Posted on 02/22/2014 10:33:57 AM PST by for-q-clinton
A major flaw in Apple Inc software for mobile devices could allow hackers to intercept email and other communications that are meant to be encrypted, the company said on Friday, and experts said Mac computers were even more exposed.
If attackers have access to a mobile user's network, such as by sharing the same unsecured wireless service offered by a restaurant, they could see or alter exchanges between the user and protected sites such as Gmail and Facebook. Governments with access to telecom carrier data could do the same. ... "It's as bad as you could imagine, that's all I can say," said Johns Hopkins University cryptography professor Matthew Green. ... After analyzing the patch, several security researchers said the same flaw existed in current versions of Mac OSX, running Apple laptop and desktop computers. No patch is available yet for that operating system ... The company was recently stung by leaked intelligence documents claiming that authorities had 100 percent success rate in breaking into iPhones.
(Excerpt) Read more at cnbc.com ...
Better switch to a more secure OS like Linux or Windows. And for phones Windows Phone is the most secure right now.
Please ping both your aliases. Shadow I know you don’t like pinging apple stuff as swordmaker does that for his group, but this is pretty big and the tech community needs to be aware of it.
Look out below!
Mac users will be jumping out of the windows.
Macs NEVER have a problem with viruses, etc. [/s]
The fixes are iOS 7.0.6 (iPhone 4 to 5S, iPad 2 and later) and iOS 6.1.6 (iPhone 3GS and 4th generation iPod touch).
No fix for OS X yet though. So better leave those shut off for now or run windows on them.
well darn
Fanboys all around the world are in stunned disbelief.
If attackers have access to a mobile user's network, such as by sharing the same unsecured wireless service offered by a restaurant, they could see or alter exchanges between the user and protected sites such as Gmail and Facebook.
OSX is a derivative of Unix. The truth of the matter is, ANY operating system is vulnerable. It’s just a matter of what degree.
Who’s Who in Bitcoin: Zerocoin Hero Matthew Green
http://spectrum.ieee.org/computing/networks/whos-who-in-bitcoin-zerocoin-hero-matthew-green
Matt Green : A Few Thoughts on Cryptographic Engineering
http://isi.jhu.edu/research/mattgreen
http://spar.isi.jhu.edu/~mgreen/
https://twitter.com/matthew_d_green
static OSStatus
SSLVerifySignedServerKeyExchange(SSLContext *ctx, bool isRsa, SSLBuffer signedParams,
uint8_t *signature, UInt16 signatureLen)
{
OSStatus err;
...
if ((err = SSLHashSHA1.update(&hashCtx, &serverRandom)) != 0)
goto fail;
if ((err = SSLHashSHA1.update(&hashCtx, &signedParams)) != 0)
goto fail;
goto fail;
if ((err = SSLHashSHA1.final(&hashCtx, &hashOut)) != 0)
goto fail;
...
fail:
SSLFreeBuffer(&signedHashes);
SSLFreeBuffer(&hashCtx);
return err;
}
SourceNote that going to fail doesn't actually signal failure unless err is non-zero, and that the third goto is unconditional, thus keeping the third if-test from ever running.
According to the source link, there is possibly a compiler option that, had it been used, would have raised a warning about the unreachable code.
“If you’re using any Apple product and think it’s secure you’re only fooling yourself. Plus they got many of the dumb users on their products so I suspect many of their users are completely owned.”
Since MS OS is used by such a majority of computer users, I imagine “dumb users” are concentrated in Windows.
“Better switch to a more secure OS like ......Windows.”
Oh my gosh!!! I needed a laugh!!
AAPL SUX I will never buy an apple product. Screw those commies. I use Windows 7 and 8. I use a cell phone but any smart phone/tablet will be an android
I know funny that windows is more secure.
“I know funny that windows is more secure.”
Do you have anything to back that up in the evidence category, or is it an opinion only?
Disclaimer: Opinions posted on Free Republic are those of the individual posters and do not necessarily represent the opinion of Free Republic or its management. All materials posted herein are protected by copyright law and the exemption for fair use of copyrighted works.