Hi Tapestry List, Some of you may have come across this from a slashdot article. Seeing as some of you may work in places that use AWS or Paypal, you might want to get some auditing/preventative-maintenance done :)
Relevant part: In addition to certificate validation vulnerabilities in a number of cloud-based storage management programs, Java-based Web services middleware, merchant software development kits and IM authentication instances that could lead to various types of data leakage (lost credentials, payment information and more), the researchers were most disturbed with issues discovered on the Chase mobile banking application for Android devices. The researchers discovered that the mobile app overrides default x509 code which causes the app to fail to check the requesting server’s certificate. Have a read https://threatpost.com/en_us/blogs/ssl-vulnerabilities-found-critical-non-browser-software-packages-102512 Chris
