What is a “privileged network position?”

ablake

Apple's Gotofail security flaw has apparently been patched on both iOS and OS X. That’s great, although I’m concerned about the time between when I learned about it and when the flaw was introduced. In one of Apple’s press releases, they said that, “An attacker with a privileged network position may capture or modify data in sessions protected by SSL/TLS.” What does this mean, exactly? What constitutes a privileged network position?

Topic: Security
Answer this Question

Answers

2 total
jimlynch
Vote Up (4)

What you need to know about Apple's SSL bug
http://www.macworld.com/article/2099987/what-you-need-to-know-about-appl...

"News of a serious vulnerability within Apple’s implementation of a key encryption technology has been making the rounds this weekend. Read on to find out more about what the flaw is, and how it affects you. "

jackson
Vote Up (1)

 Basically, that’s a fancy way of saying that they when you are having an Egg McMuffin and checking your email over the WiFi at McDonalds, the attacker is at the same McDonalds and has the ability to instigate a Man in the Middle (MitM) attack. At least, that’s what I think it means. I’m pretty sure it is a term Apple came up with to make its mistake sound less scary.

Ask a question

Join Now or Sign In to ask a question.
U.S. and EU privacy and consumer groups called on privacy regulators to stop Facebook's plans to gather the Internet browsing patterns of its users while they visit other sites.
A configuration problem in Facebook's popular Instagram application for Apple devices could allow a hacker to hijack a person's account if they're both on the same public Wi-Fi network.
Questions abound over sites authenticating users via identities established through social networks, Yahoo Ponemon Institute survey shows.
Attackers are exploiting a vulnerability in distributed search engine software Elasticsearch to install DDoS malware on Amazon and possibly other cloud servers.
Vulnerabilities in the Tails operating system could reveal your IP address, but you can avoid trouble by taking a couple of precautions.
Financial institutions use many technologies to fight crime, but much of the work comes too late, focusing on suspicious activity, like uncharacteristic charges or money transfers, after it happens.
Dennis Technology Labs says it tested it because of marketing claims for it; Malwarebytes says free version of product is just a clean-up tool.
A new survey of IT security professionals shows that many businesses are barely starting to exploit mobile technology, and some of them may be a mobile security nightmare waiting to happen.
The Russian Ministry of Interior is willing to pay 3.9 million roubles, or around US$111,000, for a method to identify users on the Tor network.
Public certificate authorities (CAs) are warning that as of Nov. 1 they will reject requests for internal SSL server certificates that don't conform to new internal domain naming and IP address conventions designed to safeguard networks.
Join us:
Facebook

Twitter

Pinterest

Tumblr

LinkedIn

Google+