Google Groups no longer supports new Usenet posts or subscriptions. Historical content remains viewable.
Dismiss

Yet again... proof Apple never tests their products sufficiently in the real world (Google finds another half dozen SERIOUS zero-interaction zero-day Apple vulterabilities)

9 views
Skip to first unread message

Arlen G. Holder

unread,
Jul 30, 2019, 4:14:12 PM7/30/19
to
Yet again, proof that Apple never sufficiently tests their products in the
real world...
o Apple doesn't test privacy/security so much as ADVERTISE it instead

"While Apple largely addressed these significant security flaws with the
release of iOS 12.4 on July 22nd, the researchers are holding back on
revealing the details of one vulnerability that has not yet been fully
patched."

TheVerge:
"Google discovered several iPhone security flaws, and Apple still hasn˘t
patched one; A further five vulnerabilities were patched last week"
<https://www.theverge.com/2019/7/30/20746827/apple-ios-security-flaw-imessage-google-project-zero>

9to5Mac: Six serious 'zero interaction' vulnerabilities found in iOS
<https://9to5mac.com/guides/security/>

EnGadget:
<https://www.engadget.com/2019/07/30/google-project-zero-ios-interactionless-vulnerabilities-apple/>
"The majority of the vulnerabilities discovered by google were so-called
"interactionless" bugs, meaning they can be executed on a remote iOS device
without requiring any sort of direct interaction with the phone. "

EnGadget:
"Apple disables its walkie-talkie Watch app due to vulnerability
The push-to-talk feature will be back as soon as Apple has a fix."
<https://www.engadget.com/2019/07/11/apple-walkie-talkie-feature-disabled-vulnerability/>

ZDNet:
"The six bugs, if sold on the black market, would have brought in well
over $5 million."

BBC:
"Google reveals fistful of flaws in Apple's iMessage app"
<https://www.bbc.com/news/technology-49165946>

What's the chance that Google found them all! :)'

And yet - Apple markets the hell out of their imaginary security! :)

HINT: Apple users just want to _feel_ safe
o Not actually _be_ safe.

Apple products are no safer than any other products...
o Apple simply advertise to the gullible who own imaginary belief systems

Alan Baker

unread,
Jul 30, 2019, 6:52:45 PM7/30/19
to
On 2019-07-30 1:14 p.m., Arlen G. Holder wrote:
> Yet again, proof that Apple never sufficiently tests their products
> in the real world... o Apple doesn't test privacy/security so much as
> ADVERTISE it instead
>
> "While Apple largely addressed these significant security flaws with
> the release of iOS 12.4 on July 22nd, the researchers are holding
> back on revealing the details of one vulnerability that has not yet
> been fully patched."

Which proves insufficiency... ...how?

>
> TheVerge: "Google discovered several iPhone security flaws, and Apple
> still hasn¢t patched one; A further five vulnerabilities were patched
> last week"
> <https://www.theverge.com/2019/7/30/20746827/apple-ios-security-flaw-imessage-google-project-zero>
>
> 9to5Mac: Six serious 'zero interaction' vulnerabilities found in
> iOS <https://9to5mac.com/guides/security/>
>
> EnGadget:
> <https://www.engadget.com/2019/07/30/google-project-zero-ios-interactionless-vulnerabilities-apple/>
>
>

OK. So?

> "The majority of the vulnerabilities discovered by google were so-called
> "interactionless" bugs, meaning they can be executed on a remote iOS
> device without requiring any sort of direct interaction with the
> phone. "
>
> EnGadget: "Apple disables its walkie-talkie Watch app due to
> vulnerability The push-to-talk feature will be back as soon as Apple
> has a fix."
> <https://www.engadget.com/2019/07/11/apple-walkie-talkie-feature-disabled-vulnerability/>
>
> ZDNet: "The six bugs, if sold on the black market, would have
> brought in well over $5 million."
>
> BBC: "Google reveals fistful of flaws in Apple's iMessage app"
> <https://www.bbc.com/news/technology-49165946>
>
> What's the chance that Google found them all! :)'
>
> And yet - Apple markets the hell out of their imaginary security! :)
>
> HINT: Apple users just want to _feel_ safe o Not actually _be_ safe.
>
> Apple products are no safer than any other products... o Apple simply
> advertise to the gullible who own imaginary belief systems

How do you know?

The tech media follows Apple far more closely than any other company.

That's as much a fact as anything you've ever posted.

Arlone G. Trolder

unread,
Jul 31, 2019, 2:31:57 AM7/31/19
to

Another one feeds the troll
Another one feeds the troll
And another one bites, and another one bites
Another one feeds the troll
Hey, I'm gonna get you, too
Another one feeds the troll.

Arlen G. Holder

unread,
Jul 31, 2019, 2:57:54 AM7/31/19
to
I love how this troll is clearly incensed by actual facts about Apple.

They own an imaginary belief system... such that...
o Facts literally DESTROY their belief system - in mere seconds.

Which is why they _hate_ me.
o Simply because I speak facts that DESTROY their imaginary belief system.

Apple does not test their products sufficiently for vulnerabilities...
o And yet they advertise that they do.

Those are incontrovertible facts nobody intelligent could possibly deny.

