Microsoft sure knows how to dig a big hole and fall in it. With Windows 8 it was the infamous Metro UI. Now with Windows 10 it's an all-out user spying program, one you can't really even turn off. Who the hell makes these decisions?! Anyone here could've told them it's a really bad idea and skilled security analysts would easily find out about all the semi-hidden "features".
It's as if they want to fail time after time, like a sadomasochistic hamster that enjoys electric shocks.
Like they did with the 5S, the immediate successor to the 5/5C, and the oldest version Apple currently sells?
That's not correct. The same methodology works on any iPhone model out there. If Apple is required to do this to a 6 series phone, they can.
I'm dealing with comparatives here. A system that requires a court order to function is more secure than one that just requires a request to be submitted on what looks like police letterhead. I don't trust the US courts nearly as much as I'd like to be able to, but there is a difference.
It shouldn't be possible to execute this kind of attack with any type of reques. The only one capable to open an encrypted device should be users themselves and the underlying technology should support this ideology.
Right now, there is no attack, and Apple is fighting having to create one. If Apple is forced to, Apple can still make it hard for oppressive governments to use it, since Apple US doesn't have to make it available to anyone else, including foreign subsidiaries. In addition, the FBI request is not to create a back door, but to open one that potentially exists now. Congress could mandate back doors, at which point a very large number of people stop buying electronics from US companies, but that isn't what's happening right now.
There is no attack we know of. In fact, it's very likely there may even be existing attacks in certain countries. Would Apple for example risk losing the Chinese markets by not helping the local authorities defeating encryption?
I wouldn't call this a backdoor per se, but rather a sidedoor. It doesn't matter whether it's being used or now, it can be used at will and it can be used retroactively.
Ebooks should be stored as conventional books. If they are to be preserved, they need to be in printed format. I see no added value in storing such in digital format.
Like backing up all kinds of data on Laserdiscs seemed like an excellent idea in the 80's, it's very difficult to handle such backups today. Not only are compliant players hard to find, nobody has a clue about how to read the formats stored on them.
In this case the users of the Internet hold the power. There's practically nothing advertisers could do to prevent the changes that are happening right now. The only solution hence is to adapt or become irrelevant.
Security is complicated, and you're asking for an easy-to-use device that will withstand all possible attacks.
The funny part is, even Apple's devices would be incredibly secure if they had hardwired the try limit on the chip.:-)
This isn't like any key escrow proposal I've seen. Those have typically been things that weakened security just by existing, and typically have not required a court order. This is a potential attack, available only on court order, which Apple is fighting. The difference is pretty big.
Trust in the US government's ability to adhere to existing laws and endorse transparency has faltered. Who's to say they won't use the FISA kangaroo courts to obtain the needed court orders and issue a few gag orders too? It's not like this type of dubious activity hasn't happened already. Stingrays, NDAs, NSLs...
The attack the FBI wants will not work on any 5S or later, and that's all Apple is currently selling. It might work in modified form, and that might not work on the 7 or 7S.
It's not the models it works with, it's that it works at all. Apple has the capability to bypass core security features in apparently all its models. Access to a device as personal as a mobile phone should be in complete control of its user.
There's also the question of what you're going to use instead. Do you have reason to believe that any Android or Windows phone is as secure? You can get a cheaper Android, of course, if you don't care about security, but to get something as nice as the iPhone you'll have to pay a comparable amount.
This is a valid point. I'm going to use my existing S5 and configure CyanogenMod with full-disk encryption; separate password for FDE and pattern lock for normal use with limited tries before the device is shut down, after which you'd have to re-enter the FDE key. I'm very well aware that this type of solution is not suitable for the masses in its current state as CyanogenMode, for example, would require you to flash a custom ROM on your phone. It's a much more secure option, though, and something the user can be in full control of.
I'd also like to know why you think Apple has lost a lot of credibility for security. They are fighting hard legally to avoid having to break into a phone using a method that won't work on any iPhone they actually sell, and which won't work for anyone else. This phone was designed to be easy to use, and still proof against most attacks involving physical possession, which strikes me as a pretty good feat right there. Who do you think is showing more concern for security?
