Solve : Update your Mac NOW?

1.	Solve : Update your Mac NOW?
Answer» Full story: http://www.theregister.co.uk/2014/02/25/apple_mac_os_x_10_9_2_ssl/ This was BACK in February. Quote Update your Mac NOW: Apple fixes OS X 'goto fail' SSL spying vuln Guys, Patch Tuesday is for Microsoft and Adobe, this should have been Patch Friday It is more than an Apple;e thing. Bad SSL can hurt anybody. Quote It also just so happens to snap shut a gaping security vulnerability that potentially allowed hackers to hijack USERS' bank accounts, read their email, steal their passwords, and compromise other SSL-encrypted communications. On Friday afternoon, the Cupertino giant updated iOS 7 and 6 for iPhones, iPods, iPads, and Apple TVs to squash a flaw that knackered the integrity of SSL connections: a programming BUG caused Apple's SSL code to skip over vital checks of a server's authenticity when establishing a connection. Apps affected by the flaw were left with no way to securely prove who they were talking to over the network. It is a common practice for a computer program to just skip over something LOOKING like a 'glitch' and just go a head with an operation. With SSL, that is a stupid mistake. The article shows a bit of code and adds: Quote Visiting gotofail.com, a reference to the above code censored-up, will test whether your web browser CORRECTLY rejects a malicious SSL certificate, rather than blindly trust the server is what it says it is. Many are blaming Apple. But the implication is much greater. Here is a general article on what SSL is and why it matters. Transport Layer Security SSL

Answer»

Full story:
http://www.theregister.co.uk/2014/02/25/apple_mac_os_x_10_9_2_ssl/
This was BACK in February.
Quote

Update your Mac NOW: Apple fixes OS X 'goto fail' SSL spying vuln
Guys, Patch Tuesday is for Microsoft and Adobe, this should have been Patch Friday

It is more than an Apple;e thing. Bad SSL can hurt anybody.
Quote

It also just so happens to snap shut a gaping security vulnerability that potentially allowed hackers to hijack USERS' bank accounts, read their email, steal their passwords, and compromise other SSL-encrypted communications.
On Friday afternoon, the Cupertino giant updated iOS 7 and 6 for iPhones, iPods, iPads, and Apple TVs to squash a flaw that knackered the integrity of SSL connections: a programming BUG caused Apple's SSL code to skip over vital checks of a server's authenticity when establishing a connection. Apps affected by the flaw were left with no way to securely prove who they were talking to over the network.

It is a common practice for a computer program to just skip over something LOOKING like a 'glitch' and just go a head with an operation. With SSL, that is a stupid mistake.
The article shows a bit of code and adds:
Quote

Visiting gotofail.com, a reference to the above code *censored*-up, will test whether your web browser CORRECTLY rejects a malicious SSL certificate, rather than blindly trust the server is what it says it is.

Many are blaming Apple. But the implication is much greater. Here is a general article on what SSL is and why it matters.

Transport Layer Security SSL

Solve : Update your Mac NOW?

Discussion

No Comment Found

Related InterviewSolutions

Reply to Comment