Apple Says iOS, OSX and “Key Web Services” Not Affected by Heartbleed Security Flaw

ReCode.net ^ | April 10, 2014, 1:42 PM PDT | By Mike Isaac

[Swordmaker]

Apple said Thursday that its mobile, desktop and Web services weren’t affected by a major flaw in a set of security software used by hundreds of thousands of websites.

The flaw, codenamed “Heartbleed” and first reported by Web security firm Codenomicon, was discovered in a technology called “OpenSSL” — a set of encryption software used by Web companies to safeguard user information. Sites that use OpenSSL will display a small “lock” icon in the top left-hand corner of your Web browser’s address bar (though not all sites showing this lock use OpenSSL); the technology is used on more than two-thirds of websites across the Internet.

“Apple takes security very seriously. IOS and OS X never incorporated the vulnerable software and key Web-based services were not affected,” an Apple spokesperson told Re/code.

Apple’s statement comes in the days after the disclosure rocked companies and Web security wonks across the world; security expert Bruce Schneier called Heartbleed “catastrophic” in a blog post this week. “On the scale of 1 to 10, this is an 11,” he wrote.

Major Internet firms scrambled to issue patches to fix the flaw in their Web services in the following days, but companies like Facebook, Google and Yahoo all admitted periods of time in which their services could have been susceptible to the Heartbleed flaw.

Security experts have reminded users to update passwords across any sites that may have been affected, but only after the companies have updated their security software.

It has also been suggested that people start using password management tools like Lastpass, 1Password and Apple’s own Safari Browser password generator in order to keep track of multiple passwords across various accounts, rather than using one single password phrase for every account.

[Utilizer]

Yes, Utilizer, anything short of glowing approval on an apple thread is hate. It’s in the FR manual somewhere.

Apparently, you are not joking, mate. Macophiles just seem to have an instant knee-jerk reaction to anyone not accepting that their graphics boxen are not greater in capabilities than any other mere platform as blasphemy of the worst sort.

If I happen to mention the truth in these postings, I suppose it is only natural that the Cult Of Apple Uber Alles would take offence. Not that any observations I have posted over the years would make any difference in their positions even after all this time, I see.

I can not help it if I state what I know to be true.

[Leonard210]

I have a guy literally stalking me on another thread cause I dared to interrupt their worship service.

Here’s where he started.
http://www.freerepublic.com/focus/f-chat/3134377/posts?q=1&;page=211#211

Cheers.

[Utilizer]

Hey! Utilizer, what ARE all those notebooks those engineers and scientists are using at NASA's AMES SPACE CENTER? I guess they couldn't be MacBook Pros. Nah.

Why you are right! And the DVD player with the A/V input cord which can display the same image as the ones you posted is now proven to be just a powerful as any mac!

When you can show examples of a mac, xbox, ps2, or an atari 2600 crunching through the compilation of a new kernel, or the muscle behind the programs I use to design products instead of merely reflecting text and an image, then they will indeed have grown up.

Until then, post all the pretty pictures you wish.

When you place an ad in Engineering Digest challenging the other companies to come up with a faster or at least semi-equivalent program to run on your graphics boxen to churn through real-world computations, then will I accept that at least a part of the graphics processor is valuable in designing the components I work with on a daily basis.

Until then, I look forward to your next posting of the newest "Field of Daisies", no doubt.

[Swordmaker]

Merely stating that those platforms are not designed to accommodate some true processing power should not in any way equate to lessening what they are capable of. You can run a business, I suppose, on a mac. After all, they can handle forms and printing things quite well. However, immediately assuming that because they can work smoothly with graphics-based applications means that they can handle anything else there is... is, I hesitate to inform you, not realistic.

They can do pretty pictures and cute fonts well, or so I am told.

So you're told? You have the gall to enter an Apple thread to spout MYTHs and tell us the capabilities of our computers based on HEARSAY? Them is some cojones my friend. Frankly, as demonstrated in my above post, you literally don't know what you're talking about.

Several Reviewers recently attempted to build a Windows PC to match the specs and processing power of the top of the line Apple Mac Pro and they literally COULD NOT DO IT. The components were not yet available anywhere near the price Apple was shipping the completed retail, guaranteed Mac Pro for. . . and some components couldn't be had at any price. It's computational power blew every workstation away. A lot of number crunching can be handed off to the GPUs which can turn in 7 Teraflops. . . Twelve core INTEL XEON PROCESSOR. 7- 20GB per second Thunderbolt ports, USB 3, HDMI, All contained in a virtually silent 6" by 9" chassis. Oh! and made in the USA.

