Rush Limbaugh explains OS X ‘GotoFail’ security flaw, says Apple ‘played it just right’

Among other things, Mac, iPhone, and iPad user Rush Limbaugh on Tuesday discussed Apple and the company’s ‘GotoFail’ security flaw.

The 3-hour Rush Limbaugh Show airs daily on a network of approximately 590 AM and FM affiliate stations. The program is also broadcast worldwide on the U.S. Armed Forces Radio Network.

 
From the live on-air transcript:

Here it is, in a nutshell, folks. It’s not time to panic. There’s so much media on it. In the tech media and in the standard news media: Think of Apple as the Republicans. They’re despised and they’re hated.

The only difference is, Apple is number one and very successful and knows exactly what they’re doing. The Republicans don’t. There’s no comparison between Apple and Republicans in terms of achievement, accomplishment, but in terms of being hated and despised, they’re very close. What this security flaw is — and it primarily would affect you if you’re on a public Wi-Fi network, like at an airport or a Starbucks or any other kind of Internet cafe.

If you are on your home network, make sure it’s password protected, but even then, nobody’s gonna target your home network. They can’t get to it. It’s too small. Don’t worry about hackers… Your biggest vulnerability is on a [public] network, and what’s happened is, there is a line of code that doesn’t exist that enables… It’s called a man-in-the-middle attack.

The way to visualize this is you’re in Starbucks and you’re on your Mac, and you’re using the Web browser Safari, and there’s a hacker in there, and he’s able to follow everything you do. That’s the security flaw. Therefore, if you go online to pay a bill, the hacker sees your data and everything you need to get online and connect to your bank. Now, there are no reports of this exploit having been used yet. It’s not easy to do. The hacker would have to be extremely proficient.

That is the simplest way to explain it…

You can use the Chrome or Firefox browsers. They are not vulnerable. So this vulnerability existed on iPhones and iPads, and that was patched on Friday afternoon. They’re now secure. The media is scratching its head over why Apple has not patched the Mac OS X… Apple’s getting a lot of grief for not making a big deal out of this. They sent the software patch for the iPhones and the iPads out on Friday at four o’clock in the afternoon when nobody notices anything. I actually think that it was wise for Apple not to make a big to-do about this because all that would have done would have been waving a big, white flag or red flag to the bull, to the hackers, to have been trumpeting some vulnerability. I think they played it just right. Besides, the media’s gonna do that anyway, which they are in the process of doing. Which is why I wanted to bring a little bit of proportion and reason to it.

Much more in the full transcript here.

MacDailyNews Note: The flaw has been fixed with the release of OS X 10.9.2 a few hours ago. More info: Apple releases OS X Mavericks 10.9.2

Related articles:
Apple fixes OS X ‘GotoFail’ security flaw after four days of snowballing criticism – February 25, 2014
Apple releases OS X Mavericks 10.9.2 – February 25, 2014
Apple on OS X ‘GotoFail’ flaw: – February 25, 2014
Security expert captures all SSL traffic via Apple’s OS X ‘GotoFail’ flaw – February 25, 2014
Apple’s deafening silence on ‘GotoFail’ security flaw – February 24, 2014
8 ways to stay safe online while Apple works to fix ‘Gotofail’ flaw – February 24, 2014
Reasons for delay in SSL fix to OS X unclear as a single line of code found responsible – February 24, 2014
Single line of code, but still no fix; former Apple security engineer Paget to Apple: ‘FIX. YOUR. SHIT.’ – February 24, 2014
Apple promises to fix OS X encryption flaw ‘very soon’ – February 23, 2014
Behind iPhone’s critical ‘GotoFail’ security bug, a single bad, really bad ‘goto’ – February 22, 2014
Protect a Mac from the SSL / TLS security bug (until fix arrives) – February 22, 2014

80 Comments

    1. I would say that Rush is retarded for even comparing Apple to any political party. Apple stands on values. Apparently, that is something that ALL parties lack.
      Just remember, the Republican Party stands for the rule of law and the Christian religion.
      Democrats stand for what exactly, Oh thats right, food stamps, free healthcare for those that are unwilling to work, and a dictatorship form of government that only knows how to spend and isn’t willing to compromise on their expenditures.
      Where do you stand in all of this? Pick a moral side and not one that sides with a society that isn’t willing to feel shame for their actions.

