Finding bugs in your Java source code is now easier !!

Finding bugs in your Java source code is now easier than ever thanks to the Java Open Review Project (JOR), a joint effort by the FindBugs open source project and security vendor Fortify.
So far the JOR initiative, which provides free code analysis and audits for the open source community, has analyzed 10 of the most popular open source Java applications and it's got plans to analyze a lot more.
Fortify's Secure Code Analysis helps by looking for security flaws that FindBugs does not. Fortify began sponsoring the Findbugs project earlier this year.
The first 10 projects JOR analyzed Azureus, Lucene, Solr, Webgoat, Zimbra, Hyperic, Nutch, Tomcat, Roller and Java Petstore 2.0 and. The results of the review are available online where project administrators can drill down to see what bugs JOR has found.
Common defects discovered by the JOR scanning have included Null Pointers, which could potentially crash an application and a number of cross-site scripting vulnerabilities.
There are a number of reasons bugs find their way into Java code, and the use of IDEs (define) may well be contributing to the bug count.
University of Maryland computer science Professor William Pugh runs the FindBugs project and noted that any open source project could take FindBugs and run it against their own code.
"It's still the case where there are a lot of projects that haven't bought into the idea that static analysis can actually help them find bugs," Pugh told internetnews.com. "So we want to make it as easy as possible for for them to see the benefit."
Pugh explained that there are two types of mistakes that happen in Java coding.
"One of them is typo things where the coder knew what they wanted to do, they had the right idea but when they typed it they hit the wrong key or forgot something silly," Pugh said. "You also have cases where people don't understand how to handle a particular API."
The other less obvious item that may well be the cause of some mistake could be the IDE (integrated development environment) that coders are using.
Two of the most popular open source Java IDEs are Eclipse and Sun's NetBeans. According to Pugh, the JOR effort did not count errors based on the IDE used. But Pugh did admit that Findbugs has found a lot of bugs in both Eclipse and NetBeans.
"Sometimes I wonder whether some of the errors we find might be a result of auto-completion getting a little ahead of itself," Pugh said. "In a number of cases I suspect that is what happens."
That's not to say that the IDEs don't have their place. Both NetBeans and Eclipse have ongoing efforts for modules or plug-ins that help to improve code quality and error detection.
"IDEs have a huge amount of value," Pugh said. "I know programs with an IDE and I would never go back to using a text editor. But I don't think their primary value has to do with finding the sort of defects that we find."
Coders can submit their code for analysis by the JOR project at here.
http://opensource.fortifysoftware.com/welcome.html

Pirates Spoof Vista's Enterprise Activation

Pirates Spoof Vista's Enterprise Activation


The software spoofs a Key Management Service server, one of the two technologies that Microsoft debuted last month that let businesses activate a large number of copies of Windows Vista.


Pirates are circulating a hack that lets them activate counterfeit copies of Windows Vista using a spoofed server that Microsoft relies on to make sure enterprises switch on the new operating system.

The software, loaded with the long name of "Microsoft.Windows.Vista.Local.Activation.Server-MelindaGates" is available on several pirate Web sites. It spoofs a Key Management Service server, one of the two technologies that Microsoft debuted last month that let businesses activate a large number of copies of Windows Vista. KMS requires that at least 25 PCs be connected to a corporation's network.

Vista is the first version of Windows that Microsoft requires volume license customers to activate. Besides KMS, the Redmond, Wash. developer also offers Multiple Activation Key, which resembles the retail version's activation process. PCs activated using KMS must reactivate at least once every six months.

The MelindaGates hack uses a VMware image of a KMS server to activate -- and keep activated -- a pirated edition of Windows Vista Business. "Looks like Windows Vista Volume Activation 2.0 is a big bust," wrote a user identified as "clank" on the PirateBay Web site Friday.

Like every edition of Windows, Vista has been plagued with counterfeit copies. Pirated editions with cracked activation keys were posted long before Microsoft officially launched the OS Nov. 30.

However, the Redmond, Wash. developer has gone to greater lengths to stymie counterfeiting, including the overall effort it's dubbed "VA 2.0" for Volume Activation 2.0, which uses a new set of technologies to activate and validate Vista and essentially turn off faux copies.
One of the ways to activate Windows Vista available to Microsoft volume licensing customers is Key Management Service or KMS that requires a centralized server that clients can activate against every 180 days. As such, it's the server that hosts the product keys; and not the client machines.

Thus, with KMS, a company can run a Microsoft-supplied authorization server on its own network, and activate Vista without contacting Microsoft for each copy.

Although KMS is meant to benefit system administrators with many on-site clients, reports are already doing the rounds that some hackers have used a VMWare image and a VBS script to simulate a local KMS that can generate valid Vista product keys.

This workaround, dubbed "Microsoft.Windows.Vista.Local.Activation.Server-MelindaGates," can activate both Enterprise and Business editions of Vista. However, the Home and Ultimate editions of Vista cannot work with a KMS, so they cannot be easily activated with the MelindaGates Hack.

Reportedly, the hacked download is available online on sites such as 'The Pirate Bay' and other file sharing sites.

The MelindaGates Hack or download is a VMWare image. The idea is to download and install VMWare Player (a legal free download); boot the image; and use some VBS script (supplied with the activation server download) to have the client Vista machine get its activation from the local server. And, there is no communication back to Microsoft.

Microsoft has refused to comment on the hack.

Actually, Microsoft designed Vista as its first Windows OS requiring volume users to activate each product, and this was integrated mainly as an anti piracy measure.

Of the latest reports, several security experts are not at all surprised that hackers have come up with a workaround for Vista's product activation; however, there are others who feel that Microsoft should be happy that it took none less than the acquisition of a KMS server to fool Vista into activating...

Courtesy www.techtree.com ,www.slashdot.com