And you are not the only one thinking that way. The only thing Apple does better is security and privacy. Other than that, there is no reason to get an iPhone (except maybe "lifestyle", i.e. it is a fetish). Apple stands to lose big-time here if they cave. The problem really is that the FBI does not ask them to unlock just this one phone, they are demanding a tool that would allow them to get into any similar iPhone (not the newer ones though), and Apple has to refuse in order to protect their reputation.
Whether they do this out of a sense of duty to their customers or whether they want to protect their future business is entirely immaterial. Both are fully acceptable desires for a corporation and in this case they coincide.
Alternatively, they think they have a pretty good chance of showing that this order is not "lawful" at all. We call that a police-state where the police believes not to be bound by laws anymore.
It also has a CEO that knows if things get too bad he will be one of those that go to the concentration camps for "sexual deviancy". It always helps if a threat is not only abstract. And yes, Apple does have a soul. Even a dark-gray one is far better than what most corporations and all governments have these days.
Why aren't, for something as important as the loss of 14 innocent people, the people / person responsible for resetting the password criminally charged?
The people responsible are FBI agents (they did not reset the password, but they requested it to be done). In a police-state, members of the police are never charged with anything, unless it can absolutely not be avoided, e.g. if a policeman murders somebody in cold blood and unfortunately a citizen filmed that and has already posted it online and it has been seen by a lot of people. Other than that, forget about police ever being charged with anything in the US.
Well, yes. And as they will now scale up their attacks, the problem will get a lot more pressing. Still, not paying them would have also had an effect in that direction and this will hit a lot of people that are actually not responsible for the IT screwups.
I do not disagree. The technical sophistication is also a sign that these are not complete beginners. But there is one other thing: They do not make a lot of money at the moment, but this type of attack does scale. They now got validated. They will try hard to get a lot more targets in the near future.
The NSA does not claim to see as much as people think. I once asked somebody mid-high in the NSA this question and he said "If we really could do what people think we can do, then the world would look differently." Entirely convincing.
Your second mistake is that identification of such criminals is a fast process. It is not. Ask again in a year or so.
I know that. Nothing that "Kimble" has ever done was very good (the guy cannot code himself and he does not have a good hand selecting coders). Unless somebody competent and reputable does a full security analysis, I recommend not touching that with a 10-feet pole.
You start paying, they find more targets, make their scam more professional, etc. At the moment, these are still common criminals, as can be seen by the low sums demanded (completely out of proportion compared to the damage done), but that will now change.
The good thing is that Bitcoin is not really anonymous, unlike the common wisdom. With a bit of lick these people will be identified. The bad thing is that it will take some time and by then others will have copied the scam.
Only if the phone was on the air. That is the first thing any halfway competent forensics person stops. You can too, a tin-can is enough. Of course, in the future, we will see phones that wipe themselves after a while in that state. It is really pathetic that ordinary citizens need to think about protecting themselves from the government again. Have they learned absolutely nothing from history?
You forget that the phone is locked and likely there are trip-wires resulting in key-deletion on at least some attacks. That alone makes any updates very much non-trivial.
There is a reason the idea fizzled: If you have very special code, it may be able to compete speed-wise, otherwise it will be slower. As compilers optimize better these days, it will be even worse today. And the "low power" is a red herring: If you want that (at slow speed), compile to ARM code, not to x86.
My guess is somebody is looking for funding from clueless people.
Indeed. We know that except for potentially very expensive and risky things (with regards to making further recovery impossible), there is no way into the new ones. We really do not know what the state of the old ones is. The suspicion is that the old ones have the limitation on the tries just in software, not the secure key-storage chip, but that is a guess. What Apple is saying that if, hypothetically, they could write software to prevent the erasure after 10 failed tries, that software could be applied to any 5c and hence would be a system-break. They say that this is not acceptable to create such a tool and many people agree. One risk is that the software gets stolen from the FBI, for example. They have not really admitted that they can write this software or that the effort needed would be acceptable. These may be further lines of defense if the first argument fails.
There is also the little problem that software has bugs. What if Apple screws up or this phone is just a little different from expectations and the update erases the keys permanently? Take into account that we are not talking about a regular software-update here, as that requires an already unlocked phone. This new firmware would need to go in via direct flashing or the like and that always carries a risk and you have just one try with this particular phone. In the end, they may be criminally liable (destruction of evidence) for an honest mistake they made on work they were compelled to do. That is not compatible with fundamental legal principles.
O ye of simple minds. The issue here is not cracking that single phone.
That is pretty much Apple's point. Apple basically says "we think we could, but we think very strongly we should not, so fuck off".
And you are not the only one thinking that way. The only thing Apple does better is security and privacy. Other than that, there is no reason to get an iPhone (except maybe "lifestyle", i.e. it is a fetish). Apple stands to lose big-time here if they cave. The problem really is that the FBI does not ask them to unlock just this one phone, they are demanding a tool that would allow them to get into any similar iPhone (not the newer ones though), and Apple has to refuse in order to protect their reputation.
