sebastian büttrich @sebastian@mastodon.cc@less_sebastian·Feb 23, 2014@ashk4n @a_greenberg is it known whether it affects eaptls - it would break 802.1x - network level, before any apps? http://opensource.apple.com/source/eap8021x/eap8021x-33.6/EAP8021X.fproj/eaptls_plugin.c…1
simulacra deorum@digitalfolklore·Feb 23, 2014@ashk4n @matthew_d_green @a_greenberg as anticipated..the software update and push are compromised...wonderful1
Matthew Green@matthew_d_green·Feb 23, 2014@digitalfolklore @ashk4n @a_greenberg Probably the software update checks a signature on the package itself, but at this point who knows.21
PandaPacha@PandaPacha·Feb 23, 2014@ashk4n @a_greenberg @matthew_d_green There're 2 apps I'm particulary interessed to know about: Apple's Keychain and Dropbox.
Sascha Mettler@smetti·Feb 23, 2014@ashk4n @a_greenberg #iOS otool on MobileMail grep Security gives "(offset 24)". party app -> V1.0.0 twice. any idea on how to check on iOS?1
Sascha Mettler@smetti·Feb 23, 2014@ashk4n @a_greenberg sorry -> 3rd party app that is...in my case good for enterprise.
Peter van Dijk@Habbie·Feb 24, 2014@sindarina IF this page is right in saying 'pinning does not help' http://crowdstrike.com/blog/details-about-apple-ssl-vulnerability-and-ios-706-patch/index.html… then DNSSEC/DANE wouldn't help either
Peter van Dijk@Habbie·Feb 24, 2014@sindarina if pinning does not help, DNSSEC cannot help, no matter how well you implement it
Peter van Dijk@Habbie·Feb 24, 2014@sindarina Somewhere in this line of reasoning you are confused/wrong about something but I can't pinpoint where :(