Links 17-10-17
Oct 17, 2017
1 minute read

Security

Krack Attack – force WPA2 to reuse a key, making your secure network roll over and expose its soft underbelly. The bug is in the protocol, not any particular implementation. As a friend pointed out, many wireless ISPs use WPA2-PSK to auth their subscriber terminals. The blood will flow from far more than your home WiFi network

How Apple Killed iOS Jailbreaking – First, they force their opponent to find four vulnerabilities; fixing any one of which breaks the jailbreak and forces the attacker to find a new flaw that serves the same purpose. Second, and perhaps more critically, Apple ensures that at least one of those flaws must be in the boot sequence. This is a huge advantage because, unlike most programs, boot loaders are typically relatively small (hundreds or thousands of lines of code, not millions) and they don’t need a lot of new features added over time. Thus, attackers can’t count on the bootloaders introducing new flaws. This creates a “narrow pass,” and, as Sun Tzu advised (“With regard to narrow passes, if you can occupy them first, let them be strongly garrisoned and await the advent of the enemy.“), Apple has fortified it



comments powered by Disqus