grawk Posted February 25, 2014 Report Share Posted February 25, 2014 unless sprint's network's been exploited you should be fine Quote Link to comment Share on other sites More sharing options...
grawk Posted February 25, 2014 Report Share Posted February 25, 2014 Are you being targeted? I think it's fair to say everyone's being targeted if you get on a network that's been hacked. Â As to what you have to lose, well, it depends on what you use your computer for. Â This one isn't minor. Quote Link to comment Share on other sites More sharing options...
Voltron Posted February 25, 2014 Report Share Posted February 25, 2014 yes  more specifically:  immediately upgrade your iphone, and stop using safari on your mac.  I wonder if I have to worry using iOS 5.1.1.  Seems unlikely to target something a couple of years out of date... Quote Link to comment Share on other sites More sharing options...
Dusty Chalk Posted February 25, 2014 Report Share Posted February 25, 2014 I disagree, Jacob. Basically, SSL is broken. That's pretty major. Your fanboyism can only go so far. You can't try to brainwash a security flaw away.  I don't know how far back the fault goes, but found this:  So goto fail was added before October 2013. It is in 10.9 but not 10.8.5; and it is in iOS 6.1 and iOS7...Ouch ...sounds like the fault itself doesn't go back that far, Al. 1 Quote Link to comment Share on other sites More sharing options...
grawk Posted February 25, 2014 Report Share Posted February 25, 2014 I don't get on networks that have been hacked, AFAIK.  It's not minor, but it's not the doomsday scenario that so many are puking, either. it's the "afaik" that's important.  You don't know.  You have no way of knowing.  I personally won't use a mac except on my home network at this point.  Tho in all likelihood, the damage has been done, if it's going to be.  That said, I'm not particularly worried about personal consequences so much as potential work consequences.   I stopped using my work computer on non-work/home/mifi networks 2 years ago tho, and all traffic is vpn on it. Quote Link to comment Share on other sites More sharing options...
grawk Posted February 25, 2014 Report Share Posted February 25, 2014 Does UC have separate real and student networks? Â Because I know at the university of alaska, the student network was a cesspit. Quote Link to comment Share on other sites More sharing options...
grawk Posted February 25, 2014 Report Share Posted February 25, 2014 cool  My job has me so paranoid about network activity in general... Quote Link to comment Share on other sites More sharing options...
Dusty Chalk Posted February 25, 2014 Report Share Posted February 25, 2014 Me too. Can't trust fucking anyone any more. A week ago Sunday an automatic backup that I forgot I installed started up right in the middle of something. My performance dropped by 50%, and my first thought was that I'd been hacked.  Also, capitalone.com home page has a fault in the embedded css pages, where they try to run scripts on 127.0.0.1 and the gateway. Quote Link to comment Share on other sites More sharing options...
shellylh Posted February 25, 2014 Report Share Posted February 25, 2014 Would it be helpful, after upgrading ios7, to change important passwords or is that overkill?  I am hoping Sprint's network hasn't been exploited... Quote Link to comment Share on other sites More sharing options...
grawk Posted February 25, 2014 Report Share Posted February 25, 2014 It's probably never a bad idea to change important passwords, and enable 2 factor authentication whenever you can.  Do it from home or work tho...  Also, 15 character passwords, mixed for anything that matters.  There are lookup tables for almost anything less than that readily available in the black hat world. Quote Link to comment Share on other sites More sharing options...
shellylh Posted February 25, 2014 Report Share Posted February 25, 2014 In general, is it safer to use Rice's VPN when at home (assuming that I have a router setup with WPA2 and a very difficult pw) or not to use it?  I am always slightly worried that the university's network isn't so safe with all the students on it but I know very little about network security (and I am paranoid).  Quote Link to comment Share on other sites More sharing options...
grawk Posted February 25, 2014 Report Share Posted February 25, 2014 if the students are on the network you use, I'd to the opposite, and VPN home Quote Link to comment Share on other sites More sharing options...
shellylh Posted February 25, 2014 Report Share Posted February 25, 2014 (edited) Â I guess you are probably serious about this. Â How difficult would this be to setup and make sure it is secure? Â How would I be able to tell how secure it is to be on the network on campus? Edited February 25, 2014 by shellylh Quote Link to comment Share on other sites More sharing options...
