Friendly forums for passionate Dems!
More than 91 million posts since 2001
Home Latest Greatest Videos Forums Hide ads Join up!
Home Latest Greatest
Videos Forums Help
Hide ads Join up!
Latest Discussions»Issue Forums»Economy»Security flaw in Apple mo...
Welcome to DU! The truly grassroots left-of-center political community where regular people, not algorithms, drive the discussions and set the standards. Join the community: Create a free account Support DU (and get rid of ads!): Become a Star Member Latest Breaking News General Discussion The DU Lounge All Forums Issue Forums Culture Forums Alliance Forums Region Forums Support Forums Help & Search

Economy

Related: About this forum

unhappycamper

(60,364 posts) Sun Feb 23, 2014, 08:20 AM Feb 2014

Security flaw in Apple mobile software could allow hackers to beat encryption

http://www.rawstory.com/rs/2014/02/22/security-flaw-in-apple-mobile-software-could-allow-hackers-to-beat-encryption/



Security flaw in Apple mobile software could allow hackers to beat encryption
By Reuters
Saturday, February 22, 2014 8:21 EST

A major flaw in Apple Inc software for mobile devices could allow hackers to intercept email and other communications that are meant to be encrypted, the company said on Friday, and experts said Mac computers were even more exposed.

If attackers have access to a mobile user’s network, such as by sharing the same unsecured wireless service offered by a restaurant, they could see or alter exchanges between the user and protected sites such as Gmail and Facebook. Governments with access to telecom carrier data could do the same.

“It’s as bad as you could imagine, that’s all I can say,” said Johns Hopkins University cryptography professor Matthew Green.

Apple did not say when or how it learned about the flaw in the way iOS handles sessions in what are known as secure sockets layer or transport layer security, nor did it say whether the flaw was being exploited.


--

Welcome to the Windoze world.
InfoView thread info, including edit history TrashPut this thread in your Trash Can (My DU » Trash Can) BookmarkAdd this thread to your Bookmarks (My DU » Bookmarks) 4 replies, 1057 views
ShareGet links to this post and/or share on social media AlertAlert this post for a rule violation PowersThere are no powers you can use on this post EditCannot edit other people's posts ReplyReply to this post EditCannot edit other people's posts Rec (4) ReplyReply to this post
4 replies = new reply since forum marked as read
Highlight: NoneDon't highlight anything 5 newestHighlight 5 most recent replies
Security flaw in Apple mobile software could allow hackers to beat encryption (Original Post) unhappycamper Feb 2014 OP
They coding error has been tracked back to the same year that the NSA said in LiberalArkie Feb 2014 #1
Obscuring code is quite easy in most modern languages. nt bemildred Feb 2014 #2
For sure. It took coders a while to even see the error. LiberalArkie Feb 2014 #3
Tsk. Then they are not good at all at reading code. That is not obscure. bemildred Feb 2014 #4

LiberalArkie

(15,730 posts)
1. They coding error has been tracked back to the same year that the NSA said in
Reply to unhappycamper (Original post)
Sun Feb 23, 2014, 10:44 AM
Feb 2014

their slides is said to have "man-in'the-middle" access to Apple. Some of the tech sites believe that it was possible that a person working at Apple who took money from the NSA did it. The coding error was such that the compilers and error checking programs did not even catch it.

TopBack to the top of the page AlertAlert this post for a rule violation ShareGet links to this post PowersThere are no powers you can use on this post
  EditCannot edit other people's posts RecommendRecommend this post ReplyReply to this post

LiberalArkie

(15,730 posts)
3. For sure. It took coders a while to even see the error.
Reply to bemildred (Reply #2)
Sun Feb 23, 2014, 11:55 AM
Feb 2014
http://arstechnica.com/security/2014/02/extremely-critical-crypto-flaw-in-ios-may-also-affect-fully-patched-macs/


static OSStatus
SSLVerifySignedServerKeyExchange(SSLContext *ctx, bool isRsa, SSLBuffer signedParams,
                                 uint8_t *signature, UInt16 signatureLen)
{
    OSStatus        err;
    ...
 
    if ((err = SSLHashSHA1.update(&hashCtx, &serverRandom)) != 0)
        goto fail;
    if ((err = SSLHashSHA1.update(&hashCtx, &signedParams)) != 0)
        goto fail;
        goto fail;
    if ((err = SSLHashSHA1.final(&hashCtx, &hashOut)) != 0)
        goto fail;
    ...
 
fail:
    SSLFreeBuffer(&signedHashes);
    SSLFreeBuffer(&hashCtx);
    return err;
}
TopBack to the top of the page AlertAlert this post for a rule violation ShareGet links to this post PowersThere are no powers you can use on this post
  EditCannot edit other people's posts RecommendRecommend this post ReplyReply to this post

bemildred

(90,061 posts)
4. Tsk. Then they are not good at all at reading code. That is not obscure.
Reply to LiberalArkie (Reply #3)
Sun Feb 23, 2014, 12:42 PM
Feb 2014

But it's does look like the sort of editing error one might make in a hurry, or through fatigue.

TopBack to the top of the page AlertAlert this post for a rule violation ShareGet links to this post PowersThere are no powers you can use on this post
  EditCannot edit other people's posts RecommendRecommend this post ReplyReply to this post
Reply to this discussion
Latest Discussions»Issue Forums»Economy»Security flaw in Apple mo...
Home | Latest Discussions | Greatest Discussions | Latest Videos | All Forums

About | Copyright | Privacy | Terms of service | Contact

In Memoriam

© 2001 - 2024 Democratic Underground, LLC. Thank you for visiting.