Posts by Snorlax 710 publicly visible posts • joined 1 Dec 2014
As I understood the article, the issue is that the Stasi can:
1. take your phone
2. demand the pass code...
I refer you to my last comment:
"And of course it's all based on the theory that an attacker has physical access to your unlocked phone."
So, again, how is this news? It's just a bunch of Russians trying to sell some phone hacking software.
"Exactly!
You get it - there's nothing to see here."
It's just a sales pitch by Elcomsoft. I took a minute to read their blog post and, surprise surprise, they advertise their products 'iOS Forensic Toolkit', 'Elcomsoft Phone Breaker' and 'Elcomsoft Phone Viewer'.
And of course it's all based on the theory that an attacker has physical access to your unlocked phone.
If that happens you're fucked whether you're using iOS or Android.
"Posting this here because it's vaguely relevant and I've been looking for an excuse to get it off my chest."
Nope, it's not even vaguely relevant.
You couldn't prove to Apple that you are who you claimed to be?
You then complain that Apple wouldn't give you immediate access to your account, despite you being unable to prove your identity to their satisfaction?
Come on...
Sounds like a load of bollocks from Elcomsoft...
From the Apple Support link posted in the article:
"There is no way to recover your information or turn off Encrypt Backup if you lose or forget the password."
So if my phone is backed up to an encrypted archive on my PC or Mac, the Stasi can't do anything with it. The existing backup can't be compromised without great difficulty (as long as I didn't use 'password123' or similar as a password). I dunno if Elcomsoft have a product which deals with this issue, but I assume they do...
Scrolling down the page:
"If you can’t remember the password for your encrypted backup
You can’t restore an encrypted backup without its password. With iOS 11 or later, you can make a new encrypted backup of your device by resetting the password....
...You won't be able to use previous encrypted backups, but you can back up your current data using iTunes and setting a new backup password. "
So, to restate the obvious, your old backups are useless now that you don't know the password.
Apple is saying you can now connect your phone to iTunes and create a new encrypted backup using a new password of your liking - and Bob's your uncle.
What did I miss here?
It's been a while since I looked at a tort law book, but vicarious liability is fixed on an employer when the employee does something negligent in the course of his employment.
It's debatable whether the guy was acting in the course of his employment when he stole data to discredit his (ex-) employer. Sounds more like somebody 'on a frolic' to me, but I'm no High Court judge...
@Slx:"The reason they're not accepting the €13 billion is they do not believe it is owed and they are standing over their taxation system as not having made a corrupt little deal with Apple."
lol really. You believe that?
The reason the Irish government doesn't want the money is that they don't want to piss off Apple.
Apple decided that its shell companies (Apple Operations Europe) and ASI (Apple Sales International) are stateless and don't need to pay tax in Ireland; successive governments since the 80's have let this slide because jobs... Apple's effective tax rate in Ireland in 2014 was 0.005%
If that's not evidence of a corrupt little deal, I don't know what is.
No surprise that the court found in favor of Apple, is it?
The country’s run by a morally bankrupt government, more concerned with collecting multinational tax-dodgers like Apple, Amazon and Google than improving the lives of its citizens.
For fucks sake, Apple owes the country €13billion yet the government doesn’t want it?
Who in their right mind turns down €13billion?
The company which developed the Kinect sensor, Primesense, was bought by Apple a few years ago.
I suppose you could say Kinect will live on in the iPhone X's "notch" to facilitate Face ID.
@AC:"You could say the same about US $100 bills..."
Or the €500 note.
@Ken Hagan:"How long before the authorities decide that BitCoin's main use is in laundering the proceeds of crime and that anyone accepting BitCoin payments is an accessory?"
No big deal. Leaving aside Bitcoin, there are another 1194 (at the last count) other cryptocurrencies.
A new currency, Metronome, was announced today; it can hop between blockchains, so that should make the game of whack-a-mole all the more interesting...
@Amos1:”One of my favorite questions to ask prospective vendor is this:
"Do you have people dedicated to IT Security or is security everyone's job?"
The dumb ones answer "It's everyone's job!" because when something is everyone's job it's actually no one's job. The smart ones answer "Both."
