A massive security hole has been found in iOS 11

[Ragnusen Ultred]

Direct quote: *"A massive security hole has been found in iOS 11"*

As always, Apple didn't find the bug.
Although, usually google finds Apple's bugs, this one was found by Mac
Magazine.

The exploit has been in place since iOS 11.2.6 and has been left unpatched
in all six developer and public betas of iOS 11.3, and it's expected that
iOS 11.3 will ship with this massive hole, just like the Broadcom bug
shipped with massive holes that Apple knew about and had the patches for.

Yet again, we'll see if Apple touts a "security update" that they /know/
has massive holes in it so big you can drive a bus through them.

Just wait.
Watch 11.3 to see if they patch this bug or if they just tell everyone who
wants to /feel/ safe that it's a safety update...

I only speak fact.
Just watch.

[Ant]

URL?

--
Quote of the Week: "For example, the tiny ant, a creature of great
industry, drags with its mouth whatever it can, and adds it to the heap
which she is piling up, not unaware nor careless of the future."
--Horace, Satires, Book I, I, 33.
Note: A fixed width font (Courier, Monospace, etc.) is required to see this signature correctly.
/\___/\ Ant(Dude) @ http://antfarm.home.dhs.org
/ /\ /\ \ Please nuke ANT if replying by e-mail privately. If credit-
| |o o| | ing, then please kindly use Ant nickname and URL/link.
\ _ /
( )

[Ragnusen Ultred]

Am Sat, 24 Mar 2018 17:28:57 -0500, schrieb Ant:

> URL?

Hi Ant,
Didn't I provide the URL?

Lemme see ... oh, oooooops. I'm sorry. My mistake.
You are right.

mea culpa

Here's the link. I apologize.
https://forbes.com/sites/gordonkelly/2018/03/22/apple-ios-11-3-release-upgrade-siri-iphone-security-ipad-problem/

Normally I provide a link to everything since I only speak fact.

The title of that article was:
*"Apple iOS 11.3 Release Has A Nasty Surprise"*

Everything I say is true, so I welcome your request for a reference backing
up what I say, since my word is gospel simply because my word is fact.

Thanks Ant for catching the omission of the URL!

[Ant]

Thanks. That help. Yikes. Apple better fix it in its upcoming public
v11.3 release! Delay its release to include this fix!

[Jolly Roger]

Ant <ANT...@zimage.com> wrote:
> In misc.phone.mobile.iphone

>
> Thanks. That help. Yikes. Apple better fix it in its upcoming public
> v11.3 release!

Disable Settings > Siri > Allow Siri When Locked and it’s a non-issue until
Apple fixes the issue.

--
E-mail sent to this address may be devoured by my ravenous SPAM filter.
I often ignore posts from Google. Use a real news client instead.

JR

[*Hemidactylus*]

Holy shit! The world is ending!!!! Buy some bucket food from televangelist
Jim Bakker because Siri reading notifications aloud will meltdown the world
economy and instantly meltdown the iceCAPS!!! I cannot be expected to
“Disable Settings > Siri > Allow Siri When Locked” as Jolly Roger suggests
or “Settings > Notifications > Show on Lock Screen” as in the article to
avert TOTAL WORLD DESTRUCTION. This problem is far more serious than Syria
or that the leader of the free world is a kook. Thanks for restoring my
sense of proportionality with your constant crusader-ranting about the evil
corporate monolith that is Apple. Devices and the OS they use are SOOOOO
important. Nothing else matters obviously...to you and nobody else with a
life outside usenet.

[*Hemidactylus*]

Jolly Roger <jolly...@pobox.com> wrote:
> Ant <ANT...@zimage.com> wrote:
>> In misc.phone.mobile.iphone
>>
>> Thanks. That help. Yikes. Apple better fix it in its upcoming public
>> v11.3 release!
>
> Disable Settings > Siri > Allow Siri When Locked and it’s a non-issue until
> Apple fixes the issue.
>

Crisis averted.

[Lloyd Parsons]

Oddly the fact that Amazon's Echos will happily read out the same
things pretty much regardless of who asks, doesn't seem to ring the
same bells... :)

I wonder if Google Home does the same?

