Kind of vague, no? Preserving the existing failure case behavior is an important part of hiding a backdoor, I would think. Like if I backdoored sshd, I wouldn’t just permit anyone to login. This test is akin to “ssh root@localhost” and checking for a password prompt. Oh, good, I must be safe.
Kind of vague, no? Preserving the existing failure case behavior is an important part of hiding a backdoor, I would think. Like if I backdoored sshd, I wouldn’t just permit anyone to login. This test is akin to “ssh root@localhost” and checking for a password prompt. Oh, good, I must be safe.
Another take here: http://blog.erratasec.com/2015/03/no-cia-isnt-stealing-apples-secrets.html
Ah Unfortunate; I was able to reproduce this with a current version of XCode.
Sure it asked for my Passphrase as I specified one; but I got no popup :(
Same thing here (10.9, latest XCode).
I’ll wait for more data before worrying.