I do. 250 apps that has already been pulled of the store.
There is a problem with this logic. Apple has ability to pull certificates of apps consequently making them inaccessible for new downloads. Also the moment you pull a certificate, you are unable to launch that app from the device regardless of whether you already downloaded it or not.
However that is not the case with Android. Add to it "freedom" of using third party apps that seems to be a very normal way of downloading apps (not from Google store), and you will get a slightly more interesting picture.
Like with most of these Android security flaws you keep referencing the 200+ businesses here in the US where it's been discovered lurking may not have been comprised. At least not yet.
"The winning team used a combination of Chrome and iOS vulnerabilities to create a browser-based jailbreak"
I saw that but you said it couldn't be done with Safari and thought somewhere it stated specifically that. It doesn't AFAIK. I think it's quite likely the same or similar exploit could use Safari instead. The team only said they used Chrome coupled with iOS exploits for this particular one, not that it was a requirement.
Wow, just wow... I think that just goes to show the mindset.
Well they didn't also not say that they couldn't make iPhones spontaneously explode, so that must also be a possibility (based on that kind of logic)
No. You just can't make the claim that a jailbreak exploit couldn't be done using Safari and iOS instead of Chrome and iOS based on anything revealed by the team that is claiming the prize. I suspect it could considering the shared code. Unlike you arguing just the opposite I wouldn't go so far as to claim it as a fact tho.
Google (like microsoft) has a history (as bourne out by devices compromised) of writing insecure code.
Apple on the other hand has a history of extremely secure code.
Second, chrome is present on a tiny percentage of iOS devices, if they could have made the hack work on safari they no doubt would have, as it would have made a far more impressive splash.
Sorry but your hypothesis makes about as much sense as my spontaneous explosions.
Whatever you wish to see I suppose. The hackers aren't claiming what your eyes thought they read.
Did you consider that a flaw that only needed Safari and iOS would be more valuable than the one they're using to collect the $1M bounty, especially so if kept secret and thus much less likely to be discussed? You know the exploits are for sale according to the article. They're not whitehats.
The company gushing over how secure iOS is has a selfish agenda too IMO. They would of course want to further promote the idea that iOS is so secure that the only way of monitoring iPhones is to come talk to them about buying access to the hack.
Yeah, "more secure" is still explicitly not secure.
That's not true. That's like saying that adding vibration sensors to a bank vault to make it more secure explicitly means it's not secure. Don't confuse the word security with a hypothetical use of impregnable.
That's not true. That's like saying that adding vibration sensors to a bank vault to make it more secure explicitly means it's not secure. Don't confuse the word security with a hypothetical use of impregnable.
I would say Apple has proven that the 6S-series is more bend-resistance than the 6-series, but I doubt you would say that means it explicitly means it's not bend-resistant.
The point stands that if the wrong people want access to your phone, they will gain access to your phone.
Smart behavior can prevent nearly all of the publicized malware on all platforms. I really don't care about malware through an app store, because I only use a well-vetted core set of apps. If those are compromised, then the level of capability has clearly surpassed the level of security, and those folks are in the door.
Relating to logic? Absolutely; your comment is illogical.
The point stands that if the wrong people want access to your phone, they will gain access to your phone.
So your argument is just to roll over and do nothing?
Smart behavior can prevent nearly all of the publicized malware on all platforms. I really don't care about malware through an app store, because I only use a well-vetted core set of apps. If those are compromised, then the level of capability has clearly surpassed the level of security, and those folks are in the door.
Why not consider how nature works since you are part of it — you are a part of it, aren't you? Apex predators aren't always successful in nature. They also don't go for the hardest kill. The old, the young, the informed, the downright stupid and confused get eaten. If only we had a term for natural selection within nature¡
With humans it's more complex because of varying degrees of cost/effort v reward/penalty. This is why theft is moving online and why those less willing to protect themselves are more likely to fall victim. That doesn't mean I can't, despite my proactive and reactive by proxy protections, nor does it mean you will, with your "if people want to gain access to your phone they will" defeatist attitude, but the odds are clear that those that neither pay attention nor are prepared are more likely to suffer unforeseen issues.
Relating to logic? Absolutely; your comment is illogical.
So your argument is just to roll over and do nothing?
Why not consider how nature works since you are part of it — you are a part of it, aren't you? Apex predators aren't always successful in nature. They also don't go for the hardest kill. The old, the young, the informed, the downright stupid and confused get eaten. If only we had a term for natural selection within nature¡
With humans it's more complex because of varying degrees of cost/effort v reward/penalty. This is why theft is moving online and why those less willing to protect themselves are more likely to fall victim. That doesn't mean I can't, despite my proactive and reactive by proxy protections, nor does it mean you will, with your "if people want to gain access to your phone they will" defeatist attitude, but the odds are clear that those that neither pay attention nor are prepared are more likely to suffer unforeseen issues.