[Jolly Roger]

Some "crisis"... ; )

[Jolly Roger]

On 2018-03-25, *Hemidactylus* <ecph...@allspamis.invalid> wrote:
>>

> Holy shit! The world is ending!!!! Buy some bucket food from televangelist
> Jim Bakker because Siri reading notifications aloud will meltdown the world
> economy and instantly meltdown the iceCAPS!!! I cannot be expected to
> “Disable Settings > Siri > Allow Siri When Locked” as Jolly Roger suggests
> or “Settings > Notifications > Show on Lock Screen” as in the article to
> avert TOTAL WORLD DESTRUCTION. This problem is far more serious than Syria
> or that the leader of the free world is a kook. Thanks for restoring my
> sense of proportionality with your constant crusader-ranting about the evil
> corporate monolith that is Apple. Devices and the OS they use are SOOOOO
> important. Nothing else matters obviously...to you and nobody else with a
> life outside usenet.

+1 *slow clap*

[nospam]

In article <fhpple...@mid.individual.net>, Jolly Roger

<jolly...@pobox.com> wrote:

> >>> Thanks. That help. Yikes. Apple better fix it in its upcoming public
> >>> v11.3 release!
> >>

> >> Disable Settings > Siri > Allow Siri When Locked and it零 a non-issue until

> >> Apple fixes the issue.
> >>
> > Crisis averted.
>
> Some "crisis"... ; )

at least android phones test their software in the real world.

oh wait.

<https://www.pcmag.com/article2/0,2817,2491447,00.asp>
On certain Android phones running unpatched versions of the OS,
inputting hundreds of characters for a password on the device's lock
screen causes the smartphone to throw up the white flag and
authenticate a user𡃉o matter the combination of characters you try.

and more recently,
<https://www.androidauthority.com/android-8-1-oreo-swipe-bug-pixel-nexus-
829216/>
...According to affected device owners, they have to swipe up
multiple times for the phone to register the swipe and take them to
the PIN/pattern/password input.

Others reported they are having trouble swiping away notifications
from the lock screen. I have experienced this issue on my Pixel 2 XL
and would have to repeatedly swipe at a notification on the lock
screen for it to go away.

[Jolly Roger]

On 2018-03-25, nospam <nos...@nospam.invalid> wrote:
> In article <fhpple...@mid.individual.net>, Jolly Roger
><jolly...@pobox.com> wrote:
>
>> >>> Thanks. That help. Yikes. Apple better fix it in its upcoming public
>> >>> v11.3 release!
>> >>

>> >> Disable Settings > Siri > Allow Siri When Locked and it¹s a non-issue until

>> >> Apple fixes the issue.
>> >>
>> > Crisis averted.
>>
>> Some "crisis"... ; )
>
> at least android phones test their software in the real world.
>
> oh wait.
>
><https://www.pcmag.com/article2/0,2817,2491447,00.asp>
> On certain Android phones running unpatched versions of the OS,
> inputting hundreds of characters for a password on the device's lock
> screen causes the smartphone to throw up the white flag and

> authenticate a user‹no matter the combination of characters you try.

Yeah, I remember that goof up. Cue similar memories of macOS High Sierra
allowing anyone to authenticate with an empty password. Oops! : D

Of course both o those are far worse than Siri simply reading a couple
notifications from the lock screen (which can easily be disabled in
Settings), which is relatively benign in contrast. But clearly "adults"
like "Ragnusen" say we should ignore that, because: troll!! ; )

> and more recently,
><https://www.androidauthority.com/android-8-1-oreo-swipe-bug-pixel-nexus-
> 829216/>
> ...According to affected device owners, they have to swipe up
> multiple times for the phone to register the swipe and take them to
> the PIN/pattern/password input.
>
> Others reported they are having trouble swiping away notifications
> from the lock screen. I have experienced this issue on my Pixel 2 XL
> and would have to repeatedly swipe at a notification on the lock
> screen for it to go away.

Whoops! : D

If I didn't know better (thanks to "Ragnusen"), I'd say bugs and
security vulnerabilities exist *everywhere* in the real world regardless
of platform. But hey, who am I trying to kid, right? "Adults" like
"Ragnusen" ain't got no time for facts! ; )

[Jolly Roger]

