What Did <em>Not</em> Happen At Mt. Gox

The initial claim from Mt. Gox was that they lost money to a problem with Bitcoin known as “transaction malleability.” Lots of people jumped on this explanation (for one of the better ones, see this one, though its depiction does not match what actually happened). I stayed away from this topic, …

Scaling Asana.com - Asana Engineering Blog

At Asana, we’ve figured out a way to rapidly deploy changes to our content site. Non-technical teammates can jump right in and see their updates realtime, without bottlenecks, and without requests to developers. Everything we do is versioned controlled with Git - even copy changes. And we do it all without a dedicated web developer. See how.

Apple is pushing a hotfix for an extremely serious SSL/TLS bug in iOS 7 and OS X. It remains unclear how far back it goes, but is confirmed in OS X 10.9, iOS 7 and at least iOS 6.1. This is bad. This is really bad.The bug allows anyone with a certificate identifying themselves as a &#8220;trusted CA&#8221; (certificate authority; think Verisign, GeoTrust, etc.) to access encrypted communications as if they had never been encrypted at all by leveraging so called Man-in-the-Middle (MITM) attacks. Basically, Apple has been accepting root certs on face value and not performing the fundamental verification steps necessary to prove that they&#8217;re authentic and valid.All because of bracket-less conditionals and an errant &#8216;goto fail&#8217; line. On the upside, I now have a real example of why bracket-less conditionals are a horrible thing to do next time code standards comes up! ;)Overview: http://www.zdnet.com/major-apple-security-flaw-patch-issued-users-open-to-mitm-attacks-7000026624/Technical breakdown, including source code and demo: https://www.imperialviolet.org/2014/02/22/applebug.html

Apple is pushing a hotfix for an extremely serious SSL/TLS bug in iOS 7 and OS X. It remains unclear how far back it goes, but is confirmed in OS X 10.9, iOS 7 and at least iOS 6.1. This is bad. This is really bad.

The bug allows anyone with a certificate identifying themselves as a “trusted CA” (certificate authority; think Verisign, GeoTrust, etc.) to access encrypted communications as if they had never been encrypted at all by leveraging so called Man-in-the-Middle (MITM) attacks. Basically, Apple has been accepting root certs on face value and not performing the fundamental verification steps necessary to prove that they’re authentic and valid.

All because of bracket-less conditionals and an errant ‘goto fail’ line. On the upside, I now have a real example of why bracket-less conditionals are a horrible thing to do next time code standards comes up! ;)

Overview: http://www.zdnet.com/major-apple-security-flaw-patch-issued-users-open-to-mitm-attacks-7000026624/
Technical breakdown, including source code and demo: https://www.imperialviolet.org/2014/02/22/applebug.html