As I explained, I am protecting myself, and I'm effective enough that the (significant?) difference between iOS security and Android security does not impact me. What would impact me is a capable and motivated adversary, and my point is that no level of security in a standard smartphone environment will protect in that case. So, I'd rather live outside the walled garden where I get to choose my own hardware, since I can adequately protect myself in that environment while enjoying more freedom.
<span style="line-height:1.4em;">It's impossible to create software that's 100% bug free and secure.
What makes you think it's impossible? Just because it hasn't been done yet? it *has* in fact been done - many times in many different types of software. Or did you mean to limit your comments to Operating Systems? They are certainly a lot more complex than other types of software - but there is nothing inherently unique about them that would make it *impossible* to secure them.
I suspect that your only evidence is going to be the statement that "if it were possible, somebody would already have done it". LOL! Do us a favour and please don't try to use such ridiculous logic on us.
It's (obviously) very, very difficult to do - but that certainly doesn't mean that it's impossible. "Very difficult" does not mean "impossible". One day we'll have it - and the next we won't - because new software is being written all the time - and some of it is sloppy and will introduce new bugs into previously bug-free code.
There is plenty of software out there that is currently bug free and secure. To my knowledge there aren't any OS platforms that are currently "bug free and FULLY secure" - but again - that doesn't mean it's impossible.
The simpler the program, the easier it is to create something bug free and secure.
Impossible means "not able to occur, exist or be done".
So - enlighten us all with your wisdom....what is it that you think makes it completely *not possible* to create a bug free and secure OS platform (remembering that *unlikely*, *difficult* and *hasnt been done yet* do nothing to prove that it's actually *impossible*!
So, I'd rather live outside the walled garden where I get to choose my own hardware, since I can adequately protect myself in that environment while enjoying more freedom.
That reads like you want to hole up in some backwoods Kentucky compound with guns and rations waiting for the US economy to collapse.
Like with most of these Android security flaws you keep referencing the 200+ businesses here in the US where it's been discovered lurking may not have been comprised. At least not yet.
Yeah...terrible. Notice figure 3. Notice the first name that is NOT in english. Chinese app.
XcodeGhost apps are isolated to themselves. They don't hijack phones, don't snoop on other apps since iOS prevents that tight interaction. The only data those apps can get is what they can obtain from accessible iOS APIs (phone number) and what they gather from the user directly. So, if user thinks that it is okay if PhotoScanner Lt app suddenly asks for a password or credit card info, then I have no comment on that.
Comments
https://www.fireeye.com/blog/threat-research/2015/11/xcodeghost_s_a_new.html
Like with most of these Android security flaws you keep referencing the 200+ businesses here in the US where it's been discovered lurking may not have been comprised. At least not yet.
Where was the claim it doesn't work with Safari? Missed that one.
Says it requires chrome
"The winning team used a combination of Chrome and iOS vulnerabilities to create a browser-based jailbreak"
Wow, just wow... I think that just goes to show the mindset.
Well they didn't also not say that they couldn't make iPhones spontaneously explode, so that must also be a possibility (based on that kind of logic)
Two fundamental flaws in that logic:
Google (like microsoft) has a history (as bourne out by devices compromised) of writing insecure code.
Apple on the other hand has a history of extremely secure code.
Second, chrome is present on a tiny percentage of iOS devices, if they could have made the hack work on safari they no doubt would have, as it would have made a far more impressive splash.
Sorry but your hypothesis makes about as much sense as my spontaneous explosions.
Did you consider that a flaw that only needed Safari and iOS would be more valuable than the one they're using to collect the $1M bounty, especially so if kept secret and thus much less likely to be discussed? You know the exploits are for sale according to the article. They're not whitehats.
The company gushing over how secure iOS is has a selfish agenda too IMO. They would of course want to further promote the idea that iOS is so secure that the only way of monitoring iPhones is to come talk to them about buying access to the hack.
THAT'S using logic.
Yeah, "more secure" is still explicitly not secure. All popular platforms are demonstrated to be vulnerable. Period.
That's not true. That's like saying that adding vibration sensors to a bank vault to make it more secure explicitly means it's not secure. Don't confuse the word security with a hypothetical use of impregnable.
I would say Apple has proven that the 6S-series is more bend-resistance than the 6-series, but I doubt you would say that means it explicitly means it's not bend-resistant.
It's semantic.
The point stands that if the wrong people want access to your phone, they will gain access to your phone.