I’ll take “Things that never happened” for $500, Alex
@Amos1:"Policies and training are almost worthless without technical controls to back them up."
Wrong. Your employees are your first line of defense.
As an employer you have a duty to the company to provide your employees with the correct training - no matter if you're asking them to work with a computer or a chainsaw.
@Keen1"According to new NIST guidelines users shouldn't even bother with strong passwords. So even that simple advice is now under challenge."
I think the actual advice from NIST wasn't that you shouldn't bother with strong passwords, but rather:
1. Remove periodic password change requirements
2. Remove arbitrary complexity requirements
3. Screen new passwords against a dictionary of compromised passwords, i.e. password1, P@55word, changeme, drowssap, etc
@AC:"A couple of months ago one of the admins on the network/firewall delivery side was convinced by one of the other company admins that their system needed to have 'x, y and z' opened up to allow it to work."
Wouldn't touch that one with a 10-foot pole if I was that guy.
Kick it upstairs for a PHB to sign-off.
@Yet Another Anonymous coward:"I see - so instead of the computer thinking "why is a pdf attachment to an email fetching an exe from the internet and then rewriting all the user's files...."
You deploy Adobe Reader with javascript disabled. This can be done in the registry or through Edit -> Preferences -> Javascript -> Untick '"Enable Adobe Javascript"
I would have also accepted "Educate your users not to click 'Open this file' whenever your PDF reader asks if they're *really* sure want to run a potentially malicious file".
@Yet Another Anonymous coward: "Seriously - why should it ever be a user's job to protect the company from this?"
Wow. Dumbest comment evar.
Why? The end user is the biggest security hole in any organisation.
Using weak passwords. Or if forced to use complex passwords, leaving the password on a post-it.
Holding doors open for strangers
Leaving computers unlocked in publicly accessible areas
Giving out too much information - over the phone, Facebook, Linkedin, etc
Bringing in devices from home
No social engineering awareness
And most importantly for some, clicking on random attachments.
User education is key to eliminating a lot of this kind of stuff, rather than an attitude of "Security is someone else's job"...
@S4qFBxkFFg:needed a USB micro SD card reader that hour, shop assistant tried to sell me something about £15 saying that was "...as cheap as that sort of thing gets"
What a pisstake.
Maplin must not know that you can buy card readers and related tat in Poundland or Poundstretcher.
"The problem does not arise in the UK, where it is a criminal offence to refuse to give your password to State investigators."
"Stress-induced amnesia, m'lud"
Penalties under paragraph 18, schedule 7 of the Terrorism Act 2000 aren't that heavy IIRC. Three months in prison and a level 4 fine or something like that?
@Stephen Battleware:"I visited the Purism's website and was met with alt+Left sounding language."
Oh my! You poor snowflake. And you were so triggered, you had to come straight back here and report your findings?
I think you need to seek some kind of psychiatric help. Genuinely.
@Stephen Battleware:"While I'm for privacy, I'm not necessarily all for the alt-Left agenda either."
"I'm supposed to take it on faith that a bunch of alt-Leftists are trust worthy. Look at the U.S., mayors who trust them get their cities trashed."
What's the "alt-left" got to do with any of this?
You think privacy is an "alt-left" construct?
Or do you just like to to project your insecurities by spouting meaningless shite?
@WolfFan: I think Purism are being more than a bit naive on the whole ethics thing.
I personally don't believe it's possible to be in the hardware business and claim that you're ethical.
Some issues to consider:
The mining and refining of gold, copper and other metals, and the pollution it causes...
The e-waste problem at the end-of-life. Europe and the US likes to ship its shite to third-world countries...
The exploitation of workers in China and elsewhere by multinational companies in the manufacturing process...
Anyway, Purism's sales figures are going to run to three digits at most so maybe they won't have much of a footprint from an ethics point of view.
"In a blog post Thursday, Purism CEO Todd Weaver characterized Intel's Management Engine as "the bane of the security market since 2008."
His company is offering its Librem 13 (US$1,399+, Core i7-6500U) and Librem 15 (US $1,599+, Core i7-6500U) laptops with the Intel Management Engine verifiably turned off"
At those prices I might as well buy a Mac and achieve the same effect. The fact that these laptops run linux isn't gonna sway anybody. Well, ok, maybe 10 or 12 people...
