Security flaw in Android, iOS, and Mac

Discussion in 'Android News' started by pc747, Mar 4, 2015.

  1. pc747

    pc747 Administrator
    Staff Member Rescue Squad

    Joined:
    Dec 23, 2009
    Messages:
    24,718
    Likes Received:
    5,637
    Trophy Points:
    1,123
    Ratings:
    +6,242
    [​IMG]

    In all the exciting talk about android gaming systems, new phones, smart watches and pocket watches, I have to be a buzz kill and bring down the mood a little. There was a flaw back in the 90s that currently affect Mac, Android, and iOS (I would guess Linux machines since both iOS and Android were not built in the 90s) that forces websites to use a lower grade encryption for HTTPS connections. This exploit could allow hackers to steal personal information and data. Among some of the sites listed are American Express, Bloomberg, Business Insider, Marriott, and Groupon. Apple said they should have a fix out some time this week. Unfortunately Google can not push the fix to all Android devices as they have to deal with manufacturers and carriers.

    Source: Security flaw places Android iOS Mac users at risk from hacking on some major websites 9to5Google
     
  2. cybertec69

    cybertec69 Silver Member

    Joined:
    Apr 19, 2010
    Messages:
    2,207
    Likes Received:
    267
    Trophy Points:
    148
    Location:
    Staten Island, NY
    Ratings:
    +318
    Hackers will always find ways to hack "same guys who build the system, LOL", once a hole is patched another one pops up, and tomorrows news is...........
     
    • Agree Agree x 1
  3. thunderbolt_nick

    thunderbolt_nick Thunderbolt Rescue Squad
    Rescue Squad

    Joined:
    Nov 22, 2011
    Messages:
    1,194
    Likes Received:
    603
    Trophy Points:
    1,268
    Location:
    Orlando, FL
    Ratings:
    +724
    Current Phone Model:
    Nexus 6P
    Twitter:
    @nickburress2k2
    The only reason 'hackers' do anything anymore: so the press keep talking about them. Ya know for people who want to be sneaky and steal stuff they sure do love publicity.

    Anyways, the only shocking thing about this is that it is an exploit from the '90s...Daaaaaaaaaaaaaang. That is going back a ways. C'mon. WINDOWS '95! For shame...for shame.
     
  4. grenefroggie

    grenefroggie Super Moderator
    Staff Member

    Joined:
    May 18, 2011
    Messages:
    963
    Likes Received:
    398
    Trophy Points:
    203
    Location:
    KY
    Ratings:
    +464
    Current Phone Model:
    Google Nexus 5
    A white hat hacker will hack to find flaws. A black hat hacker usually wants something out of it or is doing something malicious. The lines are crossed often and some remain in the gray area. Hackings is generally good. Because the networks and software we make and maintain are designed by humans, there will always be flaws. Someone needs to find them.
     
    • Agree Agree x 1
  5. pc747

    pc747 Administrator
    Staff Member Rescue Squad

    Joined:
    Dec 23, 2009
    Messages:
    24,718
    Likes Received:
    5,637
    Trophy Points:
    1,123
    Ratings:
    +6,242
    What about the (rumored) flaws that are intentionally put in place for the government?
     
  6. grenefroggie

    grenefroggie Super Moderator
    Staff Member

    Joined:
    May 18, 2011
    Messages:
    963
    Likes Received:
    398
    Trophy Points:
    203
    Location:
    KY
    Ratings:
    +464
    Current Phone Model:
    Google Nexus 5
    They aren't hackers. The term hacker has been used and abused for a long time now. Kids running scripts they found on the internet call themselves hackers. That is just not the case.

    As far as the gov't putting custom firmwares on Cisco routers while in transit, I don't even know what to call it. I promise you they had Cisco's help to do it.
     
    • Like Like x 1
  7. pc747

    pc747 Administrator
    Staff Member Rescue Squad

    Joined:
    Dec 23, 2009
    Messages:
    24,718
    Likes Received:
    5,637
    Trophy Points:
    1,123
    Ratings:
    +6,242
    [​IMG]
    Good point.

    Though they hire hackers.
     
  8. grenefroggie

    grenefroggie Super Moderator
    Staff Member

    Joined:
    May 18, 2011
    Messages:
    963
    Likes Received:
    398
    Trophy Points:
    203
    Location:
    KY
    Ratings:
    +464
    Current Phone Model:
    Google Nexus 5
    That would be my guess. All of the "back doors" that the gov't has used to "break" in to things would have been a lot more difficult if backbone providers and ISPs didn't just hand over the keys.
     
    • Like Like x 1
  9. CezzBB

    CezzBB New Member

    Joined:
    Feb 19, 2015
    Messages:
    1
    Likes Received:
    0
    Trophy Points:
    1
    Ratings:
    +0
    This exploit was shared privately to all the big software and hosting providers with a time limit to fix before they released the actual hack publicly. Patches are already in the works.
     
  10. marcpiazza

    marcpiazza New Member

    Joined:
    Jan 16, 2015
    Messages:
    1
    Likes Received:
    1
    Trophy Points:
    3
    Ratings:
    +1
    Spot on... Both cases!

    I think, therefore I am...
     
    • Like Like x 1
  11. grenefroggie

    grenefroggie Super Moderator
    Staff Member

    Joined:
    May 18, 2011
    Messages:
    963
    Likes Received:
    398
    Trophy Points:
    203
    Location:
    KY
    Ratings:
    +464
    Current Phone Model:
    Google Nexus 5
    That is how all exploits should be handled. It is a moral and integrity issue. Exploits should be brought up to the developer/manufacturer/etc. Give them time to make patches and push them. Then announce the exploit. Sadly, this is not always how it works out.

    @CezzBB thanks for pointing that out, as I seemed to have missed it.