Security Assurance program. The hope is that this will help prevent “the introduction of new vulnerabilities in the Java code base.” Oracle says that its developers will use more automated security testing tools alongside new analysis tools that will find certain types of vulnerabilities.

    For consumers running Java on their browsers, Oracle will be introducing three changes into how it interacts with the browser:

  • (1) The security model for signed applets was changed. Previously, signing applets was only used to request increased application privileges. With this update, signing applets establishes identity of the signer, but does not necessarily grant additional privileges. As a result, it is now possible to run signed applets without allowing them to run outside the sandbox, and users can prevent the execution of any applets if they are not signed.
  • (2) The default plug-in security settings were changed to further discourage the execution of unsigned or self-signed applets. This change is likely to impact most Java users, and Oracle urges organizations whose sites currently contain unsigned Java Applets to sign those Applets according to the documented recommendations. Note, however, that users and administrators will be able to specifically opt out of this setting and choose a less secure deployment mode to allow for the execution of unsigned applets. In the near future, by default, Java will no longer allow the execution of self-signed or unsigned code.
  • (3) While Java provides the ability to check the validity of signed certificates through Certificate Revocation Lists (CRLs) or Online Certificate Status Protocol (OCSP) calls before the execution of signed applets, the feature is not enabled by default because of a potential negative performance impact. Oracle is making improvements to standardized revocation services to enable them by default in a future release. In the interim, we have improved our static blacklisting to a dynamic blacklisting mechanism including daily updates for both blacklisted jar files and certificates.

    • On a final note, Oracle will also be increasing security for Java on servers to increase enterprise consumer trust in its services. The software maker points out that Java on servers is rarely affected by exploits, but it wants to take a better safe than sorry approach to the matter. It will do this by introducing what it calls Server JRE – a new Java distribution that removes vulnerable plugins. It will also work towards removing certain code libraries that are unnecessary for server distributions of Java.

    All of the above makes it sound like Oracle is taking Java security very seriously. Of course, words and actions are two different things so we’ll have to see how Oracle reacts to emerging threats later this year when it implements its new security policies.

  • Just Disable Java Already: Plugin Hit With Third Zero-Day Exploit This Year

    Just Disable Java Already: Plugin Hit With Third Zero-Day Exploit This Year

    Oracle has had a busy 2013 so far as it has scrambled to fix dangerous zero-day exploits found in its Java browser plugin. The company will have no rest, however, as security researchers have found more exploits.

    Security research firm Security Explorations reported two new zero day exploits hit Java on February 25. Since then, the company has provided a number of updates on the progress its made with Oracle to patch these security holes:

    25-Feb-2013

  • Vulnerability Notice along with a Proof of Concept code are sent to Oracle corporation (Issues 54 and 55).
  • Oracle confirms successful reception and decryption of the vulnerability report. The company informs that it will investigate based on the data provided and get back to us soon.
  • Oracle provides a monthly status report for the reported issues. The company informs that Issue 51 is under investigation / being fixed in main codeline. The report does not mention Issues 54 and 55 yet.
  • Oracle provides tracking numbers for Issues 54 and 55, but claims they are still not confirmed.

    • 27-Feb-2013

  • Security Explorations asks Oracle whether it needs any assistance in running the received Proof of Concept Code or whether a confirmation of reported vulnerabilities from a 3rd party such as US-CERT would be helpful for the company. Security Explorations informs Oracle that it expects a clear confirmation or denial of Issues 54 and 55 (in the past, reception of tracking numbers from Oracle was equivalent to the confirmation of a given report).
  • Oracle provides the results of its assessment and informs that Issue 54 is not a vulnerability (it demonstrates the “allowed behavior”). The company confirms Issue 55.
  • Security Explorations disagrees with Oracle’s assessment regarding Issue 54 and provides the company with its arguments. Security Explorations demonstrates to Oracle a corresponding sample of “allowed behavior” of Issue 54 that leads to a denied access and a security exception.

    • 28-Feb-2013

  • Security Explorations provides Oracle with another example illustrating denied access for a similar condition as Issue 54. The company asks Oracle whether it still considers Issue 54 as a non-vulnerability demonstrating the “allowed behavior”.

