Security bug in ssl iphone?

Similar Messages

• Security bug in 7.0.2 on 5s

  Hi
  I think ios 7.0.2 for iphone5s has a security bug! as you can see in this two videoes , my
  iphone has password but i can open my iphone with siri & use it with out asking my password!!
  of course it's not always true! sometimes it asks my password & sometimes not!
  I reset all settings from setting but it doesn't help me.
  please download this 2viedoes to understand me better.
  tnX!
  video 1(have problem)
  http://hipfile.com/vnadofjfemn6
  video 2(after few minuts,it's ok)
  http://hipfile.com/zk9fgs6ikbj0
  iphone 5s
  7.0.2

  Sorry, I don't watch video from a stranger.
  I tested it and it works.
  Note: Lockscreen is not Home screen,
  1. Switch Siri off as given in my previous post
  2. Press the top Sleep/Wake button to get you iPhone to sleep.
  3. Press the top Sleep/Wake button to wake iPhone up.
  4. Use a finger (not the finger that is registered in fingerprint) press the Home button and see if Siri comes up.
  You can try a reset before the test:
  Reset: Hold down the Sleep/Wake button and the Home button at the same time for at least ten seconds, until the Apple logo appears. Note: You will not lose any data

• Ongoing fatal crash and security bug related to connecting external display

  The infrastructures in OS X to resume from sleep, to authenticate, and to change displays is fundamentally not working.
  The security bug I have encountered has to do with connecting a cinema display exclusively to a MacBook Pro. This is a specific situation, but please note that I have experienced the same problem on no fewer than three independent laptop. Plus, the Genius in the Apple Retail Store was convinced of the general instability of this infrastructure. The security problem is that hot corners no longer function if I transition between two states in the same reboot. The first state is where I have the laptop powered on and using its own internal display exclusively (when I'm on the road). The second state is when I have the laptop displaying its output exclusively on an external display (when I'm at home). What happens is that an attempt to use hot corners fails. There is no response. I even added configuration on all four corners (whereas I originally had settings only for the rightmost corners), and even then, the hot corner action (of sleeping the display or entering locked screen saver mode) does not commence. This prevents the user from being able to secure the display on demand using standard methods that are supposed to work.
  The instability level related to connecting the external display exclusively is high. Again, I've experienced this on no fewer than three independent laptops, and the Apple Genius at the Retail Store confirmed that this aspect of OS X did not work consistently. When I want to connect the cinema display to the laptop in such a way that the laptop's own display is not part of the active screen, the process I use succeeds about half the time. Supposing I have been on the road, where I am using the laptop display exclusively. I then put the laptop to sleep. When I return home with the lid open, I connect first the USB (power) from the cinema display to the laptop, and then I connect the Mini DisplayPort. When that step works, what happens is that the login screen shows on the cinema display despite the fact that my laptop lid is closed. This is good, and is what I want. At that point, I open the laptop lid and quickly log in.
  With Apple being a mobile device company, I rely on the laptop for tasks that one traditionally may use a desktop for. This simply points to the versatility of the laptop. But I'd like the bugs resolved, so that I do not have to hesitate to make use of the inherent flexibility possible with the MacBook Pro.
  Here's what happens when the process (of connecting the external display in a way that establishes itself as the only screen in use by OS X) fails. Firstly, when I connect the external display via Mini DisplayPort, the laptop doesn't even respond. Instead, it remains asleep. So to work around it I have to repeatedly disconnect and reconnect the Mini DisplayPort so that the asleep MacBook Pro will see that there is a display connected to it. Also, sometimes that isn't even enough and I have to open the laptop lid, and put it to sleep again so as to trigger whatever actions are necessary to recognise the external display (presumably by having the laptop recently awake). Around half the time, I have to play this game of disconnecting and reconnecting until it actually works. This high level of reproducibility (confirmed by the Apple Genius representative's confidence that this part of the system doesn't actually work) should make it easy for an engineer to look into the problem.
  Fatally, and recently, OS X has completely crashed when I have attempted to connect the external display. The external display has gone completely blue, and after a half a minute, it blanked out and my entire laptop became unresponsive. I called Apple Support and was given a case number. I also took the laptop into the retail store to see if I could recover my current session without rebooting. There was no process suggested to make that happen and I was told to reboot the machine. I've had this happen before on other laptops, and it is frustrating that the kernel reaches such a state that it cannot be used. As I see it, this problem is not too unrelated to the way that I need to play a game in order to get the external display connected exclusively. Here are some workarounds that could be added:
