Apple’s security protocol breach is nearly as bad as handing your credit card straight to a hacker rather than making them steal the information through the magnetic stripe readers.
The flaw in Apple’s iOs and OS X platforms essentially allows a hacker to get in between the initial verification “handshake” connection between the user and the destination server, enabling the adversary to masquerade as a trusted endpoint. This means the connection which is supposed to be encrypted between you and your bank, email server, healthcare provider and more is open to attack.
Secure Sockets Layers, and more recently, Transport Layer Security protocols have protected web users for years by creating a digital secure handshake to identify and encrypt data from the browser to the secure end site. The Apple flaw puts hackers in the middle of that handshake, by allowing the SSL/TSL routines to be bypassed. (Photo credit: Shutterstock)
Security experts across the web recommend updating iPhones and iPads with the available iOS patches now, and using browsers other than Safari for OS X systems without an available Apple fix.
Usually to achieve encrypted web traffic, a handshake is accomplished through a Secure Sockets Layer — SSL for short — or more recently, Transport Layer Security, or TLS; both are Internet protocols that provide a secure channel between two machines operating over the Internet or an internal network.
The full severity of the security flaw has yet to surface, but the duplicated line of code which is causing all the ruckus has been in place since September 2012. This means theoretically that if you’ve been using the flawed iOS or OS X systems since then, a hacker on your shared network could have captured all your data that should have been SSL- or TSL-encrypted for the past 18 months.
Think of all the banking, online dating, email writing and Internet purchases you’ve made in the last year and a half.
The duplicated line of code that caused the Apple fail is shown here, and now dubbed on Twitter as #gotofail. (Image via Gizmodo)
The SSL/TLS effort requires nearly zero interaction from us — the users — but you may be familiar with the little lock icon that appears on the browser, indicating a secure connection has been achieved. This is where the Apple flaw comes in; anyone using the same network connection — the person sitting next to you at the coffee shop or at work right now — could fake the secure connection and intercept communication between your browser and a site.
Even worse, the flaw allows for modification of the “data in flight,” meaning a hacker could deliver exploits to take control of your system, according to Crowdstrike. And other applications that you may not immediately associate with Internet browsing are affected as well.
Ashkan Soltani points out the Calendar, Facetime, Keynote, Mail, Twitter, iBooks and other applications are just as vulnerable to the security flaw. (Image via Twitter)
Apple released a fix to the flaw housed in iOs 6 and 7 authentication logic, but the company only says the OS X fix is coming “very soon,” according to Reuters. This means Mac desktops and notebooks are still vulnerable to man-in-the-middle attacks.
Apple’s support page says the company will not “disclose, discuss, or confirm security issues until a full investigation has occurred and any necessary patches or releases are available,” but describes the fail was addressed by “restoring missing validation steps.”
Apple did not immediately respond to TheBlaze for clarification on how soon fixes for Mac desktops and notebooks will be available.
Barely five years after the Large Hadron Collider began smashing atoms together in a bid to solve the mysteries of the universe, scientists are already planning to replace it with an enormous machine four times as large.
The plans, discussed by scientists at a meeting on ‘Future Circular Colliders’ in Geneva last week, would see a super collider built around the Swiss city in a tunnel 100km long. The current collider, built by the European Organisation for Nuclear Research (Cern) for £6bn, started up in late 2008.
Barely a week after it became operational, several tonnes of liquid helium leaked, delaying further tests for more than a year. But it has since repaid the faith of particle physicists and last year proved the existence of the Higgs boson – the subatomic particle that gives mass to matter.
But with the Large Hadron Collider due to go out of service before 2040, there is no time to waste in planning its replacement, argued Professor Philip Burrows, senior research fellow in physics at Oxford University.
“Since the gestation time for big accelerators is a couple of decades, we need to start thinking now if we want to have a design in hand for a possible new machine to come online at Cern in the late 2030s,” he said.
Dr Rolf Heuer, the director-general of Cern, added: “We very much hope that with the LHC running at higher energy next year, we might get the first glimpse of what dark matter is. And building on that I would assume that we then can build a physics case for a future circular collider.