Arlen G. Holder

unread,
Jul 31, 2019, 2:57:55 AM7/31/19
to
On Tue, 30 Jul 2019 15:52:41 -0700, Alan Baker wrote:

>> "While Apple largely addressed these significant security flaws with
>> the release of iOS 12.4 on July 22nd, the researchers are holding
>> back on revealing the details of one vulnerability that has not yet
>> been fully patched."
>
> Which proves insufficiency... ...how?

Hi Alan,

FACTs & Logic.

The problem is that Apple didn't catch these severe vulnerabilities.
o Advertising the ILLUSION OF PRIVACY is cheaper than actual privacy.

Who caught these severe vulnerabilities (not all of which are fixed)?
o Google caught them - not Apple.

Why not?
o The proof is obvious that Apple didn't sufficiently test its product.

This happens all the time with Apple (hint, root passwords that a kid could
figure out, video apps where a child could eavesdrop on everyone, and did,
etc.).

> The tech media follows Apple far more closely than any other company.

Classic Apple Apologists move you make every time, Alan Baker...
p Blame the media - blame me - blame Google - blame everyone but Apple.

The fact remains - which even you can't dispute Alan Baker...
o Apple doesn't test its products sufficiently for vulnerabilities.

They never have - and they never do.
o HINT: It's sufficientl to merely ADVERTISE security than to deliver it.

> That's as much a fact as anything you've ever posted.

The fact is that Apple did NOT catch their own severe vulnerabilities.
o Yet Apple advertises imaginary security & privacy that doesn't exist.

Alan Baker

unread,
Jul 31, 2019, 3:28:50 AM7/31/19
to
On 2019-07-30 11:57 p.m., Arlen G. Holder wrote:
> I love how this troll is clearly incensed by actual facts about Apple.

I love how you don't understand the difference between "assertion" and
"fact".

Alan Baker

unread,
Jul 31, 2019, 3:30:30 AM7/31/19
to
On 2019-07-30 11:57 p.m., Arlen G. Holder wrote:
> On Tue, 30 Jul 2019 15:52:41 -0700, Alan Baker wrote:
>
>>> "While Apple largely addressed these significant security flaws with
>>> the release of iOS 12.4 on July 22nd, the researchers are holding
>>> back on revealing the details of one vulnerability that has not yet
>>> been fully patched."
>>
>> Which proves insufficiency... ...how?
>
> Hi Alan,
>
> FACTs & Logic.

That doesn't answer my question.

>
> The problem is that Apple didn't catch these severe vulnerabilities.
> o Advertising the ILLUSION OF PRIVACY is cheaper than actual privacy.

Nor does that.

>
> Who caught these severe vulnerabilities (not all of which are fixed)?
> o Google caught them - not Apple.

So?

>
> Why not?
> o The proof is obvious that Apple didn't sufficiently test its product.

That is a conclusion that is not based on fact.

Define your terms.

>
> This happens all the time with Apple (hint, root passwords that a kid could
> figure out, video apps where a child could eavesdrop on everyone, and did,
> etc.).
>
>> The tech media follows Apple far more closely than any other company.
>
> Classic Apple Apologists move you make every time, Alan Baker...
> p Blame the media - blame me - blame Google - blame everyone but Apple.

I didn't blame anyone, "Arlen".

I pointed out a fact.

>
> The fact remains - which even you can't dispute Alan Baker...
> o Apple doesn't test its products sufficiently for vulnerabilities.

By what measure?

Do you know how they stack up against other companies in this regard?

Can you produce proof of this knowledge if you have it?

Arlen G. Holder

unread,
Jul 31, 2019, 10:29:44 AM7/31/19
to
Did Apple test their product sufficiently, or not, Alan Baker?

HINT: Apple _advertises_ imaginary privacy & security that doesn't exist.

Arlen G. Holder

unread,
Jul 31, 2019, 10:35:58 AM7/31/19
to
On Wed, 31 Jul 2019 00:30:28 -0700, Alan Baker wrote:

>> The fact remains - which even you can't dispute Alan Baker...
>> o Apple doesn't test its products sufficiently for vulnerabilities.
>
> By what measure?
>
> Do you know how they stack up against other companies in this regard?
>
> Can you produce proof of this knowledge if you have it?

Facts, & Logic, Alan Baker
o Facts instantly _DESTROY_ Apologists' wholly imaginary belief systems

o *Anyone can hack into MacOS High Sierra simply by typing "root"*
<https://www.wired.com/story/macos-high-sierra-hack-root/>

o *Apple Macs Have Yet Another Password-Bypassing Bug*
<https://groups.google.com/d/msg/comp.sys.mac.system/4rM5ZPCgThI/X8HEf0BvCAAJ>

o *Apple App Store Security Bypassed By Government iOS Surveillance Malware*
<https://www.forbes.com/sites/daveywinder/2019/04/09/apple-app-store-security-bypassed-by-government-ios-surveillance-malware-what-you-need-to-know/>
<https://groups.google.com/forum/#!topic/misc.phone.mobile.iphone/bC1CDU1pGNM>

o *Apple iOS 12.1.4 has a nasty surprise - installing iOS 12.1.4 is like playing Russian roulette*
<https://groups.google.com/forum/#!topic/misc.phone.mobile.iphone/9LUmdes363g>

