[nSLUG] GnuTLS certificate bug and Apple certificate bug
julien.savoie at usainteanne.ca
Fri Mar 21 14:08:16 ADT 2014
On 21/03/14 11:09 AM, Gerald Ruderman wrote:
> I did oversimplify it. I agree any semi-competent bad guy could find
> this. I conclude the developers and testers failed to think enough like
> a bad guy.
No one is perfect, least of all me. I just wanted to clarify for
academic/educational purposes lest someone take away the wrong
understanding of the issue. I however am not qualified to get into the
collective heads of Apple developers, but evidently security is not as
high a priority within Apple as many would like to believe. And I do
think it comes down to a matter of priorities, so much so that I doubt
any real testing of their SSL implementation happened.
More information about the nSLUG