The new 100km Cern tunnel is one of several proposals being considered to replace the LHC, which hurls atoms against each other at virtually the speed of light.
It is by no means certain that the collider would even be in Europe, with Japan and China interested in hosting one – and scientists are also in dispute about which particles should be tested. Some experts favour colliding protons, as is done in the 27km-long LHC, citing the ability to reach far higher energies and extremes of conditions in an attempt to simulate “Big Bang”-style conditions. Others are in favour of using electrons, as they are easier to direct and the results of tests easier to interpret.
Other plans include a compact linear collider, developing new technologies for putting energy into particle beams over short distances.
The costs of creating a new collider, in a 100km tunnel, would be enormous – an estimated 10 million cubic metres of rock would need to be dug up. Cern refuses to speculate on the sums involved, but given the £6.7bn cost of the LHC, where just 1.5 million cubic metres of rock were removed, it is likely to run to tens of billions.
Scientists are due to report to Cern on what should be built in 2018. Assuming there is agreement, it would take another 15 years or so to create the new collider.
Concerns remain over the unintended consequences of cutting-edge research. Scientists and legal experts warned that plans to upgrade the world’s second most powerful particle accelerator, at Brookhaven National Laboratory in New York, risked the creation of micro-black holes and “strangelets” – a theoretical form of matter which could create a chain reaction to convert everything into “strange matter” and destroy the planet. But then some feared the same of the LHC, and we have survived so far.
PUBLISHED: 14:15, 13 February 2014 | UPDATED: 16:55, 13 February 2014
It might sound like it has come straight out of a Star Wars film, but the International Space Station (ISS) is set to get a huge ‘laser cannon’ by the end of this year.
This laser, however, may leave Darth Vader a little underwhelmed, as instead of destroying the planet it will be used to study it in more detail.
Named the Cloud Aerosol Transport System, dubbed Cats, it will look at the distribution of aerosols in space to map pollution and changes in the climate.
The size of a refrigerator, Cats will provide detailed information about the particles in Earth's atmosphere
Aerosols are the tiny particles that make up haze, dust, air pollutants, and smoke and could have far-reaching on the planet’s environment,
When Iceland’s Eyjafjallajökull volcano erupted nearly four years ago, for instance, officials grounded flights in Europe.
They believed particles contained within its massive plume could damage aircraft engines, resulting in potentially deadly consequences for passengers.
Nasa couldn’t dispatch aircraft-borne instruments for the very same reasons European officials had grounded commercial aircraft.
But using Cats, when the next volcano erupts, Nasa will be able to monitor the spread of particles in Earth’s atmosphere from its space-based perch.
This refrigerator-sized sensor laser is scheduled to launch to the space station in late 2014 as a demonstration project and will fire around 5,000 laser pulses per second.
Its sensors will help researchers determine for the first time exactly what laser technology can do from space to measure tiny airborne particles - also known as aerosols - in Earth’s atmosphere.
Developed by scientist Matt McGill, and his team, Cats will be able to see the character as well as vertical and horizontal distribution of aerosols in a whole new light.
This will deliver more detailed information and could help scientists differentiate between the types of particles in the atmosphere.
‘You get better data quality because you make fewer assumptions, and you get, presumably, a more accurate determination of what kind of particles you’re seeing in the atmosphere,’ said Dr McGill.
Knowing where aerosols are located in the atmosphere - such as smoke from forest fires, dust blowing off vast deserts, and plumes from erupting volcanoes - is often critically important.
The station travels in a precessing orbit, which means that instead of passing over the same spot at the same time, its orbit moves.
The station’s ground track moves westward along each of 16 daily tracks as it travels, with ground track repeats every three days. As a result, CATS will provide good coverage of what’s happening over primary population centres.
In addition, the station passes over and along many of the primary aerosol-transport paths within Earth’s atmosphere.
One of Earth’s primary transport routes for airborne pollutants is from Asia. Particles are transported by circulation cells in Earth’s atmosphere over Japan, northward up just under Alaska, and then down towards the West Coast of the United States, making a big, inverted ‘U’ shape.
Long-term data from the laser may also reveal the shifts in global climate over time and location.