They patched it but remember that everything you may have sent via for the last 18 months can now be easily read by anyone that may have captured your data. It's not just public WiFI hotspots you need to consider. In fact, I'd say that is the least likely threat to your privacy you are bound to experience from this security bug. Again, I recommend everyone at least change their iTunes/iCloud password.
Unfortunately we all thought everything was fine up until late last week.
Yeah, but the way I understand it you had to be on the same WiFi network as the hacker. We change our passwords once a month -- and very seldom use 'public' WiFi networks.
They patched it but remember that everything you may have sent via for the last 18 months can now be easily read by anyone that may have captured your data. It's not just public WiFI hotspots you need to consider. In fact, I'd say that is the least likely threat to your privacy you are bound to experience from this security bug. Again, I recommend everyone at least change their iTunes/iCloud password.
Unfortunately we all thought everything was fine up until late last week.
If wifi hotspots aren't a concern, then what things are (or were)?
And if someone has my info, why bother waiting for me to change my passwords? Why not use that info right away before I know what's happened?
If wifi hotspots aren't a concern, then what things are (or were)?
And if someone has my info, why bother waiting for me to change my passwords? Why not use that info right away before I know what's happened?
From what I understand any potential website configured in the right way could have breached the security of your system (https://www.imperialviolet.org/2014/02/22/applebug.html) hence the sites to test your security. It's also possible that a regular website like Google.com for example is infected with invisible links and a 'redirect' causes a security breach.
And yes, it could very well be that your info is used already.
Yeah, but the way I understand it you had to be on the same WiFi network as the hacker. We change our passwords once a month -- and very seldom use 'public' WiFi networks.
If wifi hotspots aren't a concern, then what things are (or were)?
And if someone has my info, why bother waiting for me to change my passwords? Why not use that info right away before I know what's happened?
Your SSL encapsulated data isn't repackaged once you get to the first router at a public hotspot. The secure socket layer is established between your device and the server. Anyone with access via the local network via an unsecured WiFi, a secured WiFi network or ethernet, or from any of the many ISPs involved via a less than honest ISP, less than honest persona with access to the ISP, the NSA, etc. could have access to data you sent up 18 months ago. Even if they dumped the data to a drive they could go back looking for private data — which you can't help — but you can change your password to prevent them from having access to your account(s) in the future.
This is bogus! My Mail count is still not working! I have a Google Apps, Gmail, and iCloud account setup in Mail. I get an unread count in the corresponding Archive folder, but not in the Inbox folder. Therefore, I do not get a badge count on the dock. Why is this still not working?!
I’m not worried. Virtually the only data “captured” will have been between the discovery of the bug and this morning.
1) I'm sure I have a few GiB of data packets I captured last year from doing security checks that I failed to delete. If I were so inclined I could get some private info, including passwords.
2) You weren't worried a week ago when this bug didn't exist. By exist I mean when you learned of it. When did others learn of it? When did the NSA learn of it? I say better to be safe than sorry, especially when it only takes a moment to change a password.
You should know better than that (read the link I posted).
we did read it. 2 days ago. You're
It's bad in a macro sense. but that horse left via the open gate a long time ago. Update when you can, but it's not like your system will be taken over in the next 15 minutes if you don't (well, unless you're in some really bad part of the Internet at the moment).
And you're advice is really short sighted. The patch is the first step... in practice now every password has to be changed whereever you thought it passed directly to a site via SSL/TLS. (every bank, every email, every router you manage, every firewall, your twitters, your facespaces). Putting this patch in does very little. The hard work is changing every secret you thought had a reasonable semblance of network security via SSL/TLS.
In reality if you practised good network hygiene (never connected to a net that was untrustworthy.. e.g. stayed on your well managed home or work networks... and stayed out of internet cafe's in Russia and Thailand, maintained a tight list of wireless networks you allowed auto-connection to, etc), never clicked on links in email, or ads, and/or have a reasonable set of content controls in place (using url reputation services, like OpenDNS, Bluecoat, ZScaler and ad blocking stuff (adblock-plus) in browsers), your risk was minimal, unless you were targetted by the NSA, and contrary to popular belief, most aren't.
So in the end, TS's advise, while cryptic, is apt to the vast majority of people here... Patch when you can,
...
I’m not worried. Virtually the only data “captured” will have been between the discovery of the bug and this morning.
