さっそく修正された OS X の goto fail バグ | maclalala2
Apple Releases OS X 10.9.2 With Fix for ‘goto fail’ SSL Vulnerability | Daring Fireball
Release notes say nothing about an SSL fix | Twitter / markgurman
An update to iOS 6 pushed yesterday fixes the bug there as well. Reportedly, OS X 10.9.1 is still affected by the vulnerability.
So if this bug, now closed, is not what the NSA was exploiting, it means there might exist some other vulnerability that remains open.
Apple’s SSL/TLS bug | ImperialViolet
Apple’s SSL/TLS Bug | Daring Fireball
Apple’s SSL/TLS bug | Marco.org
Both OS X and iOS are affected. iOS has been patched already, but OS X hasn’t — see for yourself.
Apple releases security patch via iOS 7.0.6 | The Loop
たった一行のミスが・・・ | maclalala2
急げアプデ！ 今回のアップルの脆弱性はかなりやばいぞ | ギズモード・ジャパン
Investigating Touch ID and the Secure Enclave | Securosis Blog
More from Rich Mogull:
I suspect Apple will eventually release more details in response to public pressure — they still tend to underestimate the level of security information the world needs before placing trust in Apple (or anyone else). But if my assumptions are even close to accurate, Touch ID looks like a good part of a strong system that avoids a bunch of potential pitfalls and will be hard to crack.
Investigating Touch ID and the Secure Enclave | Daring Fireball
Apple’s two-step verification is available in the U.S., U.K, Australia, Ireland, and New Zealand.
How-to enable iCloud two-step verification | The Loop
Two-step verification for iCloud accounts | The Loop
Apple has joined the growing list of companies offering two-step verification to secure user accounts. By enabling two-step verification, whenever you attempt to log in on a new device with your Apple ID, you will be asked to enter a 4-digit verification code. This code will be sent to a device that you have registered as a trusted device, such as your iPhone, via a Find My iPhone notification or SMS.
Apple Introduces Two-Step Verification for Apple ID and iCloud Accounts | Daring Fireball
Anatomy of the Apple ID password reset exploit | iMore.com
One Site May Be Responsible for Recent Hacks | AllThingsD
The site is called iPhonedevSdk, according to sources close to the Facebook hacking investigation. After Facebook employees visited the mobile development site in recent weeks, malicious code injected into the HTML of the site used an exploit in Oracle’s Java plugin to infect employee laptops, as the company divulged last Friday. […]
Of note: Do not visit this site, as it may continue to be compromised. While it’s potentially risky to publicize the web site, AllThingsD is providing the name to inform readers, mobile developers and organizations interested in mobile development in order to keep them from becoming infected.
iPhoneDevSDK | Daring Fireball
ハッカー攻撃を受けたアップル | maclalala2
iPhoneDevSDK — the site apparently responsible for the hacks at Facebook, Apple, and Twitter — says it was not aware it was being used to attack visitors until it read press reports this week. In a news post (do not click if you’re wary of security breaches) on Wednesday, site admins said they had no knowledge of the breach and were not contacted by any of the affected companies. Though, iPhoneDevSDK is now working with Facebook’s security team in order to share information about what happened.
iPhoneDevSDK Admins Didn’t Know Site Was Booby-Trapped | Daring Fireball
《Update：ワナが仕掛けられたことを知らなかった管理人》 | maclalala2