Whether they do this out of a sense of duty to their customers or whether they want to protect their future business is entirely immaterial. Both are fully acceptable desires for a corporation and in this case they coincide.
Alternatively, they think they have a pretty good chance of showing that this order is not "lawful" at all. We call that a police-state where the police believes not to be bound by laws anymore.
It also has a CEO that knows if things get too bad he will be one of those that go to the concentration camps for "sexual deviancy". It always helps if a threat is not only abstract. And yes, Apple does have a soul. Even a dark-gray one is far better than what most corporations and all governments have these days.
Why aren't, for something as important as the loss of 14 innocent people, the people / person responsible for resetting
the password criminally charged?
The people responsible are FBI agents (they did not reset the password, but they requested it to be done). In a police-state, members of the police are never charged with anything, unless it can absolutely not be avoided, e.g. if a policeman murders somebody in cold blood and unfortunately a citizen filmed that and has already posted it online and it has been seen by a lot of people. Other than that, forget about police ever being charged with anything in the US.
You are certainly correct. So what we get is that women a worse sellers on average, as the buyers cannot know the gender of the seller.
I somehow doubt the people doing the original "research" wanted to say or find that. Some propaganda is stupid beyond belief.
Well, yes. And as they will now scale up their attacks, the problem will get a lot more pressing. Still, not paying them would have also had an effect in that direction and this will hit a lot of people that are actually not responsible for the IT screwups.
I do not disagree. The technical sophistication is also a sign that these are not complete beginners. But there is one other thing: They do not make a lot of money at the moment, but this type of attack does scale. They now got validated. They will try hard to get a lot more targets in the near future.
The NSA does not claim to see as much as people think. I once asked somebody mid-high in the NSA this question and he said "If we really could do what people think we can do, then the world would look differently." Entirely convincing.
Your second mistake is that identification of such criminals is a fast process. It is not. Ask again in a year or so.
These are hidden servers, not entry- or exit-points.
Standard paranoia and standard cluelessness: .onion-nodes do not help for that at all.
I know that. Nothing that "Kimble" has ever done was very good (the guy cannot code himself and he does not have a good hand selecting coders). Unless somebody competent and reputable does a full security analysis, I recommend not touching that with a 10-feet pole.
I don't have that. Must have been added later. Thanks, I will take a look.
You start paying, they find more targets, make their scam more professional, etc. At the moment, these are still common criminals, as can be seen by the low sums demanded (completely out of proportion compared to the damage done), but that will now change.
The good thing is that Bitcoin is not really anonymous, unlike the common wisdom. With a bit of lick these people will be identified. The bad thing is that it will take some time and by then others will have copied the scam.
That is actually pretty standard. Do not expect that to be better with any other brand that offers cloud backup.
Hahahahaha, sounds entirely plausible!
Only if the phone was on the air. That is the first thing any halfway competent forensics person stops. You can too, a tin-can is enough. Of course, in the future, we will see phones that wipe themselves after a while in that state. It is really pathetic that ordinary citizens need to think about protecting themselves from the government again. Have they learned absolutely nothing from history?
You forget that the phone is locked and likely there are trip-wires resulting in key-deletion on at least some attacks. That alone makes any updates very much non-trivial.
There is a reason the idea fizzled: If you have very special code, it may be able to compete speed-wise, otherwise it will be slower. As compilers optimize better these days, it will be even worse today. And the "low power" is a red herring: If you want that (at slow speed), compile to ARM code, not to x86.
My guess is somebody is looking for funding from clueless people.
You did.
You do know who forced him to do that, do you?
I am sure he would love to do that, but as you seem unaware that the US government will not let him.
Indeed. We know that except for potentially very expensive and risky things (with regards to making further recovery impossible), there is no way into the new ones. We really do not know what the state of the old ones is. The suspicion is that the old ones have the limitation on the tries just in software, not the secure key-storage chip, but that is a guess. What Apple is saying that if, hypothetically, they could write software to prevent the erasure after 10 failed tries, that software could be applied to any 5c and hence would be a system-break. They say that this is not acceptable to create such a tool and many people agree. One risk is that the software gets stolen from the FBI, for example. They have not really admitted that they can write this software or that the effort needed would be acceptable. These may be further lines of defense if the first argument fails.
There is also the little problem that software has bugs. What if Apple screws up or this phone is just a little different from expectations and the update erases the keys permanently? Take into account that we are not talking about a regular software-update here, as that requires an already unlocked phone. This new firmware would need to go in via direct flashing or the like and that always carries a risk and you have just one try with this particular phone. In the end, they may be criminally liable (destruction of evidence) for an honest mistake they made on work they were compelled to do. That is not compatible with fundamental legal principles.
Competing in the Olympics is not a good idea when pregnant, obviously. But nice try spreading confusion!