Oracle finally admits to Java's recent security issues
Share on Twitter.
Get the most reliable SMTP service for your business. You wished you got it sooner!
June 3, 2013
It took quite a bit of time, but Oracle has finally admitted to Java's numerous security issues and has now outlined three
new security initiatives to set the record straight.
The first item certainly won't please everyone, as the company has committed to including Java updates among the quarterly Oracle
Critical Security Patch Update it provides for all its products, as of the October 2013 update.
Java previously operated a twice-yearly patch cycle of its own, but not anymore, and the catalyst is the escalating security
problems with Java.
To be sure, Oracle's critical patch update usually includes dozens of patches, so the inclusion of Java could swell the amount
of work facing IT professionals and system admins when the update comes.
The second update modification is outlined here: “Local Security Policy features will soon be added to Java and system administrators
will gain additional control over security policy settings during Java installation and deployment of Java in their organization.
The policy feature will allow system administrators to restrict execution of Java applets to those found on specific hosts (e.g., corporate
server assets, partners, etc) and thus reduce the risk of malware infection resulting from desktops accessing unauthorized and malicious hosts.”
This plan is expected to decrease the exploitability and severity of potential Java security vulnerabilities in the desktop environment
and provide additional security protections for Java operating in the server environment.
The server side will also get the following security enhancements: “In the future, Oracle will explore stronger measures to
further reduce attack surface including the removal of certain libraries typically unnecessary for normal server operation. Such
significant measures cannot be implemented in current versions of Java since they would violate current Java specifications, but
Oracle has been working with other members of the Java Community Process to enable such changes in future versions of Java.”
However, there's no specific timeframe for their advent or the arrival of the new Local Security Policy, although some in the security
field say it should be sometime in October 2013.
In other IT news
As far back as in the 18th century, scientists began experimenting with electrochemical energy cells. But consumers only started
buying their first low-density Lithium-ion batteries in the late 1980s, and then the industry became fixated on lithium in
However, despite a long waiting period and some significant advances in the state of the art, Lithium-ion batteries today
still suffer the kind of serious issues that generate embarrassing headlines. And overheating has been the biggest issue.
Dell recalled more than four million of its laptops in 2006 after finding that their Lithium-ion cells were catching fire.
Then Nokia also recalled 46 million phone batteries a year later in 2007, and Lenovo recalled tens of thousands of batteries in
2009, 2011 and 2012.
Then again, laptops and smartphones are one thing, but this year Boeing was forced to ground no less than fifty of its multi-million dollar
787 Dreamliner jets after a serious charging issue caused a battery fire on a Nippon Airways flight that could have crashed the plane with
all its passengers.
So far, the most explosive incidents likely came as a result of iron filings, not lithium, entering batteries during the manufacturing
process, possibly when crimping the batteries before shipping them. Over time, these pieces of metal managed to create short circuits
between anodes and cathodes, causing rapid heating and thermal runaway-– essentially metal particles were short-circuiting the cells.
Manufacturers today are understandably concerned that it’s also possible to grow lithium dendrites across from a lithium metal
anode to the cathode, again causing a short and potentially similar results.
But lithium-ion remains the most common and popular rechargeable battery technology that we have, well at least for now, that is.
Without a single doubt, the recent Boeing Dreamliner issue proves that the problem hasn’t disappeared since the mid 2000s, despite
considerable advances in lithium cell technology.
Advances did push Lithium-ion cells into new areas, meaning that the kind of problems that once burned laptops and phones are
now taking commercial airliners out of service. So yes, the issue is now out of hand and a permanent fix needs to be found and real soon
before the situation gets worse.
Rechargeable lithium-ion batteries have evolved to deliver ever higher energy densities, longer life and greater reliability, and all
at a lower cost to produce. As a result, they have been put to work in a wide range of applications from computers to medical devices,
consumer electronics to electric cars, and yes, now 580-passenger aircraft.
It’s the electric car application that’s now driving R&D, innovation, and some hype in the lithium world. The battery industry is
by nature quite conservative and operates on fairly linear lines. But labs and research centers all over the world are now working
on improved lithium-ion technologies that could prove to be game-changers.
This can transform several industries but only if they can surmount overheating and combustion issues while delivering a step-change
in efficiency, durability and recharge times, especially as electric cars are concerned.
To be sure, lithium-sulphur technology is one area that could be getting closer to becoming commercial, through the efforts
of companies like Sion Power and Polyplus in the United States. They would likely be lower cost and have higher energy density.
Sion claims about 2600 watt hours per litre than lithium-ion, but there is still work to be done in harnessing these benefits
while simultaneously guaranteeing safe charging cycles and still ensuring commercial reliability.
And then there are other possibilities as well on the horizon. For example, IBM believes that lithium-air batteries could
deliver the significant improvements required to transform the weight, cost and reliability of the next generation of rechargeable
batteries-– potentially delivering the electric cars we had hoped for before we realized that lithium-ion models would only travel
about 75 miles, cost £30,000 each, and took up to 16 hours to recharge.
IBM’s Battery 500 Project was developed at the Almaden Institute in 2009 to develop lithium-air technology that it still hopes
will improve current energy densities tenfold. The proposed technology uses air as a reagent. In theory, oxygen reacts with lithium
ions to form lithium peroxide on a carbon matrix during discharge, and on recharge releases oxygen back into the environment, while
the lithium returns to the anode. Sounds complicated but it isn't.
The question is, will it really work, and how far away might it be from becoming commercial? And most importantly, will it
create more fire hazards?
Clare Grey, professor of chemistry at Stony Brook University and the University of Cambridge says-- “The safety issues of next-generation
lithium-ion cells must be resolved first before ever thinking about commercial applications, and especially the aircraft industry! A
really big game-change would require a technology like lithium-sulphur or possibly lithium-air. But any system using Lithium Metal
is still regarded as inherently unsafe, and this hasn’t really entered into the game yet in current Lithium-air projects.”
For its part, IBM is already making strong claims that lithium-air technology could allow vehicles to travel up to 500 miles or more
on a single charge. IBM's plan would see ‘Lithium Metal’ at the bottom of a composite structure below ‘Electrolyte 2’, a ‘Lithium-ion Transport
Membrane’, ‘Electrolyte 1’ and a carbon structure on top.
The membrane is there to simply stop the air from going through and attacking the lithium-metal, possibly solving the issue of
lithium-dendrites, but there still remains several outstanding issues with the very flammable and reactive Lithium Metal that are
yet to be properly resolved, and that represents a major road block for the battery industry.
Professor Grey explains-- “First, any membrane must entirely remove all water and carbon dioxide so that only completely dry air
enters the battery assembly. Then there are issues of reversible cycling and reducing over-potential, or the difference in voltage
between charge and discharge.
Next, a stable (the keyword here is 'stable') electrolyte needs to be identified that allows cycles over many
years in an application such as a car battery. And that’s on top of any issues with the anode. So for me, the technology is still
a long way from being safe and mature in any manner.”
One intrinsic issue is that any material has weight, and with most materials it's only practically possible to get one, or in
some cases two, electrons out of each atom. So there are fundamental limits as to how good a battery can be. We are limited
by the law of physics itself.
In theory, because lithium is so light and oxygen arrives with common air, lithium-air technology proposes the lightest combination
available. So if IBM or another research team can react lithium and oxygen (or even sodium and oxygen which is a similar concept)
then that almost represents the end of the game.
Get the most dependable SMTP server for your company. You will congratulate yourself!
Share on Twitter.
Need to know more about the cloud? Sign up for your free Cloud Hosting White Paper.