Archive for February, 2013

T-Mobile 4G Hotspot Multiple Vulnerabilities

10 years
by in Security Development

About

Create your own personal hotspot on the go with the T-Mobile 4G Mobile Hotspot—get high-speed Internet on up to five Wi-Fi devices, using a single mobile broadband connection.

Link to Product on T-Mobile’s Website

Timeline

  • Reported to T-Mobile and ZTE on 4/14/12.
  • Received notification from T-Mobile on 4/17/12 that the vulnerabilities would be forwarded to their security team for review.
  • Received no meaningful response from ZTE.
  • No fixes provided, disclosure 2/21/13

Device: T-Mobile 4G Mobile Hotspot ZTE MF61

The access point broadcasts as ‘T-Mobile Broadband#’ where # changes per device.

(more…)

My Plea to Oracle: Axe Java Applets

10 years
by in Blog

Hi Oracle,

We’ve got a bit of problem: applets.

You see, almost every recent security vulnerability and recent hack – Facebook, Apple, NYT – has been because of your support for applets.

Just to name a few, there’s CVE-2012-3213,CVE-2012-3342,CVE-2013-0351,CVE-2013-0409,CVE-2013-0419,CVE-2013-0423,CVE-2013-0424,CVE-2013-0425,CVE-2013-0426,CVE-2013-0427,CVE-2013-0428,CVE-2013-0429,CVE-2013-0432,CVE-2013-043,CVE-2013-0434,CVE-2013-0435,CVE-2013-0438,CVE-2013-0440,CVE-2013-0441,CVE-2013-0442,CVE-2013-0443,CVE-2013-0445,CVE-2013-0450,CVE-2013-1473,CVE-2013-1475,CVE-2013-1476,CVE-2013-1478,CVE-2013-1480,CVE-2013-1481,CVE-2013-1486,CVE-2013-1487,CVE-2013-1488.

I’ve been developing in Java for many years and I can attest that nobody uses applets anymore. It’s old outdated technology that needs to go away. It’s too heavy of a platform to deliver web applications. The future of web technology is light weight. The future is HTML5, Javascript, and CSS3.

We all make mistakes and nobody is going to blame you (except maybe the malware authors) for getting rid of applets.

Do it! Axe it!

Sincerely,
Security Enthusiast and Java Developer
Dustin Schultz

Go to Top