Feb 26, 2014

What is a “privileged network position?”

Apple's Gotofail security flaw has apparently been patched on both iOS and OS X. That’s great, although I’m concerned about the time between when I learned about it and when the flaw was introduced. In one of Apple’s press releases, they said that, “An attacker with a privileged network position may capture or modify data in sessions protected by SSL/TLS.” What does this mean, exactly? What constitutes a privileged network position?

What you need to know about Apple's SSL bug

"News of a serious vulnerability within Apple’s implementation of a key encryption technology has been making the rounds this weekend. Read on to find out more about what the flaw is, and how it affects you. "

 Basically, that’s a fancy way of saying that they when you are having an Egg McMuffin and checking your email over the WiFi at McDonalds, the attacker is at the same McDonalds and has the ability to instigate a Man in the Middle (MitM) attack. At least, that’s what I think it means. I’m pretty sure it is a term Apple came up with to make its mistake sound less scary.

Answer this