"By focusing on making Purism products easy to use and convenient, he believes the company can attract customers beyond developers and those already sold on the merits of Linux. "Purism taking a business model similar to Apple, except we're ethical," he said."
Nobody who drops $1400 on a laptop gives a shit about how ethical you are buddy. Purism is an unknown quantity, and will struggle at this price point as a result.
Call Blackphone and ask how they're doing these days.
"So the iPad remained essentially a picture frame that ran apps. And perhaps unsurprisingly, people weren't in a rush to upgrade their Apple picture frame on a regular basis... Because it was still a picture frame with apps.
...I've had just two iPads in more than seven years. They spend their time gathering dust. Given the lack of use, I wouldn't have one at all if the school didn't insist that children do assignments on them."
Andrew, did you draw the short straw in the "who's gonna review iOS 11" office sweepstake? Hardly off to an objective start, eh?
"I wanted to discover how it ran on just about the oldest iPad hardware compatible: the first Air, which is now four years old."
For comparison, how does Android Marshmallow run on a 4-year-old tablet (if at all)?
"Hostile governments like Russia don't believe in democracy," said Graham. "They have shown an eagerness to meddle in elections in the United States and other democratic nations.."
Hmm yeah.
When Russia interferes in another country's affairs they're undemocratic.
When the USA interferes in another country's affairs they're bringing democracy and freedom, as in Afghanistan, Iraq, Panama, Honduras, Nicaragua, Iran, Guatemala, the Congo, etc., etc.
The USA is every bit as bad as those it criticises.
"You must register to be a Verizon Insider to access this content. Please take a moment to register. There is no cost, and as a Verizon Insider you'll get early access to our latest reports, plus emails about other Verizon reports and solutions delivered right to your inbox.
To become a Verizon Insider today, please complete this form:"
I'd prefer not to register. Got another link to the report, please?
"The data loss came as part of an "online security breach" – its in-store terminals weren't affected. That'll be a relief to those using the stores, since credit card-slurping point-of-sale malware is becoming increasingly common, particularly in the US."
US consumers have resisted chip-and-pin because they think it's slower than swiping. Also, merchants with chip-and-pin compatible terminals will often tell people to swipe rather than insert the card.
Morons.
@DailyLlama:"Who wants to watch YouTube on a tv?"
You don't have kids, do you? If you did you'd know they're not interested in broadcast TV, and that YouTube is all they watch.
"The videos are usually such poor quality that they look sketchy on my 6" phone screen, let alone a 40" (or bigger) tv."
Umm, you can watch 4K YouTube content these days Grandad.
I remember James Clapper talking about this hack: “You have to kind of salute the Chinese for what they did”
Salutations or not, what special kind of moron hacks a US government agency and then sets foot on US soil a few years later to attend a conference?
Yu Pingan is gonna be wishing he stayed in China and attended via Skype.
@TheVogon:"http://eprints.kingston.ac.uk/33454/3/Darbyshire-P-33454.pdf"
In the early 1960s, people commonly asserted that ‘British justice is the finest in the world’, warning about other systems ‘In France, you’re guilty till proved innocent’.
Finest in the world, my arse.
Didn't that old racist bastard Lord Denning say that the Guildford Four and the Birmingham Six should have been hanged? Probably the two biggest miscarriages of justice in English law, and the man at the pinnacle of English law for so many years had that to say?
@Anonymous Coward:" I expect swingeing cuts in many infosec teams across the globe."
That's your informed opinion, is it?
Worldwide infosec spending to reach $93bn in 2018
Aussie InfoSec spending to top $2.8 billion this year
The Fast-Growing Job With A Huge Skills Gap: Cyber Security:
"The ISACA, a non-profit information security advocacy group, predicts there will be a global shortage of two million cyber security professionals by 2019. Every year in the U.S., 40,000 jobs for information security analysts go unfilled, and employers are struggling to fill 200,000 other cyber-security related roles, according to cyber security data tool CyberSeek. And for every ten cyber security job ads that appear on careers site Indeed, only seven people even click on one of the ads, let alone apply."
The Register 
Biting the hand that feeds IT
Copyright. All rights reserved © 1998–2024
