gotofail bug: articles about its minimal *real-world* effects?
February 26, 2014 6:49 AM Subscribe
I'm trying to help a relative who's in a full panic about computer security, brought on both by the alarmist mainstream reporting about the gotofail bug and by some coincidental hardware issues with her OS X machine. My reassurance isn't going to cut it this time -- is there somewhere online where she can read, in lay terms, that although the bug was severe in theory / in its implications, there's very little evidence of real-world exploits?
posted by anonymous to Computers & Internet (6 answers total) 1 user marked this as a favorite
Media coverage seems to consist of calm specialist articles and alarmist mainstream articles. Is there a calm, reassuring mainstream article?
She has two devices that were vulnerable to this bug, an iPhone and a recent (mfd jan 2014) MBAir which she's used exclusively on public wifi networks since she has no home internet.
The Air has been having issues like spontaneous black-screening; from her descriptions I'd guess she might have a bad logic board (and definitely has bad local salesguys telling her there's nothing wrong... she's not near a Genius Bar). But all unexplained computer issues feel potentially connected and equally suspicious to her.
She's also now very upset because she updated the iPhone to 7.0.6 over public wifi, and then found "a news story saying not to be so stupid as to update via public WiFi since the flaw itself could USE the process of the updating itself to completely take over your phone in ways even worse than it already was." Again, while that's true in theory, am I right to assume there's virtually no real-world chance she actually downloaded a malicious fake version of 7.0.6? Any evidence or reports of such a version surfacing anywhere?
She has a very all-or-nothing view of security (she writes, "Once everything is compromised, it doesn't matter if you change passwords or anything because those changes ALSO are known by the invader" -- I'm not clear whether she thinks the gotofail bug *itself* was about other users being able to achieve that degree of systemwide compromise, or whether it's just another sign that we can't trust computers and their manufacturers).
She has no local expert she'd trust to just wipe her devices so she can start fresh, and even if she did, she is really convinced that she'll be globally 'compromised' whatever she does now. (For broader reference, this is someone who documentably has been harassed and stalked and has had previous houses broken into -- but it's possible her history of compromise IRL may be fueling too-global fears about computer security.)
I would love pointers to *either* the kind of article on the gotofail bug I described above *or* excellent broader articles about security for lay users.