The root causes of these vulnerabilities are badly designed APIs of SSL implementations (such as JSSE, Open SSL, and Gnu TLS) and data-transport libraries (such as c URL) which present developers with a confusing array of settings and options. Any SSL connection from any of these programs is insecure against a man-in-the-middle attack. Vulnerable software includes Amazon's EC2 Java library and all cloud clients based on it; Amazon's and Pay Pal's merchant SDKs responsible for transmitting payment details from e-commerce sites to payment gateways; integrated shopping carts such as os Commerce, Zen Cart, Ubercart, and Presta Shop; Ad Mob code used by mobile websites; Chase mobile banking and several other Android apps and libraries; Java Web-services middleware - including Apache Axis, Axis 2, Codehaus XFire, and Pusher library for Android - and all applications employing this middleware.

This class defines a clone() method but the class doesn't implement Cloneable.

There are some situations in which this is OK (e.g., you want to control how subclasses can clone themselves), but just make sure that this is what you intended. In general, exceptions should be handled or reported in some way, or they should be thrown out of the method. In general, exceptions should be handled or reported in some way, or they should be thrown out of the method.

It's recommended to use the predefined library constant for code clarity and better precision. The entry Set() method is allowed to return a view of the underlying Map in which a single Entry object is reused and returned during the iteration.

SELECTED is a negative number, this is a candidate for a bug. SELECTED is not negative, it seems good practice to use '!

This non-final class defines a clone() method that does not call super.clone().

If this class ("A") is extended by a subclass ("B"), and the subclass B calls super.clone(), then it is likely that B's clone() method will return an object of type A, which violates the standard contract for clone().

If all clone() methods call super.clone(), then they are guaranteed to use Object.clone(), which always returns an object of the correct type.

Security of SSL connections against an active network attacker depends on correctly validating public-key certificates presented when the connection is established.

Shmatikov Abstract: SSL (Secure Sockets Layer) is the de facto standard for secure Internet communications.

We analyze perils and pitfalls of SSL certificate validation in software based on these APIs and present our recommendations.

Using bit arithmetic and then comparing with the greater than operator can lead to unexpected results (of course depending on the value of SWT. = 0' instead of ' Class implements Cloneable but does not define or use the clone method.