With an active CPU behind it, certainly this system can be more secure than the current card system. Also means much less chance of leaving the card in the room and less money spent replacing lost cards.
If you use Firefox, Safari, Chrome, or IE in China, they will all warn you that MiTM attack has occurred (if you trying going to https://icloud.com./ But the most popular browser used in China (according to Qihoo, the claim is dubious), Qihoo’s Chinese 360 "Secure Browser". will allow Man in the middle attacks to occur, by design.
And the people that sued Apple tend to just sue companies over the Zip issue hoping for a payout. But previous courts have found that asking for the ZIP code before purchase does not constitute personally identifiable information not associated with the credit card transaction. (It's wrong if they ask for the ZIP after the transaction has been completed, but not before)
TFA specifically notes that the behavior described was observed with all visible 'privacy' settings adjusted. Presumably the story is even cheerier if those aren't switched off.
He only disabled Spotlight Suggestions in the Spotlight preferences, he did not disable it for Safari, which is in the Safari preferences, right next to the search engine preference.
(Because you may not want Spotlight sending strings to Apple when searching for files on the computer, but you may not care if you are only searching the internets via safari).
Still, this one should be tested. Does it send a string when Spotlight Suggestions are turned off in Safari as well? We won't know until somebody tries it.
Still, do you think that they changed the search engine, left all those options for smart search on, then went to the OS setting for spotlight and turned that off, then sounded the alarm? Would seem a bit like manufactured outrage to me, but I suppose it's not impossible.
iAd is only for iOS Devices (not Yosemite) and your second link is extremely misleading. They're being sued for asking customers that purchase high priced items for their zip code as an additional form of data to verify with the credit card processor to prevent fraudulent transactions. Maybe merchants that have a high amount of fraud do this type of verification.
Because then you are sending a lot of requests to random domains that may not be designed to handle the traffic? And a lot, a hell of a lot of mail servers out there for common email services use legacy mail servers not related to the domain of the email address (because the mail servers were set up before that particular email domain became popular).
Super quick example, if you have a @windowslive.com email address, the IMAP server is imap-mail.outlook.com. The Exchange ActiveSync server is s.outlook.com. Neither one would be found but your suggestion of randomly hitting subdomains.
There is actually an included list of common Mail Servers and common mail configurations. Mail.app only sends the domain when the domain is not on the list or the configuration fails. It also means that if enough users look for a domain, Apple can immediately include the information without waiting for an update.
Have you ever done tech support for email problems before? It's a nightmare. Anything to help the user is best.
He turned off Spotlight suggestions for Spotlight, not Spotlight suggestions in Safari.
(Because you may not want Spotlight sending strings to Apple when searching for files on the computer, but you may not care if you are only searching the internets via safari).
They specifically said they turned off Spotlight suggestions.
No, he said he turned off Spotlight suggestions in Spotlight. Not Spotlight suggestions in Safari. (Because you may not want Spotlight sending strings to Apple when searching for files on the computer, but you may not care if you are only searching the internets via safari).
Even if that were not so, changing search engine should never mean you have to find another configuration option to turn off the old search engine. That's just wrong.
It is not on by default. It's an option shown in the setup assistant. Shown after you first install Yosemite. The option in the setup assistant then sets those options in the Security prefpane. I'm not sure why Siracusa said they are on by default. Maybe since he's been using the beta for so long (since June), he forgot the option was in the Setup Assistant (since the Setup assistant is only shown on first major upgrade)
Or why when setting up an email account does the mail app send the domain name you enter to apple?
It's part of the automatic configuration settings. When you first set up a new email address using "Add other Mail Account" in Mail.app, it just asks your for your name, email address, and the password for the account. It then sends the domain to Apple to get the imap/pop3/smtp servers and other configuration information for that domain, if it is available, so the user doesn't have to enter them all separately. It's part of a good UI.
Oh, I read it. But you didn't read my response to your other comment, which was,
Even if you change search engines in safari, it doesn't disable Spotlight suggestions in Safari. That's a separate checkbox in the Search tab in the Safari preferences. (There are a bunch of options in the Search preferences in Safari)
Even if you change search engines in safari, it doesn't disable Spotlight suggestions in Safari. That's a separate checkbox in the Search tab in the Safari preferences. (There are a bunch of options in the Search preferences in Safari)
If you want live search results from the web, of course the client has to send the search string to a server each time the search string changes. Why is this surprising? If you don't want live search results from the web, disable it (in the Spotlight preferences and/or in the Safari Preferences) and the search string will stop being sent.
If you want any kind of information from the internets, some data has to be sent to a server on the internets at some point in time. There's no way around this.
I think OP might mean instead of a different type of server and didn't realize web servers can be extremely small when tasked with one singular purpose.
Slashdot Mirror
With an active CPU behind it, certainly this system can be more secure than the current card system. Also means much less chance of leaving the card in the room and less money spent replacing lost cards.
The quote was from the retired Brig. General himself. He got the two cities confused.
And we all know neither Abu Dhabi nor Dubai are in Canada. I don't know why it was necessary to point that out.
The ones that use SMS.
Forgot to mention that enabling 2FA in China may be useless if they can also intercept the messages and do a replay attack.
