ETA: I was recently amazed at what get's stored. I was applying for a duplicate birth certificate and one of the security questions was a list of streets I'd lived on that had one I'd resided on in the mid 1970's! I was supposed to pick the one (or none) I hadn't lived on. Now that was a Yikes moment for sure. Other than the feds and tax returns I'd have NEVER guessed that sort of information was stored anywhere....
Apple thought people were smart enough to know nothing in the cloud is secure. I think in the user agreement term something like users are responsible for their own security was there. I have to go back and re-read the agreement. But so far no one is suing Apple for unsecured iCloud.
That's new to me. But I guess if you're collecting things why ever "throw" them away... And that was a very, very, expensive zip code (I was a renter).
Apple thought people were smart enough to know nothing in the cloud is secure. I think in the user agreement term something like users are responsible for their own security was there. I have to go back and re-read the agreement. But so far no one is suing Apple for unsecured iCloud.
Anyone who would sue them would have to offer the leaked photos as evidence, and the story would be at the top of the news for months or longer. I think most of the celebs would prefer it to just die down and go away, which it will on its own.
Really? There's a vulnerability if an app asks for your login details to a website account and you provide them? BGR really is a sad excuse for a news website.
Did you not read this?
in-app browsers in third-party iOS apps have the ability to log keystrokes as they’re typed.
Whatever Samsung pays for ;-)... Though I am not truly sure I believe that. The number of Android trolls all over the net is high enough on its own and they don't need encouragement... They do it for money (clicks) or pleasure and attention (yes, the psychology of trolls is fascinating, there are studies on this).
In all the issues, the only one I fault Apple with is the 8.0.1 release. And even then, it is kinda weird that such a thing would not have emerged in QA (they certainly would not have released it if they saw somethng that affected cell service there). The fact that not even the carriers' QA flagged it is also strange.
Maybe its a profile, configuration that only occurs on a user phone, not even sure what it could be. That is probably what they are trying to figure out right now. I'm guessing something to do with security, since it affected touch ID and cell at the same time.
So, you think that Apple should prevent people from entering whatever info inside Applications that own custimzed browsers ? How will they do this? Parse HTML pages of all applications to look for a login? That sounds... Not reasonable... And very CPU intensive.
They already check application code, you want them to also verify every possible use cases ever, even the craziest ones?
I don't think you really know what a vulnerability is. If I give my house keys to someone who asks for them. I am vulnerable maybe... (because being an idiot makes you vulnerable). But, the lock is still functioning as designed.
Users are the most unsecure part of any system. People have gotten into nuclear facilities through malware...
Well Apple released a statement on the iPhone. Not surprisingly they're standing by their design. I guess time will tell if this is indeed an issue or not.
[quote]"Our iPhones are designed, engineered and manufactured to be both beautiful and sturdy. iPhone 6 and iPhone 6 Plus feature a precision engineered unibody enclosure constructed from machining a custom grade of 6000 series anodized aluminum, which is tempered for extra strength. They also feature stainless steel and titanium inserts to reinforce high stress locations and use the strongest glass in the smartphone industry. We chose these high-quality materials and construction very carefully for their strength and durability. We also perform rigorous tests throughout the entire development cycle including 3-point bending, pressure point cycling, sit, torsion, and user studies. iPhone 6 and iPhone 6 Plus meet or exceed all of our high quality standards to endure everyday, real life use. With normal use a bend in iPhone is extremely rare and through our first six days of sale, a total of nine customers have contacted Apple with a bent iPhone 6 Plus. As with any Apple product, if you have questions please contact Apple."[/quote]
An Apple spokesperson said that its test include exerting force in three separate areas to see if the device bends, a torsion test that simulates thousands of twists an iPhone might experience in daily use, and a "sit test" which simulates what it's like to put an iPhone in the back pocket of a tight pair of jeans over a period of years
Well, 9 people experienced it. This is a harbinger of the End Times.
