- Last Active
lkrupp said:Remember, people, this is the former 'Facebook security chief’. Facebook and security are mutually exclusionary terms. It’s like trying to put a square peg into a round hole. It ain’t happening.
He's guest hosted the Risky Business security podcast numerous times. If you want to get a sense of the guy, I recommend listening to those episodes.
lkrupp said:AppleInsider said:
How, exactly, the vulnerabilities were exploited and by whom is unknown.
Both bugs were detailed in Apple documentation detailing security changes delivered with the iOS 12.1.4 package.
melgross said:Because it’s not really true. That is, neither DED’s, or Apple badger. When I go to conferences, I see a mix of Apple laptops, iPads, Windows laptops, and some Surface Pro models. Depending on the conference, the ratios change. But normally, Apple’s products are at least 50%.
Overall, when you include notebooks, the number of Apple devices that I see seems to be more than half, but I'm not sure if that's just down to Apple stuff being more noticeable. As the glowing Apple logo fades into history, that bias will become less relevant.
If we want to venture out of the anecdotal space, I can tell you that over time the number of Apple devices, as a percentage of the total number of devices) on my workplace WiFi network (I work at a small Canadian university) has declined, though absolute numbers have increased. In 2010-ish, the number of Apple devices was well over 2/3s on any given day and these days it tends to be around 40%. I know this because I was challenged by a former CIO on my assertion that Apple devices made up the majority of devices on our WiFi network, so I wrote a script that tracks that
That decline is not, in my opinion, any indicator of trouble for Apple; it's just a sign that in the mobile space the competition has gotten better. Apple isn't in trouble; the iPad is doing very, very well, but this fixation on pushing the narrative that the Surface Pro is failing seems weird to me.
It's probably a good idea to read the original release from ZecOps (https://blog.zecops.com/vulnerabilities/youve-got-0-click-mail/) or at least their FAQ for this (https://blog.zecops.com/vulnerabilities/youve-got-0-click-mail/#post-faq). They lay out their case for why they think there's been exploitation and also explain that this is, by itself, not enough to fully take over the phone.
Speaking as someone who works in IT security, I'm going to make two observations:1. Gaining control of an email account can have catastrophic consequences, both for the individuals and organizations.2. Whenever some locally exploitable bug is reported on here, there is always a chorus of people who disclaim it based on the fact that you need access to the device or to be running software on the device in order to exploit it, and they only get their software from the App Store, or some such thing. This is the other half of the exploit chain that makes local vulnerabilities so dangerous; this is the kind of thing that makes local vulnerabilities into remote ones.
anome said:Upping the security isn't that much of an improvement if it isn't end-to-end. The whole architecture of Zoom is basically a man-in-the-middle vulnerability.
dysamoria said:Can anyone explain to me how this previously utterly-unknown-to-me Zoom suddenly became the video conference product of choice before the current round of realizations about how shitty it is?