o *Yet another non-root password-stealing bug on Apple (Apple _never_ tests sufficiently - and doesn't even KNOW what this bug is yet!)
<https://groups.google.com/forum/#!topic/misc.phone.mobile.iphone/ocCnzVh3BxQ>

o Making sense of the many Apple security flaws
<https://www.wired.com/story/apples-security-macos-high-sierra-ios-11/>

o *Apple Was Slow to Act on FaceTime Bug That Allows Spying on iPhones*
<https://www.nytimes.com/2019/01/29/technology/facetime-glitch-apple.html>

o A massive security hole has been found in iOS 11
<https://groups.google.com/d/msg/misc.phone.mobile.iphone/xGV0X_Qfqc4/VqqWWwMXBAAJ>

o icloud privacy breach
<https://groups.google.com/forum/#!topic/misc.phone.mobile.iphone/eZjiSd1HneE>

o MacWorld: Apple needs to stop promising new products and start delivering them
<https://groups.google.com/d/msg/misc.phone.mobile.iphone/WYjTtnTs-XQ/YyhGkrNXAAAJ>

o Apple just now BLOCKED Live Photos in FaceTime for all _current_ iOS & macOS users!
<https://groups.google.com/forum/#!topic/misc.phone.mobile.iphone/fQ3Kb96gedA>

o An astounding list of security vulnerabilities found in Apple software
<https://www.zerodayinitiative.com/blog/2017/5/15/the-may-2017-apple-security-update-review>

o Lockscreen exploit easily found only hours after iOS 12.1 released
<https://groups.google.com/d/msg/misc.phone.mobile.iphone/N-hQKPDI4a0/4tfgLojLAAAJ>

o Yet again, Apple forgot to test iOS 11.2.6 in the real world
<https://groups.google.com/d/msg/misc.phone.mobile.iphone/AlkmHCTSUXg/K5GdwrzdCQAJ>

o Yet more proof Apple doesn't test software sufficiently (this time not only from Facebook but also from Expedia, Hollister and Hotels.com)
<https://groups.google.com/forum/#!topic/misc.phone.mobile.iphone/8HfdPOQVNVk>

o Yet another shoddy example of Apple rushing to fix a critical issue
<https://groups.google.com/d/msg/comp.sys.mac.system/mqTrBBlvGCU/jrJWtF8DBAAJ>

o Apple openly admits they didn't test iOS in the real world!
<https://groups.google.com/d/msg/misc.phone.mobile.iphone/K8uOvBjJ2rY/2htXivAfAwAJ>

o *iOS 12.1 Beta Includes Fix for iOS 12 iPhone and iPad Charging Issue*
<https://groups.google.com/d/msg/misc.phone.mobile.iphone/pdlKvBUmrj0/8jnSieURAwAJ>

o *Is Apple seriously suggesting that millions of unsuspecting customers - now become - beta testers - just so that their phones will work!*
<https://groups.google.com/d/msg/misc.phone.mobile.iphone/xrovVjnWUo4/mWmtp7EYAwAJ>

o *How to work around the new Apple iOS7 infinite loop of mistrust bug on Linux?*
<https://groups.google.com/d/msg/comp.mobile.ipad/_e0czhOYSHo/WuyowzN73IsJ>

o *Every time iOS updates, Apple causes new problems in the REAL world...*
<https://groups.google.com/d/msg/misc.phone.mobile.iphone/Z6xD4HaiyjE/Jr5yYrBUCAAJ>

o *New Mac Malware steals iPhone text messages from iTunes backups*
<https://www.hackread.com/mac-malware-steals-iphone-text-messages-from-itunes-backups/>

o *Easter Attack Affects Half a Billion Apple iOS Users via Chrome Bug*
<https://threatpost.com/easter-attack-apple-ios/143901/>
etc.

Apologists ignore facts.

Alan Baker

unread,
Jul 31, 2019, 12:09:39 PM7/31/19
to
On 2019-07-31 7:35 a.m., Arlen G. Holder wrote:
> On Wed, 31 Jul 2019 00:30:28 -0700, Alan Baker wrote:
>
>>> The fact remains - which even you can't dispute Alan Baker...
>>> o Apple doesn't test its products sufficiently for vulnerabilities.
>>
>> By what measure?
>>
>> Do you know how they stack up against other companies in this regard?
>>
>> Can you produce proof of this knowledge if you have it?
>
> Facts, & Logic, Alan Baker
> o Facts instantly _DESTROY_ Apologists' wholly imaginary belief systems

<snip>

None of that compared Apple to anyone else, "Arlen".

Alan Baker

unread,
Jul 31, 2019, 12:10:09 PM7/31/19
to
On 2019-07-31 7:29 a.m., Arlen G. Holder wrote:
> On Wed, 31 Jul 2019 00:28:49 -0700, Alan Baker wrote:
>
>> On 2019-07-30 11:57 p.m., Arlen G. Holder wrote:
>>> I love how this troll is clearly incensed by actual facts about Apple.
>>
>> I love how you don't understand the difference between "assertion" and
>> "fact".
>
> Did Apple test their product sufficiently, or not, Alan Baker?

Define: "sufficiently" in this context.

