Skip to content
View in the app

A better way to browse. Learn more.

Bedlington.uk

A full-screen app on your home screen with push notifications, badges and more.

To install this app on iOS and iPadOS
  1. Tap the Share icon in Safari
  2. Scroll the menu and tap Add to Home Screen.
  3. Tap Add in the top-right corner.
To install this app on Android
  1. Tap the 3-dot menu (⋮) in the top-right corner of the browser.
  2. Tap Add to Home screen or Install app.
  3. Confirm by tapping Install.

Appalling Crypto Flaw In Apple Ios!

Featured Replies

This is as bad as it gets. A stupid coding error that has gone unnoticed for quite some time leaves all Apple iOS devices open to spoofing. In other words you only think you have a secure connection, the reality is that you don't!

Full details here: http://arstechnica.com/security/2014/02/extremely-critical-crypto-flaw-in-ios-may-also-affect-fully-patched-macs/

 

The coding error is juvenile. With open source loads of people would have noticed this straight away.  Apple's super secrecy about everything means no one gets to see the source code, and so invites this sort of blunder.

 

For the time being, people using Macs should avoid using public networks, a step that can thwart many criminal eavesdroppers but will do little to prevent surveillance by the National Security Agency and other state-sponsored spies. Because the Google Chrome and Mozilla Firefox browsers appear to be unaffected by the flaw, people should also consider using those browsers when possible, although they shouldn't be considered a panacea.

 

Visiting this link with a secure browser will show an error and warning messages.  Reportedly iOS devices don't, and allow sites to pretend to be what they are not.  But the problem doesn't stop there!

  • Author

Oh glory - it takes the iSheep at the Beeb two whole days to break this story then they tack a tame "Apple users in security warning" headline on it.  A mega-breach like this from anyone else would have rated a much more robust response.  Something like "Botched security update - all Apple devices remain insecure!".  Botched being a word they did recently headline about a minor problem in a Samsung update pushed to a single phone model, which was speedily fixed, and had no security implications.

 

The actual source code error and simple fix would be clear to most novice programmers. So why has it taken Apple months to fix it, and why a fix still not available?  It's not as if these are sub-premium products, or that people haven't paid an arm and a leg for essential support they haven't been getting.  It seems that arty flourishes by Jony Ive are far more important than basic security.

Create a free account or sign in to comment

Account

Navigation

Search

Search

Configure browser push notifications

Chrome (Android)
  1. Tap the lock icon next to the address bar.
  2. Tap Permissions → Notifications.
  3. Adjust your preference.
Chrome (Desktop)
  1. Click the padlock icon in the address bar.
  2. Select Site settings.
  3. Find Notifications and adjust your preference.