The phone has only been out one week. A poster on MacRumors claims their 6 (not a plus) was slightly bent when they got it. Which makes me wonder if there isn't a manufacturing issue with some early batched of phones ala iPhone 5. I know when the HTC One came out last year there were issues with gaps between the metal and plastic and some cases where the plastic band wasn't flush with the aluminum.
You actually read shit like that? No wonder you're so deluded half the time...:rolleyes:
Delusion is automatically dismissing something because the site isn't on the Apple kiss ass list. It's simply a claim (which I'll always be skeptical about) that should be investigated.
I'd guess he did not. Muppetry's comments are normally pretty informative.
Of course I read it, and Hockenberry's blog. I guess that you guys didn't. My comment describes exactly what this amounts to - if you let a third party app act as your web browser and then enter authentication details on a website, it can see them and capture them. Don't do that.
Of course I read it, and Hockenberry's blog. I guess that you guys didn't. My comment describes exactly what this amounts to - if you let a third party app act as your web browser and then enter authentication details on a website, it can see them and capture them. Don't do that.
We know not to do that, but how millions of people don't know?
I think we found the person who stole the photos and leaked them. It was this guy he was trying to make a point how best to do that than to leak pictures of pretty actresses who lack the IQ to properly lock up their house. Remember most these people have handler who do everything for them so they house is lock up tight but since the have control over their own phone this what you get.
Of course I read it, and Hockenberry's blog. I guess that you guys didn't. My comment describes exactly what this amounts to - if you let a third party app act as your web browser and then enter authentication details on a website, it can see them and capture them. Don't do that.
We know not to do that, but how millions of people don't know?
OK. Now you've read the details - bear in mind that this is a proof of principle demonstation, combined with an assumption that malicious apps intended to do this might get past the screening process. No demonstration of actual implementation, but an opinion that they would be hard to detect if the code were obfuscated. Maybe true, maybe not.
In any case, if a third party website asks for your bank login details (for example) - do you think it is the fault of the browser if you provide them? This is no different. As Hockenberry points out, only provide your details to a website or app that you trust, and just because an app came from the curated App Store doesn't mean that it is fine to give up your confidential login details. If that level of common sense is beyond a user then they should not be trusted with a computer.
At the very worst you could say the Apple failed to recognize the severity or potential of the threat. The fact that they engaged in a dialog with the security researcher takes "ignored" off the table.
It shouldn't take six months to fix though. Benedict Evans (who is usually pretty pro Apple) tweeted that this was unacceptible and wondered why Apple is so keen on owning the fundamental technology in their products except when it comes to cloud. Tim Cook should hire someone with lots of experience in this area to run their cloud business. It needs more attention than it's currently getting.
You are correct, it shouldn't have taken so long to fix. My guess is that someone did a risk analysis based on the perceived threat and when it was thrown in the pool of things that needed to get done with the available resources it fell below the line. Despite Apple's incredible success they don't have infinite resources and have to prioritize the work. Of course if the task you want to get done doesn't make the cut for the next cycle you will feel like your concerns are being ignored. It's not malice, it's simply the reality of the business world. The system is not perfect.
Comments
Credit reports...
Apple thought people were smart enough to know nothing in the cloud is secure. I think in the user agreement term something like users are responsible for their own security was there. I have to go back and re-read the agreement. But so far no one is suing Apple for unsecured iCloud.
Monday, Tuesday, Wednesday, Thursday...
What is friday going to bring.
Credit reports...
Yet forty years back?
That's new to me. But I guess if you're collecting things why ever "throw" them away... And that was a very, very, expensive zip code (I was a renter).
Apple thought people were smart enough to know nothing in the cloud is secure. I think in the user agreement term something like users are responsible for their own security was there. I have to go back and re-read the agreement. But so far no one is suing Apple for unsecured iCloud.
Anyone who would sue them would have to offer the leaked photos as evidence, and the story would be at the top of the news for months or longer. I think most of the celebs would prefer it to just die down and go away, which it will on its own.
Did you not read this?
Monday, Tuesday, Wednesday, Thursday...
What is friday going to bring.