Your right that's exactly the point, and when do you think the bug is discovered? And by whom?
Or is it discovered multiple times by different persons who used it to steal data? Do you know that?
Is very unlikely that anybody has been compromised however you should always change your password every six months And be very wary when accessing a public network
This is bogus! My Mail count is still not working! I have a Google Apps, Gmail, and iCloud account setup in Mail. I get an unread count in the corresponding Archive folder, but not in the Inbox folder. Therefore, I do not get a badge count on the dock. Why is this still not working?!
It's bad in a macro sense. but that horse left via the open gate a long time ago. Update when you can, but it's not like your system will be taken over in the next 15 minutes if you don't (well, unless you're in some really bad part of the Internet at the moment).
And you're advice is really short sighted. The patch is the first step... in practice now every password has to be changed whereever you thought it passed directly to a site via SSL/TLS. (every bank, every email, every router you manage, every firewall, your twitters, your facespaces). Putting this patch in does very little. The hard work is changing every secret you thought had a reasonable semblance of network security via SSL/TLS.
In reality if you practised good network hygiene (never connected to a net that was untrustworthy.. e.g. stayed on your well managed home or work networks... and stayed out of internet cafe's in Russia and Thailand, maintained a tight list of wireless networks you allowed auto-connection to, etc), never clicked on links in email, or ads, and/or have a reasonable set of content controls in place (using url reputation services, like OpenDNS, Bluecoat, ZScaler and ad blocking stuff (adblock-plus) in browsers), your risk was minimal, unless you were targetted by the NSA, and contrary to popular belief, most aren't.
So in the end, TS's advise, while cryptic, is apt to the vast majority of people here... Patch when you can,
You seem to confuse two persons.
But your wrong, even good network hygiene won't save you if your unlucky (see my other post).
Mine is set to "Inbox Only". If I switch it to "All Mailboxes" I get an unread count in the dock, but that includes unread in trash and elsewhere. When I look at the inboxes within Mail, only iCloud ever shows an unread count next to the box and therefore the dock. Gmail and GApps do not show the unread count even though there are unread messages in the inbox.
You should know better than that (read the link I posted).
I don't think you understand dates and spans of time. Ya see, the link you posted was the explanation of the SSL exploit as provided by Adam Langley on February 22nd whereas the 10.9.2 update containing a fix for that bug was released on February 25th. Perhaps you can now understand what's going on.
Mine is set to "Inbox Only". If I switch it to "All Mailboxes" I get an unread count in the dock, but that includes unread in trash and elsewhere. When I look at the inboxes within Mail, only iCloud ever shows an unread count next to the box and therefore the dock. Gmail and GApps do not show the unread count even though there are unread messages in the inbox.
In that case I suggest you search for a solution at the link below. And if you can't find one then sign up and state your issue in great detail.
This was, by all accounts, the most serious breach in the history of computing. Therefore the fix should be the single greatest update ever done in the history of computing.
I wonder if as much attention will be paid to the fix as to the doomsayers claiming this was such huge security flaw?
What I really like is how many talk about how this was such a big deal, yet nobody can produce a list of all the victims. Where are they? Where are the countless people who have had money taken from their bank, charges of their credit cards or iTunes accounts compromised?
This was, by all accounts, the most serious breach in the history of computing. Therefore the fix should be the single greatest update ever done in the history of computing.
I wonder if as much attention will be paid to the fix as to the doomsayers claiming this was such huge security flaw?
What I really like is how many talk about how this was such a big deal, yet nobody can produce a list of all the victims. Where are they? Where are the countless people who have had money taken from their bank, charges of their credit cards or iTunes accounts compromised?
It wasn't a breach. It was a flaw that was discovered and corrected.
Comments
Yeah, but the way I understand it you had to be on the same WiFi network as the hacker. We change our passwords once a month -- and very seldom use 'public' WiFi networks.
And if someone has my info, why bother waiting for me to change my passwords? Why not use that info right away before I know what's happened?
Fact 1: The bug is patched.
Fact 2: It is already not a problem, unlike what he claimed.
Fact 3: You’re missing something here.
…may have captured…
I’m not worried. Virtually the only data “captured” will have been between the discovery of the bug and this morning.
From what I understand any potential website configured in the right way could have breached the security of your system (https://www.imperialviolet.org/2014/02/22/applebug.html) hence the sites to test your security. It's also possible that a regular website like Google.com for example is infected with invisible links and a 'redirect' causes a security breach.
