TwitterACicon86x90vert facebookACicon86x90vert
TV/Radio XFINITY | WOW! | WBBM | WXRT | B96 + Dance | US99 | K-HITS CHICAGO

   *** SCORES: BEARS | BLACKHAWKS | BULLS | CUBS | FIRE | WHITE SOX ***
YoutubeTwitterFacebookArlingtoncardinalYahoo! Google Bing Aol.ArlingtoncardinalTMZ Rotten Tomatoes ET Online Box Office MojoArlingtoncardinal Channel 9 WGN Channel 7 Chicago ABC Channel 5 Chicago NBC Channel 2 Chicago CBS Daily HeraldChicago Tribune Breaking NewsArlingtoncardinal Chicago Gas PricesFloridaCardinal.comGLOBALCONFLICTMAPS.COM Arlingtoncards.com THE GUIDE

Apple Releases iOS 7.0.6 to Fix Flaw That Fails to Check Authenticity in Web Communications

Sat February 22 2014 10:10 am  http://www.arlingtoncardinal.com/?p=68616
 Share The Cardinal -- Arlingtoncardinal.com Articles (E-Mail, Facebook, Twitter & More) 

CHICAGO BEARS RADIO -- WBBM Newsradio 780 "Traffic on the 8's"

Apple rushed the release of iOS 7.0.6 Friday with a patch to attempt to fix a disgracefully overlooked SSL encryption issue that leaves Apple iPhone, iPad and Mac computer users (using Mac OS X 10.9.1) open to a man-in-the-middle (MITM) attack. Apparently, the Apple iOS does not check to make sure that the “common name” record in the SSL certificate sent by the server matches the hostname used to connect to the server’s IP address, thereby allowing a man-in-the-middle attack to defraud the system.

A man-in-the-middle attack seamlessly intercepts communication, such as unencrypted passwords — between yourself and your intended recipient or website, and according to Open Web Application Security Project (OWASP), “the attacker acts as a proxy, being able to read, insert and modify the data in the intercepted communication.”

SSL and TLS are used worldwide to prevent eavesdroppers from snooping on network traffic while communicating with sensitive services, such as banking and shopping websites and email servers. SSL and TLS only works if the other end of the connection can be verified and trusted. Security experts always instruct users to make sure the sensitive service always presents the https instead of http in the web address. With the middle man intercepting traffic, https is meaningless.

The vulnerability allows anyone with a certificate signed by a “trusted CA” to do a man-in-the-middle (MITM) attack.

A new version of Apple’s iOS for its tablets and phones was rushed out the door Friday to patch a vulnerability with its mobile, tablet and desktop software, which is not doing SSL/TLS hostname checking. The communications meant to be encrypted, is NOT encrypted.

The patch has only been issued for the more recent iPhones (iPhone 4 and later), iPod touch (5th generation) and iPad (2).

Unfortunately, the official Apple.com website front page does not warn users of this serious security flaw, and Apple has not released a statement on when to expect this patch, nor what version range of iPhone, iPad, iPod Touch or Mac computer is affected by the major flaw. Apple’s security page does not offer a simple step plan for user. It is mostly loaded with confusing technical information and disclaimers about security notifications, security disclosures, and third-party. And to make matters worse, Apple’s security announcement list (http://rss.lists.apple.com/security-announce.rss) linked from its main security page “Apple Product Security” (https://ssl.apple.com/support/security/) is NOT updated. The latest listing on Saturday, February 22, 2014 at 9:20 a.m. is dated November 14, 2013.

Apple Mailing List

APPLE-SA-2013-11-14-1 iOS 7.0.4

Subject: APPLE-SA-2013-11-14-1 iOS 7.0.4
From: Apple Product Security
Date: Thu, 14 Nov 2013 10:45:29 -0800

Security researchers across several communities believe that Mac computers with OS X Mavericks, released October 22, 2013 are even more at risk, as they are currently left operating without a patch. The security flaw involves a different issue, which is also present in the iOS version, but apparently has not been addressed, yet.

BOTTOM LINE: WHAT TO DO …
Update your Apple devices and systems as soon as possible to the latest available versions, unless you’re using a Mac OS X system before Maverick (10.9.1).

DO NOT use untrusted networks (especially Wi-Fi) while traveling or in public Wi-Fi network.

Update the patch, make purchases, or perform other sensitive operations only while operating in a trusted network,

To be extra safe, and definitely while operating unpatched mobile devices; TURN OFF the “Ask to Join Networks” setting.

Past Security Flaws with iOS

Embarrassingly thieves could turn off “Find My iPhone” by turning on Airplane Mode.

In September 2013 Apple released a fix that prevented offenders from using a sequence of actions that could defeat the Lock screen passcode.

An offender could cause an iOS7 iPhone to restart if the emergency call button was tapped repeatedly, and eventually dial regular non-emergency numbers. While the lock screen was restarting, the call dialer displayed and allowed non-emergency numbers to be dialed.

