You are not logged in.

#1 2015-08-29 06:59:37

yuhong
Member
Registered: 2015-06-19
Posts: 7

KCI attacks against TLS

Old versions of Mac OS X is listed as one of the affected OSes:
https://www.usenix.org/system/files/con … uschek.pdf
I think most of us don't use client certificates right? Remember that 10.4 and older are unlikely to have been updated to support secure renegotiation, and will likely use insecure renegotiation with client certs making it vulnerable to MITM attacks.

Offline

#2 2015-08-29 17:08:52

ClassicHasClass
Member
From: Electron Alley
Registered: 2014-05-26
Posts: 1,089
Website

Re: KCI attacks against TLS

Very likely. However, TenFourFox uses NSS, not the built-in Security framework, so it is unaffected.

Tobias has done some work on a replacement Security framework, but it's only for 10.5.

Offline

#3 2015-08-29 20:37:12

jt
Member
From: Bermuda Triangle, NC USA
Registered: 2014-05-21
Posts: 1,404

Re: KCI attacks against TLS

YAY for the white hats! cool

Offline

#4 2015-08-31 06:28:16

cc333
Member
From: North S.F. Bay Area, CA
Registered: 2014-05-23
Posts: 566

Re: KCI attacks against TLS

ClassicHasClass wrote:

Tobias has done some work on a replacement Security framework, but it's only for 10.5.

Do tell! I'm running my MDD with 10.5 as my main desktop Mac right now, and I'd like to get some info on this. Possibly a link as well.

c


Main Macs: Early '09 Mac Pro, Mid '12 MacBook Pro 13"
Secondary Macs: Early '08 Mac Pro, Mid '12 MacBook Pro 15"
Playthings: Mac SE/30, 3.0 GHz Mavericks-based HackServe, Many others....
Desired: Lisa, Kanga PowerBook G3, Apple IIc, Apple II, Spare parts, etc.

Offline

#5 2015-08-31 14:55:41

ClassicHasClass
Member
From: Electron Alley
Registered: 2014-05-26
Posts: 1,089
Website

Re: KCI attacks against TLS

If you install current versions of Leopard Webkit, it should be included.

Offline

#6 2015-09-04 00:19:45

techknight
Member
Registered: 2014-05-22
Posts: 449

Re: KCI attacks against TLS

You know, I had this funny feeling once websites/corporations started enforcing SSL, more and more, was going to force it to get attacked.

Kinda goes hand-in-hand. the more the public switches to something, the more the hackers are going to attack it.

Offline

Board footer

About ThinkClassic

ThinkClassic specialises in the maintenance, repair, restoration and modification of Vintage Apple and Macintosh computers. Ask questions and find answers about classic Apple desktops, laptops, accessories and peripherals.