Incidentally, the reviewers tried to find a combination in which a Windows PC with close specs was less expensive than the similarly specced (but always more powerful) Mac Pro and the PC was always more expensive.

[Utilizer]

Oh, oh, oh- *gasp*

I finally stopped laughing enough to respond to that post! *wipes tears from eyes*

Those are TERMINALs, mate. In other words, they are graphics-accentuated DISPLAYS. Oh, you macophiles are just too self-important for words! *snicker*

I have a 486-DX4-120 that can handle 63 of those displays at one time -although, I must admit not with the REALLY pretty fonts that your fellow adherants seem to prefer, and could do quite a few more if I felt it necessary.

However, very well. I suppose that in your mind the posting of some terminals being accessed by macbooks makes you somehow "cool" to others, so enjoy. *grin*

When I start to feel the need for faster speeds than Pentium -66 speeds for raw processing power, I suppose I might begin to look at your terminal (x-windows, of a sort) boxen for some useage. Until then, the pretty fonts and the nice backgrounds will look quite lovely when I bring someone by to play...

[Swordmaker]

Jacques, Your computer, iPhone, and iPad are safe. The Heartbleed exploit cannot invade them to read your memory as it can read vulnerable systems. The fear it can read your passwords from the server side is overblown as most servers actually do not hold your actual password in memory. They have instead a "hashtag" of your password. A representation created by an algorithm that is recreated each time you log in and enter your password—at which time the algorithm recreates the hashtag, compares the two, confirms a match, and allows you entry. If the Heartbleed hacker gets your username and corresponding hashtag, the algorithm will create something that will not match and your access is safe.

If they DON'T use hashtags, then, yes, there could be a problem. . . but all commercial sites do.

The problem with using password generators is they come up with excellent, hard-to-hack secure, but impossible to memorize passwords. Using a silly, inane nonsense phrase of disconnected but seemingly normal words that COULD mean something is much easier, but equally secure.

myALIGATORisafluffy1

Funny, memorable, secure

[Utilizer]

I have not worked very much with LabView, but honestly I deal exclusively with PC machines so I hope your posting is not geared to the macophiles since I need computational capabilities more than graphics maneuverability for the majority of work I do.

If it is indeed as helpful as you say then I may try it out. If it does not do what I need it to do, then at the very least I will know where its computational underpinnings are causing difficulties and can go from there.

Thanks much for the reference, mate.

[Swordmaker]

Those are TERMINALs, mate. In other words, they are graphics-accentuated DISPLAYS. Oh, you macophiles are just too self-important for words! *snicker*

Are you really as stupid as you are coming across? There is NOTHING INHERENTLY SUPERIOR ABOUT YOUR WINDOW BOXES. These scientist and engineers are not choosing Macs because they make great "terminals", any more than they choose a Windows machine for that purpose. If that were the case, they'd choose the cheapest "terminal" computer they could. These engineers chose Macs for good serious reasons. Contrary to your asinine claims which you stated were based on hearsay. Do you even know what UNIX is, or what it is capable of?

[Utilizer]

OK, I am giving up. It is much too late and I am much too tired. Go ahead and preach the mac gospel all you wish. You can badmouth all you wish, and I will still tell you that maccompukkers will never fulfill the requirements necessary for the work I do.

Just a word of advice.

"No".

They chose those macs because they got a great deal from apple for some fancy displays. NONE of the graphicboxen you refer to were actually involved in any way with any actual real-world activities. I should know. I was at the AMES Research Center when the first Mars Lander photos came in.

But, feel free to believe that those machines (laptops) were doing something grand. I would be the last to take away such a momentous occasion from you...

[Swordmaker]

I have not worked very much with LabView, but honestly I deal exclusively with PC machines so I hope your posting is not geared to the macophiles since I need computational capabilities more than graphics maneuverability for the majority of work I do.

You know Utilizer. . . I just realized you don't really know what it takes to really DO graphics, do you? Think about the sheer computational power necessary to do reality ray tracing in a three-dimensional scene in a 32 bit, 1080P HD 3D video. If you want it in real time, the new Mac Pro can do THAT — and it can do it only slightly slower in 4000 line HD video! The Computational power of the Macs that you are so denigrating because they do "graphics" can do that. . . and handling your piddly CAD/CAM work is child's play compared to that kind of computation and precision. Graphics work is among the highest and heaviest computation a computer can be put to doing.

