You are not logged in.
- Topics: Active | Unanswered
Pages: 1
#1 2015-08-29 06:59:37
- yuhong
- Member
- Registered: 2015-06-19
- Posts: 7
KCI attacks against TLS
Old versions of Mac OS X is listed as one of the affected OSes:
https://www.usenix.org/system/files/con … uschek.pdf
I think most of us don't use client certificates right? Remember that 10.4 and older are unlikely to have been updated to support secure renegotiation, and will likely use insecure renegotiation with client certs making it vulnerable to MITM attacks.
Offline
#2 2015-08-29 17:08:52
- ClassicHasClass
- Member
- From: Electron Alley
- Registered: 2014-05-26
- Posts: 1,115
- Website
Re: KCI attacks against TLS
Very likely. However, TenFourFox uses NSS, not the built-in Security framework, so it is unaffected.
Tobias has done some work on a replacement Security framework, but it's only for 10.5.
Machine room: http://www.floodgap.com/etc/machines.html
Offline
#3 2015-08-29 20:37:12
- jt
- Member
- From: Bermuda Triangle, NC USA
- Registered: 2014-05-21
- Posts: 1,410
Re: KCI attacks against TLS
YAY for the white hats!
jt AKA: Oddball+Trash80toHP_Mini+Trash80toG-4 **** Gamba2 * Mac68k * Go, Duck, Go! * PersonalInfoHoover
Offline
#4 2015-08-31 06:28:16
- cc333
- Member
- From: North S.F. Bay Area, CA
- Registered: 2014-05-23
- Posts: 578
Re: KCI attacks against TLS
Tobias has done some work on a replacement Security framework, but it's only for 10.5.
Do tell! I'm running my MDD with 10.5 as my main desktop Mac right now, and I'd like to get some info on this. Possibly a link as well.
c
Main Macs: Early '09 Mac Pro, Mid '12 MacBook Pro 13"
Secondary Macs: Early '08 Mac Pro, Mid '12 MacBook Pro 15"
Playthings: Mac SE/30, 3.0 GHz Mavericks-based HackServe, Many others....
Desired: Lisa, Kanga PowerBook G3, Apple IIc, Apple II, Spare parts, etc.
Offline
#5 2015-08-31 14:55:41
- ClassicHasClass
- Member
- From: Electron Alley
- Registered: 2014-05-26
- Posts: 1,115
- Website
Re: KCI attacks against TLS
If you install current versions of Leopard Webkit, it should be included.
Machine room: http://www.floodgap.com/etc/machines.html
Offline
#6 2015-09-04 00:19:45
- techknight
- Member
- Registered: 2014-05-22
- Posts: 453
Re: KCI attacks against TLS
You know, I had this funny feeling once websites/corporations started enforcing SSL, more and more, was going to force it to get attacked.
Kinda goes hand-in-hand. the more the public switches to something, the more the hackers are going to attack it.
Offline
Pages: 1