  Firstly, whenever I connect an external display, I'd like the laptop to see that this has happened, and to take action accordingly (such as resuming from sleep). Secondly, If I connect an external keyboard, and press a key on it, I'd like this to wake the laptop too (in the event that the first method fails for some unforeseen reason). I'd also like the connection of the cinema display's USB power not to cause the laptop to enter into a confused state between asleep and awake. Sometimes I need to disconnect and reconnect USB power in order to trigger the laptop into waking, but that's only because it's not doing it on its own properly. On the other hand, I also ensure that the laptop doesn't have the Mini DisplayPort connected without also having the cinema display USB power connected, because that also is an unsupported configuration.
  I've also gotten the laptop to become confused about whether it is asleep or awake. When I open the lid, it seems to enter into sleep mode, but closing it seems to bring it into an active state.
  Also, I've successfully logged on and authenticated with the screen showing exclusively on the external display. But just ten seconds after I start using the system, the laptop falls asleep--with the lid open! Whatever triggers that action doesn't seem to be on track. The laptop is open, there are incoming events such as mouse movements and key presses, and the external display is on and is in use. And then the laptop falls asleep! This has happened numerous times. Not only should this not happen; the instances where it does happen can cause further instability and put my system at risk of fatally crashing.
  Also, the authentication system itself is highly buggy--far more than it should be. At times I have opened the laptop lid and caught a glimpse of a window before I have begun the login process. Also, an external authentication application that asks for Kerberos/AFS login credentials has been able to overlay itself on top of the primary authentication (whereas I should only see a single login dialog when I need to authenticate to the system). Also, I've had several of these authentication screens overlay on top of one another, although it's been months since I've experienced that one (so it may have been fixed). Also, around a third of the time, the window that authenticates me (on the black background) somehow transfers itself into the background (even though there's only one window!). What that means is what I begin to type my password, and now the laptop starts beeping at me and I need to manually click on the password field and begin entering my password again. This really shouldn't happen, and indicates too much complexity in this authentication process (such as, more OS X code is involved than is strictly necessary, which is likely to make the authentication system more difficult to test). Also, at times, I have been using too much CPU, such that the authentication screen takes too long to emerge. That also means that I'm not able to logon until I uncleanly shutdown the laptop. If the laptop has been asleep, and is revived in preparation for login, then that login screen should be given highest priority, even if there are other heavy CPU or I/O intensive tasks running in the background. And maybe the login dialog shouldn't disappear when the user is legitimately attempting to log in. So even if there is a possibility that the system is under heavy resource use (or there is a stall or minor deadlock), it shouldn't prevent the user from logging in altogether.
  At the moment, the very fact that the system shut down uncleanly means that the full disk encryption suite that I used has entered into an undetermined state, suggesting I may lose access to all my data. It's my hope that I can rely on Apple's products to interoperate in a way that won't cause me to be fearful and restrictive in my use, so that I can freely connect an external display at times, and at other times carry the laptop on the road.

  Ive got the same problem with Samsung UE225010 monitor too, its full hd but it looks terrible, could it be Displayport adapter issue, because couple month ago Ive tryed with some IPS display, and it looked same bad.

• How to configure Oracle 10g Advanced Security to use SSL concurrently with

  How to configure Oracle 10g Advanced Security to use SSL concurrently with database User names and passwords
  In Oracle Advanced Security Documentation it is mentioned that i can use SSL concurrently with DB user names and passwords. But when i configure the client certificate on the client my DB connection is getting authenticated using the certificate, which out passing user id or password.
  We want to connect to Oracle DB over SSL channel so that the data packets are not in clear text. Also we want the user to make a connection using user id and password.
  Basically we want SSL with out authentication.
  Need your expert advice

  Read the documentation (I have given following links assuming you are running a 32 bit architecture)
  Server installations:
  http://www.oracle.com/pls/db102/to_toc?pathname=install.102%2Fb14316%2Ftoc.htm&remark=portal+%28Books%29
  Client installations:
  http://www.oracle.com/pls/db102/to_toc?pathname=install.102%2Fb14312%2Ftoc.htm&remark=portal+%28Books%29
  You can find the required books (if not using 32 bit architecture) from
  http://www.oracle.com/pls/db102/portal.portal_db?selected=3

• Is this a security bug in Windows 8.1?

