What is a “privileged network position?”

ablake

Apple's Gotofail security flaw has apparently been patched on both iOS and OS X. That’s great, although I’m concerned about the time between when I learned about it and when the flaw was introduced. In one of Apple’s press releases, they said that, “An attacker with a privileged network position may capture or modify data in sessions protected by SSL/TLS.” What does this mean, exactly? What constitutes a privileged network position?

Topic: Security
Answer this Question

Answers

2 total
jimlynch
Vote Up (4)

What you need to know about Apple's SSL bug
http://www.macworld.com/article/2099987/what-you-need-to-know-about-appl...

"News of a serious vulnerability within Apple’s implementation of a key encryption technology has been making the rounds this weekend. Read on to find out more about what the flaw is, and how it affects you. "

jackson
Vote Up (1)

 Basically, that’s a fancy way of saying that they when you are having an Egg McMuffin and checking your email over the WiFi at McDonalds, the attacker is at the same McDonalds and has the ability to instigate a Man in the Middle (MitM) attack. At least, that’s what I think it means. I’m pretty sure it is a term Apple came up with to make its mistake sound less scary.

Ask a question

Join Now or Sign In to ask a question.
Dutch intelligence services can receive bulk data that might have been obtained by the U.S. National Security Agency (NSA) through mass data interception programs, even though collecting data that way is illegal for the Dutch services, the Hague District Court ruled Wednesday.
The TOR Project thinks it has figured out how the author of a canceled Black Hat talk cracked its software to mask the source of Internet traffic, and it is working on a patch.
Businesses wanting the security of BlackBerry Enterprise Service 10 without the complexity of managing it onsite can now buy it as a hosted service from six BlackBerry partners.
A ransomware threat that encrypts files stored on the SD memory cards of Android devices has been updated to target English-speaking users with FBI-themed alerts.
A vulnerability in a web-based graphics system led to a breach of The Wall Street Journal's network by a hacker, the newspaper acknowledged late Tuesday.
A company that specializes in selling information on software vulnerabilities has reignited a debate over the handling of such information, especially when it pertains to privacy-focused tools.
Developers of Tor software believe they've identified a weakness that was scheduled to be revealed at the Black Hat security conference next month that could be used to de-anonymize Tor users.
Email encryption startup Virtru has launched a version of its service for businesses using Google Apps, a market segment that the company thinks is showing increased interest in secure communications.
Researchers have concluded that those billions of connected devices could help save lives in the event of disaster, even one that knocks out the Internet
Goodwill Industries International said Monday federal authorities are investigating a possible payment card breach at its U.S.-based retail outlets.

White Papers & Webcasts

Webcast On Demand

Transform Your IT Service Management

Sponsor: EasyVista

See more White Papers | Webcasts

Join us:
Facebook

Twitter

Pinterest

Tumblr

LinkedIn

Google+