Posted on 09/19/2014 11:01:39 PM PDT by Berlin_Freeper
Load up iOS 8 and you might not notice the difference straight away, but there are plenty of little tweaks and changes behind the scenes. Here are 25 different things you can do on your device that you couldn't do yesterday.
(Excerpt) Read more at fieldguide.gizmodo.com ...
I’m baaaaack......lol
You’re ignoring numerous widely reported stories.
Tiny sampling:
The secret court orders, retroactive immunity, non-disclosure requirements, etc.
http://www.theguardian.com/world/interactive/2013/jun/06/verizon-telephone-data-court-order
The Semantic Traffic Analyzer of Narus, sold to governments around the world, etc.
Regarding RSA Security, LLC, the company whose founders developed the RSA algorithm...
http://en.wikipedia.org/wiki/Dual_EC_DRBG
Angela Merkel’s phone being tapped.
This is just a tiny sampling. Very naive to think phones are secure.
It takes a lot of space to shuffle files around if you opt for the over-the-air update, but that’s not the permanent footprint. I did the update by connecting to iTunes on the desktop; on my 16GB iPhone, I had 1.5GB free before the update, 1.2GB after.
“At Apple, your trust means everything to us.”
LOL!! You’re kidding, right?
What else would you expect them to say?
Allowing default DuckDuckGo search engine is an excellent development. No one on earth should trust those bastards at Google with anyone, anything, anyhow.
https://gigaom.com/2014/09/18/apples-warrant-canary-disappears-suggesting-new-patriot-act-demands/
Apple included language in its first Transparency Report to say that it had not been subject to a Section 215 Patriot Act request. That language is now gone.
I read that on Thursday. That is either a boldfaced Lie or the Truth. I read it as the latter. Especially the ZERO datamining policy. That by itself makes me respect Apple MUCH more than any of the other big tech companies. Google IS evil (read: facilitator of Rev 13:16-17)
To me this is a much larger selling point than even the slickness of the device or the OS.
They told you that and you believed them?
There it is, the does it more smoothly myth.
Why bother answering these anklebiters that have no clue about the technology. They are envious snakes and by your responses smashing their ignorance only gives them credence. Let them wallow in ignorance.
BTW, I use OS-X, Android, Windoze, *unix, and on rare occasion have to go down to assembly language. I have watched these so-called OS wars for two decades and laugh at the idjeets who claim “my dad can beat up your dad”. Wasting bandwidth, which I am doing right now responding to this thread....
No, I'm not. If the phone can be intercepted prior to delivery they can install hardware or software on it that serves their needs. I also told you that the NSA intercepts data at the carrier. Your article specifically refers to an order to Verizon, a carrier.
The NSA intercepted Meta data, the kind of data that passed through carriers. . . however, it is entirely possible, as security experts have claimed is possible, they did intercept Angela Merkel's iphone and installed a device in it, an exploit that requires physical possession of the device to compromise the built in security.. If so, then the fault should lie with her security people for not checking what she was using. They should have provided her a randomly purchased iphone.
It turns out the NSA was monitoring the phones of all GERMAN Chancellors since 2002, five years before the release of the iPhone. . . using signal intercept techniques. . . Either through the carriers, or more surreptitious means.
I suspect the NSA is using a surreptitious "man-in-the-middle" approach as more and more unaffiliated cell towers are being discovered located around the country, and perhaps the world. These spurious cellular towers act as normal towers, passing on calls, data, etc., but seems to not be connected to any carrier, yet could easily intercept what passes through before being passed on. Why not bypass the need for even secret blanket search warrants by merely grabbing it out of the air?
Your second link refers to an algorithm to decrypt Secure Socket Layer encryption used in Internet website traffic. . . the very thing we're talking about in what is EASY to decrypt and to place an unnoticed decryption algorithm into. Sorry. It's just not the same thing as 128 bit password encryption.
A company thrives on the trust of its customers. Lose it, you lose the customer.
What would they lose by admitting they are required by law to submit to court orders from every court? Apple has publicly announced they cannot comply because they cannot decrypt your data. Security experts agree. They don't have the key. Apple is telling the government if they want the data, they'll have
Let me guess. You trust your data with Google... and Android.
