Daniel Hruska Ezinsukwini ezimbalwa ezedlule, i-Apple ikhiphe eyekhulu Isibuyekezo se-iOS 7.0.6, mayelana nokukhululwa esikwazise ngakho. Abaningi kungenzeka bamangale ukuthi isibuyekezo siphinde sakhululwa ku-iOS 6 endala (inguqulo 6.1.6) kanye ne-Apple TV (inguqulo 6.0.2). Lesi yisiqephu sokuphepha, ngakho-ke i-Apple ayikwazanga ukuvuselela ingxenye yamadivayisi ayo kuphela. Ngaphezu kwalokho, lolu daba luphinde luthinte i-OS X. Ngokusho komkhulumeli we-Apple uTrudy Muller, isibuyekezo se-OS X sizokhishwa ngokushesha okukhulu.
Kungani kune-hype engaka ezungeze lesi sibuyekezo? Ukushiyeka kwekhodi yesistimu kuvumela ukuqinisekiswa kweseva ukuthi kudlule ekudluliselweni okuphephile kusendlalelo esihlobene semodeli yesithenjwa ye-ISO/OSI. Ikakhulukazi, iphutha ukusetshenziswa kabi kwe-SSL engxenyeni lapho ukuqinisekiswa kwesitifiketi seseva kwenzeka khona. Ngaphambi kokuthi ngingene encazelweni eyengeziwe, ngincamela ukuchaza imiqondo eyisisekelo.
I-SSL (Secure Socket Layer) iyiphrothokholi esetshenziselwa ukuxhumana okuphephile. Izuza ukuvikeleka ngokubhala ngemfihlo kanye nokuqinisekisa kwezinhlangano ezixhumanayo. Ukufakazela ubuqiniso ukuqinisekiswa kobunikazi obethulwa. Empilweni yangempela, isibonelo, usho igama lakho (ubunikazi) futhi ubonise umazisi wakho ukuze omunye umuntu akwazi ukuwuqinisekisa (ukuqinisekisa). Khona-ke ukuqinisekiswa kuhlukaniswa kwaba ukuqinisekiswa, okuyisibonelo nje esinomazisi wesizwe, noma umazisi, lapho umuntu okukhulunywa ngaye ekwazi ukunquma ubuwena ngaphandle kokuba umethule kuye kusengaphambili.
Manje ngizofika kafushane kusitifiketi seseva. Empilweni yangempela, isitifiketi sakho singaba, isibonelo, ikhadi le-ID. Yonke into isekelwe ku-asymmetric cryptography, lapho isihloko ngasinye sinokhiye ababili - oyimfihlo nowomphakathi. Ubuhle bonke bulele eqinisweni lokuthi umlayezo ungabethelwa ngokhiye womphakathi futhi ususwe ukubethela ngokhiye oyimfihlo. Lokhu kusho ukuthi umnikazi wokhiye oyimfihlo kuphela ongasusa ukubethela umlayezo. Ngesikhathi esifanayo, asikho isidingo sokukhathazeka ngokudlulisela ukhiye oyimfihlo kuzo zombili izinhlangothi zokuxhumana. Isitifiketi sibe siwukhiye wasesidlangalaleni wesihloko ohlanganiswe nolwazi lwaso futhi sisayinwe yiziphathimandla ezinikeza izitifiketi. E-Czech Republic, esinye seziphathimandla zokunikeza izitifiketi, isibonelo, i-Česká Pošta. Ngenxa yesitifiketi, i-iPhone ingaqinisekisa ukuthi ixhumana ngempela neseva enikeziwe.
I-SSL isebenzisa ukubethela kwe-asymmetric lapho isungula uxhumano, okuthiwa Ukuxhawula kwe-SSL. Kulesi sigaba, i-iPhone yakho iqinisekisa ukuthi ixhumana neseva enikeziwe, futhi ngesikhathi esifanayo, ngosizo lokubethela kwe-asymmetric, ukhiye we-symmetric uyasungulwa, ozosetshenziselwa konke ukuxhumana okulandelayo. Ukubethela kwe-Symmetric kuyashesha. Njengoba sekubhaliwe kakade, iphutha selivele lenzekile phakathi nokuqinisekiswa kweseva. Ake sibheke ikhodi ebangela ukuba sengozini kwesistimu.
static OSStatus
SSLVerifySignedServerKeyExchange(SSLContext *ctx, bool isRsa,
SSLBuffer signedParams, uint8_t *signature, UInt16 signatureLen)
{
OSStatus err;
…
if ((err = SSLHashSHA1.update(&hashCtx, &serverRandom)) != 0)
goto fail;
if ((err = SSLHashSHA1.update(&hashCtx, &signedParams)) != 0)
goto fail;
goto fail;
if ((err = SSLHashSHA1.final(&hashCtx, &hashOut)) != 0)
goto fail;
…
fail:
SSLFreeBuffer(&signedHashes);
SSLFreeBuffer(&hashCtx);
return err;
}
Esimeni sesibili if ungabona imiyalo emibili ngezansi goto fail;. Futhi leso yisikhubekiso. Le khodi ibe isidala ukuthi umyalo wesibili ukhishwe esigabeni lapho isitifiketi kufanele siqinisekiswe goto fail;. Lokhu kubangela ukuthi isimo sesithathu seqiwe if futhi ngeke kube khona ukuqinisekiswa kweseva nhlobo.
