A success story of our Teacher(Abir Atarthy) Apple site - TopicsExpress

A success story of our Teacher(Abir Atarthy) Apple site vulnerability exposed by Abir Atarthy: Apple sent appraisal letter! The Apple website is not secure. While surfing the Apple site apple/ I have found several encryption related vulnerabilities. Here are those:- 1) apple site is supporting SSL 2.0(on port 443) cipher with weak encryption as follows: DES -CBC-MD5- 56 bits. EXP-RC2-CBC-MD5 40 bits. EXP-RC4-MD5- 40 bits. Recommendation:- pls. remove the support of SSL 2.0. as it is outdated weak encryption. Any encryption below 128 bit is weak. 2) in SSL v3.0 the site is supporting few weak encryption as follows which a malicious user can exploit. EXP-DES-CBC-SHA 40 bits. EXP-RC2-CBC-MD5 40 bits EXP-RC4-MD5 40 bits. Recommendation:- pls. remove the support of all these weak weak encryption. Any encryption below 128 bit is weak. 3) The site is supporting TLS v1 which is strong but the following encryption in TLS should be removed EXP-DES-CBC-SHA 40 bits. 4)The webserver /lib/prototype.js file is affected. This page does not exist. By requesting a page that does not exist more fully qualified path names were found. From this information an attacker may learn the file system structure from the webserver. This information can be used to conduct further attacks. Recommendation: The information should not be available to the user. You need to configure your server or web application not to return this information. 5)A possible sensitive directory had been found at following directories. /CVS, /data, /downloads, /downloads/scripts, /global, /hotnews/scripts, /reseller, It looks for common sensitive resources like back up directories, database dumps, administration pages. Each one of these directories could help an attacker to learn more about the target. This directory may expose sensitive information that could make a malicious user to prepare for further attack. Recommendation:- Restrict access to this directories or remove it. I have mailed it to Apple team along with countermeasures. Apple development center has sent me an appraisal letter. Here is the part of the letter. appraisal letter from Apple:- Follow-up: 162664922 Re: Apple Developer Feedback Hello Abir, Thank you for contacting Apple Developer Support regarding the Developer website. We appreciate that you have taken the time to send us your feedback. Please be assured that all of your comments have been forwarded to the appropriate Apple team. If you have further questions or comments, please let us know. Best regards, Madoka Nakamura Apple Developer Support

Sad day. Just found out that my first truck (Toyota Tacoma) has a

Good Morning, Today I want to start this off with something to

****SSC QUIZ**** 1) In which year, Land Holders society

So my sister Rene Theresa Carmona asked me for my Dads phone

Justice Design POR-8864-28-OVAL-ABRS Limoges - Three Light Small

Os Desaparecidos Em uma tarde de verão, como parte de nosso

THIS IS THE LIFE STYLE IN ICELAND NO CHILDREN FROM RUSSIA AND

URAAA!!! Napokon mogu voziti svoj auto, a da mi instruktor stalno

who killed bambi K FOOKIN C, lo siento, frase hecha solo, el

Black Friday Cyber Monday Deals Poolmaster 21160 Molded Leaf

Do you want to earn 100% sure weekly income??? WELCOME! ...

I received a call tonight from my friend Tiffany - there were two

Lunchbreak Concert - Nicolas Altstaedt and José Gallard On 28

8 MONTH OLD PUPPY! GREAT WITH DOGS, GOOD WITH PEOPLE, WALKS WELL

Working in an empty building late at night scanning the radio a

Wig - Vibe - Green CHECK YOUR PRICE! >>

More Hot Videos:

tizli, šorīt nekas brutāls nenāk prātā, kaut kādas

Halfway between Garut and Tasikmalaya is Kampung Naga. A

MAXX, A050770 With a big smile on his face, Max ran like the wind

Can anybody who is awaiting a canvas from April please get in