Appalling Crypto Flaw In Apple Ios!

[threegee]

This is as bad as it gets. A stupid coding error that has gone unnoticed for quite some time leaves all Apple iOS devices open to spoofing. In other words you only think you have a secure connection, the reality is that you don't!

Full details here: http://arstechnica.com/security/2014/02/extremely-critical-crypto-flaw-in-ios-may-also-affect-fully-patched-macs/

 

The coding error is juvenile. With open source loads of people would have noticed this straight away.  Apple's super secrecy about everything means no one gets to see the source code, and so invites this sort of blunder.

 

For the time being, people using Macs should avoid using public networks, a step that can thwart many criminal eavesdroppers but will do little to prevent surveillance by the National Security Agency and other state-sponsored spies. Because the Google Chrome and Mozilla Firefox browsers appear to be unaffected by the flaw, people should also consider using those browsers when possible, although they shouldn't be considered a panacea.

 

Visiting this link with a secure browser will show an error and warning messages.  Reportedly iOS devices don't, and allow sites to pretend to be what they are not.  But the problem doesn't stop there!

[threegee]

Oh glory - it takes the iSheep at the Beeb two whole days to break this story then they tack a tame "Apple users in security warning" headline on it.  A mega-breach like this from anyone else would have rated a much more robust response.  Something like "Botched security update - all Apple devices remain insecure!".  Botched being a word they did recently headline about a minor problem in a Samsung update pushed to a single phone model, which was speedily fixed, and had no security implications.

 

The actual source code error and simple fix would be clear to most novice programmers. So why has it taken Apple months to fix it, and why a fix still not available?  It's not as if these are sub-premium products, or that people haven't paid an arm and a leg for essential support they haven't been getting.  It seems that arty flourishes by Jony Ive are far more important than basic security.

[Brett]

NSA backdoor