Skip to main content

HTTP Secure

Three 'HTTP Secure' stories March 2015 - August 2015
See All Stories

Google gives developers code to disable iOS 9 app security to continue to serve ads

Avatar for Ben Lovejoy Aug 28 2015 - 4:07 am PT
41 Comments

code

One of the backend improvements in iOS 9 is a strengthening of app security when accessing data from webservers. The new App Transport Security (ATS) feature ensures that only connections encrypted using HTTPS are permitted. There’s just one problem with that: not all advertisers use HTTPS, so ATS will stop some ads appearing in apps.

Google has responded by providing developers with five lines of code that allow them to disable ATS … 
Expand
Expanding
Close

HTTPS bug leaves 1,500 iOS apps vulnerable to man-in-the-middle attacks, finds analytics company

Avatar for Ben Lovejoy Apr 21 2015 - 4:02 am PT
9 Comments
Site default logo image
The buggy code highlighted by arsTechnica

The buggy code highlighted by arsTechnica

A bug in the way that 1,500 iOS apps establish secure connections to servers leaves them vulnerable to man-in-the-middle attacks, according to analytics company SourceDNA (via arsTechnica). The bug means anyone intercepting data from an iPhone or iPad could access logins and other sensitive information sent using the HTTPS protocol.

A man-in-the-middle attack allows a fake WiFi hotspot to intercept data from devices connecting to it. Usually, this wouldn’t work with secure connections, as the fake hotspot wouldn’t have the correct security certificate. However, the bug discovered by SourceDNA means that the vulnerable apps fail to check the certificate … 
Expand
Expanding
Close

Site default logo image

Apple seeds Safari 7.1.5 and 6.2.5 betas to developers for Mavericks and Mountain Lion

Avatar for Mar 18 2015 - 3:01 pm PT
6 Comments

Safari

Apple today has released a pair of Safari betas for earlier version of OS X. Safari 7.1.5 beta for OS X Mavericks and version 6.2.5 beta for OS X Mountain Lion are both available on the Mac Developer Center for registered developers. Safari 8.0.5, which includes the same upgrades as the Mavericks and Mountain Lion versions, is not available as a separate download, but it comes as part of the OS X Yosemite 10.10.3 developer and public betas. Here are the focus areas for these Safari betas:


Expand
Expanding
Close