iTunes Security Flaw Sees Unencrypted Password Transmissions: Researcher
iTunes users on Windows are vulnerable to a serious SSL certificate flaw that allows hackers to intercept their passwords, which are easy to intercept because Apple doesn’t hash passwords before sending them to the server. This leaves the SSL connection vulnerable to a man-in-the-middle attack, according to security researcher Mark Loman as reported by Dutch...
Proof of Concept of Apple’s “Gotofail” Exploit Developed in Less Than a Day
A New Zealand security consultant has developed a proof of concept of the currently open OS X security vulnerability known as "gotofail", which was uncovered during the weekend (via ZDNET). And on OSX, I have full interception of software update traffic. pic.twitter.com/v2BlWdWjyz— Aldo Cortesi (@cortesi) February 25, 2014 After modifying his existing mitmproxy code, Aldo...