Apple Security Flaw Could Allow Attackers to Circumvent Encryption - basically don't check Gmail wit
37 replies, posted
Source: [url]http://www.reuters.com/article/2014/02/22/us-apple-flaw-idUSBREA1L01Y20140222[/url]
[quote]A major flaw in Apple Inc software for mobile devices could allow hackers to intercept email and other communications that are meant to be encrypted, the company said on Friday, and experts said Mac computers were even more exposed.
[b]If attackers have access to a mobile user's network, such as by sharing the same unsecured wireless service offered by a restaurant, they could see or alter exchanges between the user and protected sites such as Gmail and Facebook.[/b] Governments with access to telecom carrier data could do the same.[/quote]
A software update exists for iOS devices, and an update for Macs is expected soon.
its a good thing macs hold a small percentage of laptops, im typing this from my windows 8 laptop and it wors flawlessy, i recommend everyone windows 8
[QUOTE=sYnced;44023534]its a good thing macs hold a small percentage of laptops, im typing this from my windows 8 laptop and it wors flawlessy, i recommend everyone windows 8[/QUOTE]
This isn't the thread for OS elitism, thanks
The bug is hilariously simple. I posted a link in the HW&SW general chat, basically some tit pasted an extra line from the looks of it, that is always called no matter what happens. The line invalidates the security attempts entirely for SSL.
[QUOTE=sYnced;44023534]its a good thing macs hold a small percentage of laptops, im typing this from my windows 8 laptop and it wors flawlessy, i recommend everyone windows 8[/QUOTE]
Ill tip my fedora to that my fellow pc man haha!
those macs are so bad!
[QUOTE=A_Pigeon;44023678]Ill tip my fedora to that my fellow pc man haha!
those macs are so bad![/QUOTE]
i think it was supposed to be ironic considering that he's using windows 7
although the joke in itself was pretty weak
OS broken Apple please fix
Yah who uses broken ass apple products anyways
Apearantly on osx this only affects you if you use Safari.
It'd affect Safari and other apps that use the system TLS libraries, Firefox and Chrome wouldn't be affected since they use their own, etc.
[QUOTE=sYnced;44023534]its a good thing macs hold a small percentage of laptops, im typing this from my windows 8 laptop and it wors flawlessy, i recommend everyone windows 8[/QUOTE]
lmaoo using windows?
an intelligent person would use symbian on their desktop, why would anyone use windows?
[QUOTE=sYnced;44023534]its a good thing macs hold a small percentage of laptops, im typing this from my windows 8 laptop and it wors flawlessy, i recommend everyone windows 8[/QUOTE]
Hey, shut up.
[I]Every[/I] OS in existence has security flaws, because no piece of software is perfect. The only way you will never fall victim to attack is to never get online. Plain and simple.
[QUOTE=Forumaster;44026261]Hey, shut up.
[I]Every[/I] OS in existence has security flaws, because no piece of software is perfect. The only way you will never fall victim to attack is to never get online. Plain and simple.[/QUOTE]
Usb drives
[QUOTE=XeroG;44026318]Usb drives[/QUOTE]
True. However, their attacks are limited if there is no autostart enabled. Pretty much requires the user to outright open the infected file (except for a few explicit cases like that HID exploit).
But has nothing to do with the security flaw in this scenario though.
goto fail;
goto fail;
They certainly failed..
One single, simple duplicated line. I'm kinda impressed that someone managed to find the issue in the first place. I guess you could really call it a needle in a haystack!
Also, a Man in the Middle attack doesn't require you to be connected to an untrusted WiFi network like the thread title suggests. It can happen between your home router and the webpage you're browsing for - so even web banking from home can potentially be affected.
[QUOTE=PredGD;44024887]lmaoo using windows?
an intelligent person would use symbian on their desktop, why would anyone use windows?[/QUOTE]
Because they like stuff and software
[QUOTE=sYnced;44023534]its a good thing macs hold a small percentage of laptops, im typing this from my windows 8 laptop and it wors flawlessy, i recommend everyone windows 8[/QUOTE]
Clearly everyone should be using [URL="http://www.openbsd.org/"]OpenBSD[/URL]. I recommend it to everyone.
[QUOTE=TheCreeper;44027516]Clearly everyone should be using [URL="http://www.openbsd.org/"]OpenBSD[/URL]. I recommend it to everyone.[/QUOTE]
That website is just beautiful.
They spent the website money on securing the base OS, seems to have worked.
[QUOTE=WaLLy3K;44026499]Also, a Man in the Middle attack doesn't require you to be connected to an untrusted WiFi network like the thread title suggests. It can happen between your home router and the webpage you're browsing for - so even web banking from home can potentially be affected.[/QUOTE]
This is true, but I figured all of FP either had WPA-secured wireless or lived out in the fucking boonies somewhere, and your home network would be secure enough.
[QUOTE=Demache;44026392]True. However, their attacks are limited if there is no autostart enabled. Pretty much requires the user to outright open the infected file (except for a few explicit cases like that HID exploit).
But has nothing to do with the security flaw in this scenario though.[/QUOTE]
Or spoof your usb infection via pretending to be a keyboard or other device that is allowed to auto-run in the background without confirmation, bonus points if it can operate during the boot process too, it then executes scripts on plug in, scripts deploy infection, bam, done, you're fucked. Keyboard is the best device since they are allowed around 1k characters per minute or the equal of actions by the system before most AV programs or even the system will give a shit.
[QUOTE=lavacano;44035315]This is true, but I figured all of FP either had WPA-secured wireless or lived out in the fucking boonies somewhere, and your home network would be secure enough.[/QUOTE]
The router that you're connected to doesn't need to be compromised for this attack to happen - but having it compromised does allow any kiddie with a penetration distro to exploit the issue easily.
[QUOTE=Mobon1;44024325]i think it was supposed to be ironic considering that he's using windows 7
although the joke in itself was pretty weak[/QUOTE]
He was being sarcastic but the joke went over your head :c
AmigaOS is THE shit.
This is nothing, if you go to defcon you know that both Windows and OS X are full of holes and zero-days.
[media]http://www.youtube.com/watch?v=-uqTqJwTFyU[/media]
for example.
[QUOTE=glitchvid;44038772]This is nothing, if you go to defcon you know that both Windows and OS X are full of holes and zero-days.
[media]http://www.youtube.com/watch?v=-uqTqJwTFyU[/media]
for example.[/QUOTE]
what are MS and Apple's responses to these?
[QUOTE=WhyNott;44038476]AmigaOS is THE shit.[/QUOTE]
AmigaOS is for scrubs, real men use FreeDOS.
real men write their own OS
[QUOTE=sloppy_joes;44042681]real men write their own OS[/QUOTE]
Sloppy_Joes ver. 4.1 "Super Sloppy' is the shit.
Sorry, you need to Log In to post a reply to this thread.