AutoCad is available for the Mac—the Mac is where CAD/CAM started . . . Hell, autoCad has made a 3D CAD App for the iPad. Cad/Cam doesn't take computational horsepower. . . just good programs. I know of a machine shop that has a CAD/CAM system running their 12 computer controlled lathes on Commodore C-64s. It gets the job done for some very complex shapes. . . But it's a bear to program. . . and he has stacks of extra C-64s, 1541 disk drives, 1702 monitors, and a crate of power bricks in the back. But the owner has a hell of a time finding 8.25" floppy disks. . . I told him when I last saw him some Chinese company had put a C-64 on a Flash Drive for playing games. As I said, CAD/CAM doesn't take a lot of oomph.

Consider this scene from Avatar:

Now think of 24 of those for every second of film for that scene. Everything in it, including Jake Scully, is CAD, composed of millions of triangles, then color and texture applied, then light traced, calculating blur, haze, motion of multiple items, TWICE—from a slightly different angle.

The Macs you so blithely dismiss as mere graphic computers are capable of rendering that scene. . . and the Mac Pro is capable of creating it—in real time—with dual graphic cards that produce 7 TERAFLOPS of computational power.

Just eleven years ago, the third fastest supercomputer in the world was built by Virginia Tech using 1100 networked dual processor desktop PowerMacs for about $6 million. Most of that money was for a building, racks, and cooling. Even at that price it was one quarter the price of the 2nd fastest supercomputer. . . and one tenth the price of the fastest that year. However, what's important is that those 1100 PowerMacs were capable of producing 10.5 Teraflops.

The 2013-2014 MacPro, all 1 of it, can produce 7 Teraflops all by itself! Cost? Under $3000 in its basic configuration.

[Swordmaker]

They chose those macs because they got a great deal from apple for some fancy displays. NONE of the graphicboxen you refer to were actually involved in any way with any actual real-world activities. I should know. I was at the AMES Research Center when the first Mars Lander photos came in.

No, they didn't. Apple did not supply Ames with any "special deal." US government procurement specifications during the Obama administration has required Windows PCs. Purchasing Macs requires almost an act of Congress. Those are personal computers. First you are a CAD/CAM designer. Now you are a engineer at Ames Research Center. Which is it? Even if you were there as one of the contractors, I would HIGHLY doubt they discussed computer procurement with you.

Note the evidence of your making your claim up: There is a mix of computers in that crowd. Right in front is one with a PC. There are at least five different models of MacBook that I can see on the desks. In the back is a fellow holding an older black MacBook. They are all different vintages. The young lady in the middle appears to have a MacBook Air. A guy in the back seems to have a 17" model. . . That'd be vintage 2007-8. No, Utilizer. You're making things up that just don't hold water and don't comport with what I have read about the NASA engineers buying their own because they hated the Windows notebooks.

[AFreeBird]

1Password is having a heart bleed sale on MAC & iOS app stores. 50% off for their password manager program; $24.99 & $8.99 respectively.

[SunkenCiv]

Ah, but Hackintosh builders might be, if this heartbleed thing is in the kernel.

[roadcat]

Interesting. You sound like the homos who march into a bakery run by straight bakers and want to force them to make a queer cake for them. If you don’t like the way they make their products that the masses like, don’t go into their store making a ruckus.

I know: “But I made up my mind and hate your stuff! Don’t confuse me with stuff I have no intention of buying that most other people like!”

[johngrace]

Hi Swordmaker! Thank you for Article! I appreciate it. Nice to know. I am all apple now. I feel safer. Thanks again!

[TheBattman]

I find it interesting how much this "Heartbleed" bug/exploit has been vaunted as a massive issue - with supposedly ⅔ (according to this particular article) of web sites having been vulnerable... From the early news reports, I began checking using several tools including web sites that test for the exploit... and I have found exactly one of the dozens I ever use with any sensitive or personal info (or passwords) with. Just one. My question - was this whole thing blown out of proportion (and yes, I understand that all it takes is one compromised web site to mess you up)?

[TheBattman]

My FRient - what is the point of putting up a defense? Those who hate all things Apple (at least 99% of them), the hate is much like the irrational hatred of God that supposedly leads to Atheism.

You could hold their hand, sit down with them, and walk them step-by-step through every fine detail - with irrefutable evidence, and they would absolutely refuse to accept that anything produced by the “Homo-company Apple” (their view) could do anything positive at all, much less be more than competitive, while being far more reliable.

Reminds me so vividly of some of the irrational Ford vs Chevy vs Dodge fights I have witnessed. Yes - I have a preference in the above three brands, but I don’t get rabid, I don’t accept every rumor or crazy negative that floats around about any of the three - I base my views on my experience and history, and don’t try to argue, cuss, or name-call my views into anyone else., and I certainly don’t go trolling those other brand threads on message boards just for spouting the garbage (or even my own experience unless I have a very specific connection to the discussion).