Attention all Apple users!
To be short: if you haven’t already done so, update your iOS devices *immediately*. Don’t use a Mac for banking on the public Internet and anything sensitive until Apple releases a security update for OS X.
Technical details are available here: https://www.imperialviolet.org/2014/02/22/applebug.html
And here are some practical tips if you use a Mac in your daily work.
- Definitely don’t use public Wi-Fi networks
- Use Chrome or Firefox (they have their own SSL implementation) instead of Safari
- Don’t use apps that may transmit authentication tokens (passwords) over SSL
Specifically, don’t use Apple’s Mail.app with your domain account. It seems that Outlook use Apple’s SSL implementation as well, and since Kerberos authentication currently has problems with our mail servers, it may ask you to send passwords over SSL instead. Best way may be to read your e-mail on another device or use Outlook Web Access with Chrome or Firefox.