Imiphumela iwukuthi noma ubani onolwazi lwalokhu kuba sengcupheni anganikeza i-iPhone yakho isitifiketi somgunyathi. Wena noma iPhone yakho, uzocabanga ukuthi ukhuluma ngokubethela, kuyilapho kukhona umhlaseli phakathi kwakho neseva. Ukuhlasela okunjalo kubizwa ukuhlasela komuntu phakathi, ehumushela olimini lwesiCzech ngokuthi ukuhlasela komuntu phakathi noma indoda phakathi. Ukuhlasela okusebenzisa leli phutha elithile ku-OS X naku-iOS kungenziwa kuphela uma umhlaseli nesisulu sikunethiwekhi efanayo. Ngakho-ke, kungcono ukugwema amanethiwekhi omphakathi we-Wi-Fi uma ungazange ubuyekeze i-iOS yakho. Abasebenzisi be-Mac kusafanele baqaphele ukuthi imaphi amanethiwekhi abaxhuma kuwo nokuthi imaphi amasayithi abawavakashelayo kulawo manethiwekhi.
Kungaphezu kokukholelwa ukuthi iphutha elibi kangaka belingenza kanjani libe yizinguqulo zokugcina ze-OS X ne-iOS. Kungaba ukuhlolwa okungahambisani kwekhodi ebhalwe kabi. Lokhu kuzosho ukuthi bobabili umenzi wezinhlelo nabahloli bazokwenza amaphutha. Lokhu kungase kubonakale kungenakwenzeka ku-Apple, ngakho-ke ukuqagela kuvela ukuthi le bug empeleni iyi-backdoor, okuthiwa. umnyango ongemuva. Akukhona lutho ukuthi bathi backdoors best ibukeke amaphutha ezicashile. Kodwa-ke, lezi yizinkolelo-mbono ezingaqinisekisiwe kuphela, ngakho-ke sizothatha ngokuthi othile uvele enze iphutha.
Uma ungenaso isiqiniseko sokuthi isistimu noma isiphequluli sakho asivikelekile yini kulesi siphazamisi, vakashela ikhasi gotofail.com. Njengoba ubona ezithombeni ezingezansi, i-Safari 7.0.1 ku-OS X Mavericks 10.9.1 iqukethe iphutha, kuyilapho ku-Safari ku-iOS 7.0.6 konke kuhamba kahle.
Ukuhlasela NGE.... Sekuyisikhathi eside ngingakaze ngibe nohleko olumnandi kangaka!
Kungakhathaliseki ukuthi kungenzeka kanjani - mina ngokwami ngikuqonda njengomlayezo ovela ku-APPLE oya kubo bonke abasebenzisi - noma ngabe bekuyindlela eyodwa noma enye (futhi angicabangi ukuthi amathuba angaphezu kuka-2 okuba khona kwaleli phutha angokoqobo), zombili ziyinhlekisa elula yabanikazi abajwayelekile bezinto ze-APPLE!
Bonga uNkulunkulu ukuthi ubeqinisile.
Ngingakholwa ukuthi leli iphutha langempela. Ngingacabanga ukuthi yadalwa lapho kuhlanganiswa amagatsha amabili ohlelweni lokuhumusha, uma igatsha elilodwa bekungumugqa omude. Noma kunjalo, leli elinye icala eliqinisekisa ukuthi ukuphoqa abahleli bohlelo ukuthi bavale ngisho nomugqa owodwa uma umzimba osebhulokhini unengqondo.
Siyabonga ngencazelo enemininingwane!
Uxolo ngokubhala ngaphandle kwengxoxo, kodwa manje ngifunde kuma-idnes ukuthi i-iPhone okuthiwa inkulu kufanele ibizwe nge-iPhablet :-D Ngicishe ngalahlekelwa.. :-D Ngibingelele kubo bonke abathandi bama-apula
….. Hawu, ubuhlakani abushabalali kancane kancane ….. mhlawumbe idada nje!
Sawubona, ingabe unezinkinga zempilo yebhethri ngemva kokubuyekezwa? Ngithole entsha ngemuva kwezikhalazo eziningi nge-iP5, ngakho-ke nginebhethri elisha elithathe cishe izinsuku ezimbili. Ngemva kwesibuyekezo, ifoni yami yafa phakathi namahora angu-8 futhi angiyisebenzisi kakhulu.
Ngokwami, angizange ngibhalise noma iyiphi inkinga ngethoshi. Yebo esikhathini esidlule nokho, futhi isipele nokufakwa kabusha okuhlanzekile kwe-iOS bekulokhu kusiza. Ngethemba ukuthi izokusiza.
Ngikwenzile lokho namuhla futhi ngeshwa alukho ushintsho :-/