Monday, February 24, 2014

Why Apple's recent security flaw is so scary...

On Friday, Apple quietly released iOS 7.0.6, explaining in a brief release note that it fixed a bug in which "an attacker with a privileged network position may capture or modify data in sessions protected by SSL/TLS." That's the understated version. Another way to put it? Update your iPhone right now.

Oh, and by the way, OS X has the same issues—except there's no fix out yet.

If you understand what that release note meant in full, chances are you were first in line for the iOS update. If it reads like deleted scene from Sneakers, here's what it means for you and your Apple devices.

SSL stands for Secure Sockets Layer, and it's what helps ensure that communication between your browser and your favorite websites' servers remains private and secure. TLS, or Transport Layer Security, is a more recent protocol that does essentially the same. In brief, SSL/TLS is a cryptographic key that lets a browser and a server know they are who they say they are, a secret digital handshake that keeps your financial information safe when you make an Amazon payment or log into wellsfargo.com.

This all happens in the background; your only direct interaction with SSL/TLS is when you notice the lock icon in your search bar has clamped shut. That means you've got a direct, private, secure line. Full story...

Related posts:
  1. Are your smartphone apps selling you out?
  2. Researchers challenge Apple's claim of unbreakable iMessage encryption...
  3. The data hackers: mining your information for Big Brother ...
  4. You're smartphone isn't smart, it's a sneak...
  5. What secrets your phone is sharing about you...

No comments:

Post a Comment