“In 2011, Apple told its developers that it would be deprecating OS X’s Common Data Security Architecture including OpenSSL, describing it as an outdated relic of the late 1990s,” Daniel Eran Dilger reports for AppleInsider. “Nearly three years later, OpenSSL was hit by a severe flaw that affected a wide swath of vendors and their users, but not Apple.”
“When it announced plans to deprecate OpenSSL in June 2011, Apple wasn’t aware of the Heartbleed flaw because it didn’t yet exist,” Dilger reports. “However, the company was aware of other problems with OpenSSL (libcrypto), a security toolkit Apple began using within the Common Data Security Architecture more than a decade ago.”
Much more in the full article here.
[Thanks to MacDailyNews Reader “Dan K.” for the heads up.]
A step ahead of the rest of the world.
Apple was coding to take advantage of multiple cores from early on.
Not just to brag you have them but to use them Effectivily.
Apple. A step ahead. By years.
DED. Always there with the details of why. Great going dude. 🙂
Figures! And people ask me why I am an Apple fan!
Don’t be too hasty, all Apple TV Gen 1s have been taken down in the last 24 hours worldwide.
Maybe due to Heartbleed or Heartbleed fix.
Mine is unusable as are everyone else’s it seems. Discussion on Apple support ongoing.
Could be, but gen1 ATV was shipped in spring of 2007. Seven years ago. If Apple is doing anything about this it seems beyond what they need to do.
Not all. I have 3. All fine.
I am running XBMC on mine, which means it probably has the flaw, but it’s not going down. I don’t have any personally identifiable info on it eather. I will be checking it out soon, thanks for reminding me.
Dan Dilger is such a bright guy (despite his motorcycle). His OS X Server book is the only one I’ve kept, easily the best written of the bunch.
He notes:
“Servers vulnerable to Heartbleed are less secure than they would be if they simply had no encryption at all,” noted a report by The Guardian.
Well, that’s a matter of interpretation, dear Guardian. But stolen IDs, passwords and especially security certificates can do some serious damage on the net. We’ve barely seen that damage begin, 1.5 weeks into this disaster.
…wasn’t aware of the vulnerability until Google first disclosed it on April 1 via the company’s Google Plus social network.
The massive irony going on is that Google’s admittedly excellent security team was one of the first to find the bug. And yet, Android is a RABID VECTOR of the problem, highly unlikely to be patched any time soon on something like a million active Android devices. That’s a huge FAIL, all due to Android fragmentation. (Details: Only one specific version of Android has the bug, but that version is not unlikely to be patched across manufactures, despite Google providing the tools to do so. I hate Android).
Not noted on the timeline Dan links to in his article: Ars Technica dug around in their logs and were able to determine what is considered at this time the first known instance of the Heartbleed bug being tested in the wild. It was back in November of 2013. There were no signs of it actually being used to steal useful data, which takes considerable time and server blasting. But someone back then knew about it and was checking out if the exploit worked. It did. This is sort of good news because it indicates that the NSA had NOT been using it to treasonously surveil US citizens on US soil, (unlike their other documented treasonous behavior). (Byte me NSA!) 😛
Figures. One typo: “..but that version is XnotX unlikely to be…”
Unintentional double negative.
Hey, can you tell Dan and I read each other’s stuff?
ran into the reality of disadvantages involved with broad industry reliance upon a widely distributed monoculture of software
Diversity rulz! Any monoculture is immediately self-destructive. It’s amusing to see Dan address this in coding. I always point it out from the perspective of natural systems.
So the real reason is that superannuated hairdresser Ive forgot to update the iOS 7 security protocols.
Or the real reason might be that you dreamt of being fisted by your hairdresser
Ha ha ha ha ha! Return ace.
Quit feeding the troll, unless of course the troll is feeding itself!
What the f*ck is wrong with you? Someone needs to ban your ass from this site. You never have anything useful to say.
You really are a dick, aren’t you, zn.