Apple releases OS X 10.9.2 with fix for SSL security flaw, plus new FaceTime Audio

1468910

Comments

  • Reply 101 of 196
    lkrupplkrupp Posts: 10,557member
    Quote:

    Originally Posted by smalM View Post

     

    Obviously Apple doesn't take OS X seriously anymore.

    To wait several days for the 10.9.2 release to fix a severe bug like this - I'm gobsmacked how non-professional Apple's behaviour in this case is.


     

    So are you going to get rid of all your Apple gear and go with a truly secure operating system? I mean who would want to stick with a company as ‘non-professional’ as Apple. All this indignation but are you going to DO something about it? Just pontificating, blathering, whining, what?

     0Likes 0Dislikes 0Informatives
  • Reply 102 of 196
    solipsismxsolipsismx Posts: 19,566member
    malax wrote: »
    Huh.  Let me try again then.  It's possible that I misunderstanding the vulnerability (which is why I asked for clarification of your assertions in the first place).

    I thought the bug only allowed sites to impersonate other secured sites.  Is it really that case that nothing that was sent via Safari to a secure site was actually encrypted at all?

    Any packets you thought you were sending via Apple's SSL is potentially readable. This is why people made a comment about not using public WiFi but they weren't considering the start to finish with all the servers and routers between you and the end server to which you thought you were making a secure connection.

    Impersonating a secured site is irrelevant as phishing scams (which this is not) is about impersonating a site in general. In fact, a phishing site could still use SSL that was truly encrypted but you're willfully giving them your data.
     0Likes 0Dislikes 0Informatives
  • Reply 103 of 196
    solipsismxsolipsismx Posts: 19,566member
    smalm wrote: »
    Obviously Apple doesn't take OS X seriously anymore.
    To wait several days for the 10.9.2 release to fix a severe bug like this - I'm gobsmacked how non-professional Apple's behaviour in this case is.

    I would have liked to have seen an update issued as swiftly as with iOS but I think the Mac update was still issued quickly.

    Beliefs can be false. Opinions are beliefs. Therefore opinions can be false. <span style="line-height:1.4em;">Since I’ve already said that, there’s no reason for me to be repeating it. Doesn’t even bear it. And yet here we are. I don’t get it. </span>
    <img alt=":???:" src="http://forums-files.appleinsider.com/images/smilies/1confused.gif" style="line-height:1.4em;">

    You can think something and be wrong. 

    A belief can be false but the view (i.e.: opinion) can't be false since it's a self-report. It's a difference of where the subject resides in the statement. For instance, if someone stated "I believe the Earth is flat" it's a truthful opinion that they think the Earth is flat even though it's factually incorrect.
     0Likes 0Dislikes 0Informatives
  • Reply 104 of 196
    Originally Posted by SolipsismX View Post

    the view (i.e.: opinion) cant be false since it's a self-report.

     

    Unless it explicitly contradicts their knowledge or is willfully presented as a contradiction to established fact.

     

    For instance, if someone stated "I believe the Earth is flat" it's a truthful opinion that they think the Earth is flat even though it's factually incorrect.


     

    Sure, a “truthful opinion”, but still incorrect.

     0Likes 0Dislikes 0Informatives
  • Reply 105 of 196
    ebergh wrote: »
    I just installed the update onto my MacBook Pro… and now the speakers do NOT work! Still get sound via bluetooth, but no sound out via the speakers at all… geez.
    -e

    Yes, but at least your secrets are safe.
     0Likes 0Dislikes 0Informatives
  • Reply 106 of 196
    smalm wrote: »
    Obviously Apple doesn't take OS X seriously anymore.
    To wait several days for the 10.9.2 release to fix a severe bug like this - I'm gobsmacked how non-professional Apple's behaviour in this case is.

    Yes. Clearly they were dicking around for 4 days instead of fixing this bug. /s
     0Likes 0Dislikes 0Informatives
  • Reply 107 of 196
    solipsismxsolipsismx Posts: 19,566member
    Yes, but at least your secrets are safe.