    • The issues referenced above – 54 and 55 – can apparently be combined to “gain a complete Java security bypass in the environment of Java SE 7 (Update 15).” Issue 54 is being labeled by Oracle as a non-issue, but issue 55 has been picked up for further investigation.

    This latest discovery only further stains Java’s reputation as it has not only been exploited twice in the past two months, but said exploits led to major firms like Apple and Facebook being hacked. Granted, Oracle can’t predict every new exploit that comes its way, but you would think it would be more thorough before releasing updates.

    So, what can you do to prevent any Java-based attacks? It’s rather simple really – just disable Java. Firefox automatically disables it for you, and it’s easy enough to disable on other browsers as well.

    [h/t: ZDNet]

  • Oracle To Acquire Acme Packet For $2.1 Billion

    Oracle To Acquire Acme Packet For $2.1 Billion

    Oracle has entered into an agreement to acquire Acme Packet, a session delivery network solutions company, for $29.25 per share in cash in a deal worth $2.1 billion.

    Oracle President Mark Hurd had this to say about the deal: “The proposed acquisition of Acme Packet is another important piece in Oracle’s overall strategy to deliver integrated best-in-class products that address critical customer requirements in key industries. The addition of Acme Packet to Oracle’s leading communications portfolio will enable service providers and enterprises to deliver innovative solutions that will change the way we interact, conduct commerce, deliver healthcare, secure our homes, and much more.”

    Acme Packet CEO Andy Ory said, “Acme Packet brings deep domain expertise and proven, mission-critical solutions to enable all- IP networks. Together with Oracle, we expect to provide customers with purpose-built, innovative solutions to accelerate the deployment of all-IP networks and help deliver a superior experience across services, devices and networks.”

    “The communications industry is undergoing a dramatic shift as users become more connected and dependent on mobile applications and devices. Service providers and enterprises need a comprehensive communications solution that will enable them to more effectively engage with their customers,” said Bhaskar Gorti, SVP and GM, Oracle Communications. “This combination will enable secure and reliable delivery of real-time interactive communications through the most comprehensive, best-in-class communications portfolio in the industry.”

    The deal is expected to close in the first half of the year, subject to Acme Packet shareholder approval. The company’s board has unanimously approved it.

    Here’s a letter Ory sent to Acme Packet’s customers and partners:

    On February 4, 2013, we announced that we have signed an agreement to be acquired by Oracle. The proposed transaction is subject to stockholder approval, certain regulatory approvals, and customary closing conditions and is expected to close in the first half of 2013. Until the deal closes, each company will continue to operate independently, and will operate its business as usual.

    Today is a significant milestone for Acme Packet. We are excited to join forces with Oracle because we believe that together we can rapidly accelerate the transformation to all-IP communications networks across the globe. The combination of our session border control and other solutions with Oracle’s powerful Communications portfolio will enable service providers to uniquely differentiate and monetize next-generation services, and help enterprises benefit from more effective user engagement and improved employee productivity. This combination will also provide our partners with an expanded portfolio of world-class solutions to help them create even greater value for their customers.

    Oracle plans to make Acme Packet a core offering in its Oracle Communications portfolio to enable customers to more rapidly innovate while simplifying their IT and network infrastructures. This means our customers can expect to continue to receive the expertise, vision and passion that they have come to expect from us today — and our efforts will be supported by the global reach, investment and infrastructure of Oracle.

    Acme Packet’s management team and employees are expected to join Oracle’s Communications Global Business Unit, and continue their focus on building the industry’s best session delivery solutions. We expect that joining Oracle will provide significant benefits for both our customer and partner communities.

    Thank you for your continued support and for being part of the Acme Packet community.

    Best regards,

    Andy Ory
    CEO, Acme Packet

  • UK Government To Make Major Investment In Oracle ERP

    UK Government To Make Major Investment In Oracle ERP

    The British Foreign & Commonwealth Office (FCO) will invest somewhere between £250 and £750 million in an Oracle shared services ERP platform, which will reportedly be opened up to other government departments. This is a consolidation effort, to get things running on fewer platforms.

