Posted on 06/03/2015 10:11:01 AM PDT by Swordmaker
In a blistering speech given to the Washington, D.C.-based Electronic Privacy Information Center on Tuesday, Apple CEO Tim Cook said that many successful Silicon Valley companies have “built their businesses by lulling their customers into complacency about their personal information.”
“They’re gobbling up everything they can learn about you and trying to monetize it. We think that’s wrong,” he said. “And it’s not the kind of company that Apple wants to be. So we don’t want your data.”
There has been some speculation that Cook was specifically referring to tech giants Google and Facebook, though he never mentioned them by name. Cook delivered his remarks remotely after being given EPIC’s Freedom Award.
“We don’t think they’re worth have your email or your search history or now even your family photos data-mined and sold-off for God-knows-what advertising purpose,” Cook continued, according to Mashable.
He apparently isn’t even a fan of companies leaving a “backdoor” open for law enforcement agencies to utilize because it makes the data inherently less secure. He broke it down like this:
“If you put a key under a mat just for the cops, a burglar can find it, too,” said Cook. ”Criminals are using every technology tool at their disposal to hack into people’s accounts. If they know there is a key hidden somewhere, they won’t stop until they find it.”
(Excerpt) Read more at theblaze.com ...
Apple has issued it as an official policy statement of the company, subject to the 2002 Sarbanes-Oxley law. That is far more serious than subject to a mere oath. It means that if it turns out not to be true, and effects the value of the company to the stock holders, which it certainly could, the upper management of the company are PERSONALLY liable for criminal penalties and civil liabilities of $20 million to $40 million (payable personally, not by the company) as well as prison time.
iPhone and iPad users have long been able to laud the superior security of their devices over rivals. But it seems one crucial aspect has been forgotten: what if the hacker is Apple AAPL +0.18%?
Responding to an eye opening talk from forensic scientist Jonathan Zdziarski at the Hackers On Planet Earth conference on Friday Apple has issued a formal statement acknowledging the existence of services running on iOS which can bypass encryption to access user data (the classic ‘backdoor‘), but claims they do not compromise user privacy or security.
http://www.forbes.com/sites/gordonkelly/2014/07/22/every-iphone-has-a-security-backdoor/
I spent my whole career managing large systems, and being responsible for security. 8 of those years were being responsible for systems at Drexel University (mainframe, several mid-range systems and networks for desktop stuff). They were an Apple shop (as far as what students were required to have) for the first 4 years or so, then the university shifted to IBM compatible. Our systems were targets of some of the best hackers in the world... on a daily basis. That was a constant and ongoing threat, always.
I then moved to L.A. and finished my career with Nielsen, working on big projects involving CBS and other TV networks, and all the major studios. Data security was always paramount in everything I did... and I constantly had to deal with our clients sending in outside experts to "test" our procedures and processes. I've attended countless seminars and industry functions focusing on security, and the theme one comes away from all that is that there's no such thing as an impenetrable system or network.
One only needs to look at how quickly Apple Pay was breached after its release to understand that no matter how noble a provider's intentions may be, the hackers are always knocking at your door... and the NSA has some of the best in the world. And that's assuming that the liberals at Apple are telling you the complete truth... which does take a bit of a leap in faith.
That law doesn't compel any company to reveal National Security secrets, which leave a pretty big grey area when talking about collaborative projects involving the NSA.
Apple Pay has not been breached except in your imagination. The problem was the issuing banks not vetting the cards they activated as actually belonging to the people who activated them. . . because they ignored the very protocols specified for activating cards.
ApplePay itself, security wise, has NOT been breached or hacked. A very few banks did not follow the rules and would have been breached in the same way on ANY platform. . . because they allowed stolen cards to be activated without confirming with the card owners they were activating them, which the protocol required! that was a failure on the part of the issuing bank, not on ApplePay's technology.
Perhaps I worded that too hastily. The point is, there have already been breaches involving ApplePay. Point being, that we can be lured into a false sense of security by vendors offering products and services that are alleged to be the safest thing on the planet, but they're not when you look at the thing in it's totality. The whole process is only as strong as it's weakest link. Apple want you to believe that eveything in the Apple world is as strong as the strongest link.
Now you're talking through your hat about something you don't know anything about.
True, I am not a lawyer nor do I pretend to be an expert at any sort of law. But, common sense tells me that if Apple joins other companies in working with the NSA on "national security" projects, I think it would be a safe bet that there's some sort of legal protection built into the laws to protect them from being prosecuted for keeping the projects quiet.
