It's time for Apple to allow users to install 3rd party browsers that run as regular sandboxed apps, so that browsing the web doesn't end up installing a root kit
Update your iPhones, iPads right now – govt spy tools exploit vulns
Apple has pushed out an emergency security update for iPhones, iPads and iPods after super sophisticated spyware was found exploiting three iOS vulnerabilities. The iOS 9.3.5 upgrade plugs three holes that, according to researchers, are being used right now by the Pegasus surveillance kit – a powerful commercial malware …
COMMENTS
-
-
-
Friday 26th August 2016 00:04 GMT Jordan Davenport
Re: 3rd party browsers
"iCab, Opera, Firefox, Chrome immediately spring to mind (plus a few obscure ones)."
Of those, only Opera can kinda sorta claim to be a different browser since it does most of its rendering on remote servers. All the rest you just named are just re-skins of Safari with different features and lacking the faster of the JavaScript engines.
-
Friday 26th August 2016 09:16 GMT Planty
Re: 3rd party browsers
I think you have been fooled by Apple's pathetic spin. All those browsers you mention are forced to use Apple's webkit (and slow JS engine), so you are still using Safari, but with a Chrome skin.
Essentially this is the downfall, the sample exploit will work on ANY iOS browser, as you aren't actually using any other browser...
-
-
Thursday 25th August 2016 20:19 GMT Anonymous Coward
We'll never be "safe, safe", so lets keep our freedoms instead.
People need to wake up and realise that no security in the world will make things "safe" from someone determined to cause physical harm (you need to look (and be interested) in the causes why these people want to cause you physical harm in the first place)
But it will definitely will instead, eventually control you and your life, to a point you're locked down in a dead end job, paying most of your disposable income away in (statistically head clipping) fines for parking/speeding etc because CCTV/ANPR Cameras supposedly in place to make you 'safe', are actually turned against you, to control you and more importantly, control the people/activists that speak against the grain, against such technology.
Technology supposedly used for "security" is today, eroding democracy, locking down people in the UK, rather than acting as an enabler for people to reach their true potential. Its been used for profiling, stereotyping and keeping people in their place.
We've passed the tipping point, its about time the UK population started been far more sceptical to Theresa May's motives regarding of all this extra "security to keep you safe" mantra. You'll wake up in virtual chains, and wondered why you didn't speak up earlier.
-
Thursday 25th August 2016 22:08 GMT if(i == alive) { live_free = true; government = NULL; }
Re: We'll never be "safe, safe", so lets keep our freedoms instead.
Absolutely spot on, although you can anonamise yourself to some degree by not registering your car, having a trader's policy and not putting it on the MID etc. Living in that grey area at the edge of the law really winds them up and is the best that people can do as individuals. Hopefully one day there will be enough individuals to form a big enough group and to fight back for our freedoms and our democracy (there are signs of fledgling ones now, but nothing near big enough).
I always said that leaving the EU is just the beginning and the walk to freedom is a very long one, but at least we now appear to be on the right path and every day will take us a step closer (whether we use peaceful or violent methods to get there will entirely depend on whether the politicians listen; so we will just have to wait and see).
If the worst comes to the worst then on the plus side we know that the government has a propensity to rely on youth as their cannon fodder, so we can be thankful that the vast majority are snowflakes.
-
Thursday 25th August 2016 23:31 GMT ZSn
Re: We'll never be "safe, safe", so lets keep our freedoms instead.
Leaving the EU is is just the beginning? So instead you want Theresa May unencumbered by anything like social justice? I must point out that in Germany and Austria they even fine you if you take pictures of people from the dashboard of your car.
-
Friday 26th August 2016 12:36 GMT tiggity
Re: We'll never be "safe, safe", so lets keep our freedoms instead.
Leaving the EU likely a road to *less* freedom, previously there was a chance of EU acting as some form of brake on the worst UK excesses of invading its citizens privacy.
Now May et al will not have to pay lip service to any pro privacy strictures (ditto workers rights, environment, anything resembling sensible long term strategy etc.).
I'm no fan of the EU (just like I'm no fan of the house of lords) but they at least meant some dubious govt legislation did not sail through quiet as easily / had to be amended
Disclosure: voted remain solely in hope of retaining a bit of sanity control on UK gov!
-
-
-
Thursday 25th August 2016 20:57 GMT Jerry G.
Phone Security
If you want to have privacy and security with a phone Blackberry is the way to go. With Blackberry we don't hear about these problems as like we are hearing about with the others. This is why governments, medical field where privacy is a concern, leaders of countries, and high position people in corporations only use Blackberry.
I myself and my family have been using Blackberry. I have no issues with this phone, and I feel very secure with it.
-
Thursday 25th August 2016 21:42 GMT Nick Collingridge
Re: Phone Security
Probably because no-one else buys Blackberrys, so no-one bothers to try and develop malware for it and no-one is looking for vulnerabilities. It is highly unlikely that Blackberry have some sort of secret technique that enables them to develop totally clean and attack-vector free code. You are probably safe, but not because of the technology - more safety through the fact no-one is interested.