The canary is an indicator of two things: Apple's attitude about these types of data demands, but also the terms of the court settlement that finally allowed the companies to disclose their compliance wth even secret requests. It is my understanding any such "canaries" had to be removed in favor of the reporting of ranges of surveillance requests.
From your linked article:
"Update 2: Ars Technica suggests that the disappearance of the warrant canary is a result of Apple following new Justice Department guidelines that permit companies to immediately publish ranges of surveillance requests — so long as the figure reflects a combined number of FISA requests and NSL requests. In other words, Apple may have received NSL requests, but not FISA ones (that does not necessarily explain, however, its decision to remove the section 215 language).
Apple, in those last two Transparency Reports since the court order allowing the comany to report the number of Surveillance Requests, has reported they've received in the range of "0 - 249 requests". Note, that still includes zero as a number. However, even if they receive a request, without your private key, such a request will return not much more than the proverbial name, rank, and serial number, and a gigabytes of 128 bit indecipherable gobbledegook.
It's not a myth. Why do you think that the vast majority of people who switch to Apple products don't switch back? Only people who don't use both frequently, think it's a myth.
Here’s a vulnerability listing I found:
http://www.cvedetails.com/vulnerability-list/vendor_id-49/product_id-15556/Apple-Iphone-Os.html
A blanket statement that 128-bit encryption is “unbreakable” reveals not much knowledge of encryption or disinformation.
Everyone should be mindful that NSA has publicly disclosed that one part of their strategy over the years has been sophisticated disinformation projects to make people think that insecure methods are secure, or that NSA does not have the capability to see their data.
My point with the telco non-disclosure court orders is simply that we see a precedent for NSA issuing such orders: we would not know then the full extent of all companies who have been issued such orders, because they may still be secret, and the company would be ordered to lie to the public and be granted full retroactive immunity for having done so.
If one does not know for sure that something is secure, it is wise to err on the side of caution.
I'm not certain what you're asking. If the "bad guy/spy" steals the phone and wants to access the data on the iPhone, he needs the password to get into the owner's the account. There are multiple options the owner can choose, depending on how important his data is. The owner can set it to erase the data after a certain number of unsuccessful password attempts. The owner can erase it remotely if it's lost or stolen. FindMyiPhone allows a lost or stolen phone to be located to within six feet. Secure data can just never be stored on the phone, it can be accessed securely only via cloud access instead.
The iPhone itself keeps the data in it to a 128 bit encrypted state by default based on the user selected passcode. Data sent to Apple for storage on icloud, or to be shared via continuity, iCloud mail, photos, key chains, notes, etc., are encrypted at that 128 bit level using that passcode before being sent up to the cloud. Users may opt for higher complexity pass codes.
If data going to and coming from a phone can be decrypted and viewed then security is pretty much out the window.
that depends on what you mean by "data going to and from a phone."
Normal cellular voice calls are sent using industry standards. . . and are essentially are open to industry standard hacking. Regular texts and MSM messaging suffer similarly as do any phone's texting. The security standard is minimal, unfortunately.
However, Apple provides iMessaging between Apple devices that is encrypted to a far higher standard. Apple has stated in no uncertain terms that they do not archive anything that goes through iMessage or FaceTime.
”Apple has always placed a priority on protecting our customers’ personal data, and we don’t collect or maintain a mountain of personal details about our customers in the first place. There are certain categories of information which we do not provide to law enforcement or any other group because we choose not to retain it.For example, conversations which take place over iMessage and FaceTime are protected by end-to-end encryption so no one but the sender and receiver can see or read them. Apple cannot decrypt that data. Similarly, we do not store data related to customers’ location, Map searches or Siri requests in any identifiable form.—Apple Privacy Statement since 2013
Apple's iMessaging and FaceTime have both been certified as HIPAA security compliant for privacy. not an easy thing to pass.
Data backed up to the cloud is also encrypted to that 128 bit level before it leaves the iPhone. It is not cannot be decrypted without the owner's key. It is secure, no matter who intercepts it. The carrier cannot, Apple cannot, the NSA cannot. . . unless the owner is compelled to give up his passcode.
This would apply to all phones, really all devices hooked to the internet. If an attacker is determined, the device (computer, phone, etc.) better be hardened, that is, not responsive to attempts to break in.