Now if they can just dump ITunes and act like a PC. I hate ITunes forcing me to load everything there before I send it to my Ipod (which I regret buying to this day).
And can they stop making me “update” it every other week?
My company bought a couple iPod things to play back recordings for some testing. That totalitarian method of control and loading of anything was my second and last exposure to the world of Apple.
Unfortunately for Apple, it only cemented my previous negative conception of their methodology and contempt for the intelligence of the user.
You should take your own advice. Your premise on AES and Apple is flawed. A brute force approach is not the only way to defeat encryption.
Yes, it is for this kind of data. . . where you have no clue what the data is, even what is stored (Apple randomizes its storage in the iCloud and mixes user's data with other users' data according to an algorithm), or even where to start.
Apple entangles the user's passcode with the 128 character UUID of the device which results in a 140 character encryption key. Unless you have the specific UUID of the device, the specific user pass code, AND the exact algorithm used to entangle the two together, you cannot reconstruct the key. It will NOT be found in any dictionary of usual and customary passcodes.
Apple requires passcodes that include upper and lower case letters plus numbers and at least one keyboard accessible symbol. There are 223 possible characters that could be used in a user passcode. . . then Apple's passcodes can be as long as 256 characters if the user wishes.
That means the entangled key COULD be as long as 384 characters. That would be 384223 possible keys! Apple recommends using 16 characters which would be 140 characters when entangled. This is 256 bit encryption. . . with a minimum 140 character essentially random character keys. . .(140223). Good luck on trying any dictionary approach. It doesn't work.
What Zdziarski claimed was a "back door" got him laughed out of the developers's conferences. . . What he'd found were Apple's DIAGOSTICS, BACK UP and SYNCHING LIBRARIES present in all iOS devices and claimed they were "undocumented" back doors that would allow malware to get into iOS devices.
Other developers stepped up and showed where each and every one of what he called "undocumented" was completely documented and specified in Apple's developers' documentation and information on how they could and could not be used. He was a major league Idiot.
They do NOT bypass encryption. . . but either decipher the data with the users permission or alternately backup the data still encrypted for synching purposes onto one of the users' other also encrypted devices. . . all at the users' choice. SHEESH. You guys will believe anything.
FUD Season is running in full force. . . FUD like this has been rebutted many times when it came out. , , but of course you won't link to the articles that followed debunking Zdziarski, will you?
NO — THERE HAVE NOT BEEN BREACHES INVOLVING APPLEPAY.
Not only that, you make it PLURAL "breaches". . . without any evidence.
I just got through telling you there were no security breaches in the system, but rather people who just did not do their jobs. . . and YOU repeat the FUD.
ApplePay is STILL the safest way to use YOUR credit card to pay for something and not have YOUR data stolen or YOUR account hijacked or have additional charges added beyond what YOU have agreed to pay. A crook cannot steal YOUR card or hack into YOUR account if you use ApplePay.
None of hat is at all what happened in the issue you are trying to lay at ApplePay's door. The cards that were used were STOLEN like all cards were stolen before ApplePay ever came on line . . . by someone copying a card number when they had it in their hands at a restaurant, duplicate receipts, by the user using the actual card or card number on a malicious website, or in any other way in which the actual card number and data was provided, something that ApplePay will never and CANNOT provide. Those events are when the breach in security occurred, not with ApplePay.
No, Cement, then all they have to do is keep their mouths shut and not say anything, but a denial is an active step that DOES invoke Sarbanes Oxley where if it does come out that the officers lied about a material fact that then or later effects the value of the company or the stock, THEY are liable. They were not asked to make the statement. They could have stood mute on the subject, or made a non-committal comment. Apple made a very specific denial and even went further declaring they would never compromise their customer's privacy or data. The management hung the company's credibility on the policy. None of the other companies involved did anything even close to similar. None issued such sweeping policy statements and included them in their official papers like Apple did.
Look again at the long history of refusing to join PRISM and the parenthetical dating of the slide, the strange numbering system that doesn't include Apple in the membership sequence of PRISM. Something just doesn't seem to fit.
By the way, I am educated on this. . .
Disclaimer: Opinions posted on Free Republic are those of the individual posters and do not necessarily represent the opinion of Free Republic or its management. All materials posted herein are protected by copyright law and the exemption for fair use of copyrighted works.