Author |
|
24-Feb-2014 10:26:48 AM
|
Note that for OS X on the desktop the problem only appears in the latest version (Mavericks 10.9.x), and only for Safari.
|
24-Feb-2014 4:28:33 PM
|
On 24/02/2014 ajfclark wrote:
>Turns out that if you're on an (unpatched) Apple device SSL is massively
>broken anyway: https://gotofail.com/
>
>Whoops.
Is the inference that we don't need to worry about security because even the top people (like Apple) stuff up and therefore there is nothing we can do about it?
The apple mistake is a bit harder for someone to exploit as opposed to simply sniffing traffic of non https connections on a wifi network.
|
25-Feb-2014 9:52:47 AM
|
It was more that I thought people should really patch their devices and this seemed a relevant place to let them know.
That and I like to hang shit on Apple.
|
25-Feb-2014 9:58:16 AM
|
Apple is def gettin murkier and stranger.
|
5-Mar-2014 9:43:23 AM
|
And now to be fair I get to hang shit on Linux and everyone using gnutls: http://arstechnica.com/security/2014/03/critical-crypto-bug-leaves-linux-hundreds-of-apps-open-to-eavesdropping/
Looking at the code affected, it's remarkably similar to the Apple bug: https://www.gitorious.org/gnutls/gnutls/commit/6aa26f78150ccbdf0aec1878a41c17c41d358a3b
Starts to make you wonder if it's all an accident.
|
5-Mar-2014 10:16:30 AM
|
On 5/03/2014 ajfclark wrote:
>And now to be fair I get to hang shit on Linux and everyone using gnutls:
>http://arstechnica.com/security/2014/03/critical-crypto-bug-leaves-linux-hundreds-of-apps-
>pen-to-eavesdropping/
>
>Looking at the code affected, it's remarkably similar to the Apple bug:
>https://www.gitorious.org/gnutls/gnutls/commit/6aa26f78150ccbdf0aec1878a41c17c41d358a3b
>
>Starts to make you wonder if it's all an accident.
Starts to make you wonder how much plagiarising of code goes on out there.
Was really funny looking at those goto statements in the C code - just like we used to do in COBOL.
|
5-Mar-2014 10:31:45 AM
|
Did you read the code involved in the Apple bug? I've never really liked unbound blocks in my code...
|
5-Mar-2014 10:32:10 AM
|
On 5/03/2014 kieranl wrote:
>On 5/03/2014 ajfclark wrote:
>>And now to be fair I get to hang shit on Linux and everyone using gnutls:
>>http://arstechnica.com/security/2014/03/critical-crypto-bug-leaves-linux-hundreds-of-app
>-
>>pen-to-eavesdropping/
>>
>>Looking at the code affected, it's remarkably similar to the Apple bug:
>>https://www.gitorious.org/gnutls/gnutls/commit/6aa26f78150ccbdf0aec1878a41c17c41d358a3b
>>
>>Starts to make you wonder if it's all an accident.
>Starts to make you wonder how much plagiarising of code goes on out there.
>Was really funny looking at those goto statements in the C code - just
>like we used to do in COBOL.
Starts to make you wonder how many climbers are also IT nerds who needed an outlet?
|
5-Mar-2014 10:38:20 AM
|
Should we just change the thread title to "OT - Climbers that code"?
|
5-Mar-2014 10:41:33 AM
|
On 5/03/2014 martym wrote:
>On 5/03/2014 kieranl wrote:
>>On 5/03/2014 ajfclark wrote:
>>>And now to be fair I get to hang shit on Linux and everyone using gnutls:
>>>http://arstechnica.com/security/2014/03/critical-crypto-bug-leaves-linux-hundreds-of-ap
>
>>-
>>>pen-to-eavesdropping/
>>>
>>>Looking at the code affected, it's remarkably similar to the Apple bug:
>>>https://www.gitorious.org/gnutls/gnutls/commit/6aa26f78150ccbdf0aec1878a41c17c41d358a3b
>>>>
>>>Starts to make you wonder if it's all an accident.
>>Starts to make you wonder how much plagiarising of code goes on out there.
>>Was really funny looking at those goto statements in the C code - just
>>like we used to do in COBOL.
>
>Starts to make you wonder how many climbers are also IT nerds who needed
>an outlet?
I was a climber long before I encountered my first punched card :)
|
5-Mar-2014 10:56:03 AM
|
On 5/03/2014 kieranl wrote:
>On 5/03/2014 martym wrote:
>>On 5/03/2014 kieranl wrote:
>>>On 5/03/2014 ajfclark wrote:
>>>>And now to be fair I get to hang shit on Linux and everyone using gnutls:
>>>>http://arstechnica.com/security/2014/03/critical-crypto-bug-leaves-linux-hundreds-of-a
>
>>
>>>-
>>>>pen-to-eavesdropping/
>>>>
>>>>Looking at the code affected, it's remarkably similar to the Apple
>bug:
>>>>https://www.gitorious.org/gnutls/gnutls/commit/6aa26f78150ccbdf0aec1878a41c17c41d358a3
>
>>>>>
>>>>Starts to make you wonder if it's all an accident.
>>>Starts to make you wonder how much plagiarising of code goes on out
>there.
>>>Was really funny looking at those goto statements in the C code - just
>>>like we used to do in COBOL.
>>
>>Starts to make you wonder how many climbers are also IT nerds who needed
>>an outlet?
>I was a climber long before I encountered my first punched card :)
Are you perhaps suggesting the relationship is reversed: those who enjoy solving problems in high risk, dramatic natural environments are prone to find beauty in numbers and computer languages?
|
5-Mar-2014 11:12:04 AM
|
On 5/03/2014 martym wrote:
>Are you perhaps suggesting the relationship is reversed: those who enjoy
>solving problems in high risk, dramatic natural environments are prone
>to find beauty in numbers and computer languages?
I am more inclined to the view that buying climbing gear and travelling overseas is easier if you have a well-paid, portable job.
|
5-Mar-2014 7:24:59 PM
|
On 5/03/2014 kieranl wrote:
>I am more inclined to the view that buying climbing gear and travelling
>overseas is easier if you have a well-paid, portable job.
Amen bro!
|