An Extraordinary Kind of Stupid
[quote]Because the code in question was open source, some folks on YCombinator quickly located it; they pegged it as popping up first in the 10.9 release of OS X code. Google Web security guru Adam Langley posted a good technical analysis of the bug. But noncoders should know something about it too, because this bug is an object lesson in just how fragile the code that increasingly controls our lives can be. The simplicity with which a single mistaken line of code snowballed into one of the biggest security holes ever strikes fear into the hearts of engineers. It’s good to peek under the hood.
Below is the C code containing the bug, which occurs deep down in a security function called SSLVerifySignedServerKeyExchange. This function makes sure that the site your computer is talking to over an encrypted line (like google.com or chase.com) is really that site, rather than some “man in the middle
Apple security bug: critical flaw extraordinarily simple
For discussions about security.
Message
Author
Jump to
- House Training
- ↳ Beginners Help ( Start Here)
- ↳ Users ( For the regulars )
- ↳ Für deutschsprachige Anhänger
- ↳ Pour les francophones
- ↳ Usuarios de habla Hispana
- ↳ HOWTO ( Solutions )
- ↳ Bugs ( Submit bugs )
- Advanced Topics
- ↳ Additional Software (PETs, n' stuff)
- ↳ Package Collections / Repositories
- ↳ REQUESTS
- ↳ Browsers and Internet
- ↳ Business
- ↳ Compiling
- ↳ Desktop
- ↳ Documents
- ↳ Drivers
- ↳ Educational
- ↳ Engineering/Science/Simulation
- ↳ Eye Candy
- ↳ Filesystem
- ↳ Games
- ↳ Graphics
- ↳ Multimedia
- ↳ Network
- ↳ Security/Privacy
- ↳ System
- ↳ Utilities
- ↳ Virtualization
- ↳ Unsorted
- ↳ Cutting edge
- ↳ Multi-session live-CD/DVD
- ↳ Hardware
- ↳ Audio
- ↳ Networking
- ↳ Dialup
- ↳ Ethernet
- ↳ Wireless
- ↳ Printers
- ↳ Video
- ↳ Puppy Derivatives
- ↳ Puppy Projects
- ↳ Next Puppy Development
- ↳ 4.x
- ↳ Bugs (4.x dev)
- ↳ Usability Issues (4.x dev)
- ↳ 5.x
- ↳ Bugs (5.x dev)
- ↳ Usability Issues (5.x dev)
- ↳ Localization Project
- ↳ Documentation Project
- Taking the Puppy out for a walk
- ↳ Announcements
- ↳ Puppy Power
- ↳ Suggestions
- ↳ Misc
- Off-Topic Area
- ↳ Programming
- ↳ Security
- ↳ Truly off-topic conversations
- ↳ Spam reports