Lost+Found: Java tweaks and iPhone certificates

Too small for news, but too good to lose, Lost+Found is a compilation of the other stories that have been on The H's radar over the last seven days: Java tweaks, iPhone certificates, Pwn2Own hacks, arms attacks, Nmap summer of code, and DDoS reports...

• Among other changes, the latest Java update also removed the option of using the undocumented parameter __applet_ssv_validated to bypass the warning message that pops up whenever a Java applet needs to be executed. There is plenty of reason to believe that other backdoors still exist, and information is apparently even being passed around in courses.

• Questions are being asked about why the US Department of Defense and the Japanese government can issue certificates that every iPhone automatically trusts – and, especially, why that setting can't be changed.

• Details of Pwn2Own hacks are starting to be published, including exploits for WebKit and Java.

• There is no end in sight for targeted attacks on arms manufacturers, and all signs point to... China, of course.

• NMap will take part in Google's Summer of Code again, as will a number of other security projects. Students planning to register should hurry – the deadline is 3 May.

• In its State of the Internet Report for the fourth quarter of 2012, Akamai reports that the number of denial-of-service attacks increased threefold last year; retail, other businesses, and financial service providers were the top targets.

(djwm)