Information Technology News.

Oracle finally admits to Java's recent security issues

Share on Twitter.

Click here to order our special clearance dedicated servers.

Get the most reliable SMTP service for your business. You wished you got it sooner!

June 3, 2013

It took quite a bit of time, but Oracle has finally admitted to Java's numerous security issues and has now outlined three new security initiatives to set the record straight.

The first item certainly won't please everyone, as the company has committed to including Java updates among the quarterly Oracle Critical Security Patch Update it provides for all its products, as of the October 2013 update.

Java previously operated a twice-yearly patch cycle of its own, but not anymore, and the catalyst is the escalating security problems with Java.

To be sure, Oracle's critical patch update usually includes dozens of patches, so the inclusion of Java could swell the amount of work facing IT professionals and system admins when the update comes.

The second update modification is outlined here: “Local Security Policy features will soon be added to Java and system administrators will gain additional control over security policy settings during Java installation and deployment of Java in their organization. The policy feature will allow system administrators to restrict execution of Java applets to those found on specific hosts (e.g., corporate server assets, partners, etc) and thus reduce the risk of malware infection resulting from desktops accessing unauthorized and malicious hosts.”

This plan is expected to decrease the exploitability and severity of potential Java security vulnerabilities in the desktop environment and provide additional security protections for Java operating in the server environment.

The server side will also get the following security enhancements: “In the future, Oracle will explore stronger measures to further reduce attack surface including the removal of certain libraries typically unnecessary for normal server operation. Such significant measures cannot be implemented in current versions of Java since they would violate current Java specifications, but Oracle has been working with other members of the Java Community Process to enable such changes in future versions of Java.”

However, there's no specific timeframe for their advent or the arrival of the new Local Security Policy, although some in the security field say it should be sometime in October 2013.

In other IT news

As far back as in the 18th century, scientists began experimenting with electrochemical energy cells. But consumers only started buying their first low-density Lithium-ion batteries in the late 1980s, and then the industry became fixated on lithium in the 1990s.

However, despite a long waiting period and some significant advances in the state of the art, Lithium-ion batteries today still suffer the kind of serious issues that generate embarrassing headlines. And overheating has been the biggest issue.

Dell recalled more than four million of its laptops in 2006 after finding that their Lithium-ion cells were catching fire. Then Nokia also recalled 46 million phone batteries a year later in 2007, and Lenovo recalled tens of thousands of batteries in 2009, 2011 and 2012.

Then again, laptops and smartphones are one thing, but this year Boeing was forced to ground no less than fifty of its multi-million dollar 787 Dreamliner jets after a serious charging issue caused a battery fire on a Nippon Airways flight that could have crashed the plane with all its passengers.

So far, the most explosive incidents likely came as a result of iron filings, not lithium, entering batteries during the manufacturing process, possibly when crimping the batteries before shipping them. Over time, these pieces of metal managed to create short circuits between anodes and cathodes, causing rapid heating and thermal runaway-– essentially metal particles were short-circuiting the cells.

Manufacturers today are understandably concerned that it’s also possible to grow lithium dendrites across from a lithium metal anode to the cathode, again causing a short and potentially similar results.

But lithium-ion remains the most common and popular rechargeable battery technology that we have, well at least for now, that is.

Without a single doubt, the recent Boeing Dreamliner issue proves that the problem hasn’t disappeared since the mid 2000s, despite considerable advances in lithium cell technology.

Advances did push Lithium-ion cells into new areas, meaning that the kind of problems that once burned laptops and phones are now taking commercial airliners out of service. So yes, the issue is now out of hand and a permanent fix needs to be found and real soon before the situation gets worse.

Rechargeable lithium-ion batteries have evolved to deliver ever higher energy densities, longer life and greater reliability, and all at a lower cost to produce. As a result, they have been put to work in a wide range of applications from computers to medical devices, consumer electronics to electric cars, and yes, now 580-passenger aircraft.