Smart behavior can prevent nearly all of the publicized malware on all platforms. I really don't care about malware through an app store, because I only use a well-vetted core set of apps. If those are compromised, then the level of capability has clearly surpassed the level of security, and those folks are in the door.
Relating to logic? Absolutely; your comment is illogical.
So your argument is just to roll over and do nothing?
Why not consider how nature works since you are part of it — you are a part of it, aren't you? Apex predators aren't always successful in nature. They also don't go for the hardest kill. The old, the young, the informed, the downright stupid and confused get eaten. If only we had a term for natural selection within nature¡
With humans it's more complex because of varying degrees of cost/effort v reward/penalty. This is why theft is moving online and why those less willing to protect themselves are more likely to fall victim. That doesn't mean I can't, despite my proactive and reactive by proxy protections, nor does it mean you will, with your "if people want to gain access to your phone they will" defeatist attitude, but the odds are clear that those that neither pay attention nor are prepared are more likely to suffer unforeseen issues.
Relating to logic? Absolutely; your comment is illogical.
So your argument is just to roll over and do nothing?
Why not consider how nature works since you are part of it — you are a part of it, aren't you? Apex predators aren't always successful in nature. They also don't go for the hardest kill. The old, the young, the informed, the downright stupid and confused get eaten. If only we had a term for natural selection within nature¡
With humans it's more complex because of varying degrees of cost/effort v reward/penalty. This is why theft is moving online and why those less willing to protect themselves are more likely to fall victim. That doesn't mean I can't, despite my proactive and reactive by proxy protections, nor does it mean you will, with your "if people want to gain access to your phone they will" defeatist attitude, but the odds are clear that those that neither pay attention nor are prepared are more likely to suffer unforeseen issues.
As I explained, I am protecting myself, and I'm effective enough that the (significant?) difference between iOS security and Android security does not impact me. What would impact me is a capable and motivated adversary, and my point is that no level of security in a standard smartphone environment will protect in that case. So, I'd rather live outside the walled garden where I get to choose my own hardware, since I can adequately protect myself in that environment while enjoying more freedom.
What makes you think it's impossible? Just because it hasn't been done yet? it *has* in fact been done - many times in many different types of software. Or did you mean to limit your comments to Operating Systems? They are certainly a lot more complex than other types of software - but there is nothing inherently unique about them that would make it *impossible* to secure them.
I suspect that your only evidence is going to be the statement that "if it were possible, somebody would already have done it". LOL! Do us a favour and please don't try to use such ridiculous logic on us.
It's (obviously) very, very difficult to do - but that certainly doesn't mean that it's impossible. "Very difficult" does not mean "impossible". One day we'll have it - and the next we won't - because new software is being written all the time - and some of it is sloppy and will introduce new bugs into previously bug-free code.
There is plenty of software out there that is currently bug free and secure. To my knowledge there aren't any OS platforms that are currently "bug free and FULLY secure" - but again - that doesn't mean it's impossible.
The simpler the program, the easier it is to create something bug free and secure.
Impossible means "not able to occur, exist or be done".
So - enlighten us all with your wisdom....what is it that you think makes it completely *not possible* to create a bug free and secure OS platform (remembering that *unlikely*, *difficult* and *hasnt been done yet* do nothing to prove that it's actually *impossible*!
That reads like you want to hole up in some backwoods Kentucky compound with guns and rations waiting for the US economy to collapse.
Yeah, "more secure" is still explicitly not secure. All popular platforms are demonstrated to be vulnerable. Period.
This is like saying that a dripping faucet is the same as a water main break because both are leaks, therefor are equivalent.
Not all platforms are -equally- vulnerable.
That reads like you want to hole up in some backwoods Kentucky compound with guns and rations waiting for the US economy to collapse.
Interesting interpretation, especially considering that it's actually the more liberal approach :P
This is like saying that a dripping faucet is the same as a water main break because both are leaks, therefor are equivalent.
Not all platforms are -equally- vulnerable.
If both leaks are wetting something easily destroyed by water, what's the difference?
Despite Apple's efforts XCode Ghost is still alive and kicking and now found here in the US too so no longer a China only issue.
https://www.fireeye.com/blog/threat-research/2015/11/xcodeghost_s_a_new.html
Like with most of these Android security flaws you keep referencing the 200+ businesses here in the US where it's been discovered lurking may not have been comprised. At least not yet.
Yeah...terrible. Notice figure 3. Notice the first name that is NOT in english. Chinese app.
XcodeGhost apps are isolated to themselves. They don't hijack phones, don't snoop on other apps since iOS prevents that tight interaction. The only data those apps can get is what they can obtain from accessible iOS APIs (phone number) and what they gather from the user directly. So, if user thinks that it is okay if PhotoScanner Lt app suddenly asks for a password or credit card info, then I have no comment on that.