SoylentNews is people
SoylentNews
from the one-bad-apple-spoils-the-whole-bunch dept.
Papas Fritas writes:
"Last October, Bruce Schneier speculated that the three characteristics of a good backdoor are a low chance of discovery, high deniability if discovered, and minimal conspiracy to implement. He now says that the critical iOS and OSX vulnerability that Apple patched last week meets these criteria, and could be an example of a deliberate change by a bad actor:
Look at the code. What caused the vulnerability is a single line of code: a second "goto fail;" statement. Since that statement isn't a conditional, it causes the whole procedure to terminate ... Was this done on purpose? I have no idea. But if I wanted to do something like this on purpose, this is exactly how I would do it.
He later added that 'if the Apple auditing system is any good, they will be able to trace this errant goto line to the specific login that made the change.'
Steve Bellovin, professor of Computer Science in Columbia University and Chief Technologist of the Federal Trade Commission, has another take on the vulnerability: 'It may have been an accident; If it was enemy action, it was fairly clumsy.'"
(Score: 4, Insightful) by jt on Sunday March 02 2014, @12:07AM
Tracing it back to the single login associated with the change doesn't necessarily identify who was really responsible. If I were a three letter agency and wanted to introduce a weakness, surely I would 'borrow' the credentials of someone who either did not know, or who could be bribed/coerced into doing this?
It's bad news either way. Either it's been introduced deliberately, by goodness knows who, or it's an honest error which somehow managed to evade the review process. Come on, it's a duplicate line, and it stands out immediately when you skim through the code.
(Score: 4, Interesting) by frojack on Sunday March 02 2014, @12:45AM
But a three letter agency might have been able to disguise it a little better, don't you think? (Unless they were going for deniability rather than long-term endurance).
If every other browser on every other system barfs on a bad cert, you have to ask why a three letter agency would want to compromise only APPLE products.
It may stand out immediately when you skim that tiny section of code, but when you skim a mountain of code you could easily miss this.
You really need to see the change patch that was put in. If that entire section was put in as one change, I'd suspect clear intent.
On the other hand if the second IF statement went in to replace one that was already there it would pretty easy to be off-by-one line number on the patch, leaving the second goto as a remnant.
No, you are mistaken. I've always had this sig.
(Score: 5, Insightful) by WildWombat on Sunday March 02 2014, @02:15AM
I don't have any clue whether or not that line was put there purposely or not but according to Jacob Appelbaum [youtube.com] in a talk he gave at 30c3 the NSA has been able to own any Apple machine they want for a long time now. I think it is probable that even if the NSA didn't plant that line there that they were aware of it.
--"But a three letter agency might have been able to disguise it a little better, don't you think? (Unless they were going for deniability rather than long-term endurance)."
Maybe, or maybe it was but the most obvious of many backdoors they have. Its impossible to know, since instead of protecting the American public like they're supposed to and fixing these types of flaws, they hoard them in order to use them and leave all of us vulnerable.
Cheers,
-WW
(Score: 4, Insightful) by mojo chan on Sunday March 02 2014, @11:25AM
It looks like a merging error, where someone wanted to merge their new code with someone else's changes and bungled it. The NSA/GCHQ must love bugs like this: highly deniable but also apparently easy to miss for years. As for why it only targets Apple products it's probably just a case of they had the opportunity and took it.
const int one = 65536; (Silvermoon, Texture.cs)
(Score: 5, Interesting) by MichaelDavidCrawford on Sunday March 02 2014, @04:02AM
In 1995 and 1996, I was a "Debug Meister" on "The Team Formerly Known As The Blue Meanies" - quality zealots who all used to wear bright blue t-shirts during the development of Mac OS System 7 in the late eighties. We were properly known as "Traditional Operating System Integration". Usually we called ourselves "TradOS".
There was also a "Modern OS Integration" team. I was offered an internal transfer to it, but I had the vague sense that Copland would never ship. :-/
Every single one of us had commit privileges to just about all of Apple's source code. I myself kept around the source to the MacsBug machine debugger. It could dissamble both 68k and PowerPC binaries, and had this really cool ability to dissasemble backwards, that is, a few instructions before a breakpoint. MacsBug did not always get it right but it usually did.
From time to time I'd roll myself a custom feature into MacsBug, to use while isolating some random bug in a new build of either 7.5.2 or 7.5.3. 7.5.2 supported the first PCI bus PowerPC macs - the 7500, 8500 and 9500. 7.5.3 was for the "Speed Bumps", the 7600, 8600 and 9600.
It would not have been hard at all to have observed my colleague going to lunch, then to have stepped into his office then to have made that one-line SSL hack.
There is quite a famous story about how greg robbins, one of the authors of the PowerPC graphing calculator, managed to keep working for a year at apple, despite no longer being a contract programmer there, and no longer getting paid.
It was only when some Apple security guard managed to figure out that greg didn't have card key that he got caught out.
"You're not on the payroll?" asked the guard incredulously.
"No, but there's a lot of work left to do to support the PCI macs."
Greg was one of my fellow debug meisters.
It turns out that the QA lab where he worked - as a contract programmer, he did not have a private office - was right next to my own office.
I'm not dead certain but I have reason to believe that for much of the year that he provide free labor to The Cupertino Fruit Company, quite often I was the one to use my card key to let him into the lab so he could start his workday.
Yes I Have No Bananas. [gofundme.com]