          1. Agreed!

            Part of the problem is Democrats in 2014 don’t seem to grasp the enormity of reality just how badly they have been governing the last few years.

            The level of intrusion into our private lives with mandates, regulation, tax penalties for not having medical insurance, IRS targeting groups and NSA snooping — has risen to unprecedented levels never seen before.

            The Democrat party I grew up with is unrecognizable today and doesn’t exist. The once tolerant of my generation, looking at you Boomers, changed (PC) mostly during the Clinton years shifting hard-left and working with media cohorts to carry their water.

            What once was power to ALL the people, is now power to OUR people. The malaise we are collectively feeling today makes the Carter years look quaint and the early JFK years were great.

            History aside, by voting with values hoping to minimize the political patronage where somebody or some group, courting both parties, always has their hand out …

      1. With all due respect, Rush’s reference was to the attribute of being hated and jumped on over any perceived flaw. In other words it is culturally acceptable to hold Apple to a higher standard and criticize failings that go unremarked upon when seen in others. I think there is some truth to the analogy.

        1. Exactly that was the comparison he made. And regardless of who likes him or not, he explained this Apple code issue very, very well. Far better than most the nut job reporters out there did.

    2. He speaks the truth … however, I was targeted over airport extreme and Express .. the flaw uses attrib to write to Install Data and then js and .py trick the installer into ignoring the null session . Apple in Greensboro, NC (well the “Geniuses”) treated me so poorly, and refused to send my MBPs to Cupertino for forensics, despite that I purchased Apple Care. They left me on my own for almost a year while these. lugnuts poo poo’d me.. especially Charlie. I kindly let him know that he wouldn’t know his BASH from a hole in the ground. My entire iTunes account was overtaken by their 1/2 arsed 2 step verification .. my online was taken over and harassing emails sent to former “friends” that I was getting threats to sue me for defamation of character.. I have purchased my last Apple product.

      The lugnut bar in GSO tends to turn to being curt when faced with something they don’t understand… I know the sociopath behind it and my price is $300,000 for all the chit I’ve been thru. or the lawyers that squelchrd of can deal withApples lawyers.

      Their curt was just don’t work in this long term apple customer. this affects(d) Mac OS and all iProds, and strangely enough exploits TCP 4, TCP 53. 153 and NetBIOS…. along with the ephemeral ports used by Windows 8….

      check netstat and see if you have anything listening on any of these ports. The only solution I found was Using Knoppix and formatting the drive and marking the area with xttrib as unformattef. Sorry to. Mr. Jobs, but Apple deserves what they get

      1. And for the NRa to call Steve the original Big Brother was so uncalled for. It appears that this code is foreign to malware engines and seems to be coming out of Cyber City, India … likely to do with Steve purportedly being Buddhist m. And Apple sgloyld sue over that piece of Christopher Kutcher crap film called “Jobs”.

        1. So, you maintain NO other anti-virus can find this malware that has struck only you? Do you realize how delusional that makes you appear. . . no, there’s no “appear” about it. You are delusional if you think this “code is foreign to malware engines” and has gone undetected for more than a year to only plague your Mac. . . and that Steve Jobs’ religion has anything to do with it just adds a veneer of chocolate frosting on top of your delusional cake.

    3. You can’t use the word retarded. A group of people own this word, and they deemed it politically incorrect.

      btw, cimtook you are the stupid one (boy, that was fun to name call with no substances behind it).

