- On The Heels of Air Force Switch to iPhone, Apple Announces
  • On The Heels of Air Force Switch to iPhone, Apple Announces Serious Flaw in their SSL Implementation

    Fresh off the Announcement that the United States Air Force is trading in their BlackBerry's for Apple's iPhone, comes an announcement from Cupertino that they've discovered a serious security flaw in their implementation of their SSL/TSL data protection on not only OS X but for their iOS powered devices as well.

    In a support document regarding the patch for this specific problem Apple noted that the bug would allow "an attacker with a 'privileged network position' to capture or modify data protected by SSL/TLS."

    The security site CrowdStrike actually goes into more detail about how serious the flaw was:

    To pull off the attack an adversary has to be able to Man-in-The-Middle (MitM) network connections, which can be done if they are present on the same wired or wireless network as the victim. Due to a flaw in authentication logic on iOS and OS X platforms, an attacker can bypass SSL/TLS verification routines upon the initial connection handshake.

    This enables an adversary to masquerade as coming from a trusted remote endpoint, such as your favorite webmail provider and perform full interception of encrypted traffic between you and the destination server, as well as give them a capability to modify the data in flight (such as deliver exploits to take control of your system).

    This security flaw and it's potential for exploitation only hammers home what BlackBerry said in a press release last week in response to the USAF announcement of their switch to iPhone:

    The ongoing threat of cyber attacks requires organizations to be vigilant about mobile security. For customers that have the highest security requirements, such as those in government, there is nothing more secure than a BlackBerry device managed by a BlackBerry Enterprise Server.

    There is a clear reason why BlackBerry has more government certifications than any other vendor, and the only enterprise mobility management vendor and handset maker to receive the Department of Defense “Authority to Operate” certification. Security is built into everything we do, and we've been doing it longer and better than anyone else.

    Perhaps this will cause the USAF to pause and rethink their decision. Given the history of providing secure communications for the DoD that BlackBerry enjoys, the better move for the "Aim High" folks would be to upgrade their aging fleets of Bolds and Curves to Q10's, Z10's and Z30's.

    If it's good enough for the Commander-in-Chief, shouldn't a BlackBerry be good enough for the guy (or girl) flying him around in Air Fore One?

    comments powered by Disqus
  • Sponsored Ad

  • Recent Comments

  • Most Commented

    The most commented articles on BlackBerryOS over the past 24 hours.
  • Recent Forum Posts


    AOL IM Sound

    I cant find it royal1688 anywhere. Anyone know where this can be gclub found?

    lnwpen88 09-18-2014, 11:45 PM Go to last post

    Batterie pour Z10

    Bonjour, la batterie MPJ de 5000mAh fonctionne-t-elle correctement ? vous avez un Z10-LTE compatible 4G ou la version Z10 compatible 3G ? Sur leur site,

    BXavier52 09-18-2014, 11:57 AM Go to last post

    Toysoft Productivity Tools Fire Sale

    BlackBerry World is running a promotion for Indosat, EMEA and LATAM countries and I'm opening it up to the rest of the world. The promotion will start

    Smiley88 09-18-2014, 08:25 AM Go to last post

    Wallpaper for Passport available?

    You will find the links to my host (complete sets, regulary extended) in german blogs (my native soil):

    Starter Kit Passport Wallpaper

    serversurfer 09-18-2014, 02:53 AM Go to last post

    BlackBerry Synchronization Issue


    I am trying to get my calendar all synchronized between my BlackBerry and computer.

    I did have it working between my BlackBerry

    ThomasWillNot 09-17-2014, 01:34 PM Go to last post
  • Sponsored Ad