What is a “privileged network position?”

ablake

Apple's Gotofail security flaw has apparently been patched on both iOS and OS X. That’s great, although I’m concerned about the time between when I learned about it and when the flaw was introduced. In one of Apple’s press releases, they said that, “An attacker with a privileged network position may capture or modify data in sessions protected by SSL/TLS.” What does this mean, exactly? What constitutes a privileged network position?

Topic: Security
Answer this Question

Answers

2 total
jimlynch
Vote Up (5)

What you need to know about Apple's SSL bug
http://www.macworld.com/article/2099987/what-you-need-to-know-about-appl...

"News of a serious vulnerability within Apple’s implementation of a key encryption technology has been making the rounds this weekend. Read on to find out more about what the flaw is, and how it affects you. "

jackson
Vote Up (3)

 Basically, that’s a fancy way of saying that they when you are having an Egg McMuffin and checking your email over the WiFi at McDonalds, the attacker is at the same McDonalds and has the ability to instigate a Man in the Middle (MitM) attack. At least, that’s what I think it means. I’m pretty sure it is a term Apple came up with to make its mistake sound less scary.

Ask a question

Join Now or Sign In to ask a question.
Ping Identity has picked up another $35 million in venture funding to speed development of the next-generation of its identity and access management technology and expand the company's presence in Europe and Asia-Pacific.
Apple's new passcode-based encryption for the iPhone and iPad can be circumvented and provides only limited protection to data.
Google, Dropbox and the Open Technology Fund are supporting a new organization focused on making open-source security and privacy tools more user-friendly.
Among six major U.S. cities, CSOs are paid the most in San Francisco and New York, but factoring in the cost of living makes Denver and Chicago the best bang-for-the-buck places.
Apple's iOS 8 addresses a serious weakness that could allow attackers to hijack the wireless network authentication of Apple devices and gain access to enterprise networks.
Legislation introduced in the U.S. Senate on Thursday aims to place limits on access by U.S. law enforcement agencies to emails and other communications stored abroad.
Two online advertising networks, Google's DoubleClick and Zedo, have been delivering malicious advertisements that could install malware on a person's computer, according to the security vendor Malwarebytes.
Google is turning on data encryption by default in the next version of Android, a step that mirrors broad moves in the technology industry to ensure better data security.
CloudFlare said it has engineered a novel way to handle sensitive encryption keys that allows organizations such as financial institutions to still use its caching service to fend off cyberattacks.
Samsung on Thursday announced price reductions and updates for its Knox security and management software for IT shops and a free My Knox service that is directly available to professionals using ActiveSync.