On 2018-03-25, Lloyd Parsons <em...@domain.com> wrote:
>> Holy shit! The world is ending!!!! Buy some bucket food from televangelist
>> Jim Bakker because Siri reading notifications aloud will meltdown the world
>> economy and instantly meltdown the iceCAPS!!! I cannot be expected to
>> “Disable Settings > Siri > Allow Siri When Locked” as Jolly Roger suggests
>> or “Settings > Notifications > Show on Lock Screen” as in the article to
>> avert TOTAL WORLD DESTRUCTION. This problem is far more serious than Syria
>> or that the leader of the free world is a kook. Thanks for restoring my
>> sense of proportionality with your constant crusader-ranting about the evil
>> corporate monolith that is Apple. Devices and the OS they use are SOOOOO
>> important. Nothing else matters obviously...to you and nobody else with a
>> life outside usenet.
>
> Oddly the fact that Amazon's Echos will happily read out the same
> things pretty much regardless of who asks, doesn't seem to ring the
> same bells... :)
>
> I wonder if Google Home does the same?

You know it. But this is *Apple* for crying out loud, and a troll's
gotta troll!! ; )

[Lewis]

In message <m9KdnfJNU7wJjyrH...@earthlink.com> Ant <ANT...@zimage.com> wrote:
> Thanks. That help. Yikes. Apple better fix it in its upcoming public
> v11.3 release! Delay its release to include this fix!

Forbes is a shit site and their writing on technology is the shittiest
of their shit. I wouldn't trust them as much as even cnet or gizmodo;
their business is about pushing malware to their readers by knowingly
and repeatedly serving ads from infested ad networks.

is there any reputable source, because I couldn't get past the yellow
journalism of the first sentence.


--
AUDITORS OF REALITY. THEY THINK OF LIFE AS A STAIN ON THE UNIVERSE. A
PESTILENCE. MESSY. GETTING IN THE WAY. 'In the way of what?' THE
EFFICIENT RUNNING OF THE UNIVERSE.

[Jolly Roger]

On 2018-03-25, Lewis <g.k...@gmail.com.dontsendmecopies> wrote:
> In message <m9KdnfJNU7wJjyrH...@earthlink.com> Ant <ANT...@zimage.com> wrote:
>> Thanks. That help. Yikes. Apple better fix it in its upcoming public
>> v11.3 release! Delay its release to include this fix!
>
> Forbes is a shit site and their writing on technology is the shittiest
> of their shit.

Especially Gordon Kelly, who wrote that particular piece. He's
notorious for writing fluff opinion pieces with a negative spin,
typically with clickbait headlines like "Product X has a serious
problem", which any objective adult can verify for themselves:

<https://www.forbes.com/sites/gordonkelly/>

> I wouldn't trust them as much as even cnet or gizmodo; their business
> is about pushing malware to their readers by knowingly and repeatedly
> serving ads from infested ad networks.

Yep. And they actively block anyone with an adblocker from viewing their
tripe, because they are all about $$$ with no real substance. Fores is
for suckers.

[nospam]

In article <fhpvko...@mid.individual.net>, Jolly Roger

<jolly...@pobox.com> wrote:

> > Forbes is a shit site and their writing on technology is the shittiest
> > of their shit.

...

> Yep. And they actively block anyone with an adblocker from viewing their
> tripe, because they are all about $$$ with no real substance. Fores is
> for suckers.

they've backed down on that, a bit.

[Jolly Roger]

nospam <nos...@nospam.invalid> wrote:
> In article <fhpple...@mid.individual.net>, Jolly Roger
> <jolly...@pobox.com> wrote:
>
>>>>> Thanks. That help. Yikes. Apple better fix it in its upcoming public
>>>>> v11.3 release!
>>>>

>>>> Disable Settings > Siri > Allow Siri When Locked and it¹s a non-issue until

>>>> Apple fixes the issue.
>>>>
>>> Crisis averted.
>>
>> Some "crisis"... ; )
>
> at least android phones test their software in the real world.
>
> oh wait.
>
> <https://www.pcmag.com/article2/0,2817,2491447,00.asp>
> On certain Android phones running unpatched versions of the OS,
> inputting hundreds of characters for a password on the device's lock
> screen causes the smartphone to throw up the white flag and

> authenticate a user‹no matter the combination of characters you try.

>
> and more recently,
> <https://www.androidauthority.com/android-8-1-oreo-swipe-bug-pixel-nexus-
> 829216/>
> ...According to affected device owners, they have to swipe up
> multiple times for the phone to register the swipe and take them to
> the PIN/pattern/password input.
>
> Others reported they are having trouble swiping away notifications
> from the lock screen. I have experienced this issue on my Pixel 2 XL
> and would have to repeatedly swipe at a notification on the lock
> screen for it to go away.

