CVE-2014-6321 (also known as MS14-066) is a heap overflow vulnerability discovered by Microsoft engineers in Schannel, the SSL/TLS implementation used by Windows.
My Java application uses SSL (JSSE Implementation) and so now I'm wondering if my application is at risk due to this vulnerability or it is irrelevant?
The vulnerability (still undisclosed) is also described as "Microsoft Schannel Remote Code Execution Vulnerability", which indicates that it is an implementation weakness (namely, a probably boring buffer overflow), not a protocol weakness. Thus, there is no reason to believe that the vulnerability would be shared with any other independent implementation of the protocol.
(Furthermore, Java's implementation of SSL/TLS is not only independently developed; it is also written in Java, which is inherently resilient to buffer overflows, since all array accesses in Java are inherently validated against the actual array length.)
CVE-2014-6321 (also known as MS14-066) is a heap overflow vulnerability discovered by Microsoft engineers in Schannel,...
Risk management in Information Security today Everyday information security professionals are bombarded with marketing messages around risk and threat management, fostering an environment in which objectives seem clear: manage risk, manage threat, stop attacks, identify attackers. These objectives aren't wrong, but they are fundamentally misleading.In this session we'll examine the state of the information security industry in order to understand how the current climate fails to address the true needs of the business. We'll use those lessons as a foundation...