Related Research Articles
Java is a high-level, class-based, object-oriented programming language that is designed to have as few implementation dependencies as possible. It is a general-purpose programming language intended to let programmers write once, run anywhere (WORA), meaning that compiled Java code can run on all platforms that support Java without the need to recompile. Java applications are typically compiled to bytecode that can run on any Java virtual machine (JVM) regardless of the underlying computer architecture. The syntax of Java is similar to C and C++, but has fewer low-level facilities than either of them. The Java runtime provides dynamic capabilities that are typically not available in traditional compiled languages.
Oracle Corporation is an American multinational computer technology company headquartered in Austin, Texas. In 2020, Oracle was the third-largest software company in the world by revenue and market capitalization. In 2023, the company’s seat in Forbes Global 2000 was 80. The company sells database software and cloud computing. Oracle's core application software is a suite of enterprise software products, such as enterprise resource planning (ERP) software, human capital management (HCM) software, customer relationship management (CRM) software, enterprise performance management (EPM) software, Customer Experience Commerce and supply chain management (SCM) software.
An over-the-air update, also known as over-the-air programming, is an update to an embedded system that is delivered through a wireless network, such as Wi-Fi or a cellular network. These embedded systems include mobile phones, tablets, set-top boxes, cars and telecommunications equipment. OTA updates for cars and internet of things devices can also be called firmware over-the-air (FOTA). Various components may be updated OTA, including the device's operating system, applications, configuration settings, or parameters like encryption keys.
Equifax Inc. is an American multinational consumer credit reporting agency headquartered in Atlanta, Georgia and is one of the three largest consumer credit reporting agencies, along with Experian and TransUnion. Equifax collects and aggregates information on over 800 million individual consumers and more than 88 million businesses worldwide. In addition to credit and demographic data and services to business, Equifax sells credit monitoring and fraud prevention services directly to consumers.
D-Link Systems, Inc. is a Taiwanese multinational manufacturer of networking hardware and telecoms equipments. It was founded in 1986 and headquartered in Taipei, Taiwan.
The various versions of Microsoft's desktop operating system, Windows, have received various criticisms since Microsoft's inception.
Kaspersky Lab is a Russian multinational cybersecurity and anti-virus provider headquartered in Moscow, Russia, and operated by a holding company in the United Kingdom. It was founded in 1997 by Eugene Kaspersky, Natalya Kaspersky and Alexey De-Monderik. Kaspersky Lab develops and sells antivirus, internet security, password management, endpoint security, and other cybersecurity products and services.
The acquisition of Sun Microsystems by Oracle Corporation was completed on January 27, 2010. After the acquisition was completed, Oracle, only a software vendor prior to the merger, owned Sun's hardware product lines, such as SPARC Enterprise, as well as Sun's software product lines, including the Java programming language.
A Microsoft account or MSA is a single sign-on personal user account for Microsoft customers to log in to consumer Microsoft services, devices running on one of Microsoft's current operating systems, and Microsoft application software.
The Java software platform provides a number of features designed for improving the security of Java applications. This includes enforcing runtime constraints through the use of the Java Virtual Machine (JVM), a security manager that sandboxes untrusted code from the rest of the operating system, and a suite of security APIs that Java developers can utilise. Despite this, criticism has been directed at the programming language, and Oracle, due to an increase in malicious programs that revealed security vulnerabilities in the JVM, which were subsequently not properly addressed by Oracle in a timely manner.
Keeper Security, Inc. (Keeper) is a global cybersecurity company founded in 2009 and headquartered in Chicago, Illinois. Keeper provides zero-knowledge security and encryption software covering functions such as password and passkey management, secrets management, privileged access management, secure remote access and encrypted messaging.
The DROWN attack is a cross-protocol security bug that attacks servers supporting modern SSLv3/TLS protocol suites by using their support for the obsolete, insecure, SSL v2 protocol to leverage an attack on connections using up-to-date protocols that would otherwise be secure. DROWN can affect all types of servers that offer services encrypted with SSLv3/TLS yet still support SSLv2, provided they share the same public key credentials between the two protocols. Additionally, if the same public key certificate is used on a different server that supports SSLv2, the TLS server is also vulnerable due to the SSLv2 server leaking key information that can be used against the TLS server.
