If you're struggling to understand the impact of today's iMessage flaw, remember that it requires either a Root CA or Apple's help to work.
-
-
I wrote some additional, brief comments on the iMessage flaw on HN. https://news.ycombinator.com/item?id=11332715 …
Thanks. Twitter will use this to make your timeline better. UndoUndo
-
-
-
@dguido Well, I don't know about that
http://oalmanna.blogspot.co.at/2016/03/startssl-domain-validation.html … -
@patfigel Yes, my point was access to a Root CA is catastrophic in many other ways before you think about decrypting iMessages with it. -
@dguido Absolutely. Plus, in this case, cert pinning limits the attack surface to Apple/owned Apple servers, if I understood correctly. -
@patfigel Yes, cert pinning is a very strong immediate mitigation for this attack.
End of conversation
New conversation -
-
-
-
-
- 1 more reply
New conversation -
-
-
@dguido how prevalent are root CA attacks becoming? any examples you've heard about in the wild?Thanks. Twitter will use this to make your timeline better. UndoUndo
-
-
-
Thanks. Twitter will use this to make your timeline better. UndoUndo
-
Loading seems to be taking a while.
Twitter may be over capacity or experiencing a momentary hiccup. Try again or visit Twitter Status for more information.