ABXZone Computer  Forums



Reply
 
Thread Tools Display Modes
Old 02-23-2014, 04:06 PM   #1
zapionics<alt>
&lt;unknown level&gt;
 
zapionics<alt>'s Avatar
 
Join Date: Dec 2002
Location: AUSTRALIA
Posts: 6,104
IOS Security Flaw - leaves devices open

Apple rushed the release of iOS 7.0.6 on Friday with a patch for a shockingly overlooked SSL encryption issue that leaves iPhone, iPad and Mac computer users open to a man-in-the-middle (MITM) attack.

Story here

Aieee, i hate it when this happens. Apparently the problem has been there for months. Trying to update my phones and iPads this morning and i get a msg that I'm "not connected to the internet", when i actually am. I assume their servers are getting hit hard at the moment...

I notice theres a patch 7.05 sitting there as well which is something for Chinese users, which i didn't bother installing before. The patch we need is 7.06.

Theres something wrong with the programming compilers and models on systems when simple coding errors leave security holes as big as this. Why is it left up to the developer? Why cant security be part of the syntax?
__________________
***
To view links or images in signatures your post count must be 10 or greater. You currently have 0 posts.
Please note: any advertising within this post has been placed there by the site owner and NOT by me!
Why not avoid the ads by joining the 'Zone today? The site is mostly ad free for members!
***



"You Cannot Hide..."
(Offline)   Reply With Quote

Advertisement [Remove Advertisement]
Old 02-24-2014, 01:14 PM   #2
XJ.
Registered User
 
XJ.'s Avatar
 
Join Date: Apr 2002
Location: USA-NH
Posts: 8,429
Re: IOS Security Flaw - leaves devices open

Quote:
Originally Posted by zapionics<alt> View Post
Theres something wrong with the programming compilers and models on systems when simple coding errors leave security holes as big as this. Why is it left up to the developer? Why cant security be part of the syntax?
There is a long history of 'default allow' being the standard for permissions in computer OSes and APIs as well as things such as not checking to make sure input doesn't exceed the allocated buffer sizes, etc. There is a slow trend away from that stance, but it's not fast enough. Therefor, it falls to programmers, in large part, to make sure that their code is secure. Security can't easily be part of the syntax of a language, since most languages are meant to work across multiple OSes.

It's really up to the OS developers to make sure that exposed APIs do as much as possible to make developers conform to more stringent security requirement. One big impediment is legacy APIs (like DCOM) that cannot be fixed but cannot be removed because it would be expensive for some ISVs to rewrite their code. The 'golden handcuffs' of compatibility are not easy to escape.
__________________
Asus P6T V2 Deluxe Ci7 970 @ 4.0GHz w/HT, Corsair H100i, 2x240GB SanDisk Extreme RAID0, 1x WD VR 150GB,
MSI GTX 680 PE @ 1110MHz, 12GB G.Skill Ripjaws DDR3 1600, Corair 850HX, Corsair 800D case. Win10 Pro x64. Dell U2412M.

(Offline)   Reply With Quote
Old 02-24-2014, 04:39 PM   #3
zapionics<alt>
&lt;unknown level&gt;
 
zapionics<alt>'s Avatar
 
Join Date: Dec 2002
Location: AUSTRALIA
Posts: 6,104
Re: IOS Security Flaw - leaves devices open

Quote:
Originally Posted by XJ. View Post
It's really up to the OS developers to make sure that exposed APIs do as much as possible to make developers conform to more stringent security requirement.
Well they gotta move faster. "We're not in Kansas anymore"...

