How a single line in the code compromised security on all Apple devices
‘Bug’, a term that makes most developers dread at night and the reason why they incessantly phase-out and stare into space when you’re talking to them. While that is both somewhat sad and true, the reality isn’t so bad. Bugs are identified all the time in software and are impossible to avoid, simply because we are humans and we make mistakes. Most of the bugs are eliminated through rigoroussoftware testing *but some slip through the net. But the ones that do go viral are the silly but detrimental ones. One such bug was *Apple’s infamous code bug, informally referred to as “goto fail” or officially as “CVE-2014–1266”.
The bug impaired Apple devices’ ability to verify the authenticity of the websites you visited. This meant that your iPhone could not tell the difference between your actual bank websites and an imposter.
Before we understand what went wrong, we need to understand _‘SSL’ — Secure Sockets Layer: _the mechanism which allows computers to trust and verify websites on the internet. Your browser does this for you every time and this is how it looks:
Image by Author: Komal Venkatesh Ganesan
These days, all websites use HTTPS(i.e, HTTP with SSL) to connect securely. That forces the website you visit to present a certificate to prove its authenticity. Your computer then verifies this against a set of pre-loaded keys in the browser to see if it was digitally “signed” by a certification body. This ‘digital signature’ utilises the math of asymmetric cryptography. If that math works out and the certificate proves to be signed by one of the certificate authority(CA) keys in the browser — it gives you a green light and everything is hunky-dory. Nobody can sniff on your data or hijack your web-sessions.
But when there is an imposter at the other end, your browser stops you. Here’s an example I created in python pretending to be the wikipedia.org server:
Image By Author: Komal Venkatesh Ganesan
The browser knows this because I don’t have a certificate signed by one of the authorities that the browser validates against. In fact, I signed the certificate myself saying, _‘I am wikipedia.org’ _(not the greatest of hacks), but SSL knows this and protects you from it. Notice — “self-signed root certificate”:
To make the most out of the benefits of offshore software development, you should understand the crucial factors that affect offshore development.
Check out these five criteria for the selection of your software vendor, and you will never regret having the wrong quality product made for you.
Vinew Technologies focused majorly over ERP Software services and POS Software services, Web & Application development services & Woo commerce and Wordpress easy-to-use, multipurpose social media plugin for WordPress.
**Quick Summary:** Looking at the current market size of the Global Offshore Software Development, the future seems to be on the pinnacle of success. With the pace of technological advancements, the next decade of software development, meetings...
Wrestling betting software development solutions from expert Wrestling betting app and software development company delivers ultimate betting experience. Chat with us.