    If his speakers worked it would interfere with the NSA listening through his microphone.
     0Likes 0Dislikes 0Informatives
  • Reply 108 of 196
    dustinlh00 wrote: »
    What problems are you having? Just wondering if they are the same as mine.
    I replied back earlier but didn't quote it so not sure if u read it but said that after a while it synced up it seemed to be working good. The problem was that deleted messages from other devices or even gmail web would stay in the Mac mail inbox and unread counts wouldn't be right. Anyway after a while I'm here to say it's definitely finally working great for me. About time.
     0Likes 0Dislikes 0Informatives
  • Reply 109 of 196
    asdasdasdasd Posts: 5,686member
    bobschlob wrote: »
    Still waiting for a report of one instance of this vulnerability having been exploited.
    Anyone…? Anyone…?  {sincere}

    Who knows. However a non secure SSL layer is hardly something to ignore.
     0Likes 0Dislikes 0Informatives
  • Reply 110 of 196
    Quote:

    Originally Posted by Tallest Skil View Post

     
    Originally Posted by SolipsismX View Post

    the view (i.e.: opinion) cant be false since it's a self-report.

     

    Unless it explicitly contradicts their knowledge or is willfully presented as a contradiction to established fact.

     

    For instance, if someone stated "I believe the Earth is flat" it's a truthful opinion that they think the Earth is flat even though it's factually incorrect.


     

    Sure, a “truthful opinion”, but still incorrect.


    I do wish you'd stop being such an a**hole TS. Its boring. Its offensive.

     0Likes 0Dislikes 0Informatives
  • Reply 111 of 196
    Originally Posted by Taniwha View Post

    I do wish you'd stop being such an a**hole TS. Its boring. Its offensive.

     

    Wish you’d at least say something that actually contradicts when you claim there is a contradiction.

     0Likes 0Dislikes 0Informatives
  • Reply 112 of 196
    elrothelroth Posts: 1,201member
    Quote:

    Originally Posted by SolipsismX View Post

    A belief can be false but the view (i.e.: opinion) can't be false since it's a self-report. It's a difference of where the subject resides in the statement. For instance, if someone stated "I believe the Earth is flat" it's a truthful opinion that they think the Earth is flat even though it's factually incorrect.

    That's exactly the example I was going to use - I better change the password in my brain.

     

    I'm on the other side, though: If my opinion is that "The Earth is flat", then that opinion is contrary to fact, and is false. The statement "I believe the Earth is flat" is still true, of course, but that's a statement ABOUT my opinion, not the opinion itself. 

     

    By the way, did anyone see the episode of "The Good Wife" where the judge required all the lawyers to end their statements with "in my opinion"?. It was pretty funny.

     0Likes 0Dislikes 0Informatives
  • Reply 113 of 196
    sflocalsflocal Posts: 6,179member
    Quote:

    Originally Posted by smalM View Post

     

    Obviously Apple doesn't take OS X seriously anymore.

    To wait several days for the 10.9.2 release to fix a severe bug like this - I'm gobsmacked how non-professional Apple's behaviour in this case is.




    *yawn* 

     

    Quote:

    Originally Posted by Tallest Skil View Post

     

     

    Yeah, how dare they make sure the fix works properly¡!




    Yeah... he's so "gobsmacked", that makes it even more important!!! 

     0Likes 0Dislikes 0Informatives
  • Reply 114 of 196
    asdasdasdasd Posts: 5,686member
    malax wrote: »
    Huh.  Let me try again then.  It's possible that I misunderstanding the vulnerability (which is why I asked for clarification of your assertions in the first place).

    I thought the bug only allowed sites to impersonate other secured sites.  Is it really that case that nothing that was sent via Safari to a secure site was actually encrypted at all?

    They could try and impersonate a secure site but then they might as well phish you to a http site, who looks at the bar anyway?

    The main issue is man in the middle. An attacker ( c) can intercept secure traffic between a + b by reading the public key from (a) requested by (b) and then pretending to be (a) but sending it's own public key so it can decrypt (b)'s messages.

    Having a properly signed cert verification stage should cause this attempt to fail. The last part of the missing code in apples goto fail missed the verification step ( which either has a list of known certs, or talks to an authority, like Verisign, or both).

