Posts Tagged ‘java middleware’

Vulnerability

SSL certificates verification

It appears, not only developers of Android-applications sin with illiterate introduction of SSL, but similar mistakes are present at programs of the leading software companies, including Amazon and Paypal.

Illiterate procedure of verification of SSL certificates is found out in mission-critical application, SDK, Java middleware, bank software etc. that opens before malefactors of possibility for MiTM-attack — anything worse than it and it is impossible to present, researchers from Stenfordsky and Texas universities which published scientific work “The most dangerous code in the world consider: verification of SSL certificates out of the browser”. That fact is worthy mentions that the group of the American scientists worked under the direction of the candidate of science of the Texas university Vitaly Shmatikov. (more…)