Stories
Slash Boxes
Comments

SoylentNews is people

posted by girlwhowaspluggedout on Sunday March 02 2014, @12:01AM   Printer-friendly
from the one-bad-apple-spoils-the-whole-bunch dept.

Papas Fritas writes:

"Last October, Bruce Schneier speculated that the three characteristics of a good backdoor are a low chance of discovery, high deniability if discovered, and minimal conspiracy to implement. He now says that the critical iOS and OSX vulnerability that Apple patched last week meets these criteria, and could be an example of a deliberate change by a bad actor:

Look at the code. What caused the vulnerability is a single line of code: a second "goto fail;" statement. Since that statement isn't a conditional, it causes the whole procedure to terminate ... Was this done on purpose? I have no idea. But if I wanted to do something like this on purpose, this is exactly how I would do it.

He later added that 'if the Apple auditing system is any good, they will be able to trace this errant goto line to the specific login that made the change.'

Steve Bellovin, professor of Computer Science in Columbia University and Chief Technologist of the Federal Trade Commission, has another take on the vulnerability: 'It may have been an accident; If it was enemy action, it was fairly clumsy.'"

 
This discussion has been archived. No new comments can be posted.
Display Options Threshold/Breakthrough Mark All as Read Mark All as Unread
The Fine Print: The following comments are owned by whoever posted them. We are not responsible for them in any way.
  • (Score: 5, Interesting) by FatPhil on Sunday March 02 2014, @12:50AM

    by FatPhil (863) <pc-soylentNO@SPAMasdf.fi> on Sunday March 02 2014, @12:50AM (#9305) Homepage
    > It is very hard to see how this one could have been accidental.

    Let's pour some kerosene on that...

    http://daringfireball.net/2014/02/apple_prism
    """
    Jeffrey Grossman, on Twitter:
    > I have confirmed that the SSL vulnerability was introduced in iOS 6.0. It is not present in 5.1.1 and is in 6.0.
    iOS 6.0 shipped on 24 September 2012.

    According to slide 6 in the leaked PowerPoint deck on NSA&#226;&#8364;&#8482;s PRISM program, Apple was &#226;&#8364;&#339;added&#226;&#8364; in October 2012.

    These three facts prove nothing; it&#226;&#8364;&#8482;s purely circumstantial. But the shoe fits.
    """
    --
    Great minds discuss ideas; average minds discuss events; small minds discuss people; the smallest discuss themselves
    Starting Score:    1  point
    Moderation   +3  
       Interesting=2, Informative=1, Total=3
    Extra 'Interesting' Modifier   0  
    Karma-Bonus Modifier   +1  

    Total Score:   5