  1. It’s fixed and all the boo hah hah is a lot of FUD! Most people are at work or at home on secured networks which is not going to be effected by anything. Apple knew this and since 10.9.2 was about to be released anyways they finished it up over the weekend with the security fix also in place. IOS fix was already released and I seriously doubt anyone was hacked anyways.
    Media hype and FUD mostly.

    1. BS .. This flaw began with Show Leopard as far as I care to trace it. there was a flawed install of apache Tomcat and Open Ruby .. I was on a standard account and encrypted wireless. its their piss poor firewall that’s the problem, as data is data regardless of which port it cones across

    1. Not true.

      You completely missed the whole point of what Rush was saying, not a surprise.

      Steve and Rupert Murdoch supported the first DAILY newspaper launched on iPad.

      Although now defunct, Steve showed class working with ALL points of view.

      Something missing here …

    2. Not true at all. I bet Steve would shudder at how overreaching democrats are with over regulation and anti capitalism practices.. He would never stand for the NSA over reach that Obama is ignoring or the IRS abuse in favor of democrats / big government… He would never support the democrats pushing for “newsroom spies” or “net neutrality” that governs free thought and competition. That’s socialism if not worse. But, Keep saying things that make you feel good. The democrats always know who their marks are, naturally at the taxpayers expense.

    1. You have now.. and one sociopath HSS established themselves on TOR as an exit node, but I have plenty of emails quarantined that contained the encrtpyted payload via Stegonography (tanspatent graphic).

        1. I have much more crap to handle today than you.. do again GTH. and “Maverick”s leave your GD email address and I’ll be more than happy to send you the entire code. until then, STGU

      1. Excuse me, but you claim this has been affecting you for over a year? Bull shit. This affected ONLY OSX Mavericks which was only released on October 22, 2013. An Apple Mac cannot be infected by a malicious payload inside graphic via Stegonography. Graphics are stored in Non-executable memory for manipulation, and as much as you jump up and down claiming an infected Mac, it is no wonder the Geniuses won’t listen to your demands. Your graphic may have a payload, but there are none that impact Macs. . . they were designed to affect Windows computers. AV software WILL find those and quarantine them to prevent them from being forwarded forwarded to other computers. Give it up. You don’t know what you’re talking about.

  2. Key Phrase which the media seems to never ever put emphasis on it.

    “Now, there are no reports of this exploit having been used yet. It’s not easy to do. The hacker would have to be extremely proficient.”

  3. And yet, a few days ago most of the posters were screaming about how Apple needed to remove that “one GOTO” statement and immediately release new code. Anyone who suggested a little more restraint was soundly criticized.

    Amazing what impact a day or two has around here.

  4. Rush Limbaugh and anyone and everything associated with him is boycotted by me. I feel that strongly, and am that disgusted by his sexism, bigotry, boorishness. It goes far beyond disagreeing with him 100% politically. Along with Trump, he is the epitome of the Ugly American. And MDN is in bed with him. How disappointing, and inappropriate.

    1. Thanks Joe. I don’t care for Rush, bit he was a pill popper… Then again we wouldn’t be walking without falling down a few tines. I hold him in the same category as Howard Stern et al

  5. ” nobody’s gonna target your home network. They can’t get to it. It’s too small. Don’t worry about hackers…”

    These are the words of a true idiot who knows nothing about internet security. For MDN to trot out their favorite click whore target as some kind of Apple expert is always laughable. To believe what the fat pompous ass says is sad.

    1. Mike, if you want to steal credit cards you don’t go to the suburbs and park in someone’s driveway. You hit the free WiFi coffee shops and restaurants.

      Who is the idiot?

  6. I hate to agree with Rush Limbaugh–mainly because the man is an idiot–but in this case he’s essentially right. It was an important flaw to patch, but hardly as threatening (from what I have read about it) as some in the media have made it out to be.

    Then again, in these days of NSA spying on just about everyone, I can understand why some people went off the rails just a bit.

Reader Feedback

This site uses Akismet to reduce spam. Learn how your comment data is processed.