I don't see how it relies on badly written software rather than bad sysadmin practices. The exploit need both TLS and SSLv2 configured on the server. These days, if someone has SSLv2 active on his/her website, you can call it a bad sysadmin practice for sure. Anyone with SSLv2/SSLv3 active on his/her website deserve to be kicked in the butt. And a third of the sysadmins deserve exactly that.
Well, given the iPhone 5c in question is property of the San Bernardino County, I don't really think both cases are similar in any way. There is no need to charge anyone, the iPhone is government property, there shouldn't be any personal and/or private data on it. It ends up with the government asking Apple to unlock a government property.
False, the FBI may just get Apple's private key to sign the firmware and they will then be able to write their own firmware to circumvent the protections which prevent them to crack the password and recover the encryption key and flash the device with the new firmware. This model, iPhone 5c, doesn't require the user's authorization to be flashed. The only thing that prevent the FBI to go ahead without any help from Apple is the signature of the firmware.
What Mr McAfee propose is pure bullshit. If Apple did its job properly, the data cannot be decrypted without recovering the encryption key which should be long enough to make a brute force attack unfeasible within a reasonable amount of time with currently available computing ressources on this planet all working together toward a single and same goal.
That's why the FBI is asking Apple to flash the firmware on THIS iPhone with a new signed version from Apple with the number of attemps limit removed and the time delay between attempts zeroed, enabling the FBI to brute force attack the password which is 4 digit long on this model leading to about 30 million possiblities if only English characters, numbers and special characters were used. This is much more easier and certainly feasible to recover the password quickly, then the encryption key and finally decrypt the iPhone data.
McAfee is an idiot if he really thinks he can decrypt directly the data without cracking the password and recovering the encryption key.
I don't see your point here. This site, I suppose you are talking about news.softpedia.com here, is an informational site only. There is no need to encrypt communication between your browser and this site. You do not exchange credentials and/or password and/or any confidential information. In case you haven't notice. SSL/TLS and encryption are useful only to prevent someone to eavesdropping the conversation and to authentify one or both parties. I don't see any usage for this here.
SSL doesn't prevent hosts from casual attacks. You can use SSL/TLS all the way and still have all your hosts vulnerable to casual attacks.
Being leftist or rightist has nothing to do with an authoritarian regime. Both sides are likely to support such a regime for different reasons. Most socialist regimes are authoritarian on this planet. This is the only way they can hold the power.
Why was he mod Offtopic? This is on topic. This is very on topic in fact. Getting a warrant and/or a court order isn't spying on citizen at all. As long as you get a warrant and/or a court order, I don't see any legal base to refuse to comply. I don't see neither any citizen privacy problem here.
And all by court order or warrants. Where is the problem? It is not like they unlock any iPhone without any reason and authorization by a judge or a court.
How is it different from a lock on a door? If the tenant receives a court order to open the lock, he will do. It seems the point that evades you is there is a court order. It is not just the police is asking anyone without a warrant or even better, a court order, to open the lock.
I'm very sorry to tell you so, but Apple needn't to create software that doesn't exist. It needs to modify an existing piece of software, called firmware that set a limit on the number of attempts with a wrong password before deleting data on the phone and it needs to remove the delay they introduced between attempts to avoid an automatic system to try passwords at a rate no human can. So, the piece of software exists and the modification is about two lines of code and maybe something like less than 10 characters to change in the code. Then, they can reload the firmware remotely on the device they are asked to collaborate to render the data accessible to the FBI. It is not possible to remotely flash the firmware on later versions of the iPhone without the authorization of the owner. This is not the case with the iPhone 5c under investigation.
Now, the reason only Apple can make the modification is the piece of code, the firmware, must be signed with Apple's private key. Otherwise, the iPhone will refuses to execute the code.
Most ot the rhetoric from Tim Cook is pure bullshit in this case. He tries to expand the request to all iPhones in order to create a wave of sympathy and pose as a champion of privacy while in reality he doesn't give a shit, unless this can be a sales point. Pure marketing here.
On another hand, that raises a question about how Yelp decided to open offices in an expensive area for employees they believe do not worth enough to be able to live there? Aren't they just some kind of assholes? I mean, it is perfectly understandable you want to pay low wages for some kind of work, however, in this case, shouldn't you pick a cheaper area in the country to build your office?
