911: Stuff you need to do RIGHT NOW if you haven’t already

Use an Apple device? And by this I mean any iPad, iPhone, or Mac?

Then you need to install all available OS updates with a furious quickness, for there is a security bug to end all security bugs in the SSL code on your device. All platforms are affected.

It’s a seriously bad, bad, bad bug. It may be the worse security bug of all time. No certificate validation is happening, which means that site you think you have an encrypted connection to might not be who they say they are. That’s an ID thief’s dream come true.

This bug is bad enough that it’s entirely possible that it was deliberately introduced at the behest of the NSA. The crypto we use daily relies on provably unbreakable encryption, so the only vulnerabilities they can exploit rely on broken implementations; this is a known tactic that the NSA and similar organizations have used. The timing certainly works.

More here.

You can check to see if you’re vulnerable using this site. On a Mac, you’ll need to use Safari to get the best possible reading, but it’ll mostly work with other browsers.

Shoring up the argument that it’s part of a deliberate effort: an even worse bug has subsequently been discovered in the Linux GnuTLS code.

Skipping the technical stuff, the takeway for you, the Heathen reader, is that you absolutely MUST upgrade your iOS devices and Macs today, right the fuck now. Full stop.

Fortunately, Apple makes this pretty easy. Just go to Settings -> General -> Software Update on an iPhone or iPad, or to (Black Apple) -> Software Update on a Mac.

Comments are closed.