    This is very basic and it calls into question not just the coding style which lead to this ( not just the gotos but the way it would succeed, ie actually just clean up when sopposedly "failing") and lack of code reviews and proper compiler warnings - I mean that's true but people are human - but the testing. The sad truth is nobody in Apple tested a site with a bad cert, nobody wrote those test scripts. That's the fundamental test for ssl security. The goto fail website produced a test in 10 minutes. What is going on?
     0Likes 0Dislikes 0Informatives
  • Reply 115 of 196
    solipsismxsolipsismx Posts: 19,566member
    elroth wrote: »
    That's exactly the example I was going to use - I better change the password in my brain.

    I'm on the other side, though: If my opinion is that "The Earth is flat", then that opinion is contrary to fact, and is false. The statement "I believe the Earth is flat" is still true, of course, but that's a statement ABOUT my opinion, not the opinion itself. 

    By the way, did anyone see the episode of "The Good Wife" where the judge required all the lawyers to end their statements with "in my opinion"?. It was pretty funny.

    That scene was posted to this forum a couple weeks ago. It was the first time I had ever seen a clip from that show and makes me want to watch the show after I finish up with my current season of shows.


    [VIDEO]
     0Likes 0Dislikes 0Informatives
  • Reply 116 of 196
    snovasnova Posts: 1,281member
    Quote:

    Originally Posted by tundraboy View Post

     

    Awww, they fixed the Gotofail bug.  Now what will all these poor click-whoring bloggers and stock manipulators have to get their panties all bunched up for now?


    time to raise the bounty.   we need dirt.

     0Likes 0Dislikes 0Informatives
  • Reply 117 of 196
    snovasnova Posts: 1,281member
    Quote:

    Originally Posted by Sporlo View Post

     
    Quote:

    Originally Posted by SolipsismX View Post



    They patched it but remember that everything you may have sent via for the last 18 months can now be easily read by anyone that may have captured your data. It's not just public WiFI hotspots you need to consider. In fact, I'd say that is the least likely threat to your privacy you are bound to experience from this security bug. Again, I recommend everyone at least change their iTunes/iCloud password.

    Unfortunately we all thought everything was fine up until late last week. image


    If wifi hotspots aren't a concern, then what things are (or were)?



    And if someone has my info, why bother waiting for me to change my passwords? Why not use that info right away before I know what's happened?

    exactly!!! lets be practical about this. 

     0Likes 0Dislikes 0Informatives
  • Reply 118 of 196
    eluardeluard Posts: 319member
    Quote:

    Originally Posted by Emes View Post

     



    They may not believe it, but some of their die-hards do


     

    You are just plain wrong. In fact Apple always made a point of NOT making such claims. Of course for a long time it was true that exploits were not directed against them and many outside Apple noted that fact. But Apple never once said that the OS was impregnable. Hackers were not targeting them but that was simply because they would not reap the same level of damage and consequent notoriety. Apple were very careful and circumspect on this issue — traits that you would do well to acquire. You are spreading nonsense here and no one appreciates it. Go away; learn how to think and post responsibly.

     0Likes 0Dislikes 0Informatives
  • Reply 119 of 196
    runbuhrunbuh Posts: 315member
    Quote:

    Originally Posted by Tallest Skil View Post

     

     

    Shut up and go away.

     

    It’s laughable how pathetic you are.




    Here's one where they're talking about Macs not getting viruses.

     

     0Likes 0Dislikes 0Informatives
  • Reply 120 of 196
    jony0jony0 Posts: 380member

    I've never had any of the fixed problems with Mail, unread messages or unread counts, then again I don't use GMail.

    Unfortunately ALL my Mail issues remain : 


    • The Address Panel is still dead and useless, clicking or double-clicking still doesn't populate To: or Bcc: boxes, not with Groups or even individuals. Is there a new setting in Mavericks that I missed ?

    • Message Attributes are always reset, specifically Size, where you have to select it twice every time to get it back, for every folder, before you actually get the Size to display as well as the checkmark in the menu.

    • When initiating an email from Safari, Font always resets to Times New Roman  rather than the default chosen in Preferences and the Format bar is always hidden.

    Of course these are minor annoyances compared to security issues which is the dominant topic of this forum, but it's always frustrating when some of your legacy features and conveniences that you've been using for many years are stripped for no apparent reason. Suggestions of fixes would be welcome. Anybody ?

     0Likes 0Dislikes 0Informatives
Sign In or Register to comment.