Apple's "goto fail" SSL major security failure

[ñͤͣ̄ͦ̌̑͗͊͛͂͗ ̸̨̨̣̺̼̣̜͙͈͕̮̊̈́̈͂͛̽͊ͭ̓͆ͅé ̰̓̓́ͯ́́͞]

Here's a good run-down from ars technica:

The flaw, according to researchers, causes most iOS and Mac applications to skip a crucial verification check that's supposed to happen when many transport layer security (TLS) and secure sockets layer (SSL) connections are being negotiated. Specifically, affected apps fail to check that the ephemeral public key presented by servers offering Diffie Hellman-supported encryption is actually signed by the site's private key. Attackers with the ability to monitor the connection between the end-user and the server can exploit this failure to completely decrypt and manipulate the traffic by presenting the app with a counterfeit key.

An attacker "can basically set up a connection and pretend to be Google.com," Matt Green, a Johns Hopkins University professor specializing in encryption, told Ars. The attacker "can basically say: 'Hey I'm Google, here's my signature. And since nobody is actually going to check the signature, [the attacker] just puts nonsense in there."

http://arstechnica.com/security/2014/02/extremely-critical-crypto-flaw-in-ios-may-also-affect-fully-patched-macs/

I like the commentary Kristin Paget (a former Apple security engineer) left on her blog, which was republished in Forbes:

"Did you seriously just use one of your platforms to drop an SSL 0day on your other platform?" she writes, using the phrase "zero-day," an industry term for a previously unknown security flaw. "As I sit here on my mac I'm vulnerable to this and there's nothing I can do, because you couldn't release a patch for both platforms at the same time? You do know there's a bunch of live, working exploits for this out in the wild right now, right?"

http://www.forbes.com/sites/andygreenberg/2014/02/24/former-apple-security-engineer-to-apple-fix-your-sh-t/

I can't tell if this is a backdoor left for spooks, a disgruntled Apple engineer, or some kind of internal corporate clusterfuck.

Maybe some mix of the three?

[Junkenstein]

I can't tell if this is a backdoor left for spooks, a disgruntled Apple engineer, or some kind of internal corporate clusterfuck.

I'd guess the backdoor and clusterfuck options to be the most likely. A disgruntled engineer would have used this to do a lot more damage or even more directly charge the company $X to fix the "problem" as a very highly paid consultant.

It is nice to see this kind of thing affecting Macs more often, the number of idiots I deal with who are convinced they are safe and secure "because I bought a Mac" is stunning on a daily basis.

[P3nT4gR4m]

The goto fail bug itself looks pretty straightforward. As someone who's debugged a million of these, copy and paste has a lot to answer for.

For this bug to make it into production, is completely beyond me. Essentially it suggests that it hasn't been tested. At all. Ever. On that basis, there's no reason to expect they've tested anything else, either. Forget NSA backdoors, it's just as likely your phone is broadcasting any and all secure or encrypted information in plain text. Given that any of those subsystems and protocols might well never have been tested either.

I think microsoft might have just lost their soft target status. 

[ñͤͣ̄ͦ̌̑͗͊͛͂͗ ̸̨̨̣̺̼̣̜͙͈͕̮̊̈́̈͂͛̽͊ͭ̓͆ͅé ̰̓̓́ͯ́́͞]

I can't tell if this is a backdoor left for spooks, a disgruntled Apple engineer, or some kind of internal corporate clusterfuck.

I'd guess the backdoor and clusterfuck options to be the most likely. A disgruntled engineer would have used this to do a lot more damage or even more directly charge the company $X to fix the "problem" as a very highly paid consultant. 

I don't know, it appears that exploits are indeed in the wild, as Kristen Paget claimed:

I've confirmed full transparent interception of HTTPS traffic on both IOS (prior to 7.0.6) and OSX Mavericks. Nearly all encrypted traffic, including usernames, passwords, and even Apple app updates can be captured. This includes:

App store and software update traffic
iCloud data, including KeyChain enrollment and updates
Data from the Calendar and Reminders
Find My Mac updates
Traffic for applications that use certificate pinning, like Twitter

It's difficult to over-state the seriousness of this issue. With a tool like mitmproxy in the right position, an attacker can intercept, view and modify nearly all sensitive traffic. This extends to the software update mechanism itself, which uses HTTPS for deployment.

http://corte.si/posts/security/cve-2014-1266.html

Looks pretty bad.

[Junkenstein]

For this bug to make it into production, is completely beyond me. Essentially it suggests that it hasn't been tested. At all. Ever. On that basis, there's no reason to expect they've tested anything else, either

Occam's razor may prove correct again. Macs don't break. Macs don't get viruses. Macs are used by professionals, made by professionals. Why should I check his shitty code? He's a professional.

It's going to be interesting to see how this develops though. I bet Bill Gates is laughing is ass off at old Steve all over again.

[P3nT4gR4m]

A big part of the reason macs don't get viruses has always been (comparativey speaking) there are hardly any. M$ is the main target because if you capture a hole in windows you get all the computers. There's a lot more money in it. iPhones have a much bigger market penetration. A much more attractive proposition with regards return on investment. If you can capture all the iphones you have a kick ass botnet.

The other part is the closed system. which is a double edged source. Think about this - nobody found the SSL exploit because nobody was bothering to put in the extra effort to crack apples os. This is not true of iphones and ipads which have a significant market share. If apple devices are eventually virused, apple is effectively on it's own with no third party developers producing proper end point security packages, they're stuck, putting out fires on their own, with a department that doesn't exist yet. This has the potential to do a fuckton of damage.

I've always thought that apple was a potential timebomb in this respect. Now I've just found out that their SSL trust is always-on.

[ñͤͣ̄ͦ̌̑͗͊͛͂͗ ̸̨̨̣̺̼̣̜͙͈͕̮̊̈́̈͂͛̽͊ͭ̓͆ͅé ̰̓̓́ͯ́́͞]

The fix is out, finally.

[Reginald Ret]

HAHAHAHAHAHAHAHAHAHAHAHAHAHA

Let me say that again:
HAHAHAHAHAHAHAHAAHAHAHAHAHAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAGHCK
SPUTTER SPIT, HAH!

[Junkenstein]

The depressing thing is that apple could do a press release, right now, saying that Russian kids sold everyones everything to chinese kids and no-ones able to fix it but this Iphone is blue!

And it would sell. And sell well. Brand loyalty in the future could quite literally cost you everything, particularly as the trend continues to online wallets and contactless payment systems.

[P3nT4gR4m]

The depressing thing is that apple could do a press release, right now, saying that Russian kids sold everyones everything to chinese kids and no-ones able to fix it but this Iphone is blue!

And it would sell. And sell well. Brand loyalty in the future could quite literally cost you everything, particularly as the trend continues to online wallets and contactless payment systems.

And someone, somewhere is trying to convince me that feeding on these creatures is, in some way, morally questionable.

[Junkenstein]

Over a given length of time it's reasonable to expect security fuckups to occur to some degree for pretty much anyone. What's getting me here is the potential scale of damage that could be inflicted.

I wonder if there's any kind of mitigating clause in the EULA? If an idiot can think of it at 11 at night a well paid lawyer must have written in something to avoid potential backlash. That said, EULA's being as they are, there could already be a clause in some stating "We're totally giving the NSA access to everything and anything about you. It's cool. Relax."