Even more recently:

Facebook has been collecting call history and SMS data from Android devices

iOS devices appear to be unaffected

Facebook has been collecting call records and SMS data from Android devices
for years. Several Twitter users have reported finding months or years of
call history data in their downloadable Facebook data file. A number of
Facebook users have been spooked by the recent Cambridge Analytica privacy
scandal, prompting them to download all the data that Facebook stores on
their account. The results have been alarming for some.

“Oh wow my deleted Facebook Zip file contains info on every single phone
cellphone call and text I made for about a year,” says ‏Twitter user Mat
Johnson. Another, Dylan McKay, says “somehow it has my entire call history
with my partner’s mum.” Others have found a similar pattern where it
appears close contacts, like family members, are the only ones tracked in
Facebook’s call records.

Ars Technica reports that Facebook has been requesting access to contacts,
SMS data, and call history on Android devices to improve its friend
recommendation algorithm and distinguish between business contacts and your
true personal friendships. Facebook appears to be gathering this data
through its Messenger application, which often prompts Android users to
take over as the default SMS client. Facebook has, at least recently, been
offering an opt-in prompt that prods users with a big blue button to
“continuously upload” contact data, including call and text history. It’s
not clear when this prompt started appearing in relation to the historical
data gathering, and whether it has simply been opt-in the whole time.
Either way, it’s clearly alarmed some who have found call history data
stored on Facebook’s servers.

...

The same call record and SMS data collection has not yet been discovered on
iOS devices. While Apple does allow some specialist apps to access this
data in limited ways like blocking spam calls or texts, these apps have to
be specifically enabled through a process that’s similar to enabling
third-party keyboards. The majority of iOS apps cannot access call history
or SMS messages, and Facebook’s iOS app is not able to capture this data on
an iPhone.

<https://www.theverge.com/2018/3/25/17160944/facebook-call-history-sms-data-collection-android>

Way to go, DROIDs!! : D

[*Hemidactylus*]

Facebook keeps the hits a’ comin’.

[Ultred Harold Newton Ragnusen]

Lloyd Parsons wrote:

> Oddly the fact that Amazon's Echos will happily read out the same
> things pretty much regardless of who asks, doesn't seem to ring the
> same bells... :)
>
> I wonder if Google Home does the same?

Did any of you notice how all of you Apple users (except Ant) acted
instantly like little children in this thread?

None of you noticed you all (except Ant) act like little *CHILDREN*?
Really?

I only speak facts.

The Apple user is clearly /afraid/ of facts, such that, as you see in this
very thread, the Apple user acts like children act, when merely confronted
with the inconvenient fact that Apple screwed up, yet again.

You Apple posters, all but Ant, act like children when confronted with
inconvenient fact.

1. You deny that it's a security hole (Jolly Roger)
2. You blame Android bugs for everything (nospam)
3. You ignore hundreds of millions are affected (Hemidactylus)
etc.

What I always find revealing about Apple users is that you always act as
children do, children whose hands are caught in the cookie jar, where you
blame everyone else for the obvious fact that Apple doesn't test their
software sufficiently.

Worse, Apple knows full well that you childish users /feel/ safe only when
you get an iOS release, whether or not you're actually safe.

You see, I've learned from all of you children that it makes you /feel/
safe to get release after release after release after release after
release, even though the truth is that it's a buggy release after a buggy
release after a buggy release after a buggy release, ad infinitum.

Since you act like children, it's the sheer /number/ of releases that makes
you /feel/ safe, so I wasn't surprised one bit when nospam blamed Android
for Apple's bugs, nor when Jolly Roger and the rest of the Apple apologists
minimized what amounts to a pretty big security hole if you're not aware of
it, even at the same time that these same people tout the "security" of the
iOS device against a frontal assuault from state-sponsored adversaries.

If all it takes is a single query to break into any iOS 11.x iOS device if
the hundreds of millions of users don't turn off, then it's not all that
"safe" a platform, is it?

I only speak facts.

It's so freaking easy to find bugs in iOS 11.2.6 that it's not funny.
I found three this weekend alone, which I've documented, and I'm not even
looking for iOS related bugs!

