New To Mac-Forums?

Welcome to our community! Join the discussion today by registering your FREE account. If you have any problems with the registration process, please contact us!

Get your questions answered by community gurus Advice and insight from world-class Apple enthusiasts Exclusive access to members-only contests, giveaways and deals

Join today!

 
Start a Discussion
 

Mac-Forums Brief

Subscribe to Mac-Forums Brief to receive special offers from Mac-Forums partners and sponsors

Join the conversation RSS
Security Awareness Discussion of all things related to the security of Apple devices.

"Apple mobile devices at risk......"


Post Reply New Thread Subscribe

 
Thread Tools
pendlewitch

 
Member Since: Sep 10, 2011
Location: Nelson,UK
Posts: 1,739
pendlewitch is a glorious beacon of lightpendlewitch is a glorious beacon of lightpendlewitch is a glorious beacon of lightpendlewitch is a glorious beacon of lightpendlewitch is a glorious beacon of lightpendlewitch is a glorious beacon of light
Mac Specs: iMac 27" Mid 2010, 3.2GHz Intel Core i3,4GB 1333 MHz DDR3, ATI Radeon HD5670 512MB, Mavericks 10.9.4

pendlewitch is offline
I came across this today. Not sure whether it's pertinent but FYI anyway.

Apple mobile devices at risk of hacking, firm says | Technology | theguardian.com

iMac 27-inch Mid 2010 (wow....that old...eeeks!), WD My Book 1TB Firewire,WD My Passport Air 500GB, Magic Mouse,Magic Trackpad,
iPhone 5C, iPod Nano 4GB 3rd Gen, ATV2.
MOTM October 2012. These days normally happy with an occasional grumble.
QUOTE Thanks
vansmith

 
vansmith's Avatar
 
Member Since: Oct 19, 2008
Location: Toronto
Posts: 17,882
vansmith has a reputation beyond reputevansmith has a reputation beyond reputevansmith has a reputation beyond reputevansmith has a reputation beyond reputevansmith has a reputation beyond reputevansmith has a reputation beyond reputevansmith has a reputation beyond reputevansmith has a reputation beyond reputevansmith has a reputation beyond reputevansmith has a reputation beyond reputevansmith has a reputation beyond repute
Mac Specs: 2012 13" MBP (2.5 i5, 8GB)

vansmith is online now
This is only a problem if it manifests itself in something that gets out and widespread before it's patched. Here's hoping Apple beats that person/group to the punch.

Important Links: Community Guidelines : Use the reputation system if you've been helped.
M-F Blog :: Write for the blog
Writing a Quality Post
QUOTE Thanks
pendlewitch

 
Member Since: Sep 10, 2011
Location: Nelson,UK
Posts: 1,739
pendlewitch is a glorious beacon of lightpendlewitch is a glorious beacon of lightpendlewitch is a glorious beacon of lightpendlewitch is a glorious beacon of lightpendlewitch is a glorious beacon of lightpendlewitch is a glorious beacon of light
Mac Specs: iMac 27" Mid 2010, 3.2GHz Intel Core i3,4GB 1333 MHz DDR3, ATI Radeon HD5670 512MB, Mavericks 10.9.4

pendlewitch is offline
Quote:
Originally Posted by vansmith View Post
Here's hoping Apple beats that person/group to the punch.
I just installed an update to iOS 7.0.6 which appeared to be a fix for SSL verification.

iMac 27-inch Mid 2010 (wow....that old...eeeks!), WD My Book 1TB Firewire,WD My Passport Air 500GB, Magic Mouse,Magic Trackpad,
iPhone 5C, iPod Nano 4GB 3rd Gen, ATV2.
MOTM October 2012. These days normally happy with an occasional grumble.
QUOTE Thanks
TattooedMac

 
TattooedMac's Avatar
 
Member Since: May 19, 2009
Location: Waiting for a mate . . .
Posts: 7,784
TattooedMac has a brilliant futureTattooedMac has a brilliant futureTattooedMac has a brilliant futureTattooedMac has a brilliant futureTattooedMac has a brilliant futureTattooedMac has a brilliant futureTattooedMac has a brilliant futureTattooedMac has a brilliant futureTattooedMac has a brilliant futureTattooedMac has a brilliant futureTattooedMac has a brilliant future
Mac Specs: 21" iMac 2.9Ghz 10.9.4 13"MBP 2.9Ghz i7 Yosemite 10.10 ~ iPhone5 iOS 8 ~ iPad Mini iOS 8 ~ ATV3 6.1

