Better stay away from hot spots if you use Apple products. Even you can be abused like a Windows or Android user:

http://www.huffingtonpost.com/2014/02/24/apple-security_n_4847109.html

Thanks for the info.

Just proves that nothing is invulnerable and everything will eventually fall prey to hackers.

Better stay away from hot spots if you use Apple products. Even you can be abused like a Windows or Android user:

http://www.huffingtonpost.com/2014/02/24/apple-security_n_4847109.html

DOOM! If you're using Chrome or Firefox, it probably wasn't an issue. Safari, well, maybe doom. Apple put out a patch for mobile devices running iOS, but still has not released a fix for Macs running OS X. So, maybe doom for them.

More here: http://securitywatch.pcmag.com/apple/320936-apple-fixes-fundamental-ssl-bug-in-ios-7

Other than that, have a nice day.

Thanks for posting.

Nothing is 100% safe. I have an android phone and an iPad, not on purpose, but maybe there's wisdom in not putting all your connectivity eggs in one company's basket..

How to avoid:
1 - if you use an iPhone/iPad - do the software update.
2 - if you're on an Apple computer - don't use Safari or Mail for anything you wouldn't want someone to intercept until Apple has a fix.

FYI I don't work for Apple, but I am in the IT world.

Thank the NSA...

Thank the NSA...

For preventing..........................

People use Safari on Macs ?, who'd a thunk it.

Acrobat Reader and Java, now there are a couple fine identity theft tools.

Maybe I should switch back to the Vax ?

you can navigate to https://www.imperialviolet.org:1266

If you don't see a website or if you DO get the 'broken link' icon, you're safe.

My IOS6 iphone updated last nite.

Latest version is 6.1.6

Mike in AR:beer:

Good write-up at Ars Technica (http://arstechnica.com/security/2014/02/extremely-critical-crypto-flaw-in-ios-may-also-affect-fully-patched-macs/)

"Independent security researcher Ashkan Soltani has confirmed that Safari and Mail.app, the default browser and e-mail client in OS X, suffer from the verification error in version 10.9.1"
"The bug, according to this analysis by encryption expert and security engineer Adam Langley, is the result of a single line of misplaced code that instructs apps to skip the verification check of the ephemeral key."
"Langley has set up this test page (https://www.imperialviolet.org:1266/), which is signed with a key that doesn't match the underlying TLS certificate. Apps that are able to access the text without generating an error are presumed vulnerable."

Nice one Tony.

thanks for sharing with us. :bike:

10.9.2 now available

...and change your passwords.

If you are worried about the NSA vis a vis your phone:

http://www.trustedreviews.com/blackphone_Mobile-Phone_review

This was not a good case at all to argue someone shouldn't be using Apple products. It was pretty much a textbook case of the right way to handle something like this.

Less than a week and they patched everything that was vulnerable, including pretty much every iPhone that is 5 years old or less.

You are not going to see nearly that kind of security response on most of the competing platforms. Google will patch android pretty aggressively, but the patches take a very long time to actually reach phones in the field, and a lot of the time they never get applied.

no one inside the IT industry (far as i can tell) is decrying Apple's handling of this. i'm sure there are many as-yet-undiscovered vulnerabilities in every OS; it's all a matter of how quickly and easily it's resolved. in most cases w/Apple being a pretty closed system, it's a simple patch/update push.