apple_badger

About

Username
apple_badger
Joined
Visits
52
Last Active
Roles
member
Points
202
Badges
0
Posts
86

Reactions

68Like1Dislike27Informative

  • Apple's latest security update is important, but the mass-media response is unhinged

    apple_badgerapple_badger
    I'm going to respectfully disagree here. Speaking as someone who heads up Information security for an organization, this may not be as quite bad as it gets (it won't kill your dog), but it's darn close. A remote code execution flaw in webkit paired with the ability to execute arbitrary code with kernel privileges is really, really, *really* bad. 
    bala1234indieshackcrowleywilliamlondonFileMakerFellerlkrupp

  • Compared: Apple Studio Display vs LG UltraFine 5K Display

    apple_badgerapple_badger
    hal301 said:
    One other difference, although not clearly mentioned by Apple, is that the LG monitor has an internal power supply - the power cord plugs directly into the back of the monitor.  The Studio Display most likely uses the same (or at least very similar) external brick that the 24" iMac uses. So one more small box on the floor. :(
    The Studio Display does not use an external power brick. It's just a power cord from the back of the display to a standard wall plug. 
    FileMakerFellerdewme

  • Apple 'poisoned the well' for client-side CSAM scanning, says former Facebook security chi...

    apple_badgerapple_badger
    lkrupp said:
    Remember, people, this is the former 'Facebook security chief’. Facebook and security are mutually exclusionary terms. It’s like trying to put a square peg into a round hole. It ain’t happening.
    Stamos is *highly* respected in the information security community. Speaking as someone who's job title includes the words chief, information, security, and officer, when he says something I almost always find it worth considering and never dismiss it outright based on where he's worked. For what it's worth, by all account his time at Facebook wasn't a harmonious one. 

    He's guest hosted the Risky Business security podcast numerous times. If you want to get a sense of the guy, I recommend listening to those episodes. 
    elijahgcorebeliefsaderuttercrowleychemengin1williamlondonapplguymuthuk_vanalingamlibertyforall

  • Apple says iOS Mail vulnerabilities do not pose immediate threat, patch coming

    apple_badgerapple_badger
    It's probably a good idea to read the original release from ZecOps (https://blog.zecops.com/vulnerabilities/youve-got-0-click-mail/) or at least their FAQ for this (https://blog.zecops.com/vulnerabilities/youve-got-0-click-mail/#post-faq). They lay out their case for why they think there's been exploitation and also explain that this is, by itself, not enough to fully take over the phone. 

    Speaking as someone who works in IT security, I'm going to make two observations:

    1. Gaining control of an email account can have catastrophic consequences, both for the individuals and organizations. 

    2. Whenever some locally exploitable bug is reported on here, there is always a chorus of people who disclaim it based on the fact that you need access to the device or to be running software on the device in order to exploit it, and they only get their software from the App Store, or some such thing. This is the other half of the exploit chain that makes local vulnerabilities so dangerous; this is the kind of thing that makes local vulnerabilities into remote ones. 
    cgWerks

  • U.S. Senate, Google ban Zoom days after its launch of 'security council'

    apple_badgerapple_badger
    Andy.Hardwake said:
    Security advisory council headed by a Facebook security officer... Bwahahahahaha  long way to go guys!
    Alex Stamos is very well regarded in the ITSec community. He left Facebook because he couldn't get them to take security seriously enough; his association with Zoom (or it's dissolution) is a good indicator about whether or not they're doing the right things as far as privacy and security.  
    dysamoriadewmeronnminicoffeewatto_cobra