TattooedMac is offline
I have to find the article, but its said that it STILL a problem. SSL and public WIFi is dangerous Why iOS 7.0.6 Is A Way More Important Update Than You Think | Cult of Mac. Thats all you have to do, is NOT use Public WiFi and you will be ok. Thats why we have Data Plans for our phones. I never use Public WiFi anyways, so i know lim safe

CogFrog Studio's ~ Photography, Apps and Web Development
Dont forget to use the Reputation System if someone has helped you out !!!
Arguing with a zealot is only slightly easier than tunneling through a mountain with your forehead!!!!!
QUOTE Thanks
pendlewitch

 
Member Since: Sep 10, 2011
Location: Nelson,UK
Posts: 1,739
pendlewitch is a glorious beacon of lightpendlewitch is a glorious beacon of lightpendlewitch is a glorious beacon of lightpendlewitch is a glorious beacon of lightpendlewitch is a glorious beacon of lightpendlewitch is a glorious beacon of light
Mac Specs: iMac 27" Mid 2010, 3.2GHz Intel Core i3,4GB 1333 MHz DDR3, ATI Radeon HD5670 512MB, Mavericks 10.9.4

pendlewitch is offline
Quote:
Originally Posted by TattooedMac View Post
Thats why we have Data Plans for our phones. I never use Public WiFi anyways, so i know lim safe
Yes I agree there.

iMac 27-inch Mid 2010 (wow....that old...eeeks!), WD My Book 1TB Firewire,WD My Passport Air 500GB, Magic Mouse,Magic Trackpad,
iPhone 5C, iPod Nano 4GB 3rd Gen, ATV2.
MOTM October 2012. These days normally happy with an occasional grumble.
QUOTE Thanks
vansmith

 
vansmith's Avatar
 
Member Since: Oct 19, 2008
Location: Toronto
Posts: 17,882
vansmith has a reputation beyond reputevansmith has a reputation beyond reputevansmith has a reputation beyond reputevansmith has a reputation beyond reputevansmith has a reputation beyond reputevansmith has a reputation beyond reputevansmith has a reputation beyond reputevansmith has a reputation beyond reputevansmith has a reputation beyond reputevansmith has a reputation beyond reputevansmith has a reputation beyond repute
Mac Specs: 2012 13" MBP (2.5 i5, 8GB)

vansmith is online now
Quote:
Originally Posted by TattooedMac View Post
Thats all you have to do, is NOT use Public WiFi and you will be ok. Thats why we have Data Plans for our phones. I never use Public WiFi anyways, so i know lim safe
If it's an SSL issue, I don't think it matters how you connect - the data is still unsecured. The best way around this is do as the article suggests and use applications that don't use Apple's SSL functionality (until this is patched for OS X).

Important Links: Community Guidelines : Use the reputation system if you've been helped.
M-F Blog :: Write for the blog
Writing a Quality Post
QUOTE Thanks
McBie

 
McBie's Avatar
 
Member Since: Apr 26, 2008
Location: Belgium
Posts: 2,300
McBie is a name known to allMcBie is a name known to allMcBie is a name known to allMcBie is a name known to allMcBie is a name known to allMcBie is a name known to allMcBie is a name known to all
Mac Specs: 2013 MBA 13" - 10.9.5 & iPad - iOS 5.1

McBie is offline
With all due respect for Apple, but this is what I call serious neglect, and I choose my words careful.
This is not " just an issue", this is not just " stuff happens , we are sorry ", this is not just " no big deal ".
This is neglect, ..... deliberate ..... on purpose. This is not just " an accident ".
Having a cross platform vulnerability and willingly choosing not to close it immediately is beyond me.
Forestall had to leave for something with a lot less impact on Apple's user base.

OS X is more secure than other OS's ...... right ?

Do I need to say that I am upset, both professionally and as a user.

/END RANT

Cheers ... McBIe

A computer lets you make more mistakes faster than any invention in human history - with the possible exceptions of handguns and tequila.
The problem is not the problem. The problem is your attitude towards the problem. You understand ?
QUOTE Thanks
vansmith

 
vansmith's Avatar
 
Member Since: Oct 19, 2008
Location: Toronto
Posts: 17,882
vansmith has a reputation beyond reputevansmith has a reputation beyond reputevansmith has a reputation beyond reputevansmith has a reputation beyond reputevansmith has a reputation beyond reputevansmith has a reputation beyond reputevansmith has a reputation beyond reputevansmith has a reputation beyond reputevansmith has a reputation beyond reputevansmith has a reputation beyond reputevansmith has a reputation beyond repute
Mac Specs: 2012 13" MBP (2.5 i5, 8GB)

vansmith is online now
I think this line from the Ars article on this issue (source) speaks to what you're bothered with McBie:
Quote:
Apple rarely comments on matters involving security, particularly those involving vulnerabilities that remain unpatched.
It would seem that Apple has an issue with coming to terms with security issues. Taking their sweet time to fix certain things (at this point, it is "sweet time" as this fix should have been pushed out ages ago) and then refusing to comment on it is frustrating.

