jur kuipers
Las eerst dit artikel op Fortune:
Apple’s security bug: Five NSA conspiracy theories
On the Timing of iOS’s SSL Vulnerability and Apple’s ‘Addition’ to the NSA’s PRISM Program
I see five levels of paranoia:
- Nothing. The NSA was not aware of this vulnerability.
- The NSA knew about it, but never exploited it.
- The NSA knew about it, and exploited it.
- NSA itself planted it surreptitiously.
- Apple, complicit with the NSA, added it.
Me, I’ll go as far as #3.1 In fact, I think that’s actually the optimistic scenario — because we know from the PRISM slides that the NSA claims some ability to do what this vulnerability would allow.
So if this bug, now closed,2 is not what the NSA was exploiting, it means there might exist some other vulnerability that remains open.
Vervolgens las ik dit artikel van Dennis Fisher (journalist die zich bezighoudt met informatiebeveiliging): APPLE SSL VULNERABILITY AFFECTS OSX TOO
Open achterdeur in OS X 10.9.1…
Some users are reporting that Apple is rolling out a patch for his vulnerability in OS X, but it has not shown up for all users as yet. Langley has published a test site that will show OS X users whether their machines are vulnerable.
If you can see this message then you are probably affected by CVE-2014-1266! See https://www.imperialviolet.org/2014/02/22/applebug.html for details and http://support.apple.com/kb/HT6147 for the iOS patch.
Ook leuk: Britse ziekenhuizen verkochten dossiers van 47 miljoen patiënten aan verzekeraars
(zodat ze hun premie konden vaststellen…)
PS
Zie ook mijn blog: Het is maar “Metadata”
Uitgelichte foto: Ernst Haas – bron