https://truthimperative.axley.net/tags/apple/Recent content in Apple on The Truth ImperativeHugoen-usThu, 17 Apr 2014 15:05:00 -0700https://truthimperative.axley.net/2014/04/ios-clients-not-vulnerable-to.htmlThu, 17 Apr 2014 15:05:00 -0700https://truthimperative.axley.net/2014/04/ios-clients-not-vulnerable-to.html<p><img alt="" height="413" id="h-rh-i-0" src="https://truthimperative.axley.net/heartbleed.png" width="341"></p> <p>Apple&rsquo;s language in their assertion that they are not vulnerable to heartbleed on iOS are troubling as they specifically say (via <a href="https://recode.net/2014/04/10/apple-says-ios-osx-and-key-web-services-not-affected-by-heartbleed-security-flaw/">ReCode</a>), &ldquo;IOS and OS X never incorporated the vulnerable software&hellip;&rdquo;  However, not incorporating the vulnerable OpenSSL software is merely one way that their customers could have been made vulnerable.  What about the Apple SSL/TLS implementation?  Has anyone checked it?  Did they incorporate <a href="https://tools.ietf.org/html/rfc6520">RFC 6520</a> for heartbeat support?  I couldn&rsquo;t find anything Google so figured I would share what I found.</p>https://truthimperative.axley.net/2014/04/using-vnc-to-securely-connect-to-osx.htmlSun, 13 Apr 2014 22:27:00 -0700https://truthimperative.axley.net/2014/04/using-vnc-to-securely-connect-to-osx.html<p>I couldn&rsquo;t believe how supremely difficult it is to <em><strong>securely</strong></em> use VNC to access an OSX mac remotely.  Turns out that by default, using a standard VNC client (as opposed to an Apple Remote Desktop client) does not afford you an option to have the physical console lock when someone connects to the VNC server.  Some third-party clients make this an option, but all that I could find were paid VNC clients that support it.  It is somewhat ridiculous that this setting is left to the <em>client</em> rather than enforced on the <em>server</em>, but I digress&hellip;</p>