Important Links: Community Guidelines : Use the reputation system if you've been helped.
M-F Blog :: Write for the blog
Writing a Quality Post
QUOTE Thanks
nunee

 
Member Since: Jan 08, 2007
Posts: 28
nunee will become famous soon enough
Mac Specs: iPod 8GB Nano

nunee is offline
So an iPhone 4 user running iOS 6.1.x is stuck without going to iOS 7...? Is that the jist with this issue, it would seem? Keeping off public WiFi would be an option...and I am not in Sochi...so...

Thoughts are appreciated. And a 5s is not totally out of the question, but that brings in the whole v6 release question....

Thx.
QUOTE Thanks
vansmith

 
vansmith's Avatar
 
Member Since: Oct 19, 2008
Location: Toronto
Posts: 17,882
vansmith has a reputation beyond reputevansmith has a reputation beyond reputevansmith has a reputation beyond reputevansmith has a reputation beyond reputevansmith has a reputation beyond reputevansmith has a reputation beyond reputevansmith has a reputation beyond reputevansmith has a reputation beyond reputevansmith has a reputation beyond reputevansmith has a reputation beyond reputevansmith has a reputation beyond repute
Mac Specs: 2012 13" MBP (2.5 i5, 8GB)

vansmith is online now
Quote:
Originally Posted by nunee View Post
So an iPhone 4 user running iOS 6.1.x is stuck without going to iOS 7...?
No, iOS6 has been patched.

Quote:
Originally Posted by nunee View Post
Keeping off public WiFi would be an option...and I am not in Sochi...so...
This is an SSL issue and has nothing to do with WiFi - any data sent is susceptible to this issue. It also doesn't matter if you're on a public or private WiFi network or where you are.

Quote:
Originally Posted by nunee View Post
Thoughts are appreciated. And a 5s is not totally out of the question, but that brings in the whole v6 release question....
The answer is simple - does the 5s do what you want? If so, buy it. If not, don't. Playing the waiting game will get you nowhere since you'll be waiting forever.

Important Links: Community Guidelines : Use the reputation system if you've been helped.
M-F Blog :: Write for the blog
Writing a Quality Post
QUOTE Thanks
cwa107

 
cwa107's Avatar
 
Member Since: Dec 20, 2006
Location: Middletown, Pennsylvania
Posts: 26,510
cwa107 has a reputation beyond reputecwa107 has a reputation beyond reputecwa107 has a reputation beyond reputecwa107 has a reputation beyond reputecwa107 has a reputation beyond reputecwa107 has a reputation beyond reputecwa107 has a reputation beyond reputecwa107 has a reputation beyond reputecwa107 has a reputation beyond reputecwa107 has a reputation beyond reputecwa107 has a reputation beyond repute
Mac Specs: 15" MBP, Core i7/2GHz, 8GB RAM, 480GB Crucial M500 SSD

cwa107 is offline
Vansmith - am I correct in assuming that OS X users can workaround this by using a <cough>real<cough> browser like Firefox or Chrome?

Liquid and computers don't mix. It might seem simple, but we see an incredible amount of people post here about spills. Keep drinks and other liquids away from your expensive electronics!
QUOTE Thanks
McBie

 
McBie's Avatar
 
Member Since: Apr 26, 2008
Location: Belgium
Posts: 2,300
McBie is a name known to allMcBie is a name known to allMcBie is a name known to allMcBie is a name known to allMcBie is a name known to allMcBie is a name known to allMcBie is a name known to all
Mac Specs: 2013 MBA 13" - 10.9.5 & iPad - iOS 5.1

McBie is offline
Your assumption is correct as far as browser applications are concerned :-)
All the other apps. are still vulnerable.

