Apple’s RAOP is Cracked

For a long time now, apps can stream high-quality audio to an Airport Express or an Apple TV using the RAOP protocol. However, the reverse cannot be done due to the fact that the protocol uses asymmetric encryption, which means the private key is baked into the firmware of the Apple (or Apple-licensed) device.

Finally, someone has done something about it. James Laird dumped the ROM of his Airport Express and extracted the private key. He posted the private key to the vlc-devel mailing list.

And now, the site on which he hosts his implementation called shairport is returning HTTP 500.

Update 13-Apr-2011: The link to shairport and his site is back up.

Fraudulent SSL Certs & Revocation

I just read news that fake SSL certificates were issued by Comodo CA, but more interestingly, browser updates were issued to blacklist the certificates. Why this was necessary since we already have a protocol for doing just that?

I found out from this post on the torproject blog that talks about how OCSP is not properly implemented in browsers:

The browsers treat revocation errors as soft errors and a MITM is deadly for revocation. The browsers believe they have to treat them as soft errors because the CAs are failing to do their job properly and are almost entirely unaccountable.

Here’s how some other browsers fare when OCSP fails.