The Importance of Monitoring SSL Certs

The certificate for this server is invalid. You might be connecting to a server that is pretending to be “swscan.apple.com” which could put your confidential information at risk.

As of  4:59 PM on 5/24/14, every Apple user is getting the same scary error.

Don’t worry, you are probably not the victim of a man in the middle attack.  It appears that the SSL cert for swscan.update.com, which is hosted at Akamai, has expired.  This was probably due to a gap in the monitoring and management of the SSL certs provided to Akamai.

It is certainly possible that Akamai has been hacked, and a compromised SSL cert was installed.  Not likely, though.  To be safe, just hold off on any updates until Apple and Akamai get the cert updated.  Alternatively, you can download updates directly instead of using the App Store.  You can download all major updates here, and this server uses a different SSL endpoint that has a valid certificate:  http://support.apple.com/downloads/

Pro tip for Apple’s security team:  Even though swscan.apple.com lives at Akamai, you should set up SSL cert checks in Nagios for all  exposed HTTPS end-points that are in the apple.com domain.  These are the sorts of things you want to get notified about 60 days in advance.  In the unlikely event that Akamai has been hacked and the cert replaced, this type of monitoring would have immediately alerted you.  Win-win.

Both Apple and Akamai should have been monitoring this SSL cert.  I do not think anyone should lose their job over this. If anyone does lose their job over this, that would be a failure of management, not the person or team responsible for SSL certs.  I think this should be seen as an opportunity for improving monitoring and business processes.

I tried sending an email to security@apple.com to let them know they had a critical SSL cert that has expired.  My email received an error in response: “Your message to jmet-si@group.apple.com could not be delivered for the following reason: This group does not accept external messages.”  

Update:  I received a response from Apple’s Security Team.  They obviously resolved the expired SSL certificate, and they’ve addressed the bounce issue I reported.  Fairly promptly, for a holiday weekend.

PHPPwner3000

PHPPwner3000 is the ultimate PHP exploit tool. Utilizing fundamental vulnerabilities in ALL versions of PHP, it is able to upload files, query databases, and even slurp shadow files no matter what user php is running as. Using stealth sql injection, it can even bypass the protections provided by prepare/execute structures.

PHPPwner3000 is also completely fictitious. It is a honeypot entry in a job posting.  I use it to determine if a candidate does sufficient recon and is capable of going the extra mile when they see a term with which they are unfamiliar.

If you have found this page because you saw an unfamiliar tool in a job posting, congratulations. You’ve just earned brownie points with one of the interviewers. It’s up to you to figure out which one.

iMac video glitches, and useless fixes

Several years ago I bought Mel an iMac. It was a 27″, top of the line, all the bells and whistles. I secretly replaced her existing 21″ iMac with the new one after she had gone to bed one night. It took her several pre-coffee minutes to realize something wasn’t quite the same the next morning. Hilarity ensued.

After two and three quarter years, the video started glitching. Little pink artifacts that would dance around the screen, especially after long sessions playing World of Warcraft. Apple Care to the rescue, we took it in. They replaced the video card, and all was well. For a few weeks. Then they came back. Took it in again. This time they said they were going to replace the motherboard. When we picked it up, they told us they had just replaced the screen instead. No worries, we took it home and it worked flawlessly. Right until the Apple Care expired. Then it started flaking out with the same glitches. Two very expensive repairs, had they not been covered under Apple Care, and it looked like we were going to have to foot the bill on the last option: the mother board replacement they had opted out of on the last repair.

We made an appointment. We hoped to plead that this was a recurring issue that hadn’t been previously fixed, and maybe we could get out of an expensive repair.

We had several days before our appointment, and I kept thinking about why the previous repairs had worked temporarily. It couldn’t be that they had replaced the correct parts, and yet the symptoms had gone away. A loose, and/or oxidizing, connection could explain it. I took apart the front display, and disconnected the data and power connectors on the LCD. After putting it back together, the video glitches are gone again. This may only last a few weeks or months, but now I know how to fix it for free.

The moral of the story? Don’t be afraid to take your stuff apart!

I use Amazon affiliate links in some of my posts. I think it is fair to say my writing is not influenced by the $0.40 I earned in 2022.