Regarding this iOS security update - there will not be a vast rush of malware targeting it because not only have Apple quickly released an update to fix the vulns, but also because as is usual a very high percentage of iOS devices will quickly be updated. So no vast number of vulnerable devices out there for malware developers to target.
If this were Android, however, that would not be true, and it won't be until Google re-architect enough to be able to roll out generic updates to fix vulnerabilities. As a result the malware developers can jump on new zero day vulnerabilities in the knowledge that there will be a vast number of devices to attack.
-
Thursday 25th August 2016 22:14 GMT if(i == alive) { live_free = true; government = NULL; }
Re: Phone Security
I have a feeling that is the reason why Blackberry have pretended to abandon BB10. I think that BB10 will become a propriety OS sold only to high security organisations. I know that the uk police are looking for a replacement for BT Airwave (tetra) radios and have been considering 4g options. A hardened version of BB10 with BES would fit the criteria. Chen isn't as stupid as he sounds.
-
-
Friday 26th August 2016 11:31 GMT JetSetJim
Re: Phone Security
Blackberry has always allowed Legal Intercept into its consumer service - they weren't allowed to sell in India until they caved to the govmt
-
-
-
Friday 26th August 2016 09:53 GMT TheVogon
Re: Phone Security
" you want to have privacy and security with a phone Blackberry is the way to go. "
It really isn't. There have been well over 80 known security vulnerabilities so far in Blackberry OS 10 - versus ~ zero in Windows Phone 10. For instance the US government apparently had no issues in spying on the Germans when they were using Blackberry...
And now Blackberry are moving to a "secure" version of Android - that's going to be like trying to keep water in a colander with a sieve....
-
Friday 26th August 2016 10:04 GMT Anonymous Coward
Re: Phone Security
Um, there'll be no publicly known vulnerabilities in M$A's moribund WinPho platform, if that's actually the case, simply because no one has bothered to analyse one.
Why would anyone waste their time? Are you seriously suggesting the obvious fact that nobody's bothered to look for them is somehow proof that it isn't crammed full of exploitable errors and NSA backdoors RICHTO? How wonderfully quaint. Hope you get a big bonus this week.
"Security by obscurity" is no security at all.
-
Friday 26th August 2016 10:28 GMT Anonymous Coward
Re: Phone Security
>> simply because no one has one to analyse one.
Lots of companies are using them so they would interest hackers. For instance the FTSE 100 I currently work for recently replaced over 5000 BlackBerrys with Windows Phone (640)
If you search it, there has been some public analysis by recognised hackers / security experts that has concluded that WinPho is one of the most secure mobile platform options...
-
Friday 26th August 2016 11:57 GMT TheVogon
Re: Phone Security
"Um, there'll be no publicly known vulnerabilities in M$A's moribund WinPho platform, if that's actually the case, simply because no one has bothered to analyse one."
They have sold over 100 million of them I seem to recall. If they were trivial to exploit we would likely have seen evidence by now.
"somehow proof that it isn't crammed full of exploitable errors and NSA backdoors "
Nope, but less of a worry than other mobile platforms that WE KNOW have lots of security issues!
-
Friday 26th August 2016 12:55 GMT Anonymous Coward
Re: Phone Security
100000000/2000000000 = 5%
All time total winpho "sales" = ~5% of current smartphone ownership!??!?!!!
Hahahahahahaha ahhha hah aahah ah ah hahha ah aha ah a aahhhhhh ---->
I bet that "sales" figure of yours includes all the ones M$ wrote-off and dumped into landfill themselves too ("sales" to self) hahahahaha ahhha hah aahah ah ah hahha ah aha ahhhhahahahaha ahhha hah aahah ah ah hahha ah aha ah a aahhhhhhhahahahaha ahhha hah aahah ah ah hahha ah aha ah hahahahaha ahhha hah aahah ah ah hahha ah aha ah hhhahahahaha ahhha hah aahah ah ah hahha ah ahahaha ahhha hah aahah ah ah hahha ah aha ah a aahhhhhh
-
-
-
-
Sunday 28th August 2016 23:23 GMT JCitizen
Re: Phone Security
That's funny? Then why did Obama have to fight his staff, and government security enforcers, tooth and nail to keep his Blackberry? I would have thought it would be the other way around? I don't know what brand they were pushing, but I suppose they wanted conformity to help in security SOP. The other side of the coin would be kind of like having a Hillary private server in the office?
-
-
Friday 26th August 2016 03:35 GMT asdf
time to eat crow or shit I guess
Just going on the record non anon after flinging so much poop about stage fright to say this is almost as bad. Still requires visiting a booby trapped web site as opposed to just receiving a unsolicited text and granted the vast majority of iThings will be patched much quicker (hell probably half of Android devices in wild still vulnerable to stage fright) but it is still far from acceptable. Guess security by obscurity and lack of apps (best way to prevent malware is have a garbage app store nobody visits) is the way to go via WP or BB 10 if want high security.