Arlen G. Holder

unread,
Jul 31, 2019, 1:01:00 PM7/31/19
to
On Wed, 31 Jul 2019 09:09:38 -0700, Alan Baker wrote:

> None of that compared Apple to anyone else, "Arlen".

*FACTS*
o The fact is that Apple highly advertises the mere _illusion_ of privacy.
o The fact is that Apple advertise a privacy that clearly doesn't exist.

If Apple actually cared about privacy (rather than simply advertising it)
o Then these incessant vulnerabilities would have been caught by Apple.

The fact is that they were caught NOT by Apple.
o Apple is just "lucky" that someone _told_ them (instead of selling them)

"In one security update last month, for instance, Apple released 64 new
patches for its iPhone operating system. Only six of those security
problems had been identified by Apple's internal researchers. Twelve had
been identified by researchers at Google . Fifteen had been identified by
Wu."
<https://www.forbes.com/2010/07/14/apple-microsoft-security-technology-wu-shi.html>

*FACTS*
o The Apologists' weakness ... is fact.

Arlen G. Holder

unread,
Jul 31, 2019, 1:01:01 PM7/31/19
to
On Wed, 31 Jul 2019 09:10:09 -0700, Alan Baker wrote:

>> Did Apple test their product sufficiently, or not, Alan Baker?
>
> Define: "sufficiently" in this context.

Do you realize that Apple _advertises_ imaginary privacy, Alan Baker?
o It's Apple - not me - who says Apple is different in privacy & security.

And yet, they're not (it's a bold lie - Apple created imaginary belief).
o HINT: The privacy on Apple products is about the same as everyone else.

The only thing different about Apple - is the MARKETING.
o It's marketing's job to create the _illusion_ of privacy.

And you Apologists fell for it.

Alan Baker

unread,
Jul 31, 2019, 1:09:56 PM7/31/19
to
On 2019-07-31 10:00 a.m., Arlen G. Holder wrote:
> On Wed, 31 Jul 2019 09:09:38 -0700, Alan Baker wrote:
>
>> None of that compared Apple to anyone else, "Arlen".
>
> *FACTS*
> o The fact is that Apple highly advertises the mere _illusion_ of privacy.

Not a fact: assertion.

> o The fact is that Apple advertise a privacy that clearly doesn't exist.
>
Not a fact: assertion.

> If Apple actually cared about privacy (rather than simply advertising it)
> o Then these incessant vulnerabilities would have been caught by Apple.

How does Apple's record compare with other companies in this regard,
"Arlen".

Measured by the amount of code released what is Apple's rate of bugs of
this nature compared to other companies.

> The fact is that they were caught NOT by Apple.
> o Apple is just "lucky" that someone _told_ them (instead of selling them)

The fact is that that is irrelevant to the question of "sufficient"
until you define "sufficient".

Alan Baker

unread,
Jul 31, 2019, 1:10:29 PM7/31/19
to
On 2019-07-31 10:01 a.m., Arlen G. Holder wrote:
> On Wed, 31 Jul 2019 09:10:09 -0700, Alan Baker wrote:
>
>>> Did Apple test their product sufficiently, or not, Alan Baker?
>>
>> Define: "sufficiently" in this context.
>
> Do you realize that Apple _advertises_ imaginary privacy, Alan Baker?
> o It's Apple - not me - who says Apple is different in privacy & security.

That is not a definition.

>
> And yet, they're not (it's a bold lie - Apple created imaginary belief).
> o HINT: The privacy on Apple products is about the same as everyone else.

That is not a definition.


>
> The only thing different about Apple - is the MARKETING.
> o It's marketing's job to create the _illusion_ of privacy.

That is not a definition.

> And you Apologists fell for it.

That is not a definition.

Arlen G. Holder

unread,
Jul 31, 2019, 1:31:34 PM7/31/19
to
On Wed, 31 Jul 2019 10:10:28 -0700, Alan Baker wrote:

> That is not a definition.

Are you _that_ dense that you don't comprehend that a root password of
"root" is clearly an indication that Apple didn't test "sufficiently"?

Are you really incognizant of the fact that a child could eavesdrop on
anyone anywhere with a Mac or iOS device (and did) using Facetime is
clearly an indication that Apple didn't test "sufficiently"?

Are you really that incomprehensibly immune to facts that you don't
comprehend that a severe lockscreen exploit easily found literally only
hours after iOS 12.1 released is clearly an indication that Apple didn't
test "sufficiently"?

Arlen G. Holder

unread,
Jul 31, 2019, 2:10:17 PM7/31/19
to
On Wed, 31 Jul 2019 10:09:55 -0700, Alan Baker wrote:

> The fact is that that is irrelevant to the question of "sufficient"
> until you define "sufficient".

1. Changing everyone's admin password to "root" is not sufficient testing.
2. Allowing a child to eavesdrop in Facetime is not sufficient testing.
3. A child easily bypassing the lockscreen is not sufficient testing.
etc.

You apologists _hate_ facts about Apple products.
o You're all like flat earthers.

