Create SS .vm using Chubby Bunny
Moderators: Cat_7, Ronald P. Regensburg, ClockWise
- adespoton
- Forum All-Star
- Posts: 4227
- Joined: Fri Nov 27, 2009 5:11 am
- Location: Emaculation.com
- Contact:
Re: Create SS .vm using Chubby Bunny
The exploits are in underlying technologies, that have since been patched by everyone else, but as SLS and SL aren't being patched anymore, they didn't get the fixes. This means that HTTPS, for example, is inherently broken on SL(S).
Re: Create SS .vm using Chubby Bunny
BROKEN? How? Does that mean I'm at risk every time I do my online banking? Or that I should switch it all from Safari to Firefox instead, which is up to date?adespoton wrote:The exploits are in underlying technologies, that have since been patched by everyone else, but as SLS and SL aren't being patched anymore, they didn't get the fixes. This means that HTTPS, for example, is inherently broken on SL(S).
- adespoton
- Forum All-Star
- Posts: 4227
- Joined: Fri Nov 27, 2009 5:11 am
- Location: Emaculation.com
- Contact:
Re: Create SS .vm using Chubby Bunny
Definitely switch from Safari to Firefox or Chrome; SLS Safari is not safe to use for HTTPS, as it can be trivially broken by anyone who can get in the middle of the transaction, either via WiFi or by access to one of the intermediary routers. Do not use SLS Safari for banking.
But other security technologies are also broken. Don't open up remote access via the Internet; turn off Back to My Mac if it's on, as that uses OpenSSL too.
But other security technologies are also broken. Don't open up remote access via the Internet; turn off Back to My Mac if it's on, as that uses OpenSSL too.
Re: Create SS .vm using Chubby Bunny
Mmhh, it seems no OS X versions are affected by heartbleed out of the box :
http://apple.stackexchange.com/question ... heartbleed
https://www.nathanson.org/davesays/2014 ... ulnerable/
Unless you install the bad openssl version via port or brew, or if installed via another software.
http://apple.stackexchange.com/question ... heartbleed
https://www.nathanson.org/davesays/2014 ... ulnerable/
Unless you install the bad openssl version via port or brew, or if installed via another software.
Re: Create SS .vm using Chubby Bunny
That's more reassuring - I never use remote access or Back to My Mac. And I'll make sure I do all online banking via Firefox.adespoton wrote:Definitely switch from Safari to Firefox or Chrome; SLS Safari is not safe to use for HTTPS, as it can be trivially broken by anyone who can get in the middle of the transaction, either via WiFi or by access to one of the intermediary routers. Do not use SLS Safari for banking.
But other security technologies are also broken. Don't open up remote access via the Internet; turn off Back to My Mac if it's on, as that uses OpenSSL too.