What is a “privileged network position?”

ablake

Apple's Gotofail security flaw has apparently been patched on both iOS and OS X. That’s great, although I’m concerned about the time between when I learned about it and when the flaw was introduced. In one of Apple’s press releases, they said that, “An attacker with a privileged network position may capture or modify data in sessions protected by SSL/TLS.” What does this mean, exactly? What constitutes a privileged network position?

Topic: Security
Answer this Question

Answers

2 total
jimlynch
Vote Up (4)

What you need to know about Apple's SSL bug
http://www.macworld.com/article/2099987/what-you-need-to-know-about-appl...

"News of a serious vulnerability within Apple’s implementation of a key encryption technology has been making the rounds this weekend. Read on to find out more about what the flaw is, and how it affects you. "

jackson
Vote Up (1)

 Basically, that’s a fancy way of saying that they when you are having an Egg McMuffin and checking your email over the WiFi at McDonalds, the attacker is at the same McDonalds and has the ability to instigate a Man in the Middle (MitM) attack. At least, that’s what I think it means. I’m pretty sure it is a term Apple came up with to make its mistake sound less scary.

Ask a question

Join Now or Sign In to ask a question.
A file-encrypting ransomware program called CryptoWall infected over 600,000 computer systems in the past six months and held 5 billion files hostage, earning its creators more than US$1 million, researchers found.
Former U.S. Secretary of State Hillary Clinton called for a "global compact" on surveillance and the use of collected data, saying the U.S. isn't the only country that does it and American technology companies are unfairly targeted for the government's actions.
Electric carmaker Tesla Motors wants security researchers to hack its vehicles. The Silicon Valley based high-tech carmaker will hire up to 30 full-time hackers whose job will be to find and close vulnerabilities in the sophisticated firmware that controls its cars.
Two recent vulnerabilities are examples of problems that could have been avoided if we had just applied the lessons already learned in similar contexts.
Windows XP users may now download a fourth service pack for the 13-year-old operating system, but it isn't coming from Microsoft.
The growing number of data breaches resulting in massive numbers of payment cards being stolen from retail stores and other businesses is occurring because they're failing to keep up with the Payment Card Industry's data security standard, according to the PCI Security Standards Council.
Email addresses and encrypted passwords of around 97,000 users who tested early builds of the Bugzilla bug tracking software were left exposed for three months following a server migration.
A U.S. Federal Bureau of Investigation spokesman said Wednesday the agency is working with the Secret Service to determine the "scope" of reported cyberattacks against several financial institutions.
A payment card industry security consortium warned retailers on Wednesday of the urgency to secure their systems against "Backoff," a malicious software program that steals card numbers.
randomness