Papas Fritas writes:
"Last October, Bruce Schneier speculated that the three characteristics of a good backdoor are a low chance of discovery, high deniability if discovered, and minimal conspiracy to implement. He now says that the critical iOS and OSX vulnerability that Apple patched last week meets these criteria, and could be an example of a deliberate change by a bad actor:
Look at the code. What caused the vulnerability is a single line of code: a second "goto fail;" statement. Since that statement isn't a conditional, it causes the whole procedure to terminate ... Was this done on purpose? I have no idea. But if I wanted to do something like this on purpose, this is exactly how I would do it.
He later added that 'if the Apple auditing system is any good, they will be able to trace this errant goto line to the specific login that made the change.'
Steve Bellovin, professor of Computer Science in Columbia University and Chief Technologist of the Federal Trade Commission, has another take on the vulnerability: 'It may have been an accident; If it was enemy action, it was fairly clumsy.'"
(Score: 0, Offtopic) by MichaelDavidCrawford on Sunday March 02 2014, @02:47AM
She and I are actually down with Apple not supporting her box anymore.
However she takes very good care of it, uses it only to do some light email and web browsing. I expect her iMac to last another ten years.
Ditto for Aunt Peggy's G3 iBook. Aunt Peggy doesn't have the first clue that she's vulnerable; her iBook transmits eMail to and from my Mom, myself my sister and our Cousin Glenn just fine.
For either of them to obtain a patch for this SSL Exploit, they would have to spend a minimum of a thousand bucks apiece just to obtain a one-line fix.
Off-Topic but I will say it anyway:
As a former Apple System Software Engineer, I am privy to the knowledge that somewhere within the Classic Mac OS System software was, quite possibly still is in Mac OS the following line of code:
procedure GetDown( AndBoogie: OneMoreTime )
Yes I Have No Bananas. [gofundme.com]
(Score: 3, Interesting) by useless on Sunday March 02 2014, @03:18AM
They don't need an update/patch. OSX stopped supporting PPC long before this bug was introduced. There, saved your family over two grand!
(Score: 1) by Indigo on Sunday March 02 2014, @10:42PM
As a former Macintosh developer (way back - circa 1988-1992), that absolutely makes my day. Would love to hear any details about it you may recall.
(Score: 1) by MichaelDavidCrawford on Monday March 03 2014, @01:23PM
but not on my Mom's dialup. I'll post a link to google groups after I go to starbucks for my morning coffee.
Yes I Have No Bananas. [gofundme.com]