Cheers ... McBie

A computer lets you make more mistakes faster than any invention in human history - with the possible exceptions of handguns and tequila.
The problem is not the problem. The problem is your attitude towards the problem. You understand ?
QUOTE Thanks
vansmith

 
vansmith's Avatar
 
Member Since: Oct 19, 2008
Location: Toronto
Posts: 17,882
vansmith has a reputation beyond reputevansmith has a reputation beyond reputevansmith has a reputation beyond reputevansmith has a reputation beyond reputevansmith has a reputation beyond reputevansmith has a reputation beyond reputevansmith has a reputation beyond reputevansmith has a reputation beyond reputevansmith has a reputation beyond reputevansmith has a reputation beyond reputevansmith has a reputation beyond repute
Mac Specs: 2012 13" MBP (2.5 i5, 8GB)

vansmith is online now
Quote:
Originally Posted by cwa107 View Post
Vansmith - am I correct in assuming that OS X users can workaround this by using a <cough>real<cough> browser like Firefox or Chrome?
From what I've read, this issue is specific to OS functionality so only that which is baked into the OS is affected. A test of this is at gotofail.com.

So yes, any browser but Safari.

Important Links: Community Guidelines : Use the reputation system if you've been helped.
M-F Blog :: Write for the blog
Writing a Quality Post
QUOTE Thanks
cwa107

 
cwa107's Avatar
 
Member Since: Dec 20, 2006
Location: Middletown, Pennsylvania
Posts: 26,510
cwa107 has a reputation beyond reputecwa107 has a reputation beyond reputecwa107 has a reputation beyond reputecwa107 has a reputation beyond reputecwa107 has a reputation beyond reputecwa107 has a reputation beyond reputecwa107 has a reputation beyond reputecwa107 has a reputation beyond reputecwa107 has a reputation beyond reputecwa107 has a reputation beyond reputecwa107 has a reputation beyond repute
Mac Specs: 15" MBP, Core i7/2GHz, 8GB RAM, 480GB Crucial M500 SSD

cwa107 is offline
Looks like 10.9.2 is out, with the fix in tow.

Liquid and computers don't mix. It might seem simple, but we see an incredible amount of people post here about spills. Keep drinks and other liquids away from your expensive electronics!
QUOTE Thanks
vansmith

 
vansmith's Avatar
 
Member Since: Oct 19, 2008
Location: Toronto
Posts: 17,882
vansmith has a reputation beyond reputevansmith has a reputation beyond reputevansmith has a reputation beyond reputevansmith has a reputation beyond reputevansmith has a reputation beyond reputevansmith has a reputation beyond reputevansmith has a reputation beyond reputevansmith has a reputation beyond reputevansmith has a reputation beyond reputevansmith has a reputation beyond reputevansmith has a reputation beyond repute
Mac Specs: 2012 13" MBP (2.5 i5, 8GB)

vansmith is online now
That was reasonably quick but this fix was one line - it should have been pushed out moments after discovery. There's no need to push this out as part of a larger update specifically.

Is it obvious that this issue really bothers me? This error was trivial (I saw a developer rip into Apple for this since decent QA should have caught this) but deeply destructive. Sure, nothing huge came of it but that's not the point (to preempt the "but nothing happened" argument).

I read an article earlier that made an interesting point. In it, someone interviewed mentioned how Microsoft is quick to admit fault and patch things while working with the community. While this makes their software looked comparatively flawed, it's actually not - MS is just much better at recognising that their software is flawed. And this brings me back to what I've been arguing forever which is quite simple: OS X is software like any other and is thus flawed, weak and prone to fault. I still think it's pretty secure but this culture/myth around OS X's impenetrability needs to stop.

Important Links: Community Guidelines : Use the reputation system if you've been helped.
M-F Blog :: Write for the blog
Writing a Quality Post
QUOTE Thanks

Post Reply New Thread Subscribe


« password protected | new mac threat I found the other day. »
Thread Tools

Currently Active Users Viewing This Thread: 1 (0 members and 1 guests)
 
Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts
BB code is On
Smilies are On
[IMG] code is On
HTML code is Off
Trackbacks are On
Pingbacks are On
Refbacks are Off
Forum Jump

Similar Threads
Thread
Thread Starter
Forum
Replies
Last Post
Mobile apps leaving the web behind in usage OneMoreThing... Apple Rumors and Reports 0 06-21-2011 06:01 AM

All times are GMT -4. The time now is 01:10 PM.

Powered by vBulletin
Copyright ©2000 - 2014, Jelsoft Enterprises Ltd.
X

Welcome to Mac-Forums.com

Create your username to jump into the discussion!

New members like you have made this community the ultimate source for your Mac since 2003!


(4 digit year)

Already a member?