Bug #1: http://i.cubeupload.com/B43i82.jpg
Bug #2: http://i.cubeupload.com/ttkrOV.jpg
http://i.cubeupload.com/knsgL0.jpg
Bug #3: http://i.cubeupload.com/oOyG3n.jpg

It's clear from all the bugs that we've seen that Apple doesn't test the
iOS platform, but what's even more clear is that Apple has a history of
shipping releases that they /know/ have holes in them so big you can drive
a bus through them (witness the broadcom bug fiasco for one example, where
Apple had tens of millions of people install it and then Apple begged them
to not to only 10 days later, while Apple had the fix in hand BEFORE they
shipped either release!).

The point is simple, which is that Apple users /want/ to feel safe, even
though they're not safe. The Apple user is like a child whose mother tells
him that the monster can't get out of the closet if you close the closet
door at night.

Apple users /feel/ safe, and users like nospam tell us how great the
security is such that it makes them /feel/ safe, and yet, they're /not/
safe.

I only speak fact.

[Jolly Roger]

On 2018-03-26, Ultred Harold Newton Ragnusen <Ultred...@HaroldRagnusen.edu> wrote:
> Lloyd Parsons wrote:
>
>> Oddly the fact that Amazon's Echos will happily read out the same
>> things pretty much regardless of who asks, doesn't seem to ring the
>> same bells... :)
>>
>> I wonder if Google Home does the same?
>

> I only speak facts.
>
> I only speak facts.
>
> I only speak fact.

The lady doth protest too much, me thinks. : )

[Ultred Harold Newton Ragnusen]

Ant wrote:

> Thanks. That help. Yikes. Apple better fix it in its upcoming public
> v11.3 release! Delay its release to include this fix!

Of all the posters to date, you're the only one who acted like an adult
would act on any of the other platform newsgroups when the facts are shown.

The real problem is multi-fold, in that it's a *series* of issues that,
together, make this iOS release so insecure you can drive a bus through it.

The first problem is that Apple has a long history of touting a release as
secure even when they /know/ that it has vulnerabilities so big you can
drive a bus through (witness the broadcom shipment of iOS 10.x when APple
had the fix in hand, but didn't tell anyone). Only 10 days later Apple had
to /destroy/ the release they called a 'security update'.

Why did Apple ship a release that they had a fix for that they knew was
hugely insecure? Nobody knows, but I suspect they know that the user just
wants to /feel/ safe, and not actually be safe, so, the more releases of
iOS that Apple ships, the safer it makes the user feel.

This sentiment is backed up, by the way, by what Craig Federighi pulicly
admitted last month, which is basically that iOS is buggy as all hell 9way
below his standards, and he's the SVP of software engineering!) simply
because Marketing drives the release schedule, not engineering.

The second problem is that tens of millions, and perhaps hundreds of
millions of people do /not/ know about this huge security vulnerability,
and while Jolly Roger and nospam and Hemidactylus try to minimize that
inconvenient fact (with nospam always blaming Android for iOS' bugs), it's
a fact nonetheless.

How many of those people /know/ that there is yet another security hole so
big you can drive a bus through it on /multiple/ releases of iOS?

Notice how Jolly Roger always claims to be a veritable genius because he
knows how to work around the bug - but the point is that Jolly Roger
wouldn't even /know/ about the bug if I didn't tell him about it.

That's a huge security hole, don't you think?

There are plenty of other problems with this issue, not the least of which
is, yet again, someone else found Apple's bugs, simply because it's a fact
that Apple never tests their products in the real world.

In fact, I personally found 3 iOS-related bugs just this week, and I'm not
even looking for iOS bugs!

Bug #1: http://i.cubeupload.com/B43i82.jpg
Bug #2: http://i.cubeupload.com/ttkrOV.jpg
http://i.cubeupload.com/knsgL0.jpg
Bug #3: http://i.cubeupload.com/oOyG3n.jpg

You could argue they're not critical security vulnerabilities, but I find
bugs in iOS all the timn, where I'm just a basic user.

For example, I installed an app that can't be uninstalled without having to
factory reset the iOS device (see above). What's with that?

Anyway, what I find happens every single time with the other iOS users (not
you) is that they deny that this is a serious bug, all the while folks like
nospam blame Android and at the same time nospam touts the "security" of
iOS to a frontal assault by a state-sponsored adversary.

Do you, Ant, see the sheer inconsistency of what people like nospam do?
Or is it just me?

