linkman

king editor the grate said:

I run into some websites and apps, including from huge corporations, on which I've attempted to use Apple's "strong password," only to realize they're being old-timey and requiring a password 8-11 characters with one capital letter and one number or some such. I generally just close the browser/delete the app at that point.

An 8 character password consisting solely of A-Z, a-z, 0-9, and the "keyboardable" symbols in the 7 bit ASCII set (values 33-126 only, excludes space) produces a password that can be cracked in 2 days according to howsecureismypassword.net.  Cut out the symbols/punctuation and it's cracked in 2 hours. These times assume that you have full access to the encrypted passwords and you don't get locked out by an escalating time penalty between guesses or a complete account lockout. Password reuse will certainly reduce the benefit of a server limiting attempts when another compromised server gives up the information freely. 

gerry g said:

doesn't video unlike music have a variable bitrate, and only demand the full amount during fast action sequences, hence different needs for both, besides are you really going to sit there watching something incredibly boring having to reminding yourself just how good the bandwidth is, I think its the program not the bandwidth that counts, how many people seem to be just fine watching bootlegged movies shot on phone in the local multiplex.

Music can also have a variable bitrate. MP3 files often come in a VBR format.

I remember setting up Apple Pay with my CC account in 2016 (Citibank) and it required some extra steps to authorize it (can't remember exactly, but it was either a code to my already-authorized phone number or confirm using my online banking credentials). It's very unlikely that a criminal like this who obtained only my card info would be able to add that account on AP to their phone.

I can't find the info -- is there a list of issuers that these criminals were able to use?

Take it from me that seemingly random unannounced shutdowns are far worse than throttling from a user experience perspective. I've run into them on computers where they had thermal management problems and on laptops where the battery was wonky. Having it run slower because it detected a CPU fan failure is far preferable to the thing shutting down every few minutes. Even the near constant 50% clock rate that @Atomic101 experienced is worlds better than having the phone die when you desperately need it.

From what I'm reading Apple did make this information public within their documentation, albeit buried in a lot of text somewhere. It sounds like Apple had everything covered and this lawsuit is nearly baseless.

Can anyone comment on the implications for the iPod Touch? As far as I know it never had the Secure Enclave, including the latest model. I'm thinking that it's so similar to the iPhone that it has the same boot ROM.