Menu
Anna Kendrick is New Private Photo Leak

Anna Kendrick is New Victim in Private Photo Leak

GoPro Hero 4 records 4K Video at 30fps

GoPro Hero 4 records 4K Video at 30fps

Paulina Gretzky will be having a New Arrival soon

Paulina Gretzky and Dustin Johnson will be having a New Arrival soon

The Simpsons 26th Season Premiere was Over-Hyped

The Simpsons 26th Season Premiere was Over-Hyped

Cindy Crawford, Emily Blunt And Matt Damon Come To Clooney’s Wedding

Cindy Crawford, Emily Blunt And Matt Damon Come To Clooney’s Wedding

Apple's Deafening Silence On 'GoToFail' Security Flaw

Feb 24 2014, 2:06pm CST | by , in News

Apple's Deafening Silence On 'GoToFail' Security Flaw
 
 

YouTube Videos Comments

Full Story

Apple's Deafening Silence On 'GoToFail' Security Flaw

On Friday, Apple quietly issued an update for iPhones and iPads that fixed a big problem: encryption wouldn’t stop an attacker on the same network from intercepting sensitive information sent during banking sessions, email sessions or Facebook chats. Then the news got worse. Researchers realized the same problem applied to other iProducts, such as desktops and laptops. Beyond telling Reuters reporter Joseph Menn on Saturday that a fix is coming “very soon,” Apple has been silent on the issue, not even sending out a warning to its users about what they should and shouldn’t do while the vulnerability remains unfixed. Instead, it’s been left to journalists (such as my colleague Andy Greenberg) and outside security researchers (such as Ashkan Soltani and Adam Langley of Google) to explain what’s happening in blog posts as well as tweet advice out to alarmed Macheads lucky enough to be on Twitter to see it.

Runa Sandvik, a security technologist (and Forbes contributor) who is among those tweeting about Apple’s security problem, created a website “Has GoTo Fail Been Fixed Yet?” that pops up a simple “ No” with links to coverage users might want to read.

“I created the site to highlight the biggest issue here: that Apple dropped a [zero-day exploit] on users at 4pm on a Friday and has not yet made any statements about when OS X users can expect a patch,” says Sandvik. “When Apple disclosed the iOS bug, they did not mention how long the bug has been around for, how/when it was discovered or affected iOS versions. It was then independent security researchers who discovered that the same issue also affects OS X users.”

Security researchers are offering the practical advice to users that’s not coming from Apple itself.

“Stay away from unencrypted Wifi. Don’t use your own Wifi if you live in a crowded neighborhood and have a weak WPA password,” said cryptography expert Matthew Green, of Johns Hopkins, in an email. “Apple’s whole security posture is insane. They’ve been lucky so far, but if they keep it up with the secrecy they won’t stay lucky.”

“Concerned Mac OSX users should use Chrome or Firefox browser for their online activities and disable background services (like Mail.app or iCloud), especially when they’re using a network they don’t trust (e.g. at an Internet cafe),” writes Soltani. “And iPhone users should be sure to update their systems as soon as updates are available if you haven’t already.”

It’s extremely trouble that Apple is neither alerting users directly about the problem nor offering advice, either by email, on its website, or through social media channels. Apple doesn’t have an official Facebook or Twitter page to disseminate news or warnings via social channels. Its famously-closed culture is not well-suited to a security crisis, when users need to have information about how to protect themselves. Rather than employing its Rolodex of users’ contact information to alert users to help them avoid getting hacked or technically exploited, Apple is leaving users to seek out information on their own from outside experts, assuming users are even aware of the security flaw.

“I can’t blame Apple for the SSL bug, but their response has been pretty awful,” tweeted ACLU security technologist Chris Soghoian, who advised the lawmakers or federal agency types who inevitably look into this security mess to “focus on the lack of timely warning to impacted users, not the source of the flaw itself.”

Apple did not respond to requests for comment about the security flaw, or its lack of warning about the flaw to users.

A Brief History of Apple Hacking

Source: Forbes

 

Updates


Sponsored Update


Advertisement


More From the Web

Shopping Deals

 
 
 

<a href="/latest_stories/all/all/31" rel="author">Forbes</a>
Forbes is among the most trusted resources for the world's business and investment leaders, providing them the uncompromising commentary, concise analysis, relevant tools and real-time reporting they need to succeed at work, profit from investing and have fun with the rewards of winning.

 

 

Comments

blog comments powered by Disqus

Latest stories

Activision Expands To Nintendo Systems With Skylanders
Activision Expands To Nintendo Systems With Skylanders
GameStop will also allow more items to be traded into their stores.
 
 
Alex Winter Confirms &quot;Bill and Ted 3&quot; is Moving Forward
Alex Winter Confirms "Bill and Ted 3" is Moving Forward
Keanu Reeve and Winter will play 40-year-old grownups in the next installment.
 
 
Taylor Swift Gives The Reason She Carries Her Cat Olivia Around
Taylor Swift Gives The Reason She Carries Her Cat Olivia Around
The singer has been living in NYC lately.
 
 
Larenz Tate Sued by American Express for $58,000 In Debt
Larenz Tate Sued by American Express for $58,000 In Debt
The company was unable to receive a response from the actor.