Apple's SSL encryption fail and iOS keylogging flaw juiced anxiety levels in an industry already reeling from security fatigue
It's hard not to be paranoid about technology these days, what with the constant onslaught of data theft, zero-day exploits, malware botnets, and run-of-the-mill security vulnerabilities.
Add into that mix the ongoing revelations about NSA snooping and the complicity of RSA and other tech vendors in its surveillance agenda, and it's no surprise that the latest cases of technical eavesdropping -- a major SSL vulnerability in iOS and OS X and an iOS flaw that allows malicious apps to record touchscreen presses -- brought a maelstrom of criticism and scrutiny down on Apple.
While Apple promptly issued an iOS patch for the gotofail SSL bug, which left users vulnerable to man-in-the-middle attacks that monitor and record everything that transpires on unsecured public networks, it was another four days before the company shored up defenses in OS X Mavericks. "How difficult is it to release [a fix] for OS X?" asked Andrew Storms, director of DevOps at security firm CloudPassage. "Shouldn't it have been out an hour later?"
Full Article
Be the first to reply!
Reply
Login to the community
No account yet? Create an account
Enter your E-mail address. We'll send you an e-mail with instructions to reset your password.