Security should not be dependent on rubber stamp courts' mood swings or the willingness of a major corporation to "protect" its users. The FBI chose this particular case for a reason: if you're not with us, you're against us. You can probably imagine how oppressive nations are now going to extort (many probably have already) Apple and other manufacturers to provide similar sidedoor access (not really a backdoor, but *very* close to being one). It's a very very slippery slope.
The bottom line is: do you think encryption key escrow is a good idea? Because this is directly comparable to it. Should our government have at all times the ability to unlock all our secrets at will? Needless to say that this is a bad idea.
Cool story bro, and nice SEO you got going on there. I can't stand people who post links to their own sites in this fashion. You could do it once or twice without causing a fuss, but acting like an organic RSS feed? No thanks.
you play along and wait for an opportunity for your.22
.22 works well on pests, not so much on 250lbs big rapist-robber dudes. If I had to choose between a.22 and some proper pepper spray to handle such situation, I'd go for the latter.
I've haven't owned an Apple device since my '86 Machintosh Plus. I've been thinking about getting myself an iPhone for some time now, but I think I'll put those plans on hold.
The fact that this type of bypassing of core security features has now been confirmed to be even possible makes it totally irrelevant whether it will actually be used. It's out there, we know it's possible. And frankly, I'm amazed this issue hasn't been discussed at all before the FBI brought it up.
Apple has lost a lot of credibility as a secure device manufacturer. I'm rather interested about how this will eventually reflect in their sales figures. It's a sort of strong indicator of how much the general population really care about their privacy.
It's just the ultra Capitalist mantras speaking. A blast from the past, a Cold War era relic that was created to counter Communism. In a few decades people who don't want to live in a civilized society will be mostly gone and we'll hopefully have basic stuff like universal healthcare and close to zero percent of the population living homeless.
If you reply, do so only to what I explicitly wrote. If I didn't write it, don't assume or infer it.
Your signature is a tad funny in this context.:-)
Here's what I said in my original comment:
If Apple has the capability to assist in the decryption of the phone.
Without Apple's help the FBI would most likely not be able to brute force the passcode. If, however, Apple assists them by providing a custom ROM, they'd be able to bypass a core security feature that prevents brute forcing the passcodes. Brute forcing iPhones' passcode is trivial since who uses a passcode of any meaningful length in their iPhone? They'd have to enter it every 15 minutes or so if they want to use their phone. Entering a 20+ character passcode that often just to read your texts or browse the Internet is a huge nuisance. And iPhone users, after all, have been confident that there is a mechanism that prevents brute forcing passcodes anyway.
If it's possible to bypass the passcode try limit, it's huge. It's bad and it's hugely bad. It doesn't even mean that Apple would have to help the FBI at this point to lose a lot of credibility. Everybody thought it was not possible in any way, but it seems Apple has had this capability since day-1.
Before the iPhone 6 series phones were released, the default passcode length was 4 digits (numbers). I personally have *never* met anyone who uses alphanumeric characters in their iPhone passcodes. If the majority of passcodes in modern iPhones is between 4-10 digits, that'll take a fraction of a second or a few seconds at most to brute force on the phone itself. And if it's somehow possible to extract the passcode hash from the phone, it doesn't matter if you use even 15–16 alphanumeric characters.
Here's what Apple has said in their official statement:
Specifically, the FBI wants us to make a new version of the iPhone operating system, circumventing several important security features, and install it on an iPhone recovered during the investigation. In the wrong hands, this software — which does not exist today — would have the potential to unlock any iPhone in someone’s physical possession.
If this isn't Apple being forced to assist in the decryption of the phone we live in different dimensions.
If you bothered to read any of the news articles, Apple currently doesn't have that capability. What the FBI is asking for is to update iOS on the phone with a custom version that removes the time delay between unsuccessful passcode attempts, the 10-try limit before wiping the phone, and a way to enter passcodes via the lightning connector rather than the keypad --- all of this so the FBI can brute-force unlock the phone.
What are you talking about..?
I said:
The fact that Apple even (seemingly) has the capability to assist in the decryption of the phone is appalling. Bad security.
And you say:
Apple currently doesn't have that capability. What the FBI is asking for is to update iOS on the phone with a custom version that removes the time delay between unsuccessful passcode attempts
And that's exactly what i described in my comment. If Apple has the capability to assist in the decryption of the phone. It doesn't mean it would need to be possible with an existing solution, it's enough if there is and/or has always been a known way to do it.
