General Discussion
Related: Editorials & Other Articles, Issue Forums, Alliance Forums, Region ForumsWas Apple security ‘flaw’ actually a NSA backdoor?
<snip>
Last week, Apple announced that it had discovered a majority security flaw in its OS operating system. The flaw, called Gotofail, allowed hackers or other actors including spies to access to theoretically secure data transmitted through wireless connections or along a shared network. Such data included that sent through SSL, a method employed by websites to protect credit card numbers and other personal information when establishing a connection between a customer and a merchants point of sale.
The flaw was a simple one, a mistake in a line of code. Just an if clause, nested deep within lines of code.
Over the weekend, coding experts examined the timeline of the NSAs penetration of Apples data and the date the flaw first emerged. They made a curious discovery: that the flaw appeared in Apples code just a month before the NSA internally reported success in hacking Apple. Fortunes Phillip Elmer-DeWitt reports:
* Sept. 24, 2012: iOS 6.0 is released
* Oct. 2012: Apple is added to the NSAs list of penetrated servers
* Dec. 1, 2012 to May 31, 2013: Apple receives 4,000 to 5,000 requests about 9,000 to
10,000 accounts and devices. (Per Apples Commitment to Customer Privacy.)
One coder, Dancing Fireballs John Gruber, got down to the nitty gritty. Taking great pains to note the evidence was circumstantial, he nevertheless drew attention to the following facts. 1) The flaw first emerged in iOS 6.0, 2) iOS 6.0 was released publicly on Sept. 24, 2012, and 3) Snowdens NSA slide has the agency tapping into Apples customers a month later.
<snip>
http://www.rawstory.com/rs/2014/02/24/speculation-emerges-apple-security-flaw-may-be-tied-to-nsa-spying/
randome
(34,845 posts)It's amazing how so few of the big companies really care about quality product. They just rush it out the door.
[hr][font color="blue"][center]If you don't give yourself the same benefit of a doubt you'd give anyone else, you're cheating someone.[/center][/font][hr]
GeorgeGist
(25,318 posts)why did it require a 16 mb fix?
nadinbrzezinski
(154,021 posts)Thank Mark Gruber for it by the way.
As to the flaw... I suspect it was not a flaw.