  I think I have discovered a serious security bug in Windows 8.1.
  Today I was using my (non-Admin) user account and with Internet Explorer I saved a file in the default Downloads folder (under This PC). The file was saved, but when I went to that folder, the file was not there! Now, I was about to downloaded
  it again, using IE, same as before, when I noticed in the Save dialog box that the file had indeed been downloaded, and that it was there, in the Downloads folder under This PC. Frustrated, I went to that very folder, but the file was nowhere
  to be found. I was really puzzled.
  Then, by chance, while logged in another account (namely the Admin account), I happened to go to the Downloads folder, and there was the file that I had downloaded using the other account.
  Obviously, what I described above represents a security problem: firstly because my private files may get saved by mistake into another person's account without me even realizing it, and secondly because I was able to access another person account
  (i.e. the Admin account) via the IE's Save dialog box, seeing the list of the files there, and possibly even accessing them (I have not tried the latter, though).
  Has anyone experienced anything like the situation I described?
  I must also say that I later tried to replicate this abnormal behavior, but for some unknown reason I couldn't. Anyway, I am sure that what I described above is an accurate account of how things went.

  Hi,
  Since I cannot repro your issue on my own computer, it cannot be a bug.
  I suggest we try to use another user account to see if there is the same issue happened.
  Please make sure your location of download folder is right:
  Right click Downloads folder, and choose Properties.
  Make sure the location is right under your user profile.
  If not, please click Location and click Restore default.
  If we still fail to solve you issue, please run Process monitor at the end of the downloading process to capture the actions, and upload the save log here for further research.
  You can also check if there is any weird actions at the end of downloading process.
  Process Monitor v3.05
  http://technet.microsoft.com/en-us/sysinternals/bb896645.aspx
  How to use, please refer to this article:
  Using Process Monitor to capture system events
  http://www.sophos.com/en-us/support/knowledgebase/119038.aspx
  Keep post.
  Kate Li
  TechNet Community Support

• After having replaced the iMac hard drive I no longer can make iTunes security backups from my iPhone 4S?

  After having had my iMac's hard drive replaced (had a defect 1 TB Seagate) and the 10.8.2 reinstalled, I no longer can make security backups from my iPhone 4S. iTunes simply tells me that the backup cannot be saved on my computer (which it has done numerous times prior the replacement of the hard drive). Any suggestions on how to fix this?

  Click the green jelly button at top left of iTunes window to resize the screen to fit.

• Hello, I have a big problem after a big bug on my iphone 5

  hello, I have a big problem after a big bug on my iphone 5 it asks me to restore only impossible but it gives me error 27, 47, 4013 I do not understand all my iphone is not jailbroken but for some time the screen is full of stripes do all colors and off. Sorry for the mistakes, I m french. Thank you.

  Hi there Julienx76,
  You may find the troubleshooting steps in the article below helpful.
  iTunes: Specific update-and-restore error messages and advanced troubleshooting
  http://support.apple.com/kb/ts3694
  -Griff W. 

• Is There an Easy Way to Report Bugs on the iPhone from the iPhone?

  An iPhone bug can be reported through the Apple website, although not immediately obvious. (Click on Contact Us/Product Feedback [oddly placed in the "website feedback" box lower right]/iPhone [image]/Bug Report [in pulldown menu for "Feedback Type"].)
  But is there anyway to easily report a bug on the iPhone itself? Sometimes, when a program crashes on my iMac, I am automatically offered the option of sending a bug report [with details inserted by the computer primarily, not me] to Apple. I don't recall seeing this happen on the iPhone, even though apps have suddenly reverted back to the main App icon catalogue (which seems to me like a crash) and other mysterious things have happened from time to time. I know that I could try to file a bug report by going into the Apple website on the iPhone, but that is awkward, slow, and undesirable. Does Apple have a "bug reporting" app?
  I have ideas about the way I think Apple should make all bug reporting easier, more informative, and more transparent, but as I understand the Apple discussions policy, I am not supposed to use discussions to suggest new approaches.
  The immediate reason I ask this topic's question is that my wife, who has the same iPhone 3G model as I have, upgraded to IOS 4.1 and has problems with her calendar and photos (to which we have found ungainly temporary fixes that have to be used each time the app is opened). So far, I have deferred upgrading to avoid these problems (and others which have been reported in assorted discussion threads). But when the problems occurred, I had to search for some enlightment as to whether the problems were unique, if not what fixes were available, and if Apple had issued a patch or revised IOS (as far as I know, they have not) -- on my iMac (in the discussions because I found nothing relevant elsewhere on the Apple site). I suddenly realized that I did not know how to realistically report a bug without a computer.
  PS - Has anyone noticed that there is no Discussions category for iPhone IOS?

