Last week a vulnerability in Apple's iOS and OS X was discovered that allows an attacker to read or
even alter your encrypted traffic. This includes all sorts of connections: web servers, email
accounts, instant messages, calendars, etc.
To do this they'd have to control the network connection, so you're safe on trusted networks like
GSFC Ethernet or "nasa" wireless. However, networks that anyone can join -- like at Starbucks
wireless -- are potentially hazardous. Home network security varies; ones properly protected by
WPA2 should be safe.
If you have an iPhone or iPod Touch, you can fix this by updating to iOS 7.0.6 or 6.1.6. Go to
Settings -> General -> Software Updates while you're on a trusted network.
If you have a Mac with Mavericks, you're out of luck until Apple fixes it. In the meantime bear in
mind that built-in applications are no longer secure, including Safari, Mail, Messages, Calendar,
FaceTime, Twitter, Keynote and iBooks. Most importantly, Software Update itself uses this library,
so make sure you're on a trusted network when applying the update that Apple finally makes available.
While you're waiting, note that Thunderbird, Firefox and Chrome are unaffected, as are pre-10.9
versions of OS X. Here's a test page to see if your browser is vulnerable:<https://gotofail.com/>
Need to leave or subscribe to the Sciart-L listserv? Follow the instructions at