You're so immune to facts... that
o *All you apologists _can_ do ... is play your silly word games.*

Apple Apologists on the Apple ngs:
o Alan Baker <nu...@ness.biz>
o Alan Browne <bitb...@blackhole.com>
o Andreas Rutishauser <and...@macandreas.ch>
o Beedle <Bee...@dont-email.me>
o B...@Onramp.net
o Chris <ithi...@gmail.com>
o Davoud <st...@sky.net>
o Elden <use...@moondog.org>
o Elfin <elfi...@gmail.com> (aka Lloyd, aka Lloyd Parsons)
o *Hemidactylus* <ecph...@allspamis.invalid>
o joe <no...@domain.invalid>
o Joerg Lorenz <hugy...@gmx.ch>
o Johan <JH...@nospam.invalid>
o Jolly Roger <jolly...@pobox.com>
o Lewis <g.k...@gmail.com.dontsendmecopies>
o Lloyd <elfi...@gmail.com> (aka "Elfin")
o Lloyd Parsons <lloy...@gmail.com> (aka "Elfin")
o Meanie <M...@gmail.com>
o nospam <nos...@nospam.invalid>
o Savageduck <savageduck1@{REMOVESPAM}me.com>
o Snit <use...@gallopinginsanity.com> (aka Michael Glasser)
o Tim Streater <timst...@greenbee.net>
o Wade Garrett <wa...@cooler.net>
o Your Name <Your...@YourISP.com>
o et al.

Alan Baker

unread,
Jul 31, 2019, 2:19:22 PM7/31/19
to
On 2019-07-31 11:10 a.m., Arlen G. Holder wrote:
> On Wed, 31 Jul 2019 10:09:55 -0700, Alan Baker wrote:
>
>> The fact is that that is irrelevant to the question of "sufficient"
>> until you define "sufficient".
>
> 1. Changing everyone's admin password to "root" is not sufficient testing.
> 2. Allowing a child to eavesdrop in Facetime is not sufficient testing.
> 3. A child easily bypassing the lockscreen is not sufficient testing.
> etc.

Why is it you cannot define "sufficient", "Arlen"?

Arlen G. Holder

unread,
Jul 31, 2019, 2:22:07 PM7/31/19
to
On Wed, 31 Jul 2019 11:19:20 -0700, Alan Baker wrote:

> Why is it you cannot define "sufficient", "Arlen"?

Alan Baker

unread,
Jul 31, 2019, 2:26:21 PM7/31/19
to
It's not a silly game, "Arlen".

What is "sufficient" in this context?

You DO understand that at some point, you're going to find bugs. No
software goes out the door perfect.

Arlen G. Holder

unread,
Jul 31, 2019, 3:04:13 PM7/31/19
to
On Wed, 31 Jul 2019 11:26:20 -0700, Alan Baker wrote:

> You DO understand that at some point, you're going to find bugs. No
> software goes out the door perfect.

Hehheh... that's why I proved Apple is no different in privacy than anyone
else, Alan Baker.

What's obvious is you apologists actually _know_ this ... based on the way
you try to make excuses for Apple's astounding number of privacy bugs ...
by claiming Apple is no different than anyone else.

And, in that blame apology you apologists _always_ do - you're quite right.

Alan Baker

unread,
Jul 31, 2019, 3:34:56 PM7/31/19
to
On 2019-07-31 12:04 p.m., Arlen G. Holder wrote:
> On Wed, 31 Jul 2019 11:26:20 -0700, Alan Baker wrote:
>
>> You DO understand that at some point, you're going to find bugs. No
>> software goes out the door perfect.
>
> Hehheh... that's why I proved Apple is no different in privacy than anyone
> else, Alan Baker.

No.

Because you haven't compared in any objective manner Apple's results
with anyone else's.

This is no different than me saying that my car is just as fast as Lewis
Hamilton's F1 car because it also has an engine.

>
> What's obvious is you apologists actually _know_ this ... based on the way
> you try to make excuses for Apple's astounding number of privacy bugs ...
> by claiming Apple is no different than anyone else.

Nope.

I'm pointing out that you haven't shown that Apple ISN'T better.

Your claim is that they aren't, but you've produced literally NOTHING
that supports that claim.

Alan Baker

unread,
Jul 31, 2019, 3:52:57 PM7/31/19
to
On 2019-07-31 10:31 a.m., Arlen G. Holder wrote:
> On Wed, 31 Jul 2019 10:10:28 -0700, Alan Baker wrote:
>
>> That is not a definition.
>
> Are you _that_ dense that you don't comprehend that a root password of
> "root" is clearly an indication that Apple didn't test "sufficiently"?

I understand that you don't want to have a real discussion about what
constitutes sufficiency in software testing.

nospam

unread,
Aug 1, 2019, 9:50:42 AM8/1/19
to
In article <qhsli8$b4g$1...@news.mixmin.net>, Arlen G. Holder
<arling...@nospam.net> wrote:

> 3. A child easily bypassing the lockscreen is not sufficient testing.

false.

however, what's very amusing is that you refuse to use a passcode on
your phone, making it trivial for *anyone* to 'bypass the lockscreen',
not just a child.

Arlen G. Holder

unread,
Aug 2, 2019, 3:20:08 AM8/2/19
to
On Thu, 01 Aug 2019 09:50:40 -0400, nospam wrote:

>> 3. A child easily bypassing the lockscreen is not sufficient testing.
>
> false.
>
> however, what's very amusing is that you refuse to use a passcode on
> your phone, making it trivial for *anyone* to 'bypass the lockscreen',
> not just a child.

