Print

Please login or register.
1 Hour 1 Day 1 Week 1 Month Forever
Login with username, password and session length

[sheddyian]

[I'm not sure where to put this, it seems to be significant so perhaps needs prominent placement]

There seems to be quite a fuss this morning about a problem discovered in iOS and OS X that can allow secure web connections to be intercepted, and it appears this is actually happening.

The instruction is to update your iOS device ASAP, though there's a bit of controversy as to which versions are available for which devices.  There's a patch for iOS 6 devices as well as 7.

Also, there doesn't appear to be a patch for OS X just yet.

I am utterly clueless about Apple devices; I've never owned one, but I kept reading about it last night and this morning on social media and tech sites so thought I'd share it here for those more knowledgeable to digest.

There's a summary of the issue here http://grahamcluley.com/2014/02/critical-security-hole-ios-mac/

And there's a site that tests for the vulnerability here https://gotofail.com/  (You are advised to test that site with each browser that you use, especially Safari).

Ian

[roseway]

Like you, I'm clueless about Apple devices, but this is certainly worth taking seriously. Thanks for reporting it.

[Berrick]

Anyone with Apples, phones or computers not the eating kind, might want to read this and ensure their phones are upgraded.

Computers will be vulnerable until they release a fix.

More info here http://gizmodo.com/why-apples-huge-security-flaw-is-so-scary-1529041062

[burakkucat]

Isn't that exactly what sheddyian reported, yesterday? 

[kitz]

Isn't that exactly what sheddyian reported, yesterday? 

Cheers guys, I will attempt to merge them

[kitz]

Thank you guys, I'd been distracted with my own stuff, so hadn't seen this.

I guess I need to find out what to do on this, cause atm its my only connection to the interwebs

>>> YOUR BROWSER IS VULNERABLE, PATCH AS SOON AS POSSIBLE!   <<<<

Grrrrr that's just rounded my day off nicely.
 

[kitz]

So since I'd not had a notification on I my ipad, I just picked up my iPod and there's a notification that an update is due.   Still no notification for my ipad, but I see there is one I can perform when I just did a manual check.

Gona have to do this one blind, no pc, so no backup via iTunes.   
After the day I just had, dust know if I dare do this, but then again, I daren't not.

Wish me luck.   

[roseway]

Good luck.

[sevenlayermuddle]

Tempting fate maybe, but I'll await a more convincing explanation of the 'vulnerability' before I panic.   There's an awful lot of people deepy envious of Apple's track record, ready and willing to sieze any opportunity to scaremonger.   All I have really found so far is a code snippet with an extra 'goto fail' that would appear, on the face of it, to cause false failure, ie it would be defensive.

Trouble for me is I have a number of Apple devices that are deliberately running old versions of iOS as well as the Mac not running latest OS/X, as I need to develop and test Apps against these old iOS versions.   I'll resist panicking for now, but will be keeping a beady eye open for any signs of real credibility to the stories.....   

Feel free to persuade me if you know of any valid technical reason why I should panic, but I won't be swayed by random blogs on websites that I've no reason to trust.

[sevenlayermuddle]

PS, I just visited the link provided earlier that supposedly evaluates vulnerability, on an iPad running iOS 5.0.1.   Safe 

Still not sure what to make of the various claims that seem to indicate that my SSL be vulnerable to a compromised LAN or WiFi environment.   I regard that as low risk, as I rarely use my iOS devices other than my own network, I'm pretty fussy about who's allowed onto it, and malicious intrusions are in any case yielded less likely by the fact there are no neighours within 'earshot'.  In particular, it would present virtually no risk at all to OS/x on Mac Mini which never goes anywhere. 

But I repeat, please do bring me to my senses of I'm missing something...

[kitz]

It took just over an hour last night for my 3 apple devices to update.

The iPod went without a hitch, that's only on iOS 6. something though.   The ipad took ages, at first I kept getting an error message saying something like unavable to verify download, when it was trying to install.  It did eventually work ok though.   The download took aaaages, possibly because their server was busy?  I didn't have any way of checking what speed it came down at.  The actual update, once it was finally happy with the download took about 10mins.

Because it was taking so long, I thought I'd turn on the tv and look for something to watch.   Doh...  Up popped a notification saying the Aptv needed updating too.   This failed and then kept saying there was no internet connection..  And I also got several notifications that it couldn't find iTunes on the network, which it wouldn't 

Out of interest I just checked my bandwidth usage last night in Plusnets usage panel...  5.74GB!  I did stream one prog last night, but even if I allow a generous 1Gb which should more than cover my normal bandwidth bearing in mind I've no pc... That's one heck of a lot if bandwidth for anyone on a limited or capped account.

[Black Sheep]

Phew, just come across this helpful info. Thought I'd best follow the check link and voila …………

Safe.

We have examined your OS and browser version information and have determined you are not at risk without actually running the test. You may force the test to run anyway.

Thank you Sheddy for providing the info and test link. 

[kitz]

PS, I just visited the link provided earlier that supposedly evaluates vulnerability, on an iPad running iOS 5.0.1.   Safe 

I'm guessing that on iOS 5 you escaped, due to the "go to fail" having been introduced at a later date.  Anyone with an older os will likely be ok, although I suppose it depends what else has been patched in the meantime.

I don't know about the exact effects it could have, but particularly on mobile devices, it could be far more serious for those that use their mobile devices out and about on other networks, which is how they are designed to be used?  As you rightly say I wouldn't think it would be as much of an issue on Mac machines used only in the home environment.

I also suspect you are right that there will be those who will have jumped on this because apple have made a boob.

[kitz]

Phew, just come across this helpful info. Thought I'd best follow the check link and voila …………

Safe.

We have examined your OS and browser version information and have determined you are not at risk without actually running the test. You may force the test to run anyway.

Thank you Sheddy for providing the info and test link. 

Glad you're ok BS, I suspect that's from your pc....but I'd also check any iPads or iPhones you may have too.   

[Black Sheep]

As always boss, you're quite right it was from my PC which I thought would be ok. I've just sent the info to my other boss downstairs so she can check out her i-Pad and i-Phone.  My i-Phone is works owned, so won't be affected.

Cheers.