    PublicTechnology.net shares a statement from prior information notice issued last week:

    “The scope intends to cover existing Oracle platforms in the UK government departments and any supporting technologies, and to include upgrades and implementations of new Oracle version for these existing platforms”.

    According to The Channel, Oracle partners are drooling over the FCO’s investment. Paul Kunert reports:

    One Oracle partner told us government departments procure Oracle software individually and at different prices.

    “There is a lot of room for negotiation and pricing is bloody messy,” he told us.

    It is likely that Oracle will bid directly for the business but in line with all the noise coming out of the Cabinet Office, small biz suppliers are likely to be shoe-horned into the framework.

    The framework tender is expected to be released within the next several months.

  • Java Patch Didn’t Fix Everything, New Exploit On Sale For $5,000

    Java Patch Didn’t Fix Everything, New Exploit On Sale For $5,000

    Microsoft and Oracle both released patches this week for zero-day exploits found in Internet Explorer 8 and Java. If you still use Internet Explorer 8 or below, you should probably download the fix available via Windows Update. As for Java, you should probably still keep that disabled.

    Krebs on Security reports that a hacker has already found a hole in the Java fix that Oracle uploaded this week. This particular hacker relayed the news to others on a private Web forum, and began looking for buyers. Here’s the sales pitch:

    New Java 0day, selling to 2 people, 5k$ per person

    And you thought Java had epically failed when the last 0day came out. I lol’d. The best part is even-though java has failed once again and let users get compromised… guess what? I think you know what I’m going to say… there is yet another vulnerability in the latest version of java 7. I will not go into any details except with seriously interested buyers.

    Code will be sold twice (it has been sold once already). It is not present in any known exploit pack including that very private version of [Blackhole] going for 10$k/month. I will accepting counter bids if you wish to outbid the competition. What you get? Unencrypted source files to the exploit (so you can have recrypted as necessary, I would warn you to be cautious who you allow to encrypt… they might try to steal a copy) Encrypted, weaponized version, simply modify the url in the php page that calls up the jar to your own executable url and you are set. You may pm me.

    What’s worrisome is that the thread is reportedly gone as of today which means that the exploit has been sold to two people already. That means we could be seeing another potentially dangerous zero-day attack on Java in the near future.

    Oracle can’t predict the future, and its engineers obviously can’t predict what exploits are going to be found in its software. Hackers will always be one step ahead of software developers. All Oracle can do is remain vigilant and quickly put out a fix whenever a new exploit is found. Java’s presence on over 1 billion PCs must put a ton of pressure on the company, but hopefully it can push out fixes just as quickly as the last one.

    And next time, maybe check the fix to make sure there aren’t any security holes left in it.

    [h/t: Ars Technica]

  • Java Hit With Another Zero-Day Exploit: Disable It Now

    Java Hit With Another Zero-Day Exploit: Disable It Now

    2012 was not a good year for Oracle. After losing a major lawsuit against Google, the company had to deal with a dangerous zero-day exploit that was found in Java. It fixed the problem, but a new exploit is always around the corner.

    Originally spotted in the wild by @kafeine, other security research teams, including AlienVault Labs, have confirmed that a new zero day exploit has been found in Java. This particular exploit looks like it can hijack your PC into executing malicious code. It seems that one group is even using the exploit to install ransomware on affected PCs.

    So, what can you do to protect yourself from this particular exploit? The easiest solution is to just disable Java in your browser. Since it seems to affect all browsers and all operating systems, there’s really not much else you can do.

    The good news is that Oracle is already working on a fix. According to @kafeine, Oracle has already assigned a security ticket to the exploit. While that’s nice and all, there’s still no word on how long it’s going to take to patch. Oracle could even wait until its next Patch Tuesday to issue the fix leaving millions of PCs in limbo until then.

    Despite the severity of the exploit, it’s not that surprising. In a report from AVG earlier this month, the security company said that Java would remain the most exploited software on PCs. It’s unfortunate that the report has already proven itself accurate so soon in the new year, but perhaps this will push Oracle to stay one step ahead of hackers that look for these exploits.

