Papas Fritas writes:
"Last October, Bruce Schneier speculated that the three characteristics of a good backdoor are a low chance of discovery, high deniability if discovered, and minimal conspiracy to implement. He now says that the critical iOS and OSX vulnerability that Apple patched last week meets these criteria, and could be an example of a deliberate change by a bad actor:
Look at the code. What caused the vulnerability is a single line of code: a second "goto fail;" statement. Since that statement isn't a conditional, it causes the whole procedure to terminate ... Was this done on purpose? I have no idea. But if I wanted to do something like this on purpose, this is exactly how I would do it.
He later added that 'if the Apple auditing system is any good, they will be able to trace this errant goto line to the specific login that made the change.'
Steve Bellovin, professor of Computer Science in Columbia University and Chief Technologist of the Federal Trade Commission, has another take on the vulnerability: 'It may have been an accident; If it was enemy action, it was fairly clumsy.'"
(Score: 4, Interesting) by frojack on Saturday March 01 2014, @08:45PM
But a three letter agency might have been able to disguise it a little better, don't you think? (Unless they were going for deniability rather than long-term endurance).
If every other browser on every other system barfs on a bad cert, you have to ask why a three letter agency would want to compromise only APPLE products.
It may stand out immediately when you skim that tiny section of code, but when you skim a mountain of code you could easily miss this.
You really need to see the change patch that was put in. If that entire section was put in as one change, I'd suspect clear intent.
On the other hand if the second IF statement went in to replace one that was already there it would pretty easy to be off-by-one line number on the patch, leaving the second goto as a remnant.
Discussion should abhor vacuity, as space does a vacuum.
(Score: 5, Insightful) by WildWombat on Saturday March 01 2014, @10:15PM
I don't have any clue whether or not that line was put there purposely or not but according to Jacob Appelbaum [youtube.com] in a talk he gave at 30c3 the NSA has been able to own any Apple machine they want for a long time now. I think it is probable that even if the NSA didn't plant that line there that they were aware of it.
--"But a three letter agency might have been able to disguise it a little better, don't you think? (Unless they were going for deniability rather than long-term endurance)."
Maybe, or maybe it was but the most obvious of many backdoors they have. Its impossible to know, since instead of protecting the American public like they're supposed to and fixing these types of flaws, they hoard them in order to use them and leave all of us vulnerable.
Cheers,
-WW
(Score: 4, Insightful) by mojo chan on Sunday March 02 2014, @07:25AM
It looks like a merging error, where someone wanted to merge their new code with someone else's changes and bungled it. The NSA/GCHQ must love bugs like this: highly deniable but also apparently easy to miss for years. As for why it only targets Apple products it's probably just a case of they had the opportunity and took it.
const int one = 65536; (Silvermoon, Texture.cs)