Was the iOS SSL Flaw Deliberate?
Source: Schneier on Security - Posted by Dave Wreski   
Intrusion Detection Last October, I speculated on the best ways to go about designing and implementing a software backdoor. I suggested three characteristics of a good backdoor: low chance of discovery, high deniability if discovered, and minimal conspiracy to implement. The critical iOS vulnerability that Apple patched last week is an excellent example. Look at the code. What caused the vulnerability is a single line of code: a second "goto fail;" statement. Since that statement isn't a conditional, it causes the whole procedure to terminate.

Read this full article at Schneier on Security

Only registered users can write comments.
Please login or register.

Powered by AkoComment!