Hi nospam,
Every time you apologists post an apology to facts, I shake my head in
wonderment at how utterly childish all your Apple apologies turn out to be.

What on earth does my personal settings have to do with the fact that Apple
shipped to umpteen millions of customers, such untested and insecure code,
that, multiple times, root and lockscreen bugs that even a child could
bypass?

Arlen G. Holder

unread,
Aug 2, 2019, 3:20:10 AM8/2/19
to
On Wed, 31 Jul 2019 12:34:55 -0700, Alan Baker wrote:

> Because you haven't compared in any objective manner Apple's results
> with anyone else's.

Hi Alan Baker,

If apologists could read adult context, they'd find plenty of facts here:
o What is the factual truth about PRIVACY differences or similarities between the Android & iOS mobile phone ecosystems?
<https://groups.google.com/forum/#!topic/misc.phone.mobile.iphone/MiZixhidmOs[1-25]>

Arlen G. Holder

unread,
Aug 2, 2019, 3:20:11 AM8/2/19
to
On Wed, 31 Jul 2019 12:52:56 -0700, Alan Baker wrote:

>> Are you _that_ dense that you don't comprehend that a root password of
>> "root" is clearly an indication that Apple didn't test "sufficiently"?
>
> I understand that you don't want to have a real discussion about what
> constitutes sufficiency in software testing.

Hi Alan Baker,

It's impossible to carry on an _adult_ conversation with an apologist.

If you apologists could read and comprehend anything, you'd realize
o Even Apple themselves said they don't sufficiently test releases

Hint: Craig Federighi,senior vice president of software engineering, internal leaked email.

The proof is in the bugs...
o *Anyone can hack into MacOS High Sierra simply by typing "root"!*
<https://www.wired.com/story/macos-high-sierra-hack-root/>

o *Yet another non-root password-stealing bug on Apple (Apple _never_ tests
sufficiently - and doesn't even KNOW what this bug is yet!)*
<https://groups.google.com/forum/#!topic/misc.phone.mobile.iphone/ocCnzVh3BxQ>

o *Making sense of the many Apple security flaws*
<https://www.wired.com/story/apples-security-macos-high-sierra-ios-11/>

o *Apple just now BLOCKED Live Photos in FaceTime for all _current_ iOS &
macOS users!*
<https://groups.google.com/forum/#!topic/misc.phone.mobile.iphone/fQ3Kb96gedA>

o *An astounding list of security vulnerabilities found in Apple software*
<https://www.zerodayinitiative.com/blog/2017/5/15/the-may-2017-apple-security-update-review>

o *Lockscreen exploit easily found only hours after iOS 12.1 released*
<https://groups.google.com/d/msg/misc.phone.mobile.iphone/N-hQKPDI4a0/4tfgLojLAAAJ>

o *Apple Macs Have Yet Another Password-Bypassing Bug*
<https://groups.google.com/d/msg/comp.sys.mac.system/4rM5ZPCgThI/X8HEf0BvCAAJ>

o *A massive security hole has been found in iOS 11*
<https://groups.google.com/d/msg/misc.phone.mobile.iphone/xGV0X_Qfqc4/VqqWWwMXBAAJ>

o *icloud privacy breach*
<https://groups.google.com/forum/#!topic/misc.phone.mobile.iphone/eZjiSd1HneE>

o *MacWorld: Apple needs to stop promising new products and start delivering them
<https://groups.google.com/d/msg/misc.phone.mobile.iphone/WYjTtnTs-XQ/YyhGkrNXAAAJ>

o *Yet again, Apple forgot to test iOS 11.2.6 in the real world*
<https://groups.google.com/d/msg/misc.phone.mobile.iphone/AlkmHCTSUXg/K5GdwrzdCQAJ>

o *Yet more proof Apple doesn't test software sufficiently (this time not only
from Facebook but also from Expedia, Hollister and Hotels.com)*
<https://groups.google.com/forum/#!topic/misc.phone.mobile.iphone/8HfdPOQVNVk>

o *Yet another shoddy example of Apple rushing to fix a critical issue *
<https://groups.google.com/d/msg/comp.sys.mac.system/mqTrBBlvGCU/jrJWtF8DBAAJ>

o *Apple openly admits they didn't test iOS in the real world!*
<https://groups.google.com/d/msg/misc.phone.mobile.iphone/K8uOvBjJ2rY/2htXivAfAwAJ>

o *Apple Was Slow to Act on FaceTime Bug That Allows Spying on iPhones*
<https://www.nytimes.com/2019/01/29/technology/facetime-glitch-apple.html>

o *iOS 12.1 Beta Includes Fix for iOS 12 iPhone and iPad Charging Issue*
<https://groups.google.com/d/msg/misc.phone.mobile.iphone/pdlKvBUmrj0/8jnSieURAwAJ>

o *Is Apple seriously suggesting that millions of unsuspecting customers - now
become - beta testers - just so that their phones will work! *
<https://groups.google.com/d/msg/misc.phone.mobile.iphone/xrovVjnWUo4/mWmtp7EYAwAJ>

o *How to work around the new Apple iOS7 infinite loop of mistrust bug on
Linux?*
<https://groups.google.com/d/msg/comp.mobile.ipad/_e0czhOYSHo/WuyowzN73IsJ>

o *Every time iOS updates, Apple causes new problems in the REAL world...*
<https://groups.google.com/d/msg/misc.phone.mobile.iphone/Z6xD4HaiyjE/Jr5yYrBUCAAJ>

