IreneW

OutdoorAppDeveloper said:

I hope Apple plans to quarantine its products for at least nine days as that is how long the virus can survive on a surface.

orthorim said:

Well to be honest the entire "Chinese" angle is pretty fishy. Maybe, maybe not. TechCrunch said "sources" said it was the Chinese. Then 1000 websites repeated that based on TC reporting (which in turn is based on unnamed "sources"). So who can really know? 

That Apple is saying it was the Chinese gives it somewhat more credibility - but maybe they, too, just got it from TC. Or from an anonymous tipster. It's no better than gossiping housewives. 

This is Spy stuff, and so people are going to misdirect.

As I said if Android wasn't targeted then that would make no sense except if all of Android is compromised anyway. 

Common sense. Common sense is, in my experience, more accurate than "sources" in many cases. Because sources may have reasons to create misdirection. In this case, getting caught red-handed, whoever the guilty party is has all the reasons and likely also the means to plant a few red herrings.

So when you say "we just don't have credible information" - other than the iOS report from Ian Beer, there's no credible sources for anything anywhere.

orthorim said:

IreneW said

Except that it didn't.

This particular hack was extremely complex (please read the report), and worked on iOS only. No doubt the Chinese tried to attack an probably managed to attack Android as well, but there are no credible reports (that I have heard of).

Chinese Govt: I am going to spend a few $M on an iOS exploit for this minority even though 90% of Chinese users are on Android. I am going to spend $0 on android. 

How likely is that?

If indeed they spent nothing on Android then I'd be really worried as an Android user - it would mean they already own Android and know what's going on on those devices anyway. It would mean all Android devices are already hacked. As for Windows, open market prices for zero days are much lower than iOS so of course they'd do Windows on the side.

The ethically correct choice on Google's Project Zero side would have been to publish what they were publishing - a very detailed and interesting walkthrough of the iPhone exploit - but preface it with "Android and Windows were targeted on the same sites, but we want to focus on the iOS exploit here because (bla)... "

They needed to mention this. Otherwise, given the political nature and business impact of the message, they were lying by omission. 

If they only wanted to report on the tech details, as is a valid choice for a GPZ blog, they needed to preface it with that sentence. Only a short mention.

GPZ isnt' required to explain every exploit, and there may be reasons to keep Android/Windows under wraps anyway, maybe not all is fixed, etc.

Or even worse, Android wasn't even targeted which would indicate a wide scale compromise of the entire Android platform in China. If you think about it not too unlikely given Google's contentious relationship with China, their lack of control over modifications made to Android, Chinese manufacturers having to submit to government demands, Chinese users not really caring very much about privacy (yet)... all these factors make an attack thinkable where Chinese government is deep into all Android update servers, Android second party stores, Android updates, etc, they could have a full global level exploit chain going on there. And GPZ would probably know about it but due to being unable to stop it, they wouldn't disclose it.

Whoops.

beowulfschmidt said:

teonyc said:

My experience is that they are anti-design-first brands. They hate Dyson as well. Yet I’ve been screwed by buying their recommended Shark that couldn’t do half of what my Dyson can. 

And my wife vastly prefers her two year old Shark over the three year old Dyson.  To the point where the Dyson was basically given away.

So from my standpoint, their recommendation of the Shark over the Dyson is completely warranted.