Feed aggregator

'iOS: About diagnostic capabilities'

OSNews.com - Wed, 07/23/2014 - 02:40
Update: Zdziarski put up a more detailed response. Apple responded to the backdoor story. Each of these diagnostic capabilities requires the user to have unlocked their device and agreed to trust another computer. Any data transmitted between the iOS device and trusted computer is encrypted with keys not shared with Apple. For users who have enabled iTunes Wi-Fi Sync on a trusted computer, these services may also be accessed wirelessly by that computer. Zdziarski, the author of the article that started this all, is not impressed. I don’t buy for a minute that these services are intended solely for diagnostics. The data they leak is of an extreme personal nature. There is no notification to the user. A real diagnostic tool would have been engineered to respect the user, prompt them like applications do for access to data, and respect backup encryption. Tell me, what is the point in promising the user encryption if there is a back door to bypass it? Apple response doesn't actually deny or contradict anything Zdziarski stated, so in the end, it all comes down to trust. Apple claims they only use these tools for "diagnostics" (which is a stretch considering the extensive and pervasive nature of the data they expose, but alas), and it's up to us to decide whether we trust them or not. If you still trust Apple - or Google, or Microsoft, or any other major technology company, for that matter - at this point, then I admire your child-like innocence.

Ubuntu: 2293-1: CUPS vulnerability

LinuxSecurity.com - Wed, 07/23/2014 - 02:35
Categories: Linux

Debian: 2983-1: drupal7: Summary

LinuxSecurity.com - Wed, 07/23/2014 - 02:35
Categories: Linux

Debian: 2981-1: polarssl: Summary

LinuxSecurity.com - Wed, 07/23/2014 - 02:35
Categories: Linux

Debian: 2980-1: openjdk-6: Summary

LinuxSecurity.com - Wed, 07/23/2014 - 02:35
Categories: Linux

Debian: 2979-1: fail2ban: Summary

LinuxSecurity.com - Wed, 07/23/2014 - 02:35
Categories: Linux

Ubuntu: 2291-1: MySQL vulnerabilities

LinuxSecurity.com - Wed, 07/23/2014 - 02:35
Categories: Linux

Syndicate content
Comment