Yahoo Breach: Find Out If You Can Claim Up To $25,000 – Forbes
Yahoo Breach: Find Out If You Can Claim Up To $ 25,000 Forbes
“data breach” – read more
Yahoo Breach: Find Out If You Can Claim Up To $ 25,000 Forbes
“data breach” – read more
Full coverage |
Washington Free Beacon |
China's Intelligence Networks in United States Include 25000 Spies
Washington Free Beacon "And he was responsible for sending out spies as well as for counter espionage, also vis a vis the U.S. So, Ma Jian knows everything about the United States." Guo is a Chinese real estate investor who fled China in 2015. He currently resides in New … |
At least 25,000 iOS apps available in Apple’s App Store contain a critical vulnerability that may completely cripple HTTPS protections designed to prevent man-in-the-middle attacks that steal or modify sensitive data, security researchers warned.
As was the case with a separate HTTPS vulnerability reported earlier this week that affected 1,500 iOS apps, the bug resides in AFNetworking, an open-source code library that allows developers to drop networking capabilities into their iOS and OS X apps. Any app that uses a version of AFNetworking prior to the just-released 2.5.3 may expose data that’s trivial for hackers to monitor or modify, even when it’s protected by the secure sockets layer (SSL) protocol. The vulnerability can be exploited by using any valid SSL certificate for any domain name, as long as the digital credential was issued by a browser-trusted certificate authority (CA).
“The result is an attacker with any valid certificate can eavesdrop on or modify an SSL session initiated by an app with this flawed library,” Nate Lawson, the founder of security analytics startup SourceDNA, told Ars. “The flaw is that the domain name is not checked in the cert, even though the cert is checked to be sure it was issued by a valid CA. For example, I can pretend to be ‘microsoft.com’ just by presenting a valid cert for ‘sourcedna.com.'”
Read 8 remaining paragraphs | Comments