Export thread

A critical iOS vulnerability that Apple patched on Friday gives attackers an easy way to surreptitiously circumvent the most widely used technology for preventing eavesdropping on the Internet. That made the security bug about as dire as one can be. Now, there's strong evidence that the same flaw also exposes sensitive e-mail and Web communications on fully patched versions of OS X, with no indication that there is a patch currently available for the millions of people who use the Mac operating system

More here

Of course it has a critical flaw---it was made by Apple

Saw that message, now I know why the fixes 7.0.6 was soooo important that it wasn't delayed until 7.1's release.

I will say that I tested it on quite a number of Macs (to see if the OS X thing had any truth to it) and haven't been able to reproduce it yet on a desktop/portable, though I am not sure if this is due to protections further up the line or whether it's just not an issue for desktops. Trying to connect to the test page from a fully-patched desktop gives me the following error message:
--Patrick

Terrik said:

Of course it has a critical flaw---it was made by Apple

Click to expand...

Dammit, you beat me to the joke.

PatrThom said:

haven't been able to reproduce it yet on a desktop/portable

Click to expand...

UPDATE: My mistake. On Macs which are fully patched, I can reproduce it. On Macs which are not fully patched, I cannot.
No idea at exactly which point the regression occurred, though.

--Patrick

So... do I need to dust off my G3 iBook and do a system update, or...?

jwhouk said:

So... do I need to dust off my G3 iBook and do a system update, or...?

Click to expand...

Unlikely. Your iBook can't possibly go any higher than 10.4.11, which is not affected by this bug.
Also, most of the Internet requires at least 10.6 these days, so you couldn't get yourself into too much trouble anyway.

--Patrick

Yep. 10.4.11 is my OS at the moment.

God. 1.07 GHZ PowerPC G4, and 1.25 GB of RAM... and 27.82 GB of memory.

And that thing used to be my daily driver at one point!

jwhouk said:

Yep. 10.4.11 is my OS at the moment.
God. 1.07 GHZ PowerPC G4, and 1.25 GB of RAM... and 27.82 GB of memory.

Click to expand...

Well, then it's not an iBook G3, is it?
With a 1.0GHz processor and 30GB HDD, you probably have this 12in model, which can actually run up to Mac OS 10.5.8 ("Leopard"), though doing so would force you to give up your "Classic" mode for your older OS9 programs and probably require 15GB (i.e., half) disk space just for the OS.

You would gain Time Machine, though, which could potentially be worth it for that alone.

FWIW, my only laptop is a Titanium Powerbook G4, so I'm right there with you.

--Patrick

Aaaaaaand I just got the notification for iOS 6.1.6 on my iPod Touch.[DOUBLEPOST=1393223235,1393223187][/DOUBLEPOST]

PatrThom said:

Well, then it's not an iBook G3, is it?
With a 1.0GHz processor and 30GB HDD, you probably have this 12in model, which can actually run up to Mac OS 10.5.8 ("Leopard"), though doing so would force you to give up your "Classic" mode for your older OS9 programs and probably require 15GB (i.e., half) disk space just for the OS.

You would gain Time Machine, though, which could potentially be worth it for that alone.

FWIW, my only laptop is a Titanium Powerbook G4, so I'm right there with you.

--Patrick

Click to expand...

I have about a gig or so of free space on it, so that's a no. And I don't think Apple is selling any copies of Leopard that I could install on it, anyways.

jwhouk said:

I don't think Apple is selling any copies of Leopard that I could install on it, anyways.

Click to expand...

I think they still sell it, but they would charge you $129 for it. Used copies are much cheaper. Also, getting at the hard drive on that model is quite an inconvenience, so dropping a bigger one in there isn't something you just pop it open and do.

--Patrick

Yeah. I use an external drive to save a lot of my documents that I've had over the years.

The iOS bug was one goto fail in thousands of lines of code. As someone who writes code for a living let me tell you that's a hard find and a lucky one.

fade said:

The iOS bug was one goto fail in thousands of lines of code. As someone who writes code for a living let me tell you that's a hard find and a lucky one.

Click to expand...

Easy mistake to make, easy mistake to miss. It happens to every company at some point. However, the various forms of confirmation bias will continue unabated.

--Patrick

FYI the recent 10.9.2 update (or its 10.8/10.7 equivalents) have addressed this SSL issue (CVE-2014-1266) for the builds where it was present (presumably just the 10.9.x versions).

--Patrick

Thanks for the update, Patrick. My neighbors and I were just talking about whether the updates they just did fixed the issue or not.

Welp, looks like this sort of thing wasn't confined to just Apple.

--Patrick

Oh, it's on, now.

--Patrick

Yep. I hope apple succeeds.

stienman said:

Yep. I hope apple succeeds.

Click to expand...

I would be exceptionally disappointed in Society if they* don't.

--Patrick
*it's not just Apple, after all.

So kinda back to the above encryption thing...now that iOS has finally started supporting RCS messaging, the whole green bubble v. blue bubble is less of a thing, right? Well...yeah, about that:
Now I know the headline is a little scary, but that's how Forbes gets clicks, so the tl:dr; here is that it is still perfectly safe for Apple people to text other Apple people (blue-to-blue) and Android people to text other Android people (green-to-green), the unsafe part is when you try to mix the two (blue-to-green) or have some other system (e.g., Google<->Samsung). Turns out the RCS messaging standard does NOT support end-to-end encryption when texting between different platforms, although they say it is coming. Someday.
In the meanwhile, if you want to ensure E2EE for your communications, make sure both of you are either using the identical platform, or else are using some kind of third-party messaging platform that supports E2EE such as WhatsApp, Signal, etc.

--Patrick