And yes, it could very well be that your info is used already.
Your SSL encapsulated data isn't repackaged once you get to the first router at a public hotspot. The secure socket layer is established between your device and the server. Anyone with access via the local network via an unsecured WiFi, a secured WiFi network or ethernet, or from any of the many ISPs involved via a less than honest ISP, less than honest persona with access to the ISP, the NSA, etc. could have access to data you sent up 18 months ago. Even if they dumped the data to a drive they could go back looking for private data — which you can't help — but you can change your password to prevent them from having access to your account(s) in the future.
1) I'm sure I have a few GiB of data packets I captured last year from doing security checks that I failed to delete. If I were so inclined I could get some private info, including passwords.
2) You weren't worried a week ago when this bug didn't exist. By exist I mean when you learned of it. When did others learn of it? When did the NSA learn of it? I say better to be safe than sorry, especially when it only takes a moment to change a password.
Except it isn’t. Because they just patched it.
Except it isn’t. Because they just patched it.
Except it isn’t. Because they just patched it.
You should know better than that (read the link I posted).
we did read it. 2 days ago. You're
It's bad in a macro sense. but that horse left via the open gate a long time ago. Update when you can, but it's not like your system will be taken over in the next 15 minutes if you don't (well, unless you're in some really bad part of the Internet at the moment).
And you're advice is really short sighted. The patch is the first step... in practice now every password has to be changed whereever you thought it passed directly to a site via SSL/TLS. (every bank, every email, every router you manage, every firewall, your twitters, your facespaces). Putting this patch in does very little. The hard work is changing every secret you thought had a reasonable semblance of network security via SSL/TLS.
In reality if you practised good network hygiene (never connected to a net that was untrustworthy.. e.g. stayed on your well managed home or work networks... and stayed out of internet cafe's in Russia and Thailand, maintained a tight list of wireless networks you allowed auto-connection to, etc), never clicked on links in email, or ads, and/or have a reasonable set of content controls in place (using url reputation services, like OpenDNS, Bluecoat, ZScaler and ad blocking stuff (adblock-plus) in browsers), your risk was minimal, unless you were targetted by the NSA, and contrary to popular belief, most aren't.
So in the end, TS's advise, while cryptic, is apt to the vast majority of people here... Patch when you can,
Your right that's exactly the point, and when do you think the bug is discovered? And by whom?
Or is it discovered multiple times by different persons who used it to steal data? Do you know that?
And be very wary when accessing a public network
Have you tried changing this setting?
You seem to confuse two persons.
But your wrong, even good network hygiene won't save you if your unlucky (see my other post).
Have you tried changing this setting?
Mine is set to "Inbox Only". If I switch it to "All Mailboxes" I get an unread count in the dock, but that includes unread in trash and elsewhere. When I look at the inboxes within Mail, only iCloud ever shows an unread count next to the box and therefore the dock. Gmail and GApps do not show the unread count even though there are unread messages in the inbox.
You should know better than that (read the link I posted).
I don't think you understand dates and spans of time. Ya see, the link you posted was the explanation of the SSL exploit as provided by Adam Langley on February 22nd whereas the 10.9.2 update containing a fix for that bug was released on February 25th. Perhaps you can now understand what's going on.
I remember the old days when Apple ads used to claim their OS was infallible.
In that case I suggest you search for a solution at the link below. And if you can't find one then sign up and state your issue in great detail.
This was, by all accounts, the most serious breach in the history of computing. Therefore the fix should be the single greatest update ever done in the history of computing.
I wonder if as much attention will be paid to the fix as to the doomsayers claiming this was such huge security flaw?
What I really like is how many talk about how this was such a big deal, yet nobody can produce a list of all the victims. Where are they? Where are the countless people who have had money taken from their bank, charges of their credit cards or iTunes accounts compromised?
Can you post link to at least one of those ads?
This was, by all accounts, the most serious breach in the history of computing. Therefore the fix should be the single greatest update ever done in the history of computing.
I wonder if as much attention will be paid to the fix as to the doomsayers claiming this was such huge security flaw?
What I really like is how many talk about how this was such a big deal, yet nobody can produce a list of all the victims. Where are they? Where are the countless people who have had money taken from their bank, charges of their credit cards or iTunes accounts compromised?
It wasn't a breach. It was a flaw that was discovered and corrected.