It’s the electric car application that’s now driving R&D, innovation, and some hype in the lithium world. The battery industry is by nature quite conservative and operates on fairly linear lines. But labs and research centers all over the world are now working on improved lithium-ion technologies that could prove to be game-changers.

This can transform several industries but only if they can surmount overheating and combustion issues while delivering a step-change in efficiency, durability and recharge times, especially as electric cars are concerned.

To be sure, lithium-sulphur technology is one area that could be getting closer to becoming commercial, through the efforts of companies like Sion Power and Polyplus in the United States. They would likely be lower cost and have higher energy density.

Sion claims about 2600 watt hours per litre than lithium-ion, but there is still work to be done in harnessing these benefits while simultaneously guaranteeing safe charging cycles and still ensuring commercial reliability.

And then there are other possibilities as well on the horizon. For example, IBM believes that lithium-air batteries could deliver the significant improvements required to transform the weight, cost and reliability of the next generation of rechargeable batteries-– potentially delivering the electric cars we had hoped for before we realized that lithium-ion models would only travel about 75 miles, cost £30,000 each, and took up to 16 hours to recharge.

IBM’s Battery 500 Project was developed at the Almaden Institute in 2009 to develop lithium-air technology that it still hopes will improve current energy densities tenfold. The proposed technology uses air as a reagent. In theory, oxygen reacts with lithium ions to form lithium peroxide on a carbon matrix during discharge, and on recharge releases oxygen back into the environment, while the lithium returns to the anode. Sounds complicated but it isn't.

The question is, will it really work, and how far away might it be from becoming commercial? And most importantly, will it create more fire hazards?

Clare Grey, professor of chemistry at Stony Brook University and the University of Cambridge says-- “The safety issues of next-generation lithium-ion cells must be resolved first before ever thinking about commercial applications, and especially the aircraft industry! A really big game-change would require a technology like lithium-sulphur or possibly lithium-air. But any system using Lithium Metal is still regarded as inherently unsafe, and this hasn’t really entered into the game yet in current Lithium-air projects.”

For its part, IBM is already making strong claims that lithium-air technology could allow vehicles to travel up to 500 miles or more on a single charge. IBM's plan would see ‘Lithium Metal’ at the bottom of a composite structure below ‘Electrolyte 2’, a ‘Lithium-ion Transport Membrane’, ‘Electrolyte 1’ and a carbon structure on top.

The membrane is there to simply stop the air from going through and attacking the lithium-metal, possibly solving the issue of lithium-dendrites, but there still remains several outstanding issues with the very flammable and reactive Lithium Metal that are yet to be properly resolved, and that represents a major road block for the battery industry.

Professor Grey explains-- “First, any membrane must entirely remove all water and carbon dioxide so that only completely dry air enters the battery assembly. Then there are issues of reversible cycling and reducing over-potential, or the difference in voltage between charge and discharge.

Next, a stable (the keyword here is 'stable') electrolyte needs to be identified that allows cycles over many years in an application such as a car battery. And that’s on top of any issues with the anode. So for me, the technology is still a long way from being safe and mature in any manner.”

One intrinsic issue is that any material has weight, and with most materials it's only practically possible to get one, or in some cases two, electrons out of each atom. So there are fundamental limits as to how good a battery can be. We are limited by the law of physics itself.

In theory, because lithium is so light and oxygen arrives with common air, lithium-air technology proposes the lightest combination available. So if IBM or another research team can react lithium and oxygen (or even sodium and oxygen which is a similar concept) then that almost represents the end of the game.

Source: Oracle.

Get the most dependable SMTP server for your company. You will congratulate yourself!

Share on Twitter.

Need to know more about the cloud? Sign up for your free Cloud Hosting White Paper.

IT News Archives | Site Search | Advertise on IT Direction | Contact | Home

All logos, trade marks or service marks on this site are the property of their respective owners.

Sponsored by Sure Mail™, Avantex and
by Montreal Server Colocation.

       © IT Direction. All rights reserved.