- From: Ben Wilson <ben@digicert.com>
- Date: Wed, 6 Mar 2013 09:40:09 -0700
- To: <public-webappsec@w3.org>
Received on Wednesday, 6 March 2013 16:40:37 UTC
Is this within the scope of your charter / domain? Malicious applet using stolen code signing cert still installs because Java has revocation checking turned off by default. http://www.net-security.org/secworld.php?id=14557
Received on Wednesday, 6 March 2013 16:40:37 UTC