[Ragnusen Ultred]

Am 26 Mar 2018 01:23:53 GMT, schrieb Jolly Roger:

> The lady doth protest too much, me thinks. : )

*Why are you Apple Apologists so very much /afraid/ of mere facts?*

Notice how Jolly Roger always essentially claims to be a veritable genius
because he claims to know how to work around the bug - but the point is

that Jolly Roger wouldn't even /know/ about the bug if I didn't tell him
about it.

And that hundreds of millions of others don't know about the bug.
And that Apple apparently has no plans to fix it in the short term.
And that it's a security hole big enough to drive a bus through.
And that Apple, yet again, didn't find their own bugs (as always).
etc.

Notice that you, Jolly Roger, essentially claim that you're a genius simply
because you think it's easy to turn off a security hole so big that a bus
could drive through it and yet - you know that hundreds of millions of
people around the world don't know about this bug so their phones are wide
open at this very moment - and - worse - even after the next buggy iOS
release (according to the news reports).

And yet, instead of thanking me for showing you a huge security hole in
your own iOS device, Jolly Roger, you *instantly* revert to your infantile
hateful vitriol against the simple bearer of fact.

*Why are you Apple Apologists so very much /afraid/ of mere facts?*
Why?

[Ragnusen Ultred]

Am Sun, 25 Mar 2018 10:36:05 -0400, schrieb nospam:

> at least android phones test their software in the real world.

*Why are you Apple Apologists so very much /afraid/ of mere facts?*

It's especially revealing that nospam always touts the "security" of iOS by
its hardening to a frontal brute-force attack by a state-sponsored
adversary, where, in reality, all it takes is a simple verbal command to
crack hundreds of millions of iOS devices wide open.

Since nospam is well aware of that being a fact, what does he do?

He instantly reverts to his childish ways by blaming Android for this
inconvenient fact that iOS users are /not/ any more secure than any other
user of a any common consumer-grade mobile device.

That is a fact.

[Ultred Harold Newton Ragnusen]

*Hemidactylus* wrote:

> Facebook keeps the hits aв cominв.

*Why do the Apple Apologists consistently always act like little children*
when told a mere fact?

Notice everyone how the Apple Apologists react to the mere fact that there
is a huge security hole in iOS that affects hundreds of millions of users
at this very moment, who are not aware of this fact.

What the Apple Apologists do is blame everyone else!

We saw nospam blame Android, and now we see Hemidactylus blame Facebook.

Really?
Your answer to a security bug is that it's all Facebook's fault?

I call this very typical response of blaming everyone else, the 'hand
caught in the cookie jar' syndrome which is common among the Apple
Apologists.

Mommy: Why did you eat those cookies?
Hemidactylus: What cookies?

Mommy: The cookies in your hand.
Hemidactylus: <hides hands behind back> I didn't eat them!

Mommy: Well, then, why are cookie crumbs all over your face?
Hemidactylus: <wipes face> It's not my fault!

Mommy: Don't you know you're not supposed to eat the cookies?
Hemidactylus: Android made me do it!

Mommy: You are a bad boy Hemidcatylus!
Hemidactylus: It's all Facebooks' fault!

*Why does the Apple Apologists always blame others for Apple's bugs?*

I've been studying the Apple poster on Usenet, where almost always, the
instant an Apple Apologist is confronted with mere facts that they don't
like, they blame everyone else.

*Why are almost all Apple posters such little babies?*

[Jolly Roger]

On 2018-03-26, Ragnusen Ultred <rrag...@ultred.com> wrote:
> Am 26 Mar 2018 01:23:53 GMT, schrieb Jolly Roger:
>
>> The lady doth protest too much, me thinks. : )
>
> *Why are you Apple Apologists

We aren't. You're just trolling as usual. The fact is this is not a
"major security hole", and it can be easily disabled in Settings.

[Ragnusen Ultred]

Am 26 Mar 2018 01:56:43 GMT, schrieb Jolly Roger:

> We aren't. You're just trolling as usual. The fact is this is not a
> "major security hole", and it can be easily disabled in Settings.

And do you personally plan on informing the hundreds of millions of
affected users of what *you* think they should be doing as of more than a
month ago?

Really?
You're that clueless about the real world?

Really?
You have absolutely no comprehension of what is the real world?

*You wouldn't even /know/ this bug existed if I didn't tell you.*

Hundreds of millions of people don't know this bug exist until someone
tells them. Will Apple tell them? Let's see, shall we?

