In Java found one more vulnerability

The Java environment was from the beginning of 2013 for Oracle's a real pain in the last two months, the company has already produced five times for updated each time closing critical vulnerability. However, problems in Java, it seems, is not complete. This time in the Java vulnerability has been found associated with insufficient verification of security keys that guarantee the authenticity of a website or program.

Experts say that in the current versions of Java, you can use a number of digital certificates that have been revoked by the certifying cents or have expired date of use.

American publication ArsTechnica conducted its own investigation of the problem and make sure it is available. The publication reports that he discovered a site that hosted malicious software signed with a digital certificate in the name of the company and was discharged Clearesult Consulting hoster GoDaddy. GoDaddy itself revoke the digital certificate in December last year, but the certificate in the Java environment is still valid.


Detailed investigation is available at:
http://arstechnica.com/security/2013/03/thanks-oracle-new-java-malware-protection-undone-by-old-school-attack