On 28 March 2017, the United States House of Representatives passed a resolution of disapproval to overturn the Broadband Consumer Privacy Proposal privacy law by the Federal Communications Commission (FCC) and was expected to be approved by United States' President Donald Trump. It was passed with 215 Republican votes against 205 votes of disapproval.
EternalBlue is a computer exploit software developed by the U.S. National Security Agency (NSA). It is based on a vulnerability in Microsoft Windows that allowed users to gain access to any number of computers connected to a network. The NSA knew about this vulnerability but did not disclose it to Microsoft for several years, since they planned to use it as a defense mechanism against cyber attacks. In 2017, the NSA discovered that the software was stolen by a group of hackers known as the Shadow Brokers. Microsoft was informed of this and released security updates in March 2017 patching the vulnerability. While this was happening, the hacker group attempted to auction off the software, but did not succeed in finding a buyer. EternalBlue was then publicly released on April 14, 2017.
Alex Stamos is an American computer scientist and adjunct professor at Stanford University's Center for International Security and Cooperation. He is the former chief security officer (CSO) at Facebook. His planned departure from the company, following disagreement with other executives about how to address the Russian government's use of its platform to spread disinformation during the 2016 U.S. presidential election, was reported in March 2018.
The Equifax data breach occurred between May and July 2017 at the American credit bureau Equifax. Private records of 147.9 million Americans along with 15.2 million British citizens and about 19,000 Canadian citizens were compromised in the breach, making it one of the largest cybercrimes related to identity theft. Equifax discovered the breach end of July, but didn't disclose it to the public until September 2017. In a settlement with the United States Federal Trade Commission, Equifax offered affected users settlement funds and free credit monitoring.
Zero Day Initiative (ZDI) is an international software vulnerability initiative that was started in 2005 by TippingPoint, a division of 3Com. The program was acquired by Trend Micro as a part of the HP TippingPoint acquisition in 2015.
Andrea M. Matwyshyn is an American law professor and engineering professor at The Pennsylvania State University. She is known as a scholar of technology policy, particularly as an expert at the intersection of law and computer security and for her work with government. She is credited with originating the legal and policy concept of the Internet of Bodies.
Log4Shell (CVE-2021-44228) is a zero-day vulnerability in Log4j, a popular Java logging framework, involving arbitrary code execution. The vulnerability had existed unnoticed since 2013 and was privately disclosed to the Apache Software Foundation, of which Log4j is a project, by Chen Zhaojun of Alibaba Cloud's security team on 24 November 2021. Before an official CVE identifier was made available on 10 December 2021, the vulnerability circulated with the name "Log4Shell", given by Free Wortley of the LunaSec team, which was initially used to track the issue online. Apache gave Log4Shell a CVSS severity rating of 10, the highest available score. The exploit was simple to execute and is estimated to have had the potential to affect hundreds of millions of devices.
References
- ↑ "Oracle Executives". Oracle. Oracle. Retrieved August 11, 2015.
- ↑ "Mary Ann Davidson" (PDF), The Bridge (Severn Alumni Newsletter), Spring 2003
- 1 2 Salkever, Alex (January 15, 2002), "Backing Up Oracle's "Unbreakable" Vow", Business Week, archived from the original on April 2, 2002
- ↑ "Mary Ann Davidson". security-innovation.org. Security Innovation Network. Retrieved 10 August 2016.
- ↑ "Opinion: Complete failure of Oracle security response and utter neglect of their responsibility to their customers" . Retrieved August 12, 2015.
- ↑ No, You Really Can't, August 10, 2015, archived from the original on August 11, 2015
- 1 2 "Oracle security chief to customers: Stop checking our code for vulnerabilities", Ars Technica, August 11, 2015
- ↑ "No, You Really Can't - Oracle CSO Sticks Two Fingers Up At InfoSec Experts". August 11, 2015.
- ↑ "Oracle Agrees to Settle FTC Charges It Deceived Consumers About Java Software Updates". FTC Press Release. December 21, 2015.
- ↑ "Oracle settles with FTC over Java's "deceptive" security patching". Ars Technica. December 21, 2015.