What's terrible about this bug isn't that nospam touts how secure an iOS
device is from a frontal brute force attack by a state-sponsored adversary,
nor that you blame everyone but Apple for Apple's bugs ...

No. What's terrible about this bug is that you prove, time and again, that
you act exactly like a child acts, whenever you're confronted with mere
fact about your beloved platform that you don't like.

If I was back in grad school, I would have liked to ask your permission to
study you for the kind of study that Dunning Kruger ran on skills self
assessment.

You'd be *perfect* for a grad-school thesis!

[Jolly Roger]

On 2018-03-26, Ragnusen Ultred <rrag...@ultred.com> wrote:

> Am 26 Mar 2018 01:56:43 GMT, schrieb Jolly Roger:
>
>> We aren't. You're just trolling as usual. The fact is this is not a
>> "major security hole", and it can be easily disabled in Settings.
>
> And do you personally plan on informing the hundreds of millions of
> affected users

Don't need to. It's a minor issue and will be fixed shortly. Troll,
troll, troll your boat... You've got nothing better to do.

> If I was back in grad school

You'd fail.

[Uultred ragnusen]

Jolly Roger <jolly...@pobox.com> wrote:

> Don't need to. It's a minor issue and will be fixed shortly. Troll,
> troll, troll your boat... You've got nothing better to do.

Notice that only on the Apple newsgroups is a bearer of mere fact
considered a troll, by the children of the newsgroup, namely you, Jolly
Roger.

Those same inconvenient facts would be accepted on the adult newsgroups.

I really would love to ask your permission to study you, as Dunning and
Kruger did, for your phenomenally high self-assessment of your skill set,
Jolly Roger.

That you apparently feel that hundreds of millions of people will all do
exactly what you personally ask of them is, indeed, spectacular.

Let's also see, shall we, if Apple is the one to notify them, since I don't
think you have the capability of addressing the issue for all those
hundreds of millions of people, even though your words make that assumption
clear.

[Ragnusen Ultred]

Am Fri, 23 Mar 2018 21:26:18 -0700, schrieb Ragnusen Ultred:

> Direct quote: *"A massive security hole has been found in iOS 11"*
> I only speak fact.

"First reported by Mac Magazine, the bug is seemingly present in all
versions of iOS 11, including the latest beta version of iOS 11.3.

To try it out for yourself, you can go into Settings > Notifications >
select an app (preferably a messaging app) > Show Previews > and click on
When Unlocked. Have someone send you a notification on the chosen app and
ask Siri to "read my notifications".

We tried it out ourselves, and found the bug does exist. On an iPhone 7
Plus running iOS 11.2.6, Siri read out WhatsApp and Slack messages despite
the 'When Unlocked' setting.

This bug is of particular concern to iPhone X users as the smartphone is
set to hide notification previews - which are shown on Face ID
authentication - out-of-the-box. This means potentially all notifications
on the iPhone X can be read out without the owner's permission."

https://gadgets.ndtv.com/mobiles/news/ios-11-privacy-bug-siri-reads-notifications-even-when-previews-are-hidden-1827250

[Ragnusen Ultred]

Am 25 Mar 2018 14:23:51 GMT, schrieb Jolly Roger:

> +1 *slow clap*

I only speak fact.

What's amazing is that the Apple Apologists consistently assume that a
state-sponsored agency will go bother to go frontal with brute-force
cracking, where, it turns out, all they really have to do is just speak
nicely to the iPhone and it opens itself wide to them instantly.

"The only notifications that Siri doesn't seem to be willing to blab about
are those from Apple's native Messages app. Holding down the home button
(or the side button on the Apple iPhone X) will put Siri into blabbermouth
mode."

"In a statement given to MacRumours, Apple said: "We are aware of the issue
and it will be addressed in an upcoming software update". All they would
need to do is to simply ask Siri to read all the notifications. However,
*iOS 11 is still ridden with bugs and issues*."

http://iphonefresh.com/2018/03/24/siri-bug-in-ios-11-enables-access-to-hidden-notifications.html

[Ragnusen Ultred]

Am Sun, 25 Mar 2018 07:41:35 -0500, schrieb *Hemidactylus*:

> Crisis averted.

