Mac Users Warned Against Using Public Wi-Fi Networks

Security experts have advised companies to ban employees using Mac laptops to connect to public Wi-Fi networks, including those at the RSA Conference this week, until Apple releases a patch for a serious vulnerability that can be easily exploited in a man-in-the-middle attack.

A coding error in the authentication logic in Mac OS X 10.9.1, the latest version, makes it possible for an attacker to bypass the SSL/TLS verification routines upon the initial connection handshake between the client and a remote server. SSL/TLS are cryptographic protocols used in securing communications over the Internet.

By circumventing the verification process, an attacker on a public network could masquerade as the destination, such as a webmail provider, and intercept encrypted traffic, according to security firm CrowdStrike. The attacker could also modify data in flight to deliver exploits capable of taking control of a Mac.

“The recommendation that we’ve certainly told both our employees and our customers is to not connect to any untrusted network until a patch is available from Apple,” Dmitri Alperovitch, chief technology officer for CrowdStrike, said. “The situation is pretty dangerous.”

via Mac users warned against using public Wi-Fi networks – News – Macworld UK.

———————————————-

Journal of Law & Cyber Warfare | www.jlcw.org The Journal of Law & Cyber Warfare provides a public peer-reviewed law publication to foster open discussion and education of technology, government and legal stakeholder in relation to the complex issue of cyber warfare.  Journal of Law & Cyber Warfare accepts articles written by military, technology, judges, government officials, academic and legal practitioners.  The Journal of Law & Cyber Warfare provides a public peer-reviewed law publication to foster open discussion and education of technology, government and legal stakeholder in relation to the complex issue of cyber warfare.  Journal of Law & Cyber Warfare accepts articles written by military, technology, judges, government officials, academic and legal practitioners. The Journal of Law & Cyber Warfare is honored by the world class caliber editorial board that is involved with the Journal. Thought leaders from forensics, law, warfare, and cyber security are on the Board. The Journal is always looking for interested thought leaders who believe they can contribute in a meaningful fashion to the development of cyber warfare scholarship.