[Users] Import security update for Win32
Brian Morrison
bdm at fenrir.org.uk
Thu Mar 6 11:26:45 CET 2014
On Thu, 6 Mar 2014 08:18:37 +0100
Colin Leroy wrote:
> On 05 March 2014 at 17h10, Brian Morrison wrote:
>
> Hi,
>
> > > It resembles the recent SSL vulnerability found in Apple products,
> > > allowing to bypass certificate validation.
> >
> > My, the NSA and friends have been busy ;-)
>
> Yeah, Apple says it's a honest bug but in post-Snowden 2014 we're
> probably allowed to question that :)
>
Note that Snowden's revelations showed that iOS SSL traffic became
readable shortly after the release of the iOS 6, the first version with
the buggy certificate checking code. Whether or not there was any
collusion, it shows that the NSA and its friends are actively
monitoring for vulnerabilities.
--
Brian Morrison
More information about the Users
mailing list