Jump to content

Appalling Crypto Flaw In Apple Ios!


Recommended Posts

This is as bad as it gets. A stupid coding error that has gone unnoticed for quite some time leaves all Apple iOS devices open to spoofing. In other words you only think you have a secure connection, the reality is that you don't!

Full details here: http://arstechnica.com/security/2014/02/extremely-critical-crypto-flaw-in-ios-may-also-affect-fully-patched-macs/

 

The coding error is juvenile. With open source loads of people would have noticed this straight away.  Apple's super secrecy about everything means no one gets to see the source code, and so invites this sort of blunder.

 

For the time being, people using Macs should avoid using public networks, a step that can thwart many criminal eavesdroppers but will do little to prevent surveillance by the National Security Agency and other state-sponsored spies. Because the Google Chrome and Mozilla Firefox browsers appear to be unaffected by the flaw, people should also consider using those browsers when possible, although they shouldn't be considered a panacea.

 

Visiting this link with a secure browser will show an error and warning messages.  Reportedly iOS devices don't, and allow sites to pretend to be what they are not.  But the problem doesn't stop there!

Link to post
Share on other sites

Oh glory - it takes the iSheep at the Beeb two whole days to break this story then they tack a tame "Apple users in security warning" headline on it.  A mega-breach like this from anyone else would have rated a much more robust response.  Something like "Botched security update - all Apple devices remain insecure!".  Botched being a word they did recently headline about a minor problem in a Samsung update pushed to a single phone model, which was speedily fixed, and had no security implications.

 

The actual source code error and simple fix would be clear to most novice programmers. So why has it taken Apple months to fix it, and why a fix still not available?  It's not as if these are sub-premium products, or that people haven't paid an arm and a leg for essential support they haven't been getting.  It seems that arty flourishes by Jony Ive are far more important than basic security.

Link to post
Share on other sites

Create a free account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!

Register a new account

Sign in

Already have an account? Sign in here.

Sign In Now
Hide Adverts


  • Latest News

    • Get the latest Northumberland news and updates delivered straight to your inbox
      All they want to do is cradle their newborn baby in their arms.
      But Bedlington parents Carly Walker and Ryan Murphy have been forced to watch from the sidelines as their daughter fights for her life.
      Little Ayda Faith Murphy was born prematurely on March 31, weighing just 4lbs, at Newcastle's Royal Victoria Infirmary.
      Rushed for her first operation straight after birth and another at just four days old, she's battling terrifying odds after being diagnosed with a series of incredibly rare birth defects.
      An almost unique variant of gastroschisis, a defect of the abdominal wall, has left her intestines pushing up into her chest - a condition doctors estimate is suffered by no more than 10 babies worldwide.
      Meanwhile, her heart appears to have flipped over and lies on the wrong side of her chest, while she's receiving oxygen from a machine due to her underdeveloped lungs.
      Keep up-to-date with all the latest news in the county by visiting our Northumberland Live homepage.
      You can sign up to our daily Northumberland newsletter here.
      Facebook: Here's our main Northumberland page.
      Twitter: You can follow the Northumberland Live page here.
      Find The Journal's Northumberland editions on the British Newspaper Archive here.

  • Latest Topics

×
×
  • Create New...