Whatever Samsung pays for ;-)... Though I am not truly sure I believe that. The number of Android trolls all over the net is high enough on its own and they don't need encouragement... They do it for money (clicks) or pleasure and attention (yes, the psychology of trolls is fascinating, there are studies on this).
In all the issues, the only one I fault Apple with is the 8.0.1 release. And even then, it is kinda weird that such a thing would not have emerged in QA (they certainly would not have released it if they saw somethng that affected cell service there). The fact that not even the carriers' QA flagged it is also strange.
Maybe its a profile, configuration that only occurs on a user phone, not even sure what it could be. That is probably what they are trying to figure out right now. I'm guessing something to do with security, since it affected touch ID and cell at the same time.
I'd guess he did not. Muppetry's comments are normally pretty informative.
Did you not read this?
So, you think that Apple should prevent people from entering whatever info inside Applications that own custimzed browsers ? How will they do this? Parse HTML pages of all applications to look for a login? That sounds... Not reasonable... And very CPU intensive.
They already check application code, you want them to also verify every possible use cases ever, even the craziest ones?
I don't think you really know what a vulnerability is. If I give my house keys to someone who asks for them. I am vulnerable maybe... (because being an idiot makes you vulnerable). But, the lock is still functioning as designed.
Users are the most unsecure part of any system. People have gotten into nuclear facilities through malware...
You actually read shit like that? No wonder you're so deluded half the time...:rolleyes:
http://www.ft.com/intl/fastft?post=211822
[quote]"Our iPhones are designed, engineered and manufactured to be both beautiful and sturdy. iPhone 6 and iPhone 6 Plus feature a precision engineered unibody enclosure constructed from machining a custom grade of 6000 series anodized aluminum, which is tempered for extra strength. They also feature stainless steel and titanium inserts to reinforce high stress locations and use the strongest glass in the smartphone industry. We chose these high-quality materials and construction very carefully for their strength and durability. We also perform rigorous tests throughout the entire development cycle including 3-point bending, pressure point cycling, sit, torsion, and user studies. iPhone 6 and iPhone 6 Plus meet or exceed all of our high quality standards to endure everyday, real life use.
With normal use a bend in iPhone is extremely rare and through our first six days of sale, a total of nine customers have contacted Apple with a bent iPhone 6 Plus. As with any Apple product, if you have questions please contact Apple."[/quote]
An Apple spokesperson said that its test include exerting force in three separate areas to see if the device bends, a torsion test that simulates thousands of twists an iPhone might experience in daily use, and a "sit test" which simulates what it's like to put an iPhone in the back pocket of a tight pair of jeans over a period of years
Well, 9 people experienced it. This is a harbinger of the End Times.
Delusion is automatically dismissing something because the site isn't on the Apple kiss ass list. It's simply a claim (which I'll always be skeptical about) that should be investigated.
Of course I read it, and Hockenberry's blog. I guess that you guys didn't. My comment describes exactly what this amounts to - if you let a third party app act as your web browser and then enter authentication details on a website, it can see them and capture them. Don't do that.
We know not to do that, but how millions of people don't know?
OK. Now you've read the details - bear in mind that this is a proof of principle demonstation, combined with an assumption that malicious apps intended to do this might get past the screening process. No demonstration of actual implementation, but an opinion that they would be hard to detect if the code were obfuscated. Maybe true, maybe not.
In any case, if a third party website asks for your bank login details (for example) - do you think it is the fault of the browser if you provide them? This is no different. As Hockenberry points out, only provide your details to a website or app that you trust, and just because an app came from the curated App Store doesn't mean that it is fine to give up your confidential login details. If that level of common sense is beyond a user then they should not be trusted with a computer.
You are correct, it shouldn't have taken so long to fix. My guess is that someone did a risk analysis based on the perceived threat and when it was thrown in the pool of things that needed to get done with the available resources it fell below the line. Despite Apple's incredible success they don't have infinite resources and have to prioritize the work. Of course if the task you want to get done doesn't make the cut for the next cycle you will feel like your concerns are being ignored. It's not malice, it's simply the reality of the business world. The system is not perfect.