In fact, the employer was paying for a software on the iPhone of its employees which enable him to unlock them anything he wishes. The only problem being the employer didn't install the software at all even if he was still paying the monthly fee for it.
And again, the article is pretty clear this case concerns only ONE iPhone.
Can you tell us where you get this idea FBI is playing on emotion and sympathy? They have a case to resolve and need access to data, that's it, that's all. They want access to this particular iPhone and need Apple to modify the firmware for THIS particular iPhone which can then be breached by a brute force attack requiring physical access to the device. There is nothing here about emotion and sympathy for the victims. In fact, there is no need for anyway. They are not asking Apple to modify all the iPhone in the world and introduce a backdoor in the firmware of all the iPhone. They are asking for this very particular iPhone which is property of the San Bernardino's County anyway.
Obvioously you haven't read enough about the case. What the FBI is asking is not to install a backdoor or whatever on every iPhone sold by Apple. They are asking to break this one by modifying the firmware to enable them to crack the password without wiping the data or taking over 2 years to do so. You are generalizing this to every iPhone customer in the world while it has nothing to do with it. This trick to work need physical access to the device, something FBI is having.
Provided the iPhone is San Bernardino's county property, the privacy issue is nullified. Apple should stop playing the wrong game here and give the FBI what it asks for in this particular case, given everyone knows Apple's security is an illusion anyway. To crack a 4 digit password by brute force attack you simply need to have the delay between attempts set to 0 and the code wiping the data on the iPhone being neutralized. Which is a two lines of code modification in the firmware. No magic here. WIth a 4 digit password using potentially 75 different characters (upper/lower case + number + special characters) you have to try 30 million combinations at most. Something that can be easily done without any specialized hardware or on-steroids computer.
The security is just something you get because someone cannot try 30 million combinations in minutes on your iPhone because he has to wait a few seconds between each trial and is limited in the number of trials before cracking the iPhone becomes useless due to data deletion.
It is just a fucking counter and a delay in the firmware that prevent someone to break the code. No rocket science here. In order to prevent brute force attacks, the firmware erase the data after X unsucessful trials to unlock the device and to prevent a huge amount of trials in few seconds, a delay is introduced between each trial which goes unnoticed to a user because it is something like a few seconds, enough to be annoying for a brute force attack on the password, but not enough to annoy the legitimate user. That's all they are asking for. A modification of the firmware for THIS iPhone to remove the maximum number of attempts limit and nullify the delay. They do not ask Apple to modify the firmware on all iPhones they are selling.
At my sense, Apple is better to comply than let the DoJ grant the right to the FBI and/or NSA to proceed with the modification of the firmware themselves. In this case, you can be sure the FBI and/or NSA will keep the code for next time they need it. The rest is pure bullshit from Apple, we already know these safeguards can be circumvented by anyone with enough time, money and knowledge to modify the firmware.
How does it matter? There is no point here. If the court believe it is necessary for the benefit of the trial and the decision to decipher the data, so be it. It is equivalent to a warrant and I don't see how being or not being a terrorist is an argument.
Slashdot Mirror
Sanders is getting his money to campaign from large corporations as Clinton, Cruz, Rubio and the others. They expect a return.
I don't see how it relies on badly written software rather than bad sysadmin practices. The exploit need both TLS and SSLv2 configured on the server. These days, if someone has SSLv2 active on his/her website, you can call it a bad sysadmin practice for sure. Anyone with SSLv2/SSLv3 active on his/her website deserve to be kicked in the butt. And a third of the sysadmins deserve exactly that.
Well, given the iPhone 5c in question is property of the San Bernardino County, I don't really think both cases are similar in any way. There is no need to charge anyone, the iPhone is government property, there shouldn't be any personal and/or private data on it. It ends up with the government asking Apple to unlock a government property.
Economy plus seats are a fraud.
False, the FBI may just get Apple's private key to sign the firmware and they will then be able to write their own firmware to circumvent the protections which prevent them to crack the password and recover the encryption key and flash the device with the new firmware. This model, iPhone 5c, doesn't require the user's authorization to be flashed. The only thing that prevent the FBI to go ahead without any help from Apple is the signature of the firmware.