HeadphoneAddict Posted February 25, 2014 Report Share Posted February 25, 2014 (edited) I use wifi at the local coffee shop a lot, as well as whenever I'm visiting my daughter for a weekend at CU Boulder or at my mother-in-law's house, to name a few.  I just worry about random people with wifi sniffers or packet sniffers (whatever) and them being able to steal my logins and such.  The thing is, I thought that anyone who can insert themselves into the pipe between you and the encrypted site you visit can get you, without targeting you by trying to get into your local network.  Do they have to be on the same network as you and target just you, or can they be out in the ether like the NSA and scoop up everything?  EDIT - link http://appleinsider.com/articles/14/02/24/apple-nearing-release-of-os-x-1092-with-support-for-facetime-audio-fixes-for-mail-safari Edited February 25, 2014 by HeadphoneAddict Quote Link to comment Share on other sites More sharing options...
grawk Posted February 25, 2014 Report Share Posted February 25, 2014 this exploit puts "the adversary" in the middle of your encrypted connections (and anyone else's) if they've taken control of the network. Â Network sniffing is a different problem. Â Both are solved with a mifi. Quote Link to comment Share on other sites More sharing options...
HeadphoneAddict Posted February 25, 2014 Report Share Posted February 25, 2014 this exploit puts "the adversary" in the middle of your encrypted connections (and anyone else's) if they've taken control of the network. Â Network sniffing is a different problem. Â Both are solved with a mifi. Â I'm not sure I understand - do you mean mifi as in MiFi hotspot on a cell provider? Â The cell providers are safe in this case? Â Why is that any different from connecting via ethernet or secured wifi at home? Quote Link to comment Share on other sites More sharing options...
grawk Posted February 25, 2014 Report Share Posted February 25, 2014 it isn't. Â That's what I'm recommending. Â Don't use your computer on any public network. Quote Link to comment Share on other sites More sharing options...
Dusty Chalk Posted February 25, 2014 Report Share Posted February 25, 2014 What's really alarming about this bug is how bad Apple's security engineering is. A code review would have caught this bug. A sensible C style guide would have prevented this bug. Lint would have caught this bug. A static analyzer would have caught this bug. A unit test would have caught this bug. An integration test would have caught this bug. Apparently Apple is following none of these established engineering practices. That's bad in general, but for a critical security library it's outright negligence.  Not doing this to cause Jacob an aneurysm, just sharing with anyone who cares about the finer details of the flaw. It's really pretty horrendous. Any Freshman level programmer would immediately be able to see the flaw. Quote Link to comment Share on other sites More sharing options...
Cankin Posted February 25, 2014 Report Share Posted February 25, 2014 Restored my Air back to Mountain Lion. I use public Wifi a lot. Quote Link to comment Share on other sites More sharing options...
shellylh Posted February 25, 2014 Report Share Posted February 25, 2014 Ugh, I hope Apple isn't going to turn into the security nightmare that Windows seems to be.  I don't really want to switch to Linux... of course, I am only assuming that Linux is more secure than Mac OS X. Quote Link to comment Share on other sites More sharing options...
shellylh Posted February 25, 2014 Report Share Posted February 25, 2014 Also, capitalone.com home page has a fault in the embedded css pages, where they try to run scripts on 127.0.0.1 and the gateway.  Should we avoid this page for now?  Not sure if this is a real problem or not.  Quote Link to comment Share on other sites More sharing options...
Dusty Chalk Posted February 25, 2014 Report Share Posted February 25, 2014 I refuse to use capitalone.com on my computer until they fix it. I mean, that's the login page.  I noticed this because I use noscript, and the only domain I should have to open up for that page is capitalone.com, yet for some reason (that I have been too lazy to track down), it also wants 127.0.0.1 and...whatever your router is. Feel free to double-check for yourselves, I would love to have outside corroboration. And if it is just me, I'd like to know that, too, for obvious reasons. Quote Link to comment Share on other sites More sharing options...
grawk Posted February 25, 2014 Report Share Posted February 25, 2014 This is a privacy/security problem (that may be more widespread than is currently being reported).  There is a separate ball of wax that is the windows malware situation. Quote Link to comment Share on other sites More sharing options...
Dusty Chalk Posted February 25, 2014 Report Share Posted February 25, 2014 Ugh, I hope Apple isn't going to turn into the security nightmare that Windows seems to be.  I don't really want to switch to Linux... of course, I am only assuming that Linux is more secure than Mac OS X. Yeah, not a safe assumption. There's no such thing as no risk, there's only manageable risk. Quote Link to comment Share on other sites More sharing options...
grawk Posted February 25, 2014 Report Share Posted February 25, 2014 the insidious thing about the openssl problem is that the man in the middle attack could be coming from ANYWHERE in the middle. Â The more I think about it the more I want to go back to face to face banking. Â The scope of this could end up being bigger than the backdoor that was in the openssl libraries for over 10 years. Quote Link to comment Share on other sites More sharing options...
Recommended Posts
Join the conversation
You can post now and register later. If you have an account, sign in now to post with your account.