Certificate Revocation in Java

Is this within the scope of your charter / domain?

Malicious applet using stolen code signing cert still installs because Java
has revocation checking turned off by default.  

http://www.net-security.org/secworld.php?id=14557

 

Received on Wednesday, 6 March 2013 16:40:37 UTC