Become a MacRumors Supporter for $50/year with no ads, ability to filter front page stories, and private forums.
I swear to god, most of you don't even bother reading the articles that are linked to these posts.

infections by NSO shows that motivated and resourced attackers can still be successful despite the amount of control Apple applies to its products and ecosystem.
That's a very valid observation. Apple claims that the system and app store is locked down for security, yet this happens. I'm not saying they need to be perfect, but just for a second take your fanboy hat off and read that. That's a valid criticism.

Also this
“The truth is that we are holding Apple to a higher standard precisely because they're doing so much better,” says SentinelOne principal threat researcher Juan Andres Guerrero-Saade. “Android is a free-for-all. I don't think anyone expects the security of Android to improve to a point where all we have to worry about are targeted attacks with zero-day exploits.”
Again, valid. I mean Jesus are you guys incapable of reading and just having a discussion? Nobody is saying to hate on apple. You know what makes the things you love better? Criticism and feedback. You know what makes me a better graphic designer? Criticism. How am I supposed to get better if all people do is praise me? You can STILL LOVE your precious Apple products and criticize them at the same time.
 
I’ve said it before and I’ll say it again: unless and until Apple provides full, end-to-end encryption for iCloud backups, their privacy/security words are merely “marketing-speak”.

icloud is an option for the user..we are talking about devices here and not about cloud...everything in the cloud..whatever is microsoft, google, apple etc...will never be secure enough
 
“Johns Hopkins University cryptographer Matthew Green similarly said: ‘Apple is trying, but the problem is they aren't trying as hard as their reputation would imply.’”

What a bunch of rubbish. This is a qualitative opinion, not scholarship or research.

If he wants to criticize Apple for poor security practices, then fine — list it’s shortcomings supported by quantitative data or specific flaws. Let me draw the conclusions on whether those flaws meet or don’t meet its reputation.
 
You do have to wonder though if these giant tech companies deliberately leave backdoors whilst espousing safeguarding customer privacy, which would explain why so many updates occur throughout tech industry to close security loopholes that are obviously exploited by Pegasus and no doubt law enforcement agencies etc., using the software. At least Apple respond with the free updates.
 
Apple is the king of lip service while Google fixes their security vulnerabilities.
Did you even read the article ?

quote: "The truth is that we are holding Apple to a higher standard precisely because they're doing so much better. Android is a free-for-all. I don't think anyone expects the security of Android to improve to a point where all we have to worry about are targeted attacks with zero-day exploits."

Translation: "we're focussing on Apple because we've given up hope that Android will ever be secure."
 
You not going to have privicy in a new world order which is what is gradually starting to occur now on planet earth

You are right, it will be difficult. Complete end-to-end encryption of everything with on device keys would go quite a way to help though.

Obviously that wouldn't help with this specific case, but every bit is important.

Software has bugs, layering helps to isolate and minimize them.

Think about some of them which had huge consequences:
heartbleed
shellshock
Kaminsky DNS Bug
Meltdown etc

While the person who introduced the Heartbleed bug denied it was intentional, there was plenty of speculation that it might have been particularly given the NSA's comments and it was a very trivial error to catch. So no one knows if it was intentional.

Just like Meltdown and Spectre, were they intentional? Probably not, but systems are so complex that without lots of people reviewing designs and code, bugs will come through. And in the chaos, intentional ones could be inserted.
 
Last edited:
Hindsight is 20/20 as they say. These armchair quarterback should have spoken up before SHTF.

Real sporting them ain't it? They're like the soldiers who comes in an bayonets the wounded after the battle.:mad:

“Johns Hopkins University cryptographer Matthew Green similarly said: ‘Apple is trying, but the problem is they aren't trying as hard as their reputation would imply.’”

What a bunch of rubbish. This is a qualitative opinion, not scholarship or research.
This is what's know as SWAG (Scientific Wild Ass Guess). In this case, it carries weight with me. Wish they would have spoken up sooner, you know, before people got compromised.
 
Last edited:
Still better than the protection on android. Just find many professionals use iPhones so I think it is skewed
 
I’ve said it before and I’ll say it again: unless and until Apple provides full, end-to-end encryption for iCloud backups, their privacy/security words are merely “marketing-speak”.