97% of all mobile malware in the wild is on the Android platform, the majority of the remaining 3% are for the fading Symbian system, RIMM, the antique WindowsPhone (not the modern WindowsPhone), with only one known malware for the non-Jailbroken iPhone among over thousand for the Androids. The vast majority of computer malware and viruses (millions), are on the Windows platform, while on Mac OSX there are seven known failed proof-of-concept computer viruses or worms and fewer than 100 known Trojans programs, all of which OSX itself blocks. So, no, all Internet connected devices are really not as equal as you seem to think when it comes to Internet security.
On September 16th, Ars Technica reported a severe flaw has been found in the default Android browser that about 50% of Android users use (that sound redundant, doesn't it?), which injects Java code malware into websites that the infected Android user visits . . which in turn infects other Android visitors to the newly infected website who use the default browser. . . Oh, my!
Any use of a data storage device or service, or even the Internet itself, involves some leaps of faith in the technology. First that it will safely keep it and return it in the future unmodified. Second that it will be there on demand. Third, that any archiving method is reasonably permanent. And finally, fourth, that what you store is secure from unauthorized access. All of these are a priori matters of trust and faith in the word of the provider of the technology, the equipment, the service, or the business of providing all of those things.
Apple has the world's best reputation in providing those services. . . except among those who have an irrational paranoia about everything Apple and think everything Apple publishes is a lie or hype.
Did you bother to go read the CVEs in the list??? I did a check. They are a list of the changes and security improvements APPLE made in the OS and included applications in the upgrade from iOS 7 to iOS 8 and AppleTV from 6 to 7.. It also shows they are self reported by Apple.
Secondly, a vulnerability is NOT an exploit. Look at the ninth column on the chart. It reads "Gained Access Level" and every entry in this column is "none." That means none of these were successfully exploited or exploitable vulnerabilities. They were closed by Apple before they were reported. Many of these "vulnerabilities" exist post authentication, and are moot.
This is not intended to denigrate vulnerabilities. . . because those are where every exploit starts. I applaud the closure of vulnerabilities. But just because you've found a list of closed vulnerabilities, it does not follow that there is any equal list of exploits. The more closed vulnerabilities found, the better. Apple has a large list because as well as including iOS, you may notice that WebKit is listed too. . . Apple owns WebKit, which is used by almost every other browser including most of Android, LInux, etc.
Apple OSX had a larger number of vulnerabilities as well, because Apple's practice was to include all UNIX components' vulnerabilities they include in their distributions along with OSX, and the package of software included as well in their OSX CVE self reporting. That inflated the number of vulnerabilities listed for OSX's distribution. . . but, again, the number of actual exploits was quite low.
Everyone should be mindful that NSA has publicly disclosed that one part of their strategy over the years has been sophisticated disinformation projects to make people think that insecure methods are secure, or that NSA does not have the capability to see their data.
This is not a matter of "disinformation," it's a matter of math and the capability of modern computers, both of which are well known in cryptographic circles. You can obfuscate some things, but basic abilities about the state of the art in supercomputers and math? No. That just too obvious. There are too many other uses such capabilities could be used for to keep that kind of computational prowess hidden, or that kind of math undercover. . . too many mathematicians would know about it. Technology does not develop in a vacuum.
I use both frequently. We have one of each in our house. There is nothing more smooth about an iPhone vs an Android.
As far as people switching back, I would not switch back either if I paid way more for something that does not do as much as the phone I had before. I would convince myself it operates more smoothly to assuage my buyer's remorse.
But let's not get into a iPhone v Android debate. It is okay that you are happy with your iPhone and enjoy being part of a mindless cult-like shopping experience.
Load IOS 8? Are you serious? I’ve tried to download IOS 8 to my iPhone 5S for the last 3 days t disastrous results.
Each time, I’ve started the download, only to see that after about 10 mins I’ve downloaded only about 1 or 2Mb of a 1.92GB file, and the estimate for completion is about 50 hours. FAIL!!!!!!!!!!!!! Apple you suck!!!!!
Disclaimer: Opinions posted on Free Republic are those of the individual posters and do not necessarily represent the opinion of Free Republic or its management. All materials posted herein are protected by copyright law and the exemption for fair use of copyrighted works.