NNSquad - Network Neutrality Squad
[ NNSquad ] Apple's 'Gotofail' Security Mess Extends To Mail, Twitter, iMessage, Facetime And More
Apple's 'Gotofail' Security Mess Extends To Mail, Twitter, iMessage,
Facetime And More
http://j.mp/1hITWaQ (Forbes)
First, Apple revealed a critical bug in its implementation of
encryption in iOS, requiring an emergency patch. Then researchers
found the same bug is also included in Apple's desktop OSX operating
system, a gaping Web security hole that leaves users of Safari at risk
of having their traffic hijacked. Now one researcher has found
evidence that the bug extends beyond Apple's browser to other
applications including Mail, Twitter, Facetime, iMessage and even
Apple's software update mechanism. On Sunday, privacy researcher
Ashkan Soltani posted a list of OSX applications on Twitter that he
says he's determined use Apple's "secure transport" framework, the
coding library that developers depend on to build programs that
securely communicate online using the common encryption protocols TLS
and SSL. The full list, which isn't comprehensive given that Soltani
only analyzed the programs on his own PC, is shown below. (Soltani has
underlined the vulnerable application names in red.)
- - -
--Lauren--
Lauren Weinstein (lauren@vortex.com): http://www.vortex.com/lauren
Co-Founder: People For Internet Responsibility: http://www.pfir.org/pfir-info
Founder:
- Network Neutrality Squad: http://www.nnsquad.org
- PRIVACY Forum: http://www.vortex.com/privacy-info
Member: ACM Committee on Computers and Public Policy
Lauren's Blog: http://lauren.vortex.com
Google+: http://google.com/+LaurenWeinstein
Twitter: http://twitter.com/laurenweinstein
Tel: +1 (818) 225-2800 / Skype: vortex.com
_______________________________________________
nnsquad mailing list
http://lists.nnsquad.org/mailman/listinfo/nnsquad