    [h/t: Sydney Morning Herald]

  • Oracle Nabs Eloqua For $871 Million

    Oracle Nabs Eloqua For $871 Million

    Oracle announced today that it has purchased software maker Eloqua for about $871 million.

    Eloqua provides cloud-based marketing automation and revenue performance management solutions, and Oracle says its “modern marketing cloud” ensures that “every component of marketing” helps to drive revenue more efficiently.

    Oracle says the combination of the two companies will create a comprehensive “Customer Experience Cloud”.

    “Modern marketing practices are driving revenue growth and is a critical area of investment for companies today,” said Thomas Kurian, Executive Vice President, Oracle Development. “Eloqua’s leading marketing automation cloud will become the centerpiece of the Oracle Marketing Cloud and is an important addition to the Oracle Customer Experience offering, which includes the Oracle Sales Cloud, Oracle Commerce Cloud, Oracle Service Cloud, Oracle Content Cloud and Oracle Social Cloud.”

    Eloqua Chairman and CEO Joe Payne said, “Exceptional customer experience starts with knowing your customer’s preferences and delivering a highly personalized buying experience. Together with Oracle, we expect to accelerate the pace of the modern marketing revolution and help our customers transform the way they market, sell, support and serve their customers.”

    Oracle expects the deal to close in the first half of next year. It’s already been approved by Eloqua’s board, though it’s still subject to stockholder approval.

    Earlier this week, Oracle posted its earnings for its second fiscal quarter ended November 30, beating analysts expectations, and showing “a growing acceptance” of the Cloud, according to the Wall Street Journal.

  • Will OpenJDK Ever Come To Android?

    Will OpenJDK Ever Come To Android?

    It’s no secret that Android apps are built on a customized version of Java. That being said, some Java developers haven’t made the jump to Android because they would have to rewrite their apps. Is there anything they can do?

    JavaWorld reports that some recent rumors suggest OpenJDK, the Oracle-sanctioned open source version of Java, would be coming to Android. It would provide Java developers with an easy entry into Android development. The question now is whether or not it’s possible.

    Speaking to JavaWorld, Java founder James Gosling said that there’s no major technical hurdles standing in the way.

    “Technically, it’s not a huge problem. Android is just Linux on ARM, and there’s already a nice ARM/Linux version of OpenJDK,” said Gosling. “There are issues that would make the current binaries inappropriate (mostly graphics integration), but it’s not insurmountable.”

    That being said, Gosling thinks that the bad blood between Oracle and Google might impede any efforts to bring OpenJDK to Android. If you recall, Oracle and Google were locked in a lawsuit earlier this year over accusations that the latter copied the former’s Java APIs when developing the Android OS. The jury sided with Google, and then Oracle was ordered to pay Google $1 million. After all of that, it doesn’t seem like Oracle would want to play nice with Google.

    Even if there was no bad blood between the two companies, analysts seem to think that OpenJDK on Android just isn’t worth Oracle’s time. John Rymer of Forrester Research told JavaWorld that he thinks “the Java on Android ship has sailed” and that developers wouldn’t care for it anyway.

    At the moment, it seems that the prevailing feeling towards OpenJDK on Android is one of pessimism. The major problem is the obvious conflict between Google and Oracle, but developer interest is also questionable. It’s too early to say that OpenJDK on Android will never happen, but chances are not looking good.

  • Oracle Acquires Instantis, Adds It To Primavera

    Oracle Acquires Instantis, Adds It To Primavera

    Oracle announced today that it has acquired Instantis, a provider of cloud-based and on-premis project portfolio management solutions.

    The company will combine Instantis with its Primavera and Fusion Applications. Users will be able to track and report on enterprise strategies, like capital construction and maintenance, manufacturing, IT, new product development, Lean Six Sigma, and other corporate initiatives, the company says.

    “Organizations realize the need for a more simplified approach to address project portfolio management initiatives – and yet most solutions are too complicated and expensive to deploy,” said Mike Sicilia, senior vice president and general manager, Oracle Primavera. “By adding Instantis, Oracle can help customers gain complete visibility and control of their mission-critical project initiatives using a top-down approach suited for projects throughout the entire organization.”