The problem with that is, if an Apple user was to lose their laptop or iDevice, that data would not be recoverable. If the key is on the device and the device is not in your hands, you can't get the data. You could potentially keep the key on the server, but encrypt the key with a password. As the vast majority of people use rubbish passwords, this would not be very effective.
_________________

Regarding the Pegasus hack and others like it, the solution is simple. Give users the option to revert back to simple SMS service. First, read the message as a stream. When the buffer is full, stop reading. Secondly strip out all the unicode, JS and escape characters before you do any other processing. Give users the ability to filter out HTML. When everything is sanitized, then pass it on to the SMS software to display. This needs to be done at the lowest OS level.
 
  • Like
Reactions: peanuts_of_pathos
If iOS was so private, why does Apple know how many of which iOS version all of their devices are on?
 
Buh? Apple works harder than any other company at trying to prevent this. They literally set the standard against which all other companies are measured.
 
  • Like
Reactions: peanuts_of_pathos
I swear to god, most of you don't even bother reading the articles that are linked to these posts.


That's a very valid observation. Apple claims that the system and app store is locked down for security, yet this happens. I'm not saying they need to be perfect, but just for a second take your fanboy hat off and read that. That's a valid criticism.

Also this

Again, valid. I mean Jesus are you guys incapable of reading and just having a discussion? Nobody is saying to hate on apple. You know what makes the things you love better? Criticism and feedback. You know what makes me a better graphic designer? Criticism. How am I supposed to get better if all people do is praise me? You can STILL LOVE your precious Apple products and criticize them at the same time.
Interesting rant and hyperbole. Maybe Apple and other large software companies could do better with software. But nothing that Apple says is neutered due to a software bug.
 
I swear to god, most of you don't even bother reading the articles that are linked to these posts.


That's a very valid observation. Apple claims that the system and app store is locked down for security, yet this happens. I'm not saying they need to be perfect, but just for a second take your fanboy hat off and read that. That's a valid criticism.

Also this

Again, valid. I mean Jesus are you guys incapable of reading and just having a discussion? Nobody is saying to hate on apple. You know what makes the things you love better? Criticism and feedback. You know what makes me a better graphic designer? Criticism. How am I supposed to get better if all people do is praise me? You can STILL LOVE your precious Apple products and criticize them at the same time.
It's a secure Ecosystem, but many users leave the door open with passwords like: 1234, Imdabest, password, mydogsname, etc... So who's fault is it?
 
Interesting and a reminder that these issues are going to impact everyone regardless of platform.

If this helps to motivate Apple to step up their efforts, then I'm all for that!
The problem is Apple is being attacked for every effort they make to improve security so the thread lightly. They will likely lean more heavy handed going forward.
 
  • Like
Reactions: peanuts_of_pathos
The problem with that is, if an Apple user was to lose their laptop or iDevice, that data would not be recoverable. If the key is on the device and the device is not in your hands, you can't get the data. You could potentially keep the key on the server, but encrypt the key with a password. As the vast majority of people use rubbish passwords, this would not be very effective.
No. After warnings about the risk of data loss when enabling the feature — there is no chance it’d be on by default — Apple would provide users with a (probably per-device) recovery key. It would instruct you to write down or print the key and put in a safe location to refer to in the event that you have no other working devices paired to your account later on.

This has been done before. In fact, Apple itself uses essentially this approach for iCloud Keychain on devices where the associated Apple ID doesn’t have 2FA set up.

Buh? Apple works harder than any other company at trying to prevent this. They literally set the standard against which all other companies are measured.
They once allowed access to the root user on macOS with no password whatsoever. You can make some arguments on privacy — much of it is marketing bluster, but they have done some good work — but Apple’s record on security is…not sterling.
 
“Johns Hopkins University cryptographer Matthew Green similarly said: ‘Apple is trying, but the problem is they aren't trying as hard as their reputation would imply.’”

What a bunch of rubbish.

To quote yourself: "This is a qualitative opinion." Tehy actually did quite a bit of research on this so I'd say at the least it's an informed opinion.

You're right to say we need data, but you shouldn't expect to be spoon-fed the information before lashing out.

Have a good weekend!
 
No, it's probably one of those people who actually read and understood Orwell's book. This is not just an American concern, look at Britain, France, Germany.... When I read 1984 decades ago, I found it disturbing but was glad that it was fiction. I re-read it last year and found it disturbing because there is a tremendous amount of overlap between Orwell's book and current technology/geopolitical environment. Again, not just limited to the US.

Data harvesting is a huge business.
The biggest difference is that The Party had to force people to use a telescreen. They didn’t realize that people would willingly buy them.
 
Register on MacRumors! This sidebar will go away, and you'll see fewer ads.