Lost+Found: Java tweaks and iPhone certificates
Too small for news, but too good to lose, Lost+Found is a compilation of the other stories that have been on The H's radar over the last seven days: Java tweaks, iPhone certificates, Pwn2Own hacks, arms attacks, Nmap summer of code, and DDoS reports...
- Among other changes, the latest Java update also removed the option of using the undocumented parameter
__applet_ssv_validated
to bypass the warning message that pops up whenever a Java applet needs to be executed. There is plenty of reason to believe that other backdoors still exist, and information is apparently even being passed around in courses.
- Questions are being asked about why the US Department of Defense and the Japanese government can issue certificates that every iPhone automatically trusts – and, especially, why that setting can't be changed.
- There is no end in sight for targeted attacks on arms manufacturers, and all signs point to... China, of course.
- NMap will take part in Google's Summer of Code again, as will a number of other security projects. Students planning to register should hurry – the deadline is 3 May.
- In its State of the Internet Report for the fourth quarter of 2012, Akamai reports that the number of denial-of-service attacks increased threefold last year; retail, other businesses, and financial service providers were the top targets.
(djwm)