That's why the FBI is asking Apple to flash the firmware on THIS iPhone with a new signed version from Apple with the number of attemps limit removed and the time delay between attempts zeroed, enabling the FBI to brute force attack the password which is 4 digit long on this model leading to about 30 million possiblities if only English characters, numbers and special characters were used. This is much more easier and certainly feasible to recover the password quickly, then the encryption key and finally decrypt the iPhone data.
McAfee is an idiot if he really thinks he can decrypt directly the data without cracking the password and recovering the encryption key.
From TFA: “So 3,000 years from now, people may decide to tweak it," Lowe says. "We'll just have to wait and see.”
SSL doesn't prevent hosts from casual attacks. You can use SSL/TLS all the way and still have all your hosts vulnerable to casual attacks.
Being leftist or rightist has nothing to do with an authoritarian regime. Both sides are likely to support such a regime for different reasons. Most socialist regimes are authoritarian on this planet. This is the only way they can hold the power.
Why was he mod Offtopic? This is on topic. This is very on topic in fact. Getting a warrant and/or a court order isn't spying on citizen at all. As long as you get a warrant and/or a court order, I don't see any legal base to refuse to comply. I don't see neither any citizen privacy problem here.
To summarize: Marketing is everything.
And all by court order or warrants. Where is the problem? It is not like they unlock any iPhone without any reason and authorization by a judge or a court.
Nonsense. Compiling code is not a creative activity, the code exists from the source and by the source. Everyone knows the source code is everything.
How is it different from a lock on a door? If the tenant receives a court order to open the lock, he will do. It seems the point that evades you is there is a court order. It is not just the police is asking anyone without a warrant or even better, a court order, to open the lock.
Now, the reason only Apple can make the modification is the piece of code, the firmware, must be signed with Apple's private key. Otherwise, the iPhone will refuses to execute the code.
Most ot the rhetoric from Tim Cook is pure bullshit in this case. He tries to expand the request to all iPhones in order to create a wave of sympathy and pose as a champion of privacy while in reality he doesn't give a shit, unless this can be a sales point. Pure marketing here.
The employer is not without responsability here.
http://phys.org/news/2016-02-c...
In fact, the employer was paying for a software on the iPhone of its employees which enable him to unlock them anything he wishes. The only problem being the employer didn't install the software at all even if he was still paying the monthly fee for it.
And again, the article is pretty clear this case concerns only ONE iPhone.
Shame on you moderators of my arse.
You don't drink vodka?
Can you tell us where you get this idea FBI is playing on emotion and sympathy? They have a case to resolve and need access to data, that's it, that's all. They want access to this particular iPhone and need Apple to modify the firmware for THIS particular iPhone which can then be breached by a brute force attack requiring physical access to the device. There is nothing here about emotion and sympathy for the victims. In fact, there is no need for anyway. They are not asking Apple to modify all the iPhone in the world and introduce a backdoor in the firmware of all the iPhone. They are asking for this very particular iPhone which is property of the San Bernardino's County anyway.
Obvioously you haven't read enough about the case. What the FBI is asking is not to install a backdoor or whatever on every iPhone sold by Apple. They are asking to break this one by modifying the firmware to enable them to crack the password without wiping the data or taking over 2 years to do so. You are generalizing this to every iPhone customer in the world while it has nothing to do with it. This trick to work need physical access to the device, something FBI is having.
Apparently not.
They have physical access to the actual device idiot!
The security is just something you get because someone cannot try 30 million combinations in minutes on your iPhone because he has to wait a few seconds between each trial and is limited in the number of trials before cracking the iPhone becomes useless due to data deletion.
At my sense, Apple is better to comply than let the DoJ grant the right to the FBI and/or NSA to proceed with the modification of the firmware themselves. In this case, you can be sure the FBI and/or NSA will keep the code for next time they need it. The rest is pure bullshit from Apple, we already know these safeguards can be circumvented by anyone with enough time, money and knowledge to modify the firmware.
How does it matter? There is no point here. If the court believe it is necessary for the benefit of the trial and the decision to decipher the data, so be it. It is equivalent to a warrant and I don't see how being or not being a terrorist is an argument.