It's bad security when security measures can be bypassed one way or another. The ability to bypass the 10 try limit with the help of Apple effectively renders the encryption of all existing iPhones completely useless. 99.99% of the iPhones out there could be decrypted at will by anyone in the position to mandate Apple to provide assistance in doing it.
One thing is for sure now: Apple's credibility as a secure product has crumbled to dust. If it's not the encryption that's holding the government out of users' data but rather the rulings of rubber stamp courts, that's no secure product.
Let's assume you're a turd. Would you go to a job interview unpolished?
I dare say that profile picture quality at any given "news" site correlates strongly with the quality of the articles. This was my hypothesis before I even saw the content of the articles at the site in question. And you know what? I was right. If you don't believe me look at them yourself. There should be a huge "BIASED" stamp across the front page. The whole mentality they have going on there is so out of touch with reality it's not even funny.
Trust is a complicated topic. If the editors of a blog think selfies send out a message of trust, then fine. That's their interpretation of the best means to do it. If I, the reader, however think that selfies send out a message of unprofessionality and lack of judgement, that's equally correct.
Check all of his submissions, they're all trying to astroturf his shitty 'news' site
While a good observation, I don't think anybody's really astroturfing. The submitter's user name is MikeChino, who seems to be the 'Managing Editor' at that particular blog. If anything, they're doing SEO.
Nonetheless, I'd never trust a site where the editors have selfies as profile pictures. If they can't be bothered to go to a professional photographer to take a decent picture for their bio, what does that tell about the quality of their stories?
Slashdot Mirror
Microsoft sure knows how to dig a big hole and fall in it. With Windows 8 it was the infamous Metro UI. Now with Windows 10 it's an all-out user spying program, one you can't really even turn off. Who the hell makes these decisions?! Anyone here could've told them it's a really bad idea and skilled security analysts would easily find out about all the semi-hidden "features".
It's as if they want to fail time after time, like a sadomasochistic hamster that enjoys electric shocks.
"If listening on every citizen's phone calls could potentially save lives..." –Sting Ray
Those who would give up essential liberty, to purchase a little temporary safety, deserve neither liberty nor safety.
Like they did with the 5S, the immediate successor to the 5/5C, and the oldest version Apple currently sells?
That's not correct. The same methodology works on any iPhone model out there. If Apple is required to do this to a 6 series phone, they can.
I'm dealing with comparatives here. A system that requires a court order to function is more secure than one that just requires a request to be submitted on what looks like police letterhead. I don't trust the US courts nearly as much as I'd like to be able to, but there is a difference.
It shouldn't be possible to execute this kind of attack with any type of reques. The only one capable to open an encrypted device should be users themselves and the underlying technology should support this ideology.
Right now, there is no attack, and Apple is fighting having to create one. If Apple is forced to, Apple can still make it hard for oppressive governments to use it, since Apple US doesn't have to make it available to anyone else, including foreign subsidiaries. In addition, the FBI request is not to create a back door, but to open one that potentially exists now. Congress could mandate back doors, at which point a very large number of people stop buying electronics from US companies, but that isn't what's happening right now.
There is no attack we know of. In fact, it's very likely there may even be existing attacks in certain countries. Would Apple for example risk losing the Chinese markets by not helping the local authorities defeating encryption?
I wouldn't call this a backdoor per se, but rather a sidedoor. It doesn't matter whether it's being used or now, it can be used at will and it can be used retroactively.
Ebooks should be stored as conventional books. If they are to be preserved, they need to be in printed format. I see no added value in storing such in digital format.
Like backing up all kinds of data on Laserdiscs seemed like an excellent idea in the 80's, it's very difficult to handle such backups today. Not only are compliant players hard to find, nobody has a clue about how to read the formats stored on them.
In this case the users of the Internet hold the power. There's practically nothing advertisers could do to prevent the changes that are happening right now. The only solution hence is to adapt or become irrelevant.
Security is complicated, and you're asking for an easy-to-use device that will withstand all possible attacks.
The funny part is, even Apple's devices would be incredibly secure if they had hardwired the try limit on the chip. :-)
This isn't like any key escrow proposal I've seen. Those have typically been things that weakened security just by existing, and typically have not required a court order. This is a potential attack, available only on court order, which Apple is fighting. The difference is pretty big.
