It's a really interesting failure that is hard to find in any typical certificate validation tests. The nature of the 'bug' is the ideal type of implementation error that is readily exploitable and hard to detect (without source code). The security flaw only shows up if a specially constructed server swaps keys at a point in the TLS exchange that results in incorrectly validating the certificate/key.
You would think that a developer writing the code or anyone reviewing would notice the duplicate line (line 631 http://opensource.apple.com/source/Security/Security-55471/libsecurity_ssl/lib/sslKeyExchange.c ) The extra 'goto Fail' occurs in a location where no lines of code were directly changed from the prior version (AKAICT). Bugs are common, but a extra 'cut paste' error does not seem viable. It's not likely a merge error since the lines before and after are not touched from the prior version.
The big question is if Apple can identify when and how this 'bug' was inserted.
Hi pioneering efforts with wearable foreshadow the very interesting social impacts possible with the broader adoption of wearable devices (like the Google Glass).
Is this a security thing to prevent rogue APs, or are they protecting profits of the local hotspot?
The resurrected 6-10GHz band being adjacent to the current Wi-Fi 5GHz band is potentially an easy target for companies to extend their chips into new spectrum with very high throughput.
But does the market really need either technology. They are both have a very limited range that makes them primarily a solution for docking a very close data exchange.
Still - big money is now bet bet on two different technologies - supporters of one technology will be very threatened by the other - so the battles are beginning.
The first major volley will be in a couple of weeks in efforts to extend 802.11ac into 6-1`0GHz in the IEEE standards.
Enterprise MobileNext Forum Announces Agenda and Speakers
Bulletin. Investor Alert. Investors bet on Europe. Sign in. Become a MarketWatch member today. Front Page; News Viewer; Commentary; Markets;
YES! Congress isn't killing white spaces broadband before it's born
Both houses of Congress have reached a compromise a few wireless spectrum issues that had the potential to put the kibosh on innovation and
Why the days are numbered for Hadoop as we know itWhy the days are numbe...
For better or worse, Hadoop has become synonymous with big data. In just a few years it has gone from a fringe technology to the de facto st
Opal & Twig: Potions and Powers - Redesigns and Expansion into Retai...
What started as a creative gift for our founder's 5-yr-old daughter is now almost ready for national retail distribution! Help us spread the
U.S. deaths in drone strike due to miscommunication, report says
A Marine and a Navy medic killed by a U.S. drone airstrike were targeted when Marine commanders in Afghanistan mistook them for Taliban