I was perusing the news today, and discovered that Apple produced a security guide for iOS (1). Excited by the idea that Apple would disclose technical details on the security and features for their products, I grabbed a copy of the document and read it. I was hoping Apple would discuss how IPv6 was implemented and which security controls could be applied to create a more secure system. I was wrong.
Then I typed ‘Apple security guide’ and reviewed a group of links sorted by versions of Apple firewalls, thinking they would have security features for IPv6. Reviewing the guide for Snow Leopard I discovered the best IPv6 on Apple products is a disabled IPv6.
Lastly, I reviewed the IPv6 Ready Logo Program – a list of products which have been tested for their compliance and interoperability with IPv6 – and discovered that it recommends disabling IPv6 on the Apple Operating system and IOS.
Wonder if Apple customers joining the IPv6 World Launch Day on June 6th will understand that a secure Mac is one which IPv6 should be disabled.
(1) iOS Security Guide, https://threatpost.com/en_us/blogs/apple-details-ios-security-features-new-guide-053112
(2) Mac OS X Security Guide, http://www.apple.com/support/security/guides/
(3) IPv6 World Launch Day, http://www.worldipv6launch.org/
(4) IPv6 Ready guides, https://www.ipv6ready.org/db/index.php/public/?o=6
I am constantly amazed at the things I find on the Internet. One example of this is the two vulnerabilities in the Marconi Wireless Telegraph that were posted to the Open Source Vulnerability Database (OSVDB), which is a place to find security vulnerabilities in vendor’s products.
The first was OSVDB ID: 79399, Marconi Wireless Telegraph, “Transmitted Message Remote Disclosure”, published 06/01/1903 and acknowledged by the vendor a day later, but not posted on the OSVDB until 12/27/2011. The other was the OSVDB ID: 79400 Marconi Wireless Telegraph, “Crafted Transmission Message Spoofing” with the same publication date as the one prior.
If you have read my blog post in the past, these vulnerabilities are the reason I call myself and this blog Scientific Hooliganism. Thanks to whoever posted these, it made my day!