gatorguy

appleinsideruser said:

gatorguy said:

appleinsideruser said:

lowededwookie said:

appleinsideruser said:

chasm said:

appleinsideruser said:

So is this saying that iCloud is flawed and 3rd parties can secretly add a snooping iMessage device to the account? If so, why not fix this flaw, rather than reporting when it’s happened?

No, they’re not saying that. Sorry you didn’t understandj the article.

The article had lots of clear, understandable, specific details. However, it seemed to not address the bigger picture of why this complexity is needed.

An ounce of prevention is worth more than a pound of cure.

In other words, the reason for this complexity is to prevent scumbags stealing our data. Does Apple really need to have more of a reason to implement better security?

Yes indeed. So I just wondered why not hide the complexity (as they usually do) by fixing the underlying vulnerability, prevent the attack, and spare us this odd carbuncle? What is the attack vector they are addressing?

Look for articles regarding "man-in-the-middle" exploits, undisclosed listeners sometimes referred to as "ghost participants" in an encrypted conversation. Yes, Apple's iMessage is vulnerable and has been since it became a feature, but unless you're on the radar of a state agency I don't think any of us need worry. Of note, the UK's spy agency somewhat recently suggested it become law. 

EDIT: Here's one old article that explains it.
https://threatpost.com/apple-imessage-open-to-man-in-the-middle-spoofing-attacks/102610/

Thanks for the reference. It seems the Threat Post people suggest that iMessage could use certificate pinning to avoid the MITM attack. I guess that’s the sort of fix I was expecting.

Seems neater and with no need for the 2nd channel verification carbuncle (and any lack of calmness). 

Of note, Apple controls the naming of devices in the directory mapping account. There's no outside way of proving that all of the listed devices connected to you factually belong to your account or to the account they claim to be part of.  Therefor, your iDevice simply trusts whatever Apple says, not that it is actually true all the devices in a conversation belong to who you believe they do. 

appleinsideruser said:

lowededwookie said:

appleinsideruser said:

chasm said:

appleinsideruser said:

So is this saying that iCloud is flawed and 3rd parties can secretly add a snooping iMessage device to the account? If so, why not fix this flaw, rather than reporting when it’s happened?

No, they’re not saying that. Sorry you didn’t understandj the article.

The article had lots of clear, understandable, specific details. However, it seemed to not address the bigger picture of why this complexity is needed.

An ounce of prevention is worth more than a pound of cure.

In other words, the reason for this complexity is to prevent scumbags stealing our data. Does Apple really need to have more of a reason to implement better security?

Yes indeed. So I just wondered why not hide the complexity (as they usually do) by fixing the underlying vulnerability, prevent the attack, and spare us this odd carbuncle? What is the attack vector they are addressing?

Look for articles regarding "man-in-the-middle" exploits, undisclosed listeners sometimes referred to as "ghost participants" in an encrypted conversation. Yes, Apple's iMessage is vulnerable and has been since it became a feature, but unless you're on the radar of a state agency I don't think any of us need worry. Of note, the UK's spy agency somewhat recently suggested that cooperation become law. 

EDIT: Here's one old article that explains it.
https://threatpost.com/apple-imessage-open-to-man-in-the-middle-spoofing-attacks/102610/

appledapple said:

Articles used to explain who what when…etc. All this says is “Masimo”. Not even a 1-sentence explanation or clarification on who or what “Masimo” is. 

Here:


One of the most surprising things revealed in the courtroom is that pulse optometry on the Apple Watch does not work very well by Apple's own admission. Masimo is still willing to work with Apple to improve the feature to the consumer's benefit despite all the legal drama. 

22july2013 said:

x38 said:

Masimo is a publicly traded US company with a current market cap of about $4.35B. Apple reportedly has about $62.5B cash on hand. Why doesn’t Apple just buy Masimo, or at least a controlling interest in the stock, assign itself the patents in dispute, then keep or sell the rest of the company as makes sense.
Seems like it would be cheaper than all the legal costs in the end.

I like your train of thought, but Apple probably thinks that the worst case scenario would cost them less than purchasing a controlling interest ($2B). Although technically Apple could re-sell its $2B investment after giving themselves the patent to recoup some of that expense. Don't forget that the market cap probably includes the expected income from the possible win against (or settlement with) Apple, which means the company is worth less than that without a win against Apple.

While I agree Apple is rich and powerful enough to roll the dice and figure out consequences later, it's just not a good look.

It is not the first time a company has been invited to Apple to discuss a partnership on some feature, only to discover later that it was all a ruse. Apple was only interested in seeing what they came up with and how it was implemented, saving Apple time and expense deciding how to proceed without sharing the fruit.

IMHO, any company should be extremely wary if Apple reaches out to them, claiming interest in some product they have. I've had two similar though much smaller situations over the years. A certain boat manufacturer got me on the first one. Lesson learned. With the second I required money up-front and my own ND agreement for even a peek at what we had come up with. 

"The Lawsuit" against YouTube TV wants essentially the same information the potential plaintiffs want from Apple. What they're looking for is what restrictions, if any, the NFL put on the Google streaming contract, hoping to prove the same restrictions were in effect when DirectTV held the contract. In effect is the NFL controlling the price. 

According to the attorneys: “Evidence that the NFL imposed restrictions on Google will support plaintiffs’ claims that the NFL imposed these same restraints on DirecTV during the class period, to the detriment of consumers"

Google is arguing the same point that Apple is, that the production of the requested information would be “unduly burdensome.”