Security consultant takes less than a day to exploit OS X bug to capture all SSL traffic

ssl

Update: The bug has been fixed in OS X 10.9.2

Security consultant Aldo Cortesi said in a blog post (via ZDNet) that it took him less than a day to exploit the goto fail bug in OS X to capture all SSL traffic, and that there’s a good chance he isn’t the first to have done so – an implicit suggestion that the vulnerability may already be being used in man-in-the-middle attacks.

I’ve confirmed full transparent interception of HTTPS traffic on both IOS (prior to 7.0.6) and OSX Mavericks. Nearly all encrypted traffic, including usernames, passwords, and even Apple app updates can be captured. This includes:

  • App store and software update traffic
  • iCloud data, including KeyChain enrollment and updates
  • Data from the Calendar and Reminders
  • Find My Mac updates
  • Traffic for applications that use certificate pinning, like Twitter …  Read more

Carl Icahn adds another $500 million into $AAPL, total now at $3.6 billion and closing in on 1% ownership

Just yesterday, activist investor Carl Icahn revealed that he has invested another $500 million into AAPL stock. Just around 24 hours later, Icahn has posted on Twitter that he invested another $500 million. That brings his total investment into Apple stock to $3.6 billion. This means that he is closing in at 1% ownership of Apple’s stock…

Read more

Icahn says Apple “doing great disservice to shareholders,” increases AAPL investment to $3B

Following a precatory proposal from billionaire investor and Apple shareholder Carl Icahn urging Apple to vote on a larger buyback, Icahn today announced on Twitter that he thinks Apple “is doing great disservice to shareholders by not having markedly increased its buyback.” He also said that he would soon send Apple another in-depth letter regarding his proposals and confirmed that he has purchased another $500 million in Apple shares bringing his total investment to $3 billion.  Read more

Apple marketing chief Schiller unfollows Nest & Tony Fadell on Twitter following Google deal

Schiller and Fadell on the left (image via web)

Schiller and Fadell on the left

Only a few days after “father of the iPod” Tony Fadell agreed to sell thermostat and smoke detector maker Nest to Google for north of three billion dollars, Apple senior vice president (and former Fadell colleague) Phil Schiller has unfollowed the Nest CEO and the Nest company on Twitter.

Here’s Schiller’s following list from a recent cache:

Read more