The burden has to shift off the developers shoulders and become part of the ecology of the system and be implemented in the syntax. Then the developers wont have to think about it.
Seriously, i lose patience with this. Everything is being done on the web now and all our personal info is out there as well as our financial identity edges sitting exposed on the front line.
Thousands of security consultants and firms making bundles of cash sticking band aid solutions on systems and big business increasing fees to cover the costs that we end up wearing.
Frequent failures of supposedly "secure" systems, ongoing international spying and identity theft and a daily stream of "security flaw patches".
Ridiculous.
__________________
***
To view links or images in signatures your post count must be 10 or greater. You currently have 0 posts.
Please note: any advertising within this post has been placed there by the site owner and NOT by me!
Why not avoid the ads by joining the 'Zone today? The site is mostly ad free for members!
***



"You Cannot Hide..."
(Offline)   Reply With Quote
Old 02-24-2014, 06:40 PM   #4
fvbounty
Registered User
 
fvbounty's Avatar
 
Join Date: Nov 2002
Location: Alameda Ca
Posts: 20,393
Re: IOS Security Flaw - leaves devices open

Did our Ipads yesterday....
__________________
Asus ROG RAMPAGE VI APEX, Intel I7 7820K Cooled by Noctua NH D15S, 32 Gigs Corsair Dominator Platinum CMD32GX4M4A2666C15, Asus GTX 980 TI Strix, Samsung 950 Pro 512 Gig NVMe SSD W10 PRO, Samsung 840 EVO 500 gig data, 1 TB WD Black data, Corsair 540 case with Corsair HXi750 PS, Dell UltraSharp U3415W 34" monitor, Ducky Shine 5 RGB Keyboard, Mionix Naos 7000 mouse, AudioEngine A5+ Speakers driven by Asus Xonar U7 MKII USB sound card, AKG 7XX Red Limited Edition Headphones ....and some other stuff!


To view links or images in signatures your post count must be 10 or greater. You currently have 0 posts.
(Offline)   Reply With Quote
Old 02-26-2014, 05:05 PM   #5
zapionics<alt>
&lt;unknown level&gt;
 
zapionics<alt>'s Avatar
 
Join Date: Dec 2002
Location: AUSTRALIA
Posts: 6,104
Re: IOS Security Flaw - leaves devices open

So, my iPhone has finally detected patch 7.06 and is now offering it instead of 7.05.
Unfortunately it requires a wi-fi connection, when i use 3/4G.
Anyone know why? From my perspective wi-fi is inherently less reliable than the cell network so its counter intuitive.
__________________
***
To view links or images in signatures your post count must be 10 or greater. You currently have 0 posts.
Please note: any advertising within this post has been placed there by the site owner and NOT by me!
Why not avoid the ads by joining the 'Zone today? The site is mostly ad free for members!
***



"You Cannot Hide..."
(Offline)   Reply With Quote
Old 02-26-2014, 05:51 PM   #6
fvbounty
Registered User
 
fvbounty's Avatar
 
Join Date: Nov 2002
Location: Alameda Ca
Posts: 20,393
Re: IOS Security Flaw - leaves devices open

Quote:
Originally Posted by zapionics<alt> View Post
So, my iPhone has finally detected patch 7.06 and is now offering it instead of 7.05.
Unfortunately it requires a wi-fi connection, when i use 3/4G.
Anyone know why? From my perspective wi-fi is inherently less reliable than the cell network so its counter intuitive.
Here in California my wifi is always solid, 4g is all over the place..lol
__________________
Asus ROG RAMPAGE VI APEX, Intel I7 7820K Cooled by Noctua NH D15S, 32 Gigs Corsair Dominator Platinum CMD32GX4M4A2666C15, Asus GTX 980 TI Strix, Samsung 950 Pro 512 Gig NVMe SSD W10 PRO, Samsung 840 EVO 500 gig data, 1 TB WD Black data, Corsair 540 case with Corsair HXi750 PS, Dell UltraSharp U3415W 34" monitor, Ducky Shine 5 RGB Keyboard, Mionix Naos 7000 mouse, AudioEngine A5+ Speakers driven by Asus Xonar U7 MKII USB sound card, AKG 7XX Red Limited Edition Headphones ....and some other stuff!


To view links or images in signatures your post count must be 10 or greater. You currently have 0 posts.
(Offline)   Reply With Quote
Reply


Thread Tools
Display Modes

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is On
HTML code is Off

Forum Jump



Powered by vBulletin® Copyright ©2000 - 2017, Jelsoft Enterprises Ltd.
vBulletin Skin developed by: vBStyles.com

© 2006 - 2016 ABXZone Forums | About ABX Zone Forums | Advertisers | Investors | Legal | A member of the Crowdgather Forum Community