*o New Mac Malware steals iPhone text messages from iTunes backups*
o *Remember Apple essentially LIED to Congress last year ... well ... guess
what ... ANOTHER LETTER for Tim Cook from Congress *
<https://groups.google.com/forum/#!topic/misc.phone.mobile.iphone/wTAPRuSJoaw>

o *Yet again... proof Apple never tests their products sufficiently in the
real world (Google finds another half dozen SERIOUS zero-interaction zero-day
Apple vulterabilities)*
<https://groups.google.com/forum/#!topic/misc.phone.mobile.iphone/nbxvoDgiGT4>

etc.

Alan Baker

unread,
Aug 2, 2019, 12:36:19 PM8/2/19
to
No, actually.

There are lots of ASSERTIONS there.

Actual, supported facts are thin to nonexistent.

Alan Baker

unread,
Aug 2, 2019, 12:37:34 PM8/2/19
to
On 2019-08-02 12:20 a.m., Arlen G. Holder wrote:
> On Wed, 31 Jul 2019 12:52:56 -0700, Alan Baker wrote:
>
>>> Are you _that_ dense that you don't comprehend that a root password of
>>> "root" is clearly an indication that Apple didn't test "sufficiently"?
>>
>> I understand that you don't want to have a real discussion about what
>> constitutes sufficiency in software testing.
>
> Hi Alan Baker,
>
> It's impossible to carry on an _adult_ conversation with an apologist.
>
> If you apologists could read and comprehend anything, you'd realize
> o Even Apple themselves said they don't sufficiently test releases
>
> Hint

<snip>

Those things show that Apple has security problems.

What it doesn't show is where they sit in relation to other companies.

"Sufficiently" requires a standard to meet.

Arlen G. Holder

unread,
Aug 2, 2019, 6:06:26 PM8/2/19
to
On Fri, 2 Aug 2019 09:36:18 -0700, Alan Baker wrote:

> There are lots of ASSERTIONS there.
>
> Actual, supported facts are thin to nonexistent.

What's shocking is you apologists are immune to the many (many) reliable
news reports in that thread, from reputable outlets, many of which are
purely Apple focused, of which, there are so many it's not funny.

*And yet, you apologists are always absolutely utterly immune to facts.*

Arlen G. Holder

unread,
Aug 2, 2019, 6:07:19 PM8/2/19
to
On Fri, 2 Aug 2019 09:37:31 -0700, Alan Baker wrote:

> Those things show that Apple has security problems.

And that was only a snippet of Apple's huge security problems, Alan.
o The fact is that privacy on Apple products is no different than others.

You apologists actually even know that - since you each blame everyone but
Apple every time a privacy issue surfaces.

Alan Baker

unread,
Aug 2, 2019, 6:15:53 PM8/2/19
to
On 2019-08-02 3:07 p.m., Arlen G. Holder wrote:
> On Fri, 2 Aug 2019 09:37:31 -0700, Alan Baker wrote:
>
>> Those things show that Apple has security problems.
>
> And that was only a snippet of Apple's huge security problems, Alan.
> o The fact is that privacy on Apple products is no different than others.

You have yet to show any support for that assertion.

Alan Baker

unread,
Aug 2, 2019, 6:16:18 PM8/2/19
to
What you lack for your claim, "Arlen"...

...is COMPARISON.

Arlen G. Holder

unread,
Aug 4, 2019, 12:14:45 AM8/4/19
to
On Fri, 2 Aug 2019 15:15:52 -0700, Alan Baker wrote:

> You have yet to show any support for that assertion.

The on-topic discussion relates to Apple's dishonest lack of transparency.

Apple suspends Siri program that allows employees to listen in on users'
private conversations (opt out is useless, Apple's proven perpetual
dishonest lack of transparency is the real problem)

Just as they were forced to admit to secret throttling, and they were
forced to admit that they ignored egregious FaceTime security holes, Apple
yet again only gives a shit about privacy when the shit hits the fan.

o Apple suspends Siri program that allows employees to listen in on users' private conversations
<https://www.rt.com/business/465730-apple-siri-suspend-privacy/>

Cult of Mac: Siri eavesdropping controversy underlines why Apple must be more transparent
<https://www.cultofmac.com/642830/siri-eavesdropping-controversy-apple-transparenct/>

Apple Contractors Will Stop Listening to Your Siri Recordings - for now
<https://www.wired.com/story/apple-siri-recordings-facebook-facial-recognition-roundup/>

VentureBeat: Apple and Google halt human voice-data reviews over privacy backlash, but transparency is the real issue
<https://venturebeat.com/2019/08/02/apple-and-google-halt-human-voice-data-reviews-over-privacy-backlash-but-transparency-is-the-real-issue/>

Voice assistant companies abandon snooping practices after being found out
<https://www.rt.com/news/465704-apple-amazon-alexa-spying/>

