Security flaw in Android, iOS, and Mac

pc747 · Mar 4, 2015

In all the exciting talk about android gaming systems, new phones, smart watches and pocket watches, I have to be a buzz kill and bring down the mood a little. There was a flaw back in the 90s that currently affect Mac, Android, and iOS (I would guess Linux machines since both iOS and Android were not built in the 90s) that forces websites to use a lower grade encryption for HTTPS connections. This exploit could allow hackers to steal personal information and data. Among some of the sites listed are American Express, Bloomberg, Business Insider, Marriott, and Groupon. Apple said they should have a fix out some time this week. Unfortunately Google can not push the fix to all Android devices as they have to deal with manufacturers and carriers.

Source: Security flaw places Android iOS Mac users at risk from hacking on some major websites 9to5Google

cybertec69 · Mar 4, 2015

Hackers will always find ways to hack "same guys who build the system, LOL", once a hole is patched another one pops up, and tomorrows news is...........

thunderbolt_nick · Mar 5, 2015

The only reason 'hackers' do anything anymore: so the press keep talking about them. Ya know for people who want to be sneaky and steal stuff they sure do love publicity.

Anyways, the only shocking thing about this is that it is an exploit from the '90s...Daaaaaaaaaaaaaang. That is going back a ways. C'mon. WINDOWS '95! For shame...for shame.

grenefroggie · Mar 9, 2015

A white hat hacker will hack to find flaws. A black hat hacker usually wants something out of it or is doing something malicious. The lines are crossed often and some remain in the gray area. Hackings is generally good. Because the networks and software we make and maintain are designed by humans, there will always be flaws. Someone needs to find them.

pc747 · Mar 9, 2015

grenefroggie said:
A white hat hacker will hack to find flaws. A black hat hacker usually wants something out of it or is doing something malicious. The lines are crossed often and some remain in the gray area. Hackings is generally good. Because the networks and software we make and maintain are designed by humans, there will always be flaws. Someone needs to find them.

What about the (rumored) flaws that are intentionally put in place for the government?

grenefroggie · Mar 9, 2015

They aren't hackers. The term hacker has been used and abused for a long time now. Kids running scripts they found on the internet call themselves hackers. That is just not the case.

As far as the gov't putting custom firmwares on Cisco routers while in transit, I don't even know what to call it. I promise you they had Cisco's help to do it.

pc747 · Mar 9, 2015

grenefroggie said:
They aren't hackers. The term hacker has been used and abused for a long time now. Kids running scripts they found on the internet call themselves hackers. That is just not the case.

As far as the gov't putting custom firmwares on Cisco routers while in transit, I don't even know what to call it. I promise you they had Cisco's help to do it.

Good point.

Though they hire hackers.

grenefroggie · Mar 9, 2015

That would be my guess. All of the "back doors" that the gov't has used to "break" in to things would have been a lot more difficult if backbone providers and ISPs didn't just hand over the keys.

CezzBB · Mar 10, 2015

This exploit was shared privately to all the big software and hosting providers with a time limit to fix before they released the actual hack publicly. Patches are already in the works.

marcpiazza · Mar 10, 2015

grenefroggie said:
They aren't hackers. The term hacker has been used and abused for a long time now. Kids running scripts they found on the internet call themselves hackers. That is just not the case.

As far as the gov't putting custom firmwares on Cisco routers while in transit, I don't even know what to call it. I promise you they had Cisco's help to do it.

Spot on... Both cases!

I think, therefore I am...

grenefroggie · Mar 10, 2015

CezzBB said:
This exploit was shared privately to all the big software and hosting providers with a time limit to fix before they released the actual hack publicly. Patches are already in the works.

That is how all exploits should be handled. It is a moral and integrity issue. Exploits should be brought up to the developer/manufacturer/etc. Give them time to make patches and push them. Then announce the exploit. Sadly, this is not always how it works out.

@CezzBB thanks for pointing that out, as I seemed to have missed it.

Security flaw in Android, iOS, and Mac

pc747

Regular Member

cybertec69

Silver Member

thunderbolt_nick

Thunderbolt Rescue Squad

grenefroggie

Super Moderator

pc747

Regular Member

grenefroggie

Super Moderator

pc747

Regular Member

grenefroggie

Super Moderator

CezzBB

New Member

marcpiazza

New Member

grenefroggie

Super Moderator

Most reactions - Past 7 days

Similar threads