If you use Firefox, Safari, Chrome, or IE in China, they will all warn you that MiTM attack has occurred (if you trying going to https://icloud.com./ But the most popular browser used in China (according to Qihoo, the claim is dubious), Qihoo’s Chinese 360 "Secure Browser". will allow Man in the middle attacks to occur, by design.
Some are indeed bad, like the streaming of Safari/Spotlight chars to Apple with suggestions turned off.
It does not stream the chars to Apple if the option is off, Landon just forgot to disable the option in Safari and Spotlight.
He said he'll update the TFA tomorrow with the correct information.
TFA is about Yosemite's collection.
And the people that sued Apple tend to just sue companies over the Zip issue hoping for a payout. But previous courts have found that asking for the ZIP code before purchase does not constitute personally identifiable information not associated with the credit card transaction. (It's wrong if they ask for the ZIP after the transaction has been completed, but not before)
TFA specifically notes that the behavior described was observed with all visible 'privacy' settings adjusted. Presumably the story is even cheerier if those aren't switched off.
He only disabled Spotlight Suggestions in the Spotlight preferences, he did not disable it for Safari, which is in the Safari preferences, right next to the search engine preference.
(Because you may not want Spotlight sending strings to Apple when searching for files on the computer, but you may not care if you are only searching the internets via safari).
Still, this one should be tested. Does it send a string when Spotlight Suggestions are turned off in Safari as well? We won't know until somebody tries it.
No, it does not.
Still, do you think that they changed the search engine, left all those options for smart search on, then went to the OS setting for spotlight and turned that off, then sounded the alarm? Would seem a bit like manufactured outrage to me, but I suppose it's not impossible.
Yes, yes, that is what I think Landon did.
They don't make money by selling user information to third parties or by selling ads,
Funny, Apple has this thing called iAd where you pay Apple to place targeted ads, and it's currently being sued for selling user info to 3rd parties. Are these activities Apple's primary revenue model? No, but they are part of the revenue stream nevertheless.
iAd is only for iOS Devices (not Yosemite) and your second link is extremely misleading. They're being sued for asking customers that purchase high priced items for their zip code as an additional form of data to verify with the credit card processor to prevent fraudulent transactions. Maybe merchants that have a high amount of fraud do this type of verification.
Because then you are sending a lot of requests to random domains that may not be designed to handle the traffic? And a lot, a hell of a lot of mail servers out there for common email services use legacy mail servers not related to the domain of the email address (because the mail servers were set up before that particular email domain became popular).
Super quick example, if you have a @windowslive.com email address, the IMAP server is imap-mail.outlook.com. The Exchange ActiveSync server is s.outlook.com. Neither one would be found but your suggestion of randomly hitting subdomains.
There is actually an included list of common Mail Servers and common mail configurations. Mail.app only sends the domain when the domain is not on the list or the configuration fails. It also means that if enough users look for a domain, Apple can immediately include the information without waiting for an update.
Have you ever done tech support for email problems before? It's a nightmare. Anything to help the user is best.
He turned off Spotlight suggestions for Spotlight, not Spotlight suggestions in Safari.
(Because you may not want Spotlight sending strings to Apple when searching for files on the computer, but you may not care if you are only searching the internets via safari).
They specifically said they turned off Spotlight suggestions.
No, he said he turned off Spotlight suggestions in Spotlight. Not Spotlight suggestions in Safari. (Because you may not want Spotlight sending strings to Apple when searching for files on the computer, but you may not care if you are only searching the internets via safari).
Even if that were not so, changing search engine should never mean you have to find another configuration option to turn off the old search engine. That's just wrong.
It's in the same window!
It is not on by default. It's an option shown in the setup assistant. Shown after you first install Yosemite. The option in the setup assistant then sets those options in the Security prefpane. I'm not sure why Siracusa said they are on by default. Maybe since he's been using the beta for so long (since June), he forgot the option was in the Setup Assistant (since the Setup assistant is only shown on first major upgrade)
Or why when setting up an email account does the mail app send the domain name you enter to apple?
It's part of the automatic configuration settings. When you first set up a new email address using "Add other Mail Account" in Mail.app, it just asks your for your name, email address, and the password for the account. It then sends the domain to Apple to get the imap/pop3/smtp servers and other configuration information for that domain, if it is available, so the user doesn't have to enter them all separately. It's part of a good UI.
Oh, I read it. But you didn't read my response to your other comment, which was,
Searching maps is part of Spotlight suggestions
Even if you change search engines in safari, it doesn't disable Spotlight suggestions in Safari. That's a separate checkbox in the Search tab in the Safari preferences. (There are a bunch of options in the Search preferences in Safari)
If you want live search results from the web, of course the client has to send the search string to a server each time the search string changes. Why is this surprising? If you don't want live search results from the web, disable it (in the Spotlight preferences and/or in the Safari Preferences) and the search string will stop being sent.
If you want any kind of information from the internets, some data has to be sent to a server on the internets at some point in time. There's no way around this.
I think OP might mean instead of a different type of server and didn't realize web servers can be extremely small when tasked with one singular purpose.
OpenSSL has proven to be too big and too much of an untested surface area. Although I'm saddened they didn't move to CommonCrypto.
So why didn't Snapchat take a proactive approach and ban the third parties? They really depended on the ToS for enforcement of security?
Extremely low density of vending machines in the US. Now, Japan...
Because otherwise it would leak passwords to insecure sites, in plain text.