  Good idea. I've already used the feedback for my general suggestions to improve the way Apple handles bug reports (and tried sending it to Steve Jobs too), but I'll send a specific suggestion for a bug app on the iPhone.
  However, my question is whether there is a simple way to send bug reports from the iPhone now that I have overlooked.

• Does anyone know of the security breach on the iphone and what to down load to fix it?

  DOES ANYONE KNOW ANYTHING ABOUT THE SECURITY BREACH ON THE IPHONE AND IF YOU DO, WHAT DO YOU DOWN LOAD TO FIX IT?

  http://support.apple.com/kb/HT6147
  http://support.apple.com/kb/HT1222
  http://support.apple.com/kb/DL1723
  There is no security breach as such but rather a possibility of one dependant on a number of factors which may or may not be applicable to you and/or your usage.
  The recommendation is to update to the latest 7.0.6 update listed above. For iDevices such as the iPhone I would recommend doing this using iTunes rather than OTA. Tends to be more reliable that way.

• How to fix this problem? Secure Connection Failed, SSL received a record with an incorrect Message Authentication Code. (Error code: ssl_error_bad_mac_read)

  Secure Connection Failed
  SSL received a record with an incorrect Message Authentication Code. (Error code: ssl_error_bad_mac_read)
  I have been receiving this error message recently when I tried to access school elearning websites and other school related websites, I have also tried on internet explorer and it shows page cannot be displayed. I have been trying the available solutions to solve it but none of them work. Is there alternative solutions available? Please advise. Thanks.

  It works after I disabled IPv6 in Firefox. Thank you for your help :)

• I probably misclicked when I activated the security lock on the iPhone and now I can not figure out what password I entered. Moreover, I have patches and funky looking phone so I can not restore iphine pres itunes. Please advice.

  I probably misclicked when I activated the security lock on the iPhone and now I can not figure out what password I entered. Moreover, I have patches and funky looking phone so I can not restore iphine pres itunes. Please advice.

  Your only recourse is to force it into DFU mode:
  Turn your phone off and connect your cable to the computer, but not the device just yet. Start up iTunes. Now, hold down the home button on your phone and plug it in to the cable - don't let go of the button until iTunes tells you it's detected a phone in recovery mode. Now you can restore to factory settings.

• How to invoking secured service(HTTPS/SSL)from bpel Process

  Hi all,
  i am very new to fusion middle ware. i used jdeveloper 10.1.3.3 and soa-server 10.1.3.1.i need to pass secured wsdl(HTTPS/SSL) from one bpel Process to other. Let me know any certificates are required to do this?
  I am looking forward to getting any advice from our forum.
  thanks & Reagards,
  Hari.

  First of all make sure your jdeveloper and soa suite versions match otherwise you will get unpredictable results. I suggest that you upgrade SOA Suite to 10.1.3.4 as this is the latest version.
  That aside I'm assuming that the bpel process are on the same instance. If this is the case Yes you do need certificates as you need to implement SSL on your SOA Installation. If you use a common certificate such as verisign then the process is simpler as you don't need to worry about the public key as they are standard with Oracle as they are with your browser. If you want to sign your own certificate then you will need to add your public key.
  If your server is already SSL and it is verisign then you should have no issues you will be able to connect.
  cheers
  James

• Another security bug??

