Tuesday, 25 February 2014

SSL bug Protect your Mac


You can bypass the SSL vulnerability in OS X with a handful of temporary changes, till a computer code fix is formed accessible.

Recently, Apple released an iOS update to address a bug with its SSL implementation, which would allow a nefarious individual on the same local network as your computer to intercept sensitive information as you browse the Web.

This type of attack, known as a man-in-the-middle attack, is feasible as a result of within the latest versions of OS X and iOS (up to version seven.0.5) the software system doesn't check the signature in a very TLS Server Key Exchange Message, permitting a third-party to spoof a non-public key or just omit exploitation one and intercept the SSL knowledge. Since encrypted SSL knowledge is employed for sensitive info like money and medical records, this might doubtless offer somebody access to the information if you're accessing it on a public or otherwise shared network.

Apple has issued a fix for this in iOS with version seven.0.6, that was free last Friday; but, this solely addresses the matter in iOS and not OS X. Apple has aforesaid a fix are accessible before long for the desktop software system, however up to now has not mentioned a unharness date. whereas a fix can seemingly come back among future week, till then you'll be able to take steps to make sure your system is correctly secured.

Use a patched browser
This problem affects Apple's Safari browser, and may affect versions of Chrome running on test releases of OS X. Therefore, until a fix is released you might consider downloading and using Firefox, which has been deemed safe from this bug. You can test any browser you use by going to this Web site, which will run a test and notify you if your browser's SSL data can be intercepted.

Avoid public networks
While this problem exists, it can only be taken advantage of if an attacker is on the same local network as yourself. Therefore, if you are using a publicly-accessible network such as those at cafes or libraries, then be sure to either use an unaffected browser, or avoid accessing banking and other sites with sensitive data.

For more from the XpertCrewTM team please follow us on Twitter @Techvedic or 

our Facebook Page- 

or  contact us at

U.S. +855-859-0057 (http://www.techvedic.com/  )
U.K. +800-635-0716 (http://www.techvedic.co.uk/ )
CA  1-855-749-5861 (http://www.techvedic.ca/ )
AU  1-800-197-298  (http://www.techvedic.com.au/ )
And yes, we are eagerly waiting for your valuable feedback. Do write us back. We would be more than happy to help you. We are available 24/7.


Post a Comment