Free
Message: Re: Forbes Article Apple Security Mess
6
Feb 21, 2014 11:15PM
10
Feb 22, 2014 09:53AM
6
Feb 22, 2014 10:27AM
6
Feb 22, 2014 11:24AM
7
Feb 22, 2014 11:36AM
1
Feb 22, 2014 12:32PM
6
Feb 23, 2014 06:53PM
1
Feb 23, 2014 07:22PM

Wheels...That's a pretty good write up...@ least he went the extra mile to explain the difference between the authentication hand shake and Apples code problem implementing SSL protocols.. (encryption).

Two different animals that are confused on other write-ups I've read.

Apples SSL and TLS problem is really not the problem...the real problems are networks not securing their own environment through authentication...some secure and many do not. It's not only hackers to fear, but someone simply gaining access to your PIN ID's without hacking any thing. If your device is specific to a secure network your PIN then becomes incidental....and this is what most folks have to fear.

Authentication seems to be the topic they are all ranting about....and for the most part that has nothing to do with APPLE, if one wants real security.

I don't know about the rest of you, but, all the noise makes no sense to me regarding APPLE.

All the fuss started with APPLE directly, identifying a problem and fixing it.

"The error is a simple one that's easy to see when you look right at it, but perhaps hard to see when you're looking at the whole 1,970 line file. The error is on line 632. It's an extra "goto fail;" statement that causes SSL signature verification to succeed always (in certain very common configurations). For more detail on all this, read Langley's post. It has the look of a thoughtless editing bug — a slip of the fingers — rather than an error in logic. The fix is simply to remove line 632 and recompile." link

Apple needs to keep its SSL issues straight....and others need to improve on their network security through better authentication methods.

doni

Share
New Message
Please login to post a reply