  All,
  I am running Weblogic with SP3. In my web application configured to use
  form-based authentication. In the web.xml file I have:
  <servlet>
  <servlet-name>InfIIPSchedulerServlet</servlet-name>
  <servlet-class>examples.servlets.InfIIPSchedulerServlet</servlet-class>
  <load-on-startup>2</load-on-startup>
  </servlet>
  <servlet-mapping>
  <servlet-name>InfIIPSchedulerServlet</servlet-name>
  <url-pattern>InfIIPSchedulerServlet</url-pattern>
  </servlet-mapping>
  <servlet-name>InfIIPSchedulerServlet</servlet-name>
  <url-pattern>jsp/InfIIPSchedulerServlet</url-pattern>
  </servlet-mapping>
  <security-constraint>
  <web-resource-collection>
  <web-resource-name>iip</web-resource-name>
  <description>Informatica Information Platform (IIP)</description>
  <url-pattern>/jsp/*</url-pattern>
  </web-resource-collection>
  </security-constraint>
  <login-config>
  <auth-method>FORM</auth-method>
  </login-config>
  public class InfIIPSchedulerServlet {
  public void service(HttpServletRequest req, HttpServletResponse res)
  throws ServletException, IOException
  HttpSession session = req.getSession(false);
  res.setContentType("text/plain");
  ServletOutputStream out = res.getOutputStream();
  try {
  if (session == null) {
  out.println("Session is null");
  } else {
  out.println("Session is " + session.toString());
  InfIIPSession ss =
  (InfIIPSession)session.getAttribute(com.informatica.viewer.util.InfHttpSessi
  onNames.USER_IIPSESSION );
  Context context = ss.getContext();
  out.println("<BR>Remote user is ");
  out.println(req.getRemoteUser());
  out.println("<BR>Principal is ");
  out.println(req.getUserPrincipal().getName());
  out.println("<BR>Principal in Context is ");
  out.println((String)context.getEnvironment().get(Context.SECURITY_PRINCIPAL)
  } catch (NamingException ne) {
  throw new ServletException(ne.getMessage());
  After loged in successfully, a welcome page came up. I got the following
  output when invoking the servlet with url
  http://localhost:7001/iip/InfIIPSchedulerServlet
  Session is weblogic.servlet.internal.session.MemorySession@69abf940
  <BR>Remote user is
  dtseng
  <BR>Principal is
  guest
  <BR>Principal in Context is
  dtseng
  With url http://localhost:7001/iip/jsp/InfIIPSchedulerServlet the output
  become
  Session is weblogic.servlet.internal.session.MemorySession@69abf940
  <BR>Remote user is
  dtseng
  <BR>Principal is
  dtseng
  <BR>Principal in Context is
  dtseng
  The difference is that the first url is not a protected resource, while
  the second is. Why req.getUserPrincipal().getName() returns different values
  depending on the context in which is is executed? Is this a security bug?

  I would like to see this feature of the phone given a significant overhaul. Instead of just displaying the dail pad, I'd like to have the choice of programming in certain numbers which could offered for dialing in place of the dial pad being shown for the Emergency call feature. Perhaps upto 10 numbers could be programmed in, so you could add the emergency numbers for your area and any other numbers you think would be useful. Of course, this should be optional so that the user has the choice of only allowing calls to the pre-registered numbers, the display of the numpad or both.
  That way, everyone would be happy, no?

• I can't get a security copy of my iPhone 4s in iTunes

  I can't get a security copy of my iPhone 4s in iTunes

  What happens when you try? We are not psychic.

• Security BUG in the web container!

  Hello,
  I have just accidently discovered a security BUG in the web container. The bug permits you to view the source of the JSP page (welcome page).
  To reproduce the bug, do the following:
  1. Create a web application. Create new page with name Index.jsp. Add "Index.jsp" into the web.xml as a welcome file.
  2. Deploy it under, let's say, "SecurityBugWebApp".
  3. Access http://host/SecurityBugWebApp/ or http://host/SecurityBugWebApp/Index.jsp - everything should be as usual - you should see a normal output of a JSP page.
  4. Access http://host/SecurityBugWebApp/Index.JSP (notice the case of the ".JSP" ). You should be able to see the source code of the web page. This bug even works if it is under security constraint! This doesn't seem to work, however, with JSPs not listed in the welcome file list.
  Sincerely,
  Sergei Batiuk.

  Peter,
  Thank you for your suggestion. This makes sense to
  try. I'm actually using a trial license of AS7 with
  no updates. I've found update 1 online with free
  trial, however, do you know if AS7 update 2 is
  available with a trial license and where it might be
  located for download?
  you can get AS7 update2 Platform edition from here.
  Platform ed. is FREE for both development and production deployment
  http://wwws.sun.com/software/download/products/3fb01655.html
  AS7 update2 Standard Edition can be downloaded from here.
  Standard Ed is free only for development, you need to buy a license to use it in production.
  http://wwws.sun.com/software/download/products/3f7df408.html
  Peter