Trust in the US government's ability to adhere to existing laws and endorse transparency has faltered. Who's to say they won't use the FISA kangaroo courts to obtain the needed court orders and issue a few gag orders too? It's not like this type of dubious activity hasn't happened already. Stingrays, NDAs, NSLs...
This "attack" is also now free game for every oppressive government out there.
Should we still buy CDs? Did music exist before we had to pay for it?
Industries change. Endorse change, adapt and win. That, or die away crying.
Headshots outside CS are not that simple. Hitting a moving target, even at close range, is extremely difficult.
The attack the FBI wants will not work on any 5S or later, and that's all Apple is currently selling. It might work in modified form, and that might not work on the 7 or 7S.
It's not the models it works with, it's that it works at all. Apple has the capability to bypass core security features in apparently all its models. Access to a device as personal as a mobile phone should be in complete control of its user.
There's also the question of what you're going to use instead. Do you have reason to believe that any Android or Windows phone is as secure? You can get a cheaper Android, of course, if you don't care about security, but to get something as nice as the iPhone you'll have to pay a comparable amount.
This is a valid point. I'm going to use my existing S5 and configure CyanogenMod with full-disk encryption; separate password for FDE and pattern lock for normal use with limited tries before the device is shut down, after which you'd have to re-enter the FDE key. I'm very well aware that this type of solution is not suitable for the masses in its current state as CyanogenMode, for example, would require you to flash a custom ROM on your phone. It's a much more secure option, though, and something the user can be in full control of.
I'd also like to know why you think Apple has lost a lot of credibility for security. They are fighting hard legally to avoid having to break into a phone using a method that won't work on any iPhone they actually sell, and which won't work for anyone else. This phone was designed to be easy to use, and still proof against most attacks involving physical possession, which strikes me as a pretty good feat right there. Who do you think is showing more concern for security?
Security should not be dependent on rubber stamp courts' mood swings or the willingness of a major corporation to "protect" its users. The FBI chose this particular case for a reason: if you're not with us, you're against us. You can probably imagine how oppressive nations are now going to extort (many probably have already) Apple and other manufacturers to provide similar sidedoor access (not really a backdoor, but *very* close to being one). It's a very very slippery slope.
The bottom line is: do you think encryption key escrow is a good idea? Because this is directly comparable to it. Should our government have at all times the ability to unlock all our secrets at will? Needless to say that this is a bad idea.
Cool story bro, and nice SEO you got going on there. I can't stand people who post links to their own sites in this fashion. You could do it once or twice without causing a fuss, but acting like an organic RSS feed? No thanks.
you play along and wait for an opportunity for your .22
.22 works well on pests, not so much on 250lbs big rapist-robber dudes. If I had to choose between a .22 and some proper pepper spray to handle such situation, I'd go for the latter.
Sober in a nightclub. Yup, that's the worst.
News at 11: that's nothing. My Internets can handle 1.64 LoC/s. Or in other words 5,02633887×10^13 tweets/s.
I've haven't owned an Apple device since my '86 Machintosh Plus. I've been thinking about getting myself an iPhone for some time now, but I think I'll put those plans on hold.
The fact that this type of bypassing of core security features has now been confirmed to be even possible makes it totally irrelevant whether it will actually be used. It's out there, we know it's possible. And frankly, I'm amazed this issue hasn't been discussed at all before the FBI brought it up.
Apple has lost a lot of credibility as a secure device manufacturer. I'm rather interested about how this will eventually reflect in their sales figures. It's a sort of strong indicator of how much the general population really care about their privacy.
1000 is more than 1. 1Gbps is not sexy any more.
A millennial using the word millennial as a derogatory term. That's kind of cute in all its awkwardness.
It's just the ultra Capitalist mantras speaking. A blast from the past, a Cold War era relic that was created to counter Communism. In a few decades people who don't want to live in a civilized society will be mostly gone and we'll hopefully have basic stuff like universal healthcare and close to zero percent of the population living homeless.
Does the third party have to reveal their source code? Can the FBI effectively hide behind their contract with the third party?
Look no further than this for clues.
It's obvious that this type of activity will be eventually vetted and weighed in the Supreme Court.
If you reply, do so only to what I explicitly wrote. If I didn't write it, don't assume or infer it.