Apple and Google Workers Stop Listening to What You Ask Your Voice Assistant, For Now
<https://www.thedailybeast.com/apple-and-google-pause-human-voice-recording-review-over-privacy-concerns>

You Can Now Disable Human Review of Your Alexa Recordings
<https://www.iclarified.com/71905/you-can-now-disable-human-review-of-your-alexa-recordings>

Hey Apple, Opt out is useless. Let people opt in
<https://www.wired.com/story/hey-apple-opt-out-is-useless/>

MacWorld: So Apple¢s going to stop listening in on your Siri requests. Now what?
<https://www.macworld.com/article/3429817/so-apples-going-to-stop-listening-in-on-your-siri-requests-now-what.html>

Apple halts contractors listening to Siri recordings, will offer opt-out
<https://www.scmagazine.com/home/security-news/privacy-compliance/apple-announced-it-will-temporarily-suspend-its-practice-of-allowing-human-contractors-to-grade-snippets-recordings-of-siri-conversations-for-accuracy/>

Alan Baker

unread,
Aug 4, 2019, 12:01:06 PM8/4/19
to
On 2019-08-03 9:14 p.m., Arlen G. Holder wrote:
> On Fri, 2 Aug 2019 15:15:52 -0700, Alan Baker wrote:
>
>> You have yet to show any support for that assertion.
>
> The on-topic discussion relates to Apple's dishonest lack of transparency

No.

You are now moving the goalposts.

That's why you've snipped everything that was previously said.

Arlen George Holder

unread,
Aug 12, 2019, 5:11:38 PM8/12/19
to
Yet more positive proof Apple doesn't test security/privacy sufficiently.
<https://threatpost.com/researchers-bypass-apple-faceid-using-biometrics-achilles-heel>

The reputable hackers, in a reputable forum, clearly identified untested
flaws that Apple, themselves, never finds (Apple relies on others to find
their flaws, where it was already shown Google projects find many).

<https://www.forbes.com/sites/daveywinder/2019/08/10/apples-iphone-faceid-hacked-in-less-than-120-seconds/>
"*The researchers found a flaw* in the liveness detection function of the
biometric authentication system that is *used by Apple* for unlocking an
iPhone using FaceID."


See also the Usenet potluck discussion on the topic on the Apple ngs...
o Face ID hacked
<https://groups.google.com/forum/#!topic/misc.phone.mobile.iphone/0R6YbNRpO7c>

Alan Baker

unread,
Aug 12, 2019, 6:20:36 PM8/12/19
to
On 2019-08-12 2:11 p.m., Arlen George Holder wrote:
> Yet more positive proof...

That you cannot produce a metric indicating what "sufficiently" means in
this context?

Arlen George Holder

unread,
Aug 16, 2019, 5:43:16 PM8/16/19
to
Millions of dollars of marketing of illusory privacy to the contrary ...
o More proof today that _all_ common consumer platforms lack security

"A serious Bluetooth security flaw has been acknowledged by Bluetooth SIG,
the official body in charge of standards for the wireless communications
technology. It is sufficiently dangerous that the official Bluetooth specification has
been changed."

Basically, a single character unlocks your Bluetooth until you patch your device.

o Key Negotiation of Bluetooth
<https://www.bluetooth.com/security/statement-key-negotiation-of-bluetooth/>

o Bluetooth vulnerability could expose device data to hackers
<https://www.theverge.com/2019/8/16/20808597/bluetooth-device-flaw-hackers-vulnerability-data-encryption-cybersecurity-knob>

o Major Bluetooth security flaw exposes devices to hackers
<https://mobilesyrup.com/2019/08/16/major-bluetooth-security-flaw-exposes-devices-to-hackers/>

o Serious Bluetooth flaw finally acknowledged by Apple
<https://9to5mac.com/2019/08/16/bluetooth-security-flaw/>

o Critical KNOB exploit penetrates gaping Bluetooth vulnerability
<https://thenextweb.com/security/2019/08/16/critical-knob-exploit-penetrates-gaping-bluetooth-vulnerability/>

o Serious Bluetooth flaw leaves devices open to attack
<https://www.engadget.com/2019/08/16/bluetooth-flaw-knob-attack/>

o KNOB Attack Weakens Bluetooth Encryption
<https://www.tomshardware.com/news/bluetooth-knob-attack,40178.html>

o Critical Bluetooth security bug discovered
<https://www.digitaltrends.com/mobile/bluetooth-security-flaw-knob-attack/>

o Critical Bluetooth flaw opens millions of devices to eavesdropping attacks
<https://www.helpnetsecurity.com/2019/08/16/bluetooth-cve-2019-9506/>

o Bluetooth security flaw has a silly name but serious consequences
<https://www.slashgear.com/bluetooth-security-flaw-has-a-silly-name-but-serious-consequences-16587472/>

o Bluetooth flaw leaves everyone vulnerable to terrifying KNOB attack
<https://www.trustedreviews.com/news/bluetooth-flaw-leaves-everyone-vulnerable-to-a-massive-knob-attack-3931162>

o Bluetooth BR/EDR supported devices are vulnerable to key negotiation attacks
<https://www.kb.cert.org/vuls/id/918987/>
0 new messages