Get updates from The Cardinal ALL NEWS FEEDS on Facebook. Just ‘LIKE’ the ‘Arlington Cardinal Page (become a fan of our page). The updates cover all posts and sub-category posts from The Cardinal — Arlingtoncardinal.com. You can also limit feeds to specific categories. See all of The Cardinal Facebook fan pages at Arlingtoncardinal.com/about/facebook …

CLEAR SKIES?  Weather Data for Saturday, February 22nd, 2014

Tags: , , ,    

IMPORTANT NOTE: All persons referred to as subjects, defendants, offenders or suspects, etc. are presumed to be innocent unless and until proven guilty beyond a reasonable doubt in a court of law.


Try a more powerful search in the box below ... SEARCH BOX PRODUCES RESULTS FOR The Cardinal -- Arlingtoncardinal.com ...
(POWERFUL SEARCH for The Cardinal, which can be expanded on the results page.)

Where background Wikipedia info/photos are used, original work is modified and released under CC-BY-SA.

! MORE NEWS FAST!!! MOST RECENT: CRIMEBLOG | MOST RECENT: FIREBLOG | SUBMIT NEWS TIPS
::: Health, wellness and fitness gifts! CoolFitnessGifts.com ::: Cubs, Sox caps at ChicagoFanfare.com :::

ARLINGTON HEIGHTS BREAKING NEWS --The Cardinal -- Arlingtoncardinal.com is a breaking news blog with Arlington Heights & Chicagoland emphasis. Early breaking reports may prove to be inaccurate after follow-up investigation, which may or may not be updated in The Cardinal -- Arlingtoncardinal.com. For in-depth coverage, please also check the following links for network television, cable news networks and Chicago local media coverage ...

Daily Herald | Daily Herald -- Arlington Heights | YouTube.com/DailyHeraldClips
Today's headline videos: FOXNews Video | YouTube.com/FoxNews | Associated Press | The Cardinal
Chicago Area Newspapers
CNN Arlington Heights  FOXNEWS  BREITBART.COM  cbs2chicago  NBC 5 Chicago  abc7chicago   WGNTV      WGNRADIO720  NEWSRADIO 78  CHICAGO BREAKING NEW  Daily Herald Arlington Heights  Chicago Tribune   Seed Newsvine
 
Video LOGO youtube Twitter Arlingtoncards facebook battery status Cardinal Calendar Search Batteries Plus RSS Help ...
All Headlines
crimeblog | fireblog
« EARLIER | SEARCH ARTICLES BY DATE -- Arlingtoncardinal.com/searchdate | LATER »

Comments for Arlingtoncardinal.com
COMMENTS are now available via one or more of our official Facebook pages. Comments no longer appear on the Arlingtoncardinal.com article per se. Please comment on Facebook.com/ArlingtonCardinal or check the other popular Arlington Cardinal Facebook pages at Arlingtoncardinal.com/about/facebook ...

SUBMIT CRIME TIPS ...
Anyone having information about serious crime in Arlington Heights should register on CitizenObserver.com and look for the anonymous TIP411 feature, or call Arlington Heights Crime Stoppers at 847-590-STOP (847-590-7867). Callers are guaranteed anonymity and may qualify for a cash reward of up to $1,000. Not a resident of Arlington Heights? Check CitizenObserver.com for availability for your community.

   Arlingtoncardinal.com/traffic | Traffic on Twitter

CHICAGOLAND RADAR


Weather radar map is provided by DarkSky.net
Arl Hts Weather | NEXRAD | FULL SCREEN RADAR

RSS Cardinal Weather Center

  • Current Conditions : 51.4F, Clear - 1:22 PM CST Nov. 20
    Temperature: 51.4°F | Humidity: 59% | Pressure: 29.82in ( Falling) | Conditions: Clear | Wind Direction: SSW | Wind Speed: 2.9mph
  • Tonight as of Nov. 20 12:02 PM CST
    Tonight - Mostly clear in the evening then becoming partly cloudy. Blustery. Lows in the upper 30s. Southwest winds 15 to 25 mph with gusts up to 30 mph.
  • Rest of Today as of Nov. 20 12:02 PM CST
    Rest of Today - Sunny, breezy. Highs in the lower 50s. Southwest winds 15 to 25 mph with gusts up to 30 mph.
  • Tuesday as of Nov. 20 12:02 PM CST
    Tuesday - Partly sunny. Blustery. Highs in the lower 40s. Then temperatures falling into the mid 30s by evening. West winds 10 to 20 mph in the morning becoming northwest 15 to 25 mph in the afternoon. Inland, gusts up to 30 mph in the afternoon. Near the lake, gusts up to 30 mph.

US & WORLD NEWS

Top News Video …

CHICAGOFIREMAP.NET TWITTER

digital-lifestyle.com

TMZ Plus …

RSS OBITUARIES