Your signature is a tad funny in this context. :-)
Here's what I said in my original comment:
If Apple has the capability to assist in the decryption of the phone.
Without Apple's help the FBI would most likely not be able to brute force the passcode. If, however, Apple assists them by providing a custom ROM, they'd be able to bypass a core security feature that prevents brute forcing the passcodes. Brute forcing iPhones' passcode is trivial since who uses a passcode of any meaningful length in their iPhone? They'd have to enter it every 15 minutes or so if they want to use their phone. Entering a 20+ character passcode that often just to read your texts or browse the Internet is a huge nuisance. And iPhone users, after all, have been confident that there is a mechanism that prevents brute forcing passcodes anyway.
If it's possible to bypass the passcode try limit, it's huge. It's bad and it's hugely bad. It doesn't even mean that Apple would have to help the FBI at this point to lose a lot of credibility. Everybody thought it was not possible in any way, but it seems Apple has had this capability since day-1.
Before the iPhone 6 series phones were released, the default passcode length was 4 digits (numbers). I personally have *never* met anyone who uses alphanumeric characters in their iPhone passcodes. If the majority of passcodes in modern iPhones is between 4-10 digits, that'll take a fraction of a second or a few seconds at most to brute force on the phone itself. And if it's somehow possible to extract the passcode hash from the phone, it doesn't matter if you use even 15–16 alphanumeric characters.
Here's what Apple has said in their official statement:
Specifically, the FBI wants us to make a new version of the iPhone operating system, circumventing several important security features, and install it on an iPhone recovered during the investigation. In the wrong hands, this software — which does not exist today — would have the potential to unlock any iPhone in someone’s physical possession.
If this isn't Apple being forced to assist in the decryption of the phone we live in different dimensions.
If you bothered to read any of the news articles, Apple currently doesn't have that capability. What the FBI is asking for is to update iOS on the phone with a custom version that removes the time delay between unsuccessful passcode attempts, the 10-try limit before wiping the phone, and a way to enter passcodes via the lightning connector rather than the keypad --- all of this so the FBI can brute-force unlock the phone.
What are you talking about..?
I said:
The fact that Apple even (seemingly) has the capability to assist in the decryption of the phone is appalling. Bad security.
And you say:
Apple currently doesn't have that capability. What the FBI is asking for is to update iOS on the phone with a custom version that removes the time delay between unsuccessful passcode attempts
And that's exactly what i described in my comment. If Apple has the capability to assist in the decryption of the phone. It doesn't mean it would need to be possible with an existing solution, it's enough if there is and/or has always been a known way to do it.
It's bad security when security measures can be bypassed one way or another. The ability to bypass the 10 try limit with the help of Apple effectively renders the encryption of all existing iPhones completely useless. 99.99% of the iPhones out there could be decrypted at will by anyone in the position to mandate Apple to provide assistance in doing it.
One thing is for sure now: Apple's credibility as a secure product has crumbled to dust. If it's not the encryption that's holding the government out of users' data but rather the rulings of rubber stamp courts, that's no secure product.
The fact that Apple even (seemingly) has the capability to assist in the decryption of the phone is appalling. Bad security.
IoS gets it. Humor is the only way one could ever understand what IoT is all about. :-)
Let's assume you're a turd. Would you go to a job interview unpolished?
I dare say that profile picture quality at any given "news" site correlates strongly with the quality of the articles. This was my hypothesis before I even saw the content of the articles at the site in question. And you know what? I was right. If you don't believe me look at them yourself. There should be a huge "BIASED" stamp across the front page. The whole mentality they have going on there is so out of touch with reality it's not even funny.
Trust is a complicated topic. If the editors of a blog think selfies send out a message of trust, then fine. That's their interpretation of the best means to do it. If I, the reader, however think that selfies send out a message of unprofessionality and lack of judgement, that's equally correct.
Check all of his submissions, they're all trying to astroturf his shitty 'news' site
While a good observation, I don't think anybody's really astroturfing. The submitter's user name is MikeChino, who seems to be the 'Managing Editor' at that particular blog. If anything, they're doing SEO.
Nonetheless, I'd never trust a site where the editors have selfies as profile pictures. If they can't be bothered to go to a professional photographer to take a decent picture for their bio, what does that tell about the quality of their stories?
They should've used Caesar cipher with a shift of 26. It's much stronger than ROT-0.