    Instantis CEO and Founder Prasad Raje added, “Oracle’s acquisition of Instantis represents a strong endorsement of the EnterpriseTrack cloud-based technology and the value customers have achieved with our solutions. We’re excited to be a part of Oracle as we combine resources to help the business scale more rapidly.

    Terms of the deal were not disclosed.

  • Yet Another Java Exploit Discovered

    Yet Another Java Exploit Discovered

    It’s been quite a hard month for Oracle’s Java.

    First, back in late August the Java browser plug-in was found to be vulnerable to an exploit that could make all PCs using browsers with the Java plug-in installed open to malware by visiting a malicious website. Thankfully, Oracle didn’t wait for its October patch to fix the issue, and released a patch just a few days later.

    Only that wasn’t the end of it. A security company announced the day after the patch that another vulnerability in the Java software had been found. Meanwhile, the news came that Oracle knew about the exploits but did not fix them until news of them forced their hand.

    Today, security company Security Explorations has once again called out Oracle for an exploit found in Java. The new exploit affects all the latest versions of Java SE software, including Java SE 5, 6, and 7. The company’s CEO, Adam Gowdiak stated that their tests were able to bypass Java’s security sandbox. The tests used a fully updated version of 32-bit Windows 7 and modern browsers. Anyone using Firefox, Chrome, Internet Explorer, Opera, or Safari is vulnerable.

    Gowdiak said in an email that the company has notified Oracle of the exploit. He also told ComputerWorld in an interview that, thankfully, there is not yet any evidence of attacks that use the newly revealed exploit.

    (via BGR)

  • Oracle Releases Earnings, Posts 2% Decline In Revenue

    Oracle Releases Earnings, Posts 2% Decline In Revenue

    Oracle posted its fiscal 2013 Q1 earnings report on Thursday. While profits were up 15%, revenues were down 2% to $8.2 billion, though GAAP new software licenses and cloud software subscriptions were up 5% to $1.6 billion. Non-GAAP new software licenses and cloud software subscriptions revenues were up 6% to $1.6 billion.

    “Exadata, Exalogic, Exalytics and our other engineered systems grew more than 100% in the quarter,” said Oracle President Mark Hurd. “For the full year, we expect to double engineered systems sales to well over $1 billion. Oracle’s new cloud business is also approaching a $1 billion annual run rate. These two businesses will drive Oracle’s growth for years to come.”

    “A little more than a week from now we will announce lots of enhancements to the Oracle Cloud,” said Oracle CEO Larry Ellison. “There are more CRM, ERP and HCM applications as a service, and more Oracle database, Java and social network platform services. Our new infrastructure as a service is available in the Oracle Cloud and as a private cloud in our customers’ data center, with the unique ability to move applications and services back and forth between the two. Join us at Oracle OpenWorld for all the details.”

    Oracle also reported:

    Both GAAP and non-GAAP software license updates and product support revenues were up 3% to $4.1 billion. Both GAAP and non GAAP hardware systems products revenues were down 24% to $779 million. GAAP operating income was up 7% to $2.9 billion, and GAAP operating margin was 35%. Non-GAAP operating income was up 1% to $3.6 billion, and non-GAAP operating margin was 44%. GAAP net income was up 11% to $2.0 billion, while non-GAAP net income was up 6% to $2.6 billion. GAAP earnings per share were $0.41, up 15% compared to last year while non-GAAP earnings per share were up 11% to $0.53. GAAP operating cash flow on a trailing twelve-month basis was $14.0 billion, up 9% compared to last year.

    Without the impact of the US dollar strengthening compared to foreign currencies, Oracle’s reported Q1 GAAP earnings per share would have been $0.03 higher at $0.44, up 24%, and Q1 non-GAAP earnings per share would have been $0.03 higher at $0.56, up 17%. Both GAAP and non-GAAP total revenues also would have been up 3%, GAAP new software licenses and cloud software subscriptions revenues would have been up 10%, non-GAAP new software licenses and cloud software subscriptions revenues would have been up 11% and both GAAP and non-GAAP hardware systems products revenues would have been down 21%.

    You can view the report in its entirety here (pdf).

    In other Oracle news, the company has joined FairSearch.