*This is a pretty serious security issue*
https://www.phonedog.com/2018/03/22/apple-fix-ios-bug-siri-read-hidden-notifications-update

"Major Siri bug exposes all your hidden messages even if your phone is locked"
https://mashable.com/2018/03/21/siri-iphone-lock-screen-bug-exposes-messages/#w2FSNGTQkaqY

"Apple tried to beef up iOS security in iOS 11 by letting you hide the
content of notifications until you unlock your iPhone, but it looks like a
bug has caused that feature to become useless."
https://www.phonedog.com/2018/03/21/ios-bug-siri-read-notifications-aloud-even-hidden

Notice how all the Apple Apologists such as Hemidactylus desperately try to
minimize what is, in effect, a massive security hole in iOS that Apple
didn't even test.

Remember, Apple *never* tests any of their products in the real world.

Also remember, The SVP of engineering says that iOS is so bug ridden that
he want to stop shipping it on Marketing's schedule.

And yet, Marketing knows that the Apple customer /feels/ safe just getting

release after release after release after release after release, even

though Craig knows it's buggy release after buggy release after buggy
release after buggy release.

Did Apple find this huge security hole?
Hell no.

Why not?
They never test iOS in the real world.
Never.

They say so themselves on their own web pages, and Craig publicly said so,
in effect, when he came out against the horrid assemblage of buggy iOS
releases.

[Ragnusen Ultred]

Am Sun, 25 Mar 2018 12:06:08 -0400, schrieb nospam:

> they've backed down on that, a bit.

What's funny is that nospam always tries to say that a state-sponsored
adversary will brute force frontally attack your iOS device, where all you
have to do is speak nicely to it and it will blabber away your privacy.

What I find revealing is that only the Apple Apologists minimize what is a
huge security hole in iOS (again).

Not one of you child-like Apple Apologists who have this minimizing and
blaming gene can find a /single/ news article that backs up your
minimizations.

Meanwhile, the references all show that reasonable people consider this a
massive security hole.

What's interesting is that you, nospam, blame Android, but it never once
occurs to you that Apple doesn't find even the /simplest/ of bugs to test
for.

This isn't the first time that we can easily prove that statement is a
fact, and you know that.

So the real question is why doesn't Apple feel the need to test their own
iOS releases for security holes?

The answer is obvious.

What matters to most Apple customers isn't the security, but the frequency
of updates. Mere frequency makes Apple users /feel/ safe.

We've proven that the iOS releases are not tested in the real world so many
times that there can be few other explanations for so many bugs that are
never caught by Apple and yet which are trivial to test for.

Given those inconvenient facts, this statement is welcome:
"iOS 11 has been plagued by a number of bugs and security-related issues
since it was released last year, which has lead to speculation that Apple
is planning to nix significant updates to iOS this year in favour of
focusing on stability and security."
https://www.theinquirer.net/inquirer/news/3029055/apple-promises-fix-for-ios-11-bug-that-allows-siri-to-read-hidden-notifications

--
What's funny is that nospam always tries to say that a state-sponsored
adversary will brute force frontally attack your device, where all you have
to do is speak nicely to it and it will blabber away your privacy.

[nospam]

In article <p9bdbe$sa3$1...@gioia.aioe.org>, Ragnusen Ultred

<rrag...@ultred.com> wrote:

>
> > they've backed down on that, a bit.
>
> What's funny is that

you once again snip to alter context so you can rant about things you
know nothing about.

the above comment was about forbes.com and their ad blocking.

it has nothing to do with apple, android, google or any other tech
company for that matter.

[Ragnusen Ultred]

Am Mon, 26 Mar 2018 15:50:04 -0400, schrieb nospam:

> you once again snip to alter context so you can rant about things you
> know nothing about.
>
> the above comment was about forbes.com and their ad blocking.
>
> it has nothing to do with apple, android, google or any other tech
> company for that matter.

Fair enough both points, which is that I only spoke about facts of what you
speak about most often, and you spoke about Forbes.

[arlen holder]

> The exploit has been in place since iOS 11.2.6 and has been left unpatched
> in all six developer and public betas of iOS 11.3, and it's expected that
> iOS 11.3 will ship with this massive hole, just like the Broadcom bug
> shipped with massive holes that Apple knew about and had the patches for.
>
> Yet again, we'll see if Apple touts a "security update" that they /know/
> has massive holes in it so big you can drive a bus through them.

Fact.

Yet more bugs in the _untested_ iOS diarrhea of frequent releases...

o facetime privacy bug
<https://groups.google.com/forum/#!topic/misc.phone.mobile.iphone/NFW7nz6FELw>