Hacker Newsnew | past | comments | ask | show | jobs | submitlogin

This is so bad that it is hard to imagine how it could have escaped notice until now, Apple really need to beef up their security competence. Lets hope that malevolent hackers were similarly asleep.


Indeed. My first thought upon seeing this: "how in the FUCK did automated testing not catch this IMMEDIATELY!?"

Absolutely terrifying that crypto safety is such a low QA priority that something like this could ever leave the building.


Because it's not a blatant regression, it's a complicate bug that requires a custom-patched TLS stack on the server to be explocited. As Adam Langley put it:

> A test case could have caught this, but it's difficult because it's so deep into the handshake. One needs to write a completely separate TLS stack, with lots of options for sending invalid handshakes. In Chromium we have a patched version of TLSLite to do this sort of thing but I cannot recall that we have a test case for exactly this. (Sounds like I know what my Monday morning involves if not.)


Except: ensuring that the server is signing with the right, certificate-certified private key is the major thing that TLS is supposed to provide.

So no matter how strange or malicious the server-side stack would need to be... not having a test for such a deviation is a major oversight.


The really scary thing is that there is basically no good testsuite for SSL/TLS in existence. I would not be surprised if other stupid bugs showed up in other implementations given one…


This is a good example of why static analysis is so useful. Testing this in QA is a non-trivial problem but simply adding a compiler flag would report it.


Same with openssh on OS X. For some unknown reason, Apple chose to disable ECDSA on ssh. You can generate the keys but you can't use them. Try it.




Guidelines | FAQ | Lists | API | Security | Legal | Apply to YC | Contact

Search: