Google Groups no longer supports new Usenet posts or subscriptions. Historical content remains viewable.
Dismiss
icloud privacy breach
3 views
Skip to first unread message
badgolferman
Jan 30, 2019, 12:00:10 PM1/30/19
to
It turns out that Apple also possibly suffered a privacy breach late
last year due to a bug in its platform that might have exposed some of
your iCloud data to other users, but the company chose to keep the
incident secret... maybe because it was not worth to disclose, or
perhaps much more complicated.
Last week, Turkish security researcher Melih Sevim contacted The Hacker
News and claimed to have discovered a flaw in Apple services that
allowed him to view partial data, especially notes, from random iCloud
accounts as well as on targeted iCloud users just by knowing their
associated phone numbers.
In response to The Hacker News email and knowing that we are working on
a story, Apple acknowledged the bug report, saying "the issue was
corrected back in November," without responding to some other important
questions, including for how many weeks the flaw remained open, the
estimated number of affected users (if any) and if there is any
evidence of malicious exploitation?
https://thehackernews.com/2019/01/icloud-privacy-breach.html
last year due to a bug in its platform that might have exposed some of
your iCloud data to other users, but the company chose to keep the
incident secret... maybe because it was not worth to disclose, or
perhaps much more complicated.
Last week, Turkish security researcher Melih Sevim contacted The Hacker
News and claimed to have discovered a flaw in Apple services that
allowed him to view partial data, especially notes, from random iCloud
accounts as well as on targeted iCloud users just by knowing their
associated phone numbers.
In response to The Hacker News email and knowing that we are working on
a story, Apple acknowledged the bug report, saying "the issue was
corrected back in November," without responding to some other important
questions, including for how many weeks the flaw remained open, the
estimated number of affected users (if any) and if there is any
evidence of malicious exploitation?
https://thehackernews.com/2019/01/icloud-privacy-breach.html
arlen holder
Jan 30, 2019, 2:39:06 PM1/30/19
to
On Wed, 30 Jan 2019 17:00:10 +0000 (UTC), badgolferman wrote:
> https://thehackernews.com/2019/01/icloud-privacy-breach.html
It's abundantly clear to adults that Apple doesn't sufficiently test.
The real problem is that safety _clearly_ isn't a concern to Apple.
o *What matters most to Apple is the IMAGE of safety.*
Apple knows that IMAGE is everything.
o Because Apple knows the customer desperately wants to _feel_ safe!
That's why Apple clearly doesn't sufficiently test releases...
The proof is in the taste of the pudding... (i.e., in facts).
o Apple Was Slow to Act on FaceTime Bug That Allows Spying on iPhones
<https://www.nytimes.com/2019/01/29/technology/facetime-glitch-apple.html>
o Lockscreen exploit easilfy found only hours after iOS 12.1 released
<https://groups.google.com/d/msg/misc.phone.mobile.iphone/N-hQKPDI4a0/4tfgLojLAAAJ>
o Apple Macs Have Yet Another Password-Bypassing Bug
<https://groups.google.com/d/msg/comp.sys.mac.system/4rM5ZPCgThI/X8HEf0BvCAAJ>
o A massive security hole has been found in iOS 11
<https://groups.google.com/d/msg/misc.phone.mobile.iphone/xGV0X_Qfqc4/VqqWWwMXBAAJ>
o It is yet another shoddy example of Apple rushing to fix a critical issue
<https://groups.google.com/d/msg/comp.sys.mac.system/mqTrBBlvGCU/jrJWtF8DBAAJ>
o Every time iOS updates, Apple causes new problems in the REAL world...
<https://groups.google.com/d/msg/misc.phone.mobile.iphone/Z6xD4HaiyjE/Jr5yYrBUCAAJ>
o Yet again, Apple forgot to test iOS 11.2.6 in the real world
<https://groups.google.com/d/msg/misc.phone.mobile.iphone/AlkmHCTSUXg/K5GdwrzdCQAJ>
o iOS 12.1 Beta Includes Fix for iOS 12 iPhone and iPad Charging Issue
<https://groups.google.com/d/msg/misc.phone.mobile.iphone/pdlKvBUmrj0/8jnSieURAwAJ>
o Forbes reports that Apple finally confirmed the new iPhones have a serious design flaw
<https://groups.google.com/d/msg/misc.phone.mobile.iphone/fyXNjaNgS50/fjZt5KTtAgAJ>
etc.
HINT: That's only the result of a ten-second search over just one year.
> https://thehackernews.com/2019/01/icloud-privacy-breach.html
It's abundantly clear to adults that Apple doesn't sufficiently test.
The real problem is that safety _clearly_ isn't a concern to Apple.
o *What matters most to Apple is the IMAGE of safety.*
Apple knows that IMAGE is everything.
o Because Apple knows the customer desperately wants to _feel_ safe!
That's why Apple clearly doesn't sufficiently test releases...
The proof is in the taste of the pudding... (i.e., in facts).
o Apple Was Slow to Act on FaceTime Bug That Allows Spying on iPhones
<https://www.nytimes.com/2019/01/29/technology/facetime-glitch-apple.html>
o Lockscreen exploit easilfy found only hours after iOS 12.1 released
<https://groups.google.com/d/msg/misc.phone.mobile.iphone/N-hQKPDI4a0/4tfgLojLAAAJ>
o Apple Macs Have Yet Another Password-Bypassing Bug
<https://groups.google.com/d/msg/comp.sys.mac.system/4rM5ZPCgThI/X8HEf0BvCAAJ>
o A massive security hole has been found in iOS 11
<https://groups.google.com/d/msg/misc.phone.mobile.iphone/xGV0X_Qfqc4/VqqWWwMXBAAJ>
o It is yet another shoddy example of Apple rushing to fix a critical issue
<https://groups.google.com/d/msg/comp.sys.mac.system/mqTrBBlvGCU/jrJWtF8DBAAJ>
o Every time iOS updates, Apple causes new problems in the REAL world...
<https://groups.google.com/d/msg/misc.phone.mobile.iphone/Z6xD4HaiyjE/Jr5yYrBUCAAJ>
o Yet again, Apple forgot to test iOS 11.2.6 in the real world
<https://groups.google.com/d/msg/misc.phone.mobile.iphone/AlkmHCTSUXg/K5GdwrzdCQAJ>
o iOS 12.1 Beta Includes Fix for iOS 12 iPhone and iPad Charging Issue
<https://groups.google.com/d/msg/misc.phone.mobile.iphone/pdlKvBUmrj0/8jnSieURAwAJ>
o Forbes reports that Apple finally confirmed the new iPhones have a serious design flaw
<https://groups.google.com/d/msg/misc.phone.mobile.iphone/fyXNjaNgS50/fjZt5KTtAgAJ>
etc.
HINT: That's only the result of a ten-second search over just one year.
Lewis
Jan 30, 2019, 11:42:26 PM1/30/19
to
In message <xn0lpjy1...@reader.albasani.net> badgolferman <REMOVETHISb...@gmail.com> wrote:
> possibly
> might have
> maybe .. or
> perhaps
Great click bait nothingness.
--
Outside of a dog, a book is a man's best friend. Inside of a dog, it's
too dark to read.
> possibly
> might have
> maybe .. or
> perhaps
Great click bait nothingness.
--
Outside of a dog, a book is a man's best friend. Inside of a dog, it's
too dark to read.
nospam
Jan 31, 2019, 10:50:55 AM1/31/19
to
In article <q2v4t6$or2$1...@dont-email.me>, Meanie <M...@gmail.com> wrote:
> Thus, why I NEVER use a cloud server/service, even though some swear by
> their security. Some services may be a bit more secure than others but
> everyday, hackers are finding new methods to enter these servers and one
> day, they may succeed.
encrypt it. then, if someone does somehow manage to crack the cloud
service, they will then need to crack the encryption.
someone could break into your house and gain access to all sorts of
stuff.
nothing is perfect.
> More so, it could be an ex-disgruntled tech
> employee seeking revenge. I prefer not to take that chance.
actually, no, since cloud services normally require multiple people to
authenticate to access user data, which means that a single disgruntled
employee can't access anything.
plus, everything is logged, so even if someone did manage to do
something, the company would have a record of it and be able to pursue
legal action against those responsible, at a minimum, termination of
their employment.
> Thus, why I NEVER use a cloud server/service, even though some swear by
> their security. Some services may be a bit more secure than others but
> everyday, hackers are finding new methods to enter these servers and one
> day, they may succeed.
encrypt it. then, if someone does somehow manage to crack the cloud
service, they will then need to crack the encryption.
someone could break into your house and gain access to all sorts of
stuff.
nothing is perfect.
> More so, it could be an ex-disgruntled tech
> employee seeking revenge. I prefer not to take that chance.
actually, no, since cloud services normally require multiple people to
authenticate to access user data, which means that a single disgruntled
employee can't access anything.
plus, everything is logged, so even if someone did manage to do
something, the company would have a record of it and be able to pursue
legal action against those responsible, at a minimum, termination of
their employment.
arlen holder
Jan 31, 2019, 11:46:35 AM1/31/19
to
On Thu, 31 Jan 2019 10:50:58 -0500, nospam wrote:
> which means that a single disgruntled
> employee can't access anything.
Where is that link to the Edward Snowden treasure trove?
> which means that a single disgruntled
> employee can't access anything.
arlen holder
Jan 31, 2019, 11:46:36 AM1/31/19
to
On Thu, 31 Jan 2019 10:41:13 -0500, Meanie wrote:
> Thus, why I NEVER use a cloud server/service, even though some swear by
> their security. Some services may be a bit more secure than others but
> everyday, hackers are finding new methods to enter these servers and one
> day, they may succeed. More so, it could be an ex-disgruntled tech
> Thus, why I NEVER use a cloud server/service, even though some swear by
> their security. Some services may be a bit more secure than others but
> everyday, hackers are finding new methods to enter these servers and one
> employee seeking revenge. I prefer not to take that chance.
Hi Meanie,
I don't list you as an Apple Apologist, where what you say rings true.
My personal opinion is "risk" is something that varies among individuals.
o It seems that Apple MARKETING PROPAGANDA _plays_ to that fear
To me, it seems it could be that the more Apple Apologist someone is, the
more adverse to risk they appear to be, but, at the same time, the less
rational they appear to be.
Witness almost _anything_ said by nospam, for example, who just recently
essentially intimated that only "apple branded chargers" are safe.
o What is the most brilliant marketing move Apple ever made?
<https://groups.google.com/forum/#!topic/misc.phone.mobile.iphone/wW-fu0jsvAU>
As another example with real-world facts, look at this privacy thread:
o What is the factual truth about PRIVACY differences or similarities between the Android & iOS mobile phone ecosystems?
<https://groups.google.com/d/msg/misc.phone.mobile.iphone/MiZixhidmOs/ATC1S3s4FQAJ>
These, and many other examples show that Apple "stuff" isn't any safer than
any other stuff (and, in many cases, is far less safe); but Apple _plays_
to the risk adverseness of their typical customer (IMHO).
That's how Apple managed to turn a dead woman into a branding coup!
In the case of the "cloud", any rational adult will _assume_ all their data
will be stolen at some point in time.
Hence, any rational adult would, as you did, rationally decide _what_ to
put on "the cloud", where that could be from nothing to everything.
Personally, I'm with you in that I try to put _nothing_ on "a cloud",
although that isn't as easy as one would like that task to be.
Cue the Apologists swearing how "safe" their favorite cloud solution is,
even as Apple is well known to ship egregious privacy and security bugs in
their software so big a yellow school bus could drive through it (time and
again).
arlen holder
Jan 31, 2019, 11:56:07 AM1/31/19
to
On Thu, 31 Jan 2019 16:46:36 -0000 (UTC), arlen holder wrote:
> Cue the Apologists swearing how "safe" their favorite cloud solution is,
> even as Apple is well known to ship egregious privacy and security bugs in
> their software so big a yellow school bus could drive through it (time and
> again).
BTW, nospam always plays the "encryption" game, where the problem
> Cue the Apologists swearing how "safe" their favorite cloud solution is,
> even as Apple is well known to ship egregious privacy and security bugs in
> their software so big a yellow school bus could drive through it (time and
> again).
isn't the most secure link, but the _least_ secure link, where if I were
nospam, I wouldn't be so _confident_ that Apple doesn't ship software
_constantly_ with holes so big a yellow school bus could drive through.
o Apple Was Slow to Act on FaceTime Bug That Allows Spying on iPhones
<https://www.nytimes.com/2019/01/29/technology/facetime-glitch-apple.html>
o Lockscreen exploit easilfy found only hours after iOS 12.1 released
<https://groups.google.com/d/msg/misc.phone.mobile.iphone/N-hQKPDI4a0/4tfgLojLAAAJ>
o Apple Macs Have Yet Another Password-Bypassing Bug
<https://groups.google.com/d/msg/comp.sys.mac.system/4rM5ZPCgThI/X8HEf0BvCAAJ>
o A massive security hole has been found in iOS 11
<https://groups.google.com/d/msg/misc.phone.mobile.iphone/xGV0X_Qfqc4/VqqWWwMXBAAJ>
o It is yet another shoddy example of Apple rushing to fix a critical issue
<https://groups.google.com/d/msg/comp.sys.mac.system/mqTrBBlvGCU/jrJWtF8DBAAJ>
<https://groups.google.com/d/msg/comp.mobile.ipad/_e0czhOYSHo/WuyowzN73IsJ>
badgolferman
Jan 31, 2019, 1:42:29 PM1/31/19
to
arlen holder wrote:
>Witness almost anything said by nospam, for example, who just recently
cords seem to have something extra in them. A few months back when I
tried to restore a backup to a new phone from iTunes it wouldn't work
until finally a genuine Apple cord was used.
>Witness almost anything said by nospam, for example, who just recently
>essentially intimated that only "apple branded chargers" are safe.
Not saying Apple chargers are better, but I will say the Apple charging
cords seem to have something extra in them. A few months back when I
tried to restore a backup to a new phone from iTunes it wouldn't work
until finally a genuine Apple cord was used.
nospam
Jan 31, 2019, 1:48:41 PM1/31/19
to
In article <xn0lplf7...@reader.albasani.net>, badgolferman
a lot of noname cables skip the data wires, which means they won't work
for syncing and actually makes them not usb compliant. some are even
marketed as 'charge only cables', as if that's a feature.
<REMOVETHISb...@gmail.com> wrote:
> Not saying Apple chargers are better, but I will say the Apple charging
> cords seem to have something extra in them. A few months back when I
> tried to restore a backup to a new phone from iTunes it wouldn't work
> until finally a genuine Apple cord was used.
that didn't need a genuine apple cable, just one that wasn't cheap crap.
> Not saying Apple chargers are better, but I will say the Apple charging
> cords seem to have something extra in them. A few months back when I
> tried to restore a backup to a new phone from iTunes it wouldn't work
> until finally a genuine Apple cord was used.
a lot of noname cables skip the data wires, which means they won't work
for syncing and actually makes them not usb compliant. some are even
marketed as 'charge only cables', as if that's a feature.
badgolferman
Jan 31, 2019, 1:52:55 PM1/31/19
to
Meanie wrote:
1. There are supposed to be security credential checks in place when
accessing servers and it appears this was easily defeated.
2. A person has no real ability to safeguard their online account and
must totally depend on the company's security protocols. Maybe it's
just pictures/videos, maybe there are sensitive information in the
notes, maybe appointments on calendars they don't want others seeing.
You can control who has physical access to your phone, but not the
cloud.
3. Apple hid this flaw and never made it public knowledge until they
were confronted about it. At the very least they should have made a
general statement about "rare cases" and described the enhanced
security precautions taken.
Some will argue you don't want to publicize your weaknesses, but I say
when you admit a shortcoming and show improvements people trust you
even more.
>Thus, why I NEVER use a cloud server/service, even though some swear
>by their security. Some services may be a bit more secure than others
>but everyday, hackers are finding new methods to enter these servers
>and one day, they may succeed. More so, it could be an ex-disgruntled
>tech employee seeking revenge. I prefer not to take that chance.
To me this is a more egregious security flaw than the FaceTime bug.
>by their security. Some services may be a bit more secure than others
>but everyday, hackers are finding new methods to enter these servers
>and one day, they may succeed. More so, it could be an ex-disgruntled
>tech employee seeking revenge. I prefer not to take that chance.
1. There are supposed to be security credential checks in place when
accessing servers and it appears this was easily defeated.
2. A person has no real ability to safeguard their online account and
must totally depend on the company's security protocols. Maybe it's
just pictures/videos, maybe there are sensitive information in the
notes, maybe appointments on calendars they don't want others seeing.
You can control who has physical access to your phone, but not the
cloud.
3. Apple hid this flaw and never made it public knowledge until they
were confronted about it. At the very least they should have made a
general statement about "rare cases" and described the enhanced
security precautions taken.
Some will argue you don't want to publicize your weaknesses, but I say
when you admit a shortcoming and show improvements people trust you
even more.
nospam
Jan 31, 2019, 2:30:31 PM1/31/19
to
In article <q2vguu$g0e$1...@dont-email.me>, Meanie <M...@gmail.com> wrote:
> >> Thus, why I NEVER use a cloud server/service, even though some swear by
> >> their security. Some services may be a bit more secure than others but
> >> everyday, hackers are finding new methods to enter these servers and one
> >> day, they may succeed.
> >
> > encrypt it. then, if someone does somehow manage to crack the cloud
> > service, they will then need to crack the encryption.
>
> If a hacker can breach a major server, what makes you think they can't
> >> Thus, why I NEVER use a cloud server/service, even though some swear by
> >> their security. Some services may be a bit more secure than others but
> >> everyday, hackers are finding new methods to enter these servers and one
> >> day, they may succeed.
> >
> > encrypt it. then, if someone does somehow manage to crack the cloud
> > service, they will then need to crack the encryption.
>
> crack encryption?
because they're two very different things, and breaches are usually
phishing, not security exploits.
equifax had at least one server with the login/password as admin/admin.
the icloud breach from a few years ago was phishing or social
engineering. the name of paris hilton's dog is public knowledge, and
she was dumb enough to use that as her security question. sarah palin's
first grade teacher was also relatively easy to figure out because
she's from a small town in alaska.
> > someone could break into your house and gain access to all sorts of
> > stuff.
> >
> > nothing is perfect.
>
> vulnerable to such an intrusion. When you understand the mindset of what
> criminals seek, it's natural to consider the methods they say to use
> which they avoid.
one rock through your window and the bad guys will have full access to
everything in your house.
cracking a cloud service requires a helluva lot more planning and skill.
> >> More so, it could be an ex-disgruntled tech
> >> employee seeking revenge. I prefer not to take that chance.
> >
> > actually, no, since cloud services normally require multiple people to
> > authenticate to access user data, which means that a single disgruntled
> > employee can't access anything.
>
yep.
a disgruntled employee doesn't need to hack. they would presumably log
back in and access something.
except that protections are in place to prevent that very scenario.
> > plus, everything is logged, so even if someone did manage to do
> > something, the company would have a record of it and be able to pursue
> > legal action against those responsible, at a minimum, termination of
> > their employment.
>
> frame of a company's servers and it's not a guarantee, even if they have
> a record of the breach, they catch the perp(s) involved. Check the news
> sources. Many of them go uncaught.
that's the exception, not the rule.
google, apple, etc. requires multiple people to sign off for access and
only with a valid reason, such as a search warrant. a rogue employee
would need to convince a whole lot of people to access something, and
if anyone tried to get around that, they will *immediately* be fired
and escorted out on the spot, for starters.
also, the likes of google, apple, etc., have *far* too much to lose if
customer security was compromised. they do *not* fuck around.
of course, nothing is perfect and there could be an exploit, just as
there could be someone that will break into your house or car and steal
your stuff.
JF Mezei
Jan 31, 2019, 3:41:36 PM1/31/19
to
On 2019-01-31 13:42, badgolferman wrote:
> Not saying Apple chargers are better, but I will say the Apple charging
> cords seem to have something extra in them.
Late 2017, I had the little cube fail during trip. Upon returning, I did
> Not saying Apple chargers are better, but I will say the Apple charging
> cords seem to have something extra in them.
some research and probably thanks to people here, was pointedto a web
site that compared the Apple cobes to othert cheaper USB power supplies.
The Apple charger was of MUCH higher quality anfd safety than the
el-cheapo ones you get for a few bucks. The electronics, and separation
of high/low voltage was significantly better on the cube.
Whether it makes the price difference worth it, I am not sure. But there
are real quality difference between the Apple cube charge and off the
shelf ones.
nospam
Jan 31, 2019, 3:46:33 PM1/31/19
to
In article <34J4E.159703$o84.1...@fx42.iad>, JF Mezei
connected to your device, potentially frying it, or worse, you, or the
risk of it igniting and burning your house down, with all your stuff
and maybe even you in it, is not worth it.
> But there
> are real quality difference between the Apple cube charge and off the
> shelf ones.
yep.
<jfmezei...@vaxination.ca> wrote:
>
> > Not saying Apple chargers are better, but I will say the Apple charging
> > cords seem to have something extra in them.
>
> Late 2017, I had the little cube fail during trip. Upon returning, I did
> some research and probably thanks to people here, was pointedto a web
> site that compared the Apple cobes to othert cheaper USB power supplies.
>
> The Apple charger was of MUCH higher quality anfd safety than the
> el-cheapo ones you get for a few bucks. The electronics, and separation
> of high/low voltage was significantly better on the cube.
>
> Whether it makes the price difference worth it, I am not sure.
because spending an extra couple of bucks to avoid having mains power
>
> > Not saying Apple chargers are better, but I will say the Apple charging
> > cords seem to have something extra in them.
>
> Late 2017, I had the little cube fail during trip. Upon returning, I did
> some research and probably thanks to people here, was pointedto a web
> site that compared the Apple cobes to othert cheaper USB power supplies.
>
> The Apple charger was of MUCH higher quality anfd safety than the
> el-cheapo ones you get for a few bucks. The electronics, and separation
> of high/low voltage was significantly better on the cube.
>
> Whether it makes the price difference worth it, I am not sure.
connected to your device, potentially frying it, or worse, you, or the
risk of it igniting and burning your house down, with all your stuff
and maybe even you in it, is not worth it.
> But there
> are real quality difference between the Apple cube charge and off the
> shelf ones.
badgolferman
Jan 31, 2019, 4:09:29 PM1/31/19
to
plug adapters for our chargers. It looks like they can handle 220V. I know
chargers for laptops can transform the voltage but didn’t know those little
cubes could too.
Lewis
Feb 1, 2019, 12:58:30 AM2/1/19
to
In message <q2vguu$g0e$1...@dont-email.me> Meanie <M...@gmail.com> wrote:
having actual technical knowledge.
For example, how long would it take to break the encryption on the
password for my encrypted volume? Using a vast government size array of
computers?
9.38 hundred billion trillion centuries
How long would it take that same government-level computer network to
break my login password to my computer?
72.30 years
How long would it take an online attacker to break my login password?
About 72 billion centuries.
Government: 100 trillion password guesses per second
Online attacker: 1000 guesses per second.
Am I concerned at all that a government-level computer cracking network
is going to devote over 70 years to breaking my login password? I am
not. If I were, I'd add one more character to my login password, upping
the time they would need to 8.52 hundred thousand centuries.
And these numbers? These are best case. This assumes the attacker knows
what pool of characters I used for my login password. If they don't
know, even that government agency is looking at a time well over 100
million years.
Now, how long would it take to crack a truly random 8 character password
containing upper, lower, and symbols?
for example, "P*n8aklZ". You might be surprised.
For an online attacker, we are still looking at 200,000 years, but a
government-level cracking array could do it in a little over a minute.
Add two more characters and the government array will need a week.
--
It's better to burn out than it is to rust -- Neil Young as quoted be
Kurt Cobain
> On 1/31/2019 10:50 AM, nospam wrote:
>> In article <q2v4t6$or2$1...@dont-email.me>, Meanie <M...@gmail.com> wrote:
>>
>>> Thus, why I NEVER use a cloud server/service, even though some swear by
>>> their security. Some services may be a bit more secure than others but
>>> everyday, hackers are finding new methods to enter these servers and one
>>> day, they may succeed.
>>
>> encrypt it. then, if someone does somehow manage to crack the cloud
>> service, they will then need to crack the encryption.
>>
>> In article <q2v4t6$or2$1...@dont-email.me>, Meanie <M...@gmail.com> wrote:
>>
>>> Thus, why I NEVER use a cloud server/service, even though some swear by
>>> their security. Some services may be a bit more secure than others but
>>> everyday, hackers are finding new methods to enter these servers and one
>>> day, they may succeed.
>>
>> encrypt it. then, if someone does somehow manage to crack the cloud
>> service, they will then need to crack the encryption.
>>
> If a hacker can breach a major server, what makes you think they can't
> crack encryption?
Because our technical knowledge doesn't come from watching TV, but from
> crack encryption?
having actual technical knowledge.
For example, how long would it take to break the encryption on the
password for my encrypted volume? Using a vast government size array of
computers?
9.38 hundred billion trillion centuries
How long would it take that same government-level computer network to
break my login password to my computer?
72.30 years
How long would it take an online attacker to break my login password?
About 72 billion centuries.
Government: 100 trillion password guesses per second
Online attacker: 1000 guesses per second.
Am I concerned at all that a government-level computer cracking network
is going to devote over 70 years to breaking my login password? I am
not. If I were, I'd add one more character to my login password, upping
the time they would need to 8.52 hundred thousand centuries.
And these numbers? These are best case. This assumes the attacker knows
what pool of characters I used for my login password. If they don't
know, even that government agency is looking at a time well over 100
million years.
Now, how long would it take to crack a truly random 8 character password
containing upper, lower, and symbols?
for example, "P*n8aklZ". You might be surprised.
For an online attacker, we are still looking at 200,000 years, but a
government-level cracking array could do it in a little over a minute.
Add two more characters and the government array will need a week.
--
It's better to burn out than it is to rust -- Neil Young as quoted be
Kurt Cobain
arlen holder
Feb 1, 2019, 12:30:38 PM2/1/19
to
On Thu, 31 Jan 2019 14:12:00 -0500, Meanie wrote:
> Agreed. I have more respect for the integrity of a person or business
> when they admit their errors and simply say, "We'll/I'll learn from it".
> We're human, we make mistakes as individuals and running a business with
> thousands of employees/individuals, things are bound to go wrong from
> time to time.
Did Apple "apologize" for _secretly_ throttling phones?
> Agreed. I have more respect for the integrity of a person or business
> when they admit their errors and simply say, "We'll/I'll learn from it".
> We're human, we make mistakes as individuals and running a business with
> thousands of employees/individuals, things are bound to go wrong from
> time to time.
Did Apple "apologize" for _secretly_ throttling phones?
arlen holder
Feb 1, 2019, 12:30:40 PM2/1/19
to
On Thu, 31 Jan 2019 18:52:54 +0000 (UTC), badgolferman wrote:
> To me this is a more egregious security flaw than the FaceTime bug.
To me, both indicate two things, one for sure, the other implied:
> To me this is a more egregious security flaw than the FaceTime bug.
1. For sure, Apple _should_ have done better testing (that's a fact!)
2. It's implied that Apple really doesn't care about testing (inference)
What's clear is this:
3. When the news breaks - then Apple MOVES FAST!
Inference:
o It seems Apple only cares when their IMAGE is at stake.
> 1. There are supposed to be security credential checks in place when
> accessing servers and it appears this was easily defeated.
o Apple has plenty of _easy_ to test bugs
o The fact they exist, is proof Apple does not sufficiently test for them
Those are obvious facts no intelligent adult could possibly deny.
> 2. A person has no real ability to safeguard their online account
HINT: It's why I don't store anything on Apple servers (if I can help it).
> 3. Apple hid this flaw and never made it public knowledge until they
> were confronted about it.
o Apple doesn't care about actual security as much as the IMAGE of it.
> At the very least they should have made a
> general statement about "rare cases" and described the enhanced
> security precautions taken.
o Witness the battery fiasco ... as just one glaringly obvious example.
1. Apple "secretly" throttled, & only admitted it _after_ the news broke.
2. Apple then lied (and got caught in a bunch more lies) about it.
3. In the end, Apple blamed everyone but themselves for what happened.
And not a single head rolled (as far as I know).
o The inference is that this was typical Apple Marketing Strategy
The strategy, in layman's blunt terms, is:
o Apple doesn't give a shit about the customer nor about the product
o Apple only cares about the IMAGE of the product
> Some will argue you don't want to publicize your weaknesses, but I say
> when you admit a shortcoming and show improvements people trust you
> even more.
o For example, they shipped the broadcom bug, claiming the release was a
"security update" even when they already had the Broadcom-supplied bugfix
in hand _before_ they shipped the 10.x release - and then, only about a
week (or was it 10 days?) later, they had to beg everyone to destroy that
release since they _knew_ when they shipped it that it has security holes
in it so big you could drive a yellow school bus through them.
*That proved that "schedule" is more important than actual security.*
Remember, Craig Federighi said the same thing:
o He complained that the Marketing-driven schedule was more than the
software engineering organization could deliver on without releasing buggy
code.
What does Apple do?
o They _continue_ to be schedule driven instead of quality driven.
The proof is (endlessly) in the taste of the pudding.
*The sheer number of easy-to-find egregious Apple bugs is astounding!*
It's the main reason I state that the Apple user wants to _feel_ safe
o And they feel safe _merely_ by frequent releases
It's exactly why I call it the "diarrhea that is the iOS release schedule".
arlen holder
Feb 1, 2019, 12:30:41 PM2/1/19
to
On Thu, 31 Jan 2019 21:09:29 +0000 (UTC), badgolferman wrote:
> Not sure if other chargers do this, but when we went to Europe we only used
> plug adapters for our chargers. It looks like they can handle 220V. I know
> chargers for laptops can transform the voltage but didn┤ know those little
> Not sure if other chargers do this, but when we went to Europe we only used
> plug adapters for our chargers. It looks like they can handle 220V. I know
> cubes could too.
Hi badgolferman,
I go to Europe at least yearly, and often more than that.
I bring these (and other) very real-world chargers with me:
<http://www.bild.me/bild.php?file=9611828charger02.jpg>
Notice they say "100-240V" and "50/60Hz"?
o That's all they _need_ to say to work in most of Europe.
In decades of going to Europe at least yearly, I think only once have I
found a charger that wouldn't work at both voltages (it was a Nintendo
charger, as I recall).
Certain electronics might not work at the 50Hz frequency, but again, all
you need to do is check the labeling.
You can buy small step-down transformers, but you still have the issue of
frequency so, while I have them, I don't bring them anymore on those trips
(as they are quite heavy).
If you can find a power strip that "says" it is safe at the higher
voltages, then you only need a single mechanical adapter, by the way.
The hard part is finding power strips that "say" they work at the higher
voltages as they may not even exist in the USA (I use "regular" power
strips, but they don't "say" they work at the higher voltages, so I can
just imagine the horror that nospam must feel the moment he hears that!).
:)
arlen holder
Feb 1, 2019, 12:30:42 PM2/1/19
to
On Thu, 31 Jan 2019 15:46:32 -0500, nospam wrote:
> because spending an extra couple of bucks to avoid having mains power
> connected to your device, potentially frying it, or worse, you, or the
> risk of it igniting and burning your house down, with all your stuff
> and maybe even you in it, is not worth it.
The odd thing about nospam is that his arguments _only_ work if you believe
> because spending an extra couple of bucks to avoid having mains power
> connected to your device, potentially frying it, or worse, you, or the
> risk of it igniting and burning your house down, with all your stuff
> and maybe even you in it, is not worth it.
everything said by Apple MARKETING propaganda.
That is, in a world outside of Apple PROPAGANDA, _none_ of nospam's
arguments hold water.
ONLY if you believe _solely_ in Apple MARKETING propaganda - then (and only
then), nospam's comments ring true to you.
To those with a brain ... nospam always sounds like the village idiot.
To those who only believe in propaganda ... nospam sounds like a genius.
In summary, the _only_ argument nopspam _ever_ has, is to spout the exact
Apple Marketing PROPAGANDA that Apple spouts (and doesn't even believe).
arlen holder
Feb 1, 2019, 12:30:44 PM2/1/19
to
On Thu, 31 Jan 2019 18:42:28 +0000 (UTC), badgolferman wrote:
> Not saying Apple chargers are better, but I will say the Apple charging
> cords seem to have something extra in them. A few months back when I
> tried to restore a backup to a new phone from iTunes it wouldn't work
> until finally a genuine Apple cord was used.
Hi badgolferman,
> Not saying Apple chargers are better, but I will say the Apple charging
> cords seem to have something extra in them. A few months back when I
> tried to restore a backup to a new phone from iTunes it wouldn't work
> until finally a genuine Apple cord was used.
I don't disagree with you since you speak logically, like adults do.
o I too have run into cords that 'work differently' on my Apple products.
So my experience is similar to yours, where I get most of my cords from
Fry's, which is a local electronics haven here in the Silicon Valley.
While I agree that some cables have "something" different in them, and that
Apple cables _always_ work (in my experience), I find the Apple cables
o Far too expensive, and,
o Too flimsy (they don't have enough "stress relief" IMHO
Hence, almost all my Apple chargers & cables are merely the ones that came
with my Apple devices (that Alan Baker intimates I "found" pictures of).
To ameliorate that fault, I wrap the ends of my cables, as you see below:
<http://www.bild.me/bild.php?file=3344225charger03.jpg>
What I use is almost anything, e.g., the stretch cord that holds a Costco
chicken tight is one of my favorites (after it's soaked in detergent).
It's stretchy, long, free, and it seems to work nicely as a strain relief.
arlen holder
Feb 1, 2019, 12:30:44 PM2/1/19
to
On Thu, 31 Jan 2019 15:41:35 -0500, JF Mezei wrote:
> Whether it makes the price difference worth it, I am not sure. But there
> are real quality difference between the Apple cube charge and off the
> shelf ones.
I have a five-port charger that is _less_ expensive and far more functional
> Whether it makes the price difference worth it, I am not sure. But there
> are real quality difference between the Apple cube charge and off the
> shelf ones.
than any Apple charger that I have ever personally seen in my life.
Fact is, there's nothing "magical" about Apple chargers.
o They put out the same type of "volts" & "amps" as any other charger does
(Yes, I know nospam will claim otherwise - but he plays silly games).
Having said that...
You'll never hear me say that Apple chargers are crap
o You'll just hear me say they're more expensive than what I buy
o And you'll hear me say they're (often) less functional
What we're talking here is "safety", where there are 2 types of devices:
1. Devices which are unsafe
2. Devices which are safe
While we can assume most (probably almost all, if not all) Apple devices
are safe (by our reasonable definition), we can also say with certainty
that most (but not all) non-Apple devices are just as safe or even safer
for all we know.
IMHO...
The "problem" is that people are _stupid_ when it comes to electricity.
o As you're aware, Apple is FANTASTIC at PROPAGANDA.
o As you're aware, an Apple customer is, generally, clueless (give or take)
about electricity (most probably wouldn't know output impedance from input
impedance, even though nospam will swear that both don't exist).
IMHO...
In general, the Apple customer wants APPLE to make them _feel_ safe.
o And Apple is quite happy to oblige that clueless customer
So what does Apple do?
o *Apple turns dead people into a gold mine of PROPAGANDA!*
o What is the most brilliant marketing move Apple ever made?
<https://groups.google.com/forum/#!topic/misc.phone.mobile.iphone/wW-fu0jsvAU>
o It's the Apple customer who is stupid if they believe otherwise.
In short, the price of the Apple charger is a tax on the stupid.
arlen holder
Feb 1, 2019, 12:30:46 PM2/1/19
to
On Fri, 1 Feb 2019 05:58:30 -0000 (UTC), Lewis wrote:
> Because our technical knowledge doesn't come from watching TV, but from
> having actual technical knowledge.
Jesus Christ.
> Because our technical knowledge doesn't come from watching TV, but from
> having actual technical knowledge.
o Did I just hear Lewis (of all people), intimate that he owns brains?
Worse, did I hear Lewis just say it will take a "hundred billion"
centuries to "break" the password for his encrypted volume?
OMG.
o Lewis and the lemon-juice bank robber are one and the same!
FACTS:
If there's one thing Lewis clearly _doesn't_ own, it's brains.
o And yet, just as clearly, Lewis is absolutely confident he owns them.
FACTS:
Lewis doesn't have the necessary cognitive skills to assess encryption
o He just doesn't.
He _thinks_ he does.
o But Lewis doesn't realize he's been proven _always_ wrong before.
So why does Lewis, who is _always_ wrong on even the simplest of things,
suddenly so very confident that he's right on something actually complex?
Makes no sense.
o But then, Lewis never did make any sense.
arlen holder
Feb 1, 2019, 12:30:47 PM2/1/19
to
On Thu, 31 Jan 2019 14:30:31 -0500, nospam wrote:
> except that protections are in place to prevent that very scenario.
My goodness, nospam.
> except that protections are in place to prevent that very scenario.
o Your statements reek of left-side Dunning-Kruger assessments.
Did the NSA have "protections in place" to prevent Edward Snowden
from accessing the treasure trove that he clearly accessed?
arlen holder
Feb 1, 2019, 12:30:50 PM2/1/19
to
On Thu, 31 Jan 2019 14:06:57 -0500, Meanie wrote:
> If a hacker can breach a major server, what makes you think they can't
> crack encryption?
Hi Meanie,
> If a hacker can breach a major server, what makes you think they can't
> crack encryption?
I agree with your assessment, where the _only_ way nospam can make _any_ of
his "encryption security" claims, is to exactly _parrot_ Apple MARKETING
propaganda.
The fact is that the weak link in security always exists, where, almost
never is "brute force" encryption even remotely required.
Nobody whispers in my ear when they find a way to attack encryption, but I
can tell you examples in history _abound_ where there isn't likely a
_single_ country whose encryption wasn't "cracked" over time (by some
means).
As just a few extremely well known examples (so that I don't have to dig up
the cites for people like Joerz Lorenz or Alan Baker who deny everything
anyway), let's look at the German Enigma.
The German Enigma, you have to admit, was pretty secure, right?
o And yet, the Allies were deciphering messages _before_ the Germans!
Likewise, the Japanese Naval code (JN24) & diplomatic ciphers, right?
o We read the Pearl Harbor war declaration _before_ the diplomats did!
Similarly with the German diplomatic cipher of WWI to Mexico:
o The British gave the Americans the contents of the Zimmerman Telegram
We can go on, and on, and on, and on, even down to American ciphers:
o Rommel was reading American diplomatic reports of British battle plans.
The point is that very expensive people who were paid to keep their ciphers
secret ended up having their ciphers read so easily that often, the
messages were read by the enemy _before_ they were read by the proper
recipients.
Billions of (today's) dollars were likely spent on these ciphers.
o And yet, history abounds with the broken ones
Given that is history, what makes nospam _think_ that Apple's
infinitesimally puny encryption efforts (by way of comparison) stand even
the remotest chance of actually "being secure"?
Here, again, we run into the Dunning-Kruger'ness of nospam.
o It appears that nospam self assesses Apple encryption as 'secure'
o While all of recorded history proves otherwise
And yet, nospam is _confident_ that his _trust_ in Apple is warranted.
The real question is how does anyone communicate with people like nospam?
o I don't think it's possible since they trust themselves more than fact
0 new messages