-
And just because a patch was released doesn't mean that the problem has passed. How many people don't upgrade their OS or can't because of IT restrictions, etc? This "Nothing to see here, move along" attitude that many are giving in defense of Apple is not helpful to the people that are potentially at risk from this flaw.02-23-14 01:44 PMLike 2 - kbz1960Doesn't MatterIt would be very difficult to set this up for a properly configured SSL connection. With this Apple flaw in the coding, it's a pretty simple matter to spoof a site. When you go to an HTTPS site, it will offer its cert and your browser checks that against the site's key. With this flaw in Apple browsers, a site can say "I'm Google.com" and their browsers say "Ok, continue..." without checking to see if it is valid.02-23-14 01:45 PMLike 0
- It was an example of the easiest attack vector and the one which most people would be vulnerable to. It could also be accomplished on a secured wifi network. For example, we use a WPA2 secured wifi network. It is not connected to our internal network, just goes out to the internet. As such, we are pretty lenient with giving those credentials out to guests. Because of our assumption that Apple had web security standards implemented properly, we also allowed users to connect their smartphones to this network. Now, we're going to need to take another look at this configuration.02-23-14 02:11 PMLike 3
-
this is a system level bug so it does not just affect browser security, but any application that depends on the OS SSL/TLS library to correctly check the server certificate.kbz1960 likes this.02-23-14 03:51 PMLike 1 - kbz1960Doesn't MatterIt was an example of the easiest attack vector and the one which most people would be vulnerable to. It could also be accomplished on a secured wifi network. For example, we use a WPA2 secured wifi network. It is not connected to our internal network, just goes out to the internet. As such, we are pretty lenient with giving those credentials out to guests. Because of our assumption that Apple had web security standards implemented properly, we also allowed users to connect their smartphones to this network. Now, we're going to need to take another look at this configuration.It is indeed. the bug in question (which is also on Mac OS X) is that the system SSL/TLS security layer does not verify the received certificate is signed by a trusted CA. So a malicious actor anywhere on the network between an affected system and a website could launch a man in the middle attack using nothing more than a self signed certificate that claims to be for the destination site.
this is a system level bug so it does not just affect browser security, but any application that depends on the OS SSL/TLS library to correctly check the server certificate.grover5 likes this.02-23-14 03:59 PMLike 1 -
Considering that people are using their phones for doing everything, including banking and buying stuff, it's very scary. I know Apple fanboys will deny everything and will keep justifying using that garbage but the fact of the matter is that iPhone has fallen behind, including security which is a shame considering their closed architecture and insane obsession with controlling everything.02-23-14 07:41 PMLike 0 - That's already known about Blackberry. Nothing to say their. The point here is that some folks have been saying that IOS and Android are as safe as Blackberry and there is no compromise in using those OSs but that fact is that there is a huge risk in using both IOS and Android. I would be worried if I was doing financial transaction on an iPhone.02-23-14 07:47 PMLike 0
- But they only revealed the issue once they fixed it, right? Or am I mistaken? Because if the issue was indeed a major one, and they kept it quiet for their own good, I would - as a company or government - be very sceptical towards Apple products going forward. It's not like hackers wouldn't find out anyway..
Posted via CB10
Windows in the making.02-23-14 07:52 PMLike 0 -
Sent from my Nexus 7 using TapatalkLast edited by app_Developer; 02-24-14 at 07:10 PM.
mikeo007 likes this.02-24-14 12:07 AMLike 1 - http://techland.time.com/2014/02/24/...able-to-hacks/
Posted via CB10 running on Z10STL100-1/10.2.1.214102-24-14 07:01 AMLike 0 -
Seems like a lot of posts with zero understanding of what the actual issue was.Last edited by mikeo007; 02-24-14 at 01:52 PM.
02-24-14 01:26 PMLike 0 -
02-24-14 01:28 PMLike 3 - A few of the iPhone Dev Team guys were poking fun at the irony of "goto fail;" heh, the else statement really speaks for itself :Papp_Developer likes this.02-24-14 06:49 PMLike 1
- Some interesting reading:
Apple’s reputation for software security a ‘myth’
Apple’s reputation for software security a ‘myth’ - Technology & Science - CBC News02-25-14 04:47 AMLike 0 - There is a fix out for this issue, IOS 7.0.6, but now my iPad is rendered useless, WTF, and I'm not alone.
http://www.techienews.co.uk/976861/a...e-5s-ipad-air/
They rushed to fix one issue and create a bigger issue.
Z30 on 10.2.1.537 in Canada02-25-14 06:47 AMLike 0 - It matters in the bigger picture when you cover up a mistake, when people have no idea there is a mistake and are vulnerable. It doesn't matter if they fixed it quietly or not, they didn't tell anyone. That's the issue, it's like your doctor treating you for syphilis and not telling you. How many people have it because your doctor didn't tell you. Samsung did the same with bad batteries, didn't tell a soul, in fact made the consumer sign a confidentiality statement not to repeat the issue to anyone.
Posted via CB1002-25-14 07:02 AMLike 0 - That's exactly the point- these are not individual citizens using a phone for personal reasons, these are members of the military. The Department of Defense stated the #1 reason for switching was budgetary. It's cheaper for them to use Apple phones and iPads than to use Q10 on a BES. It's a shame that an organization with a budget the size of the US Military and charged with defending our country decides to save ~$16M by putting our security at risk. It's all about money.... if you read the DoD articles they also claim they don't have the proper controls in place to ensure iOS security, but they are working on it.
Posted via CB1002-25-14 07:30 AMLike 0 - I just hope that there would be no hacker can take over the air force control system and set the bombs to kill the innocent02-25-14 01:17 PMLike 0
- Second Apple iOS security flaw exposed
http://www.telegraph.co.uk/technolog...w-exposed.html
Posted via CB10 running on Z10STL100-1/10.2.1.214102-25-14 02:30 PMLike 0 - Second Apple iOS security flaw exposed
http://www.telegraph.co.uk/technolog...w-exposed.html
Posted via CB10 running on Z10STL100-1/10.2.1.2141
Posted via CB1002-25-14 02:32 PMLike 0 - kbz1960Doesn't MatterSecond Apple iOS security flaw exposed
Second Apple iOS security flaw exposed - Telegraph
Posted via CB10 running on Z10STL100-1/10.2.1.214102-25-14 03:47 PMLike 0
- Forum
- Popular at CrackBerry
- General BlackBerry News, Discussion & Rumors
Apple Security Issue
« The "How many people have you converted to BlackBerry " Thread
|
Need help, company email server blacklisted by Blackberry! »
Similar Threads
-
Microphone issues
By nanapabb in forum BlackBerry Z10Replies: 15Last Post: 03-28-14, 03:51 PM -
MMS issues on Z10 since 10.2.1
By ReSeanRussell in forum BlackBerry Z10Replies: 12Last Post: 02-24-14, 05:07 AM -
Whatsapp beta dark theme and security settings updated
By FranRamos in forum BlackBerry 10 OSReplies: 29Last Post: 02-23-14, 10:08 AM -
OoVoO on BlackBerry z30 issue
By blackone85 in forum BlackBerry Z30Replies: 6Last Post: 02-22-14, 01:27 PM -
Touchscreen issue
By lady of the lake in forum BlackBerry Z30Replies: 3Last Post: 02-21-14, 07:38 PM
LINK TO POST COPIED TO CLIPBOARD