< Videos of DeepSec Talks published
21.03.2015
21.03.2015
New MJS Article: Java’s SSLSocket: How Bad APIs Compromise Security
The Magdeburger Journal zur Sicherheitsforschung published a new article by Dr. Georg Lukas. The Paper titled »Java’s SSLSocket: How Bad APIs Compromise Security« is discussing Java and TLS:
Internet security is hard. TLS is almost impossible. Implementing TLS correctly in Java is »Nightmare!«. This paper will show how a badly designed security API introduced over 15 years ago, combined with misleading documentation and developers unaware of security challenges, causes modern smartphone applications to be left exposed to Man-in-the-Middle attacks.
It can be downloaded at http://www.sicherheitsforschung-magdeburg.de/uploads/journal/MJS_034_Lukas_Java.pdf
