Announcement

After 5 years serving the vintage Apple enthusiast community, ThinkClassic has been marked for closure and is now in caretaker mode. Please see this thread for further information. Please direct any questions, comments and enquiries about the website, management and ownership to this thread.

You are not logged in.

#1 2015-08-29 06:59:37

yuhong
Member
Registered: 2015-06-19
Posts: 8

KCI attacks against TLS

Old versions of Mac OS X is listed as one of the affected OSes:
https://www.usenix.org/system/files/con … uschek.pdf
I think most of us don't use client certificates right? Remember that 10.4 and older are unlikely to have been updated to support secure renegotiation, and will likely use insecure renegotiation with client certs making it vulnerable to MITM attacks.

Offline

#2 2015-08-29 17:08:52

ClassicHasClass
Member
From: Electron Alley
Registered: 2014-05-26
Posts: 1,118
Website

Re: KCI attacks against TLS

Very likely. However, TenFourFox uses NSS, not the built-in Security framework, so it is unaffected.

Tobias has done some work on a replacement Security framework, but it's only for 10.5.


Machine room (updated for 2019!): http://www.floodgap.com/etc/machines.html

Offline

#3 2015-08-29 20:37:12

jt
Member
From: Bermuda Triangle, NC USA
Registered: 2014-05-21
Posts: 1,470

Re: KCI attacks against TLS

YAY for the white hats! cool

Offline

#4 2015-08-31 06:28:16

cc333
Member
From: North S.F. Bay Area, CA
Registered: 2014-05-23
Posts: 600

Re: KCI attacks against TLS

ClassicHasClass wrote:

Tobias has done some work on a replacement Security framework, but it's only for 10.5.

Do tell! I'm running my MDD with 10.5 as my main desktop Mac right now, and I'd like to get some info on this. Possibly a link as well.

c


Main Macs: Early '09 Mac Pro, Mid '12 MacBook Pro 13"
Secondary Macs: Early '08 Mac Pro, Mid '12 MacBook Pro 15"
Playthings: Mac SE/30, 3.0 GHz Mavericks-based HackServe, Many others....
Desired: Lisa, Kanga PowerBook G3, Apple IIc, Apple II, Spare parts, etc.

Offline

#5 2015-08-31 14:55:41

ClassicHasClass
Member
From: Electron Alley
Registered: 2014-05-26
Posts: 1,118
Website

Re: KCI attacks against TLS

If you install current versions of Leopard Webkit, it should be included.


Machine room (updated for 2019!): http://www.floodgap.com/etc/machines.html

Offline

#6 2015-09-04 00:19:45

techknight
Member
Registered: 2014-05-22
Posts: 453

Re: KCI attacks against TLS

You know, I had this funny feeling once websites/corporations started enforcing SSL, more and more, was going to force it to get attacked.

Kinda goes hand-in-hand. the more the public switches to something, the more the hackers are going to attack it.

Offline

Board footer

About ThinkClassic

ThinkClassic specialises in the use, maintenance, repair, restoration and modification of vintage computers and peripherals.