![[personal profile]](https://www.dreamwidth.org/img/silk/identity/user.png){kind=small}
thewayneIf you're running Lucid Lynx v10.04, plugging your iPhone mounts it as a USB device and you have total access to the data on the phone.
"This, quite honestly, is a staggering flaw. It basically allows anyone capable of driving a Linux PC to copy data off of an iPhone without the owner of the phone having any idea whatsoever that this has happened.
What’s more worrying is that Marienfeldt and Herbeck think that write access to the iPhone is only a buffer overflow away, which means serious access."
http://www.zdnet.com/blog/hardware/ubuntu-lucid-lynx-1004-can-read-your-iphones-secrets/8424
http://apple.slashdot.org/story/10/05/27/1826207/iPhones-PIN-Based-Security-Transparent-To-Ubuntu?art_pos=24
There was a recent article about smartphones being seized by law enforcement organizations (LEO) and the potential for the phone to be remotely ordered to wipe itself. I know iPhones and Blackberries can do this. So they're talking about LEOs using needing to use Faraday Cage bags and rooms to examine the phones after they make sure to remove the battery when they seize the phone. Of course, the iPhone is a sealed unit and the battery cannot be removed.
Apple claims: "iPhone 3GS protects data through encryption of information in transmission, at rest on the device, and when backed up to iTunes."
In the past I used a Palm Pilot extensively and had a program called CryptoPad that used Blowfish encryption and I knew the backup was also encrypted which required a desktop version of the program to access the backups. I've been looking for an encryption product for the iPad Touch which has become my daily use PDA, so this really bothers me that I can't encrypt things and have confidence that they're secure.
Apparently Apple's encryption and business-level security is badly flawed. And that sucks.
http://marienfeldt.wordpress.com/2010/03/22/iphone-business-security-framework/
http://www.wired.com/gadgetlab/2009/07/iphone-encryption/
"This, quite honestly, is a staggering flaw. It basically allows anyone capable of driving a Linux PC to copy data off of an iPhone without the owner of the phone having any idea whatsoever that this has happened.
What’s more worrying is that Marienfeldt and Herbeck think that write access to the iPhone is only a buffer overflow away, which means serious access."
http://www.zdnet.com/blog/hardware/ubuntu-lucid-lynx-1004-can-read-your-iphones-secrets/8424
http://apple.slashdot.org/story/10/05/27/1826207/iPhones-PIN-Based-Security-Transparent-To-Ubuntu?art_pos=24
There was a recent article about smartphones being seized by law enforcement organizations (LEO) and the potential for the phone to be remotely ordered to wipe itself. I know iPhones and Blackberries can do this. So they're talking about LEOs using needing to use Faraday Cage bags and rooms to examine the phones after they make sure to remove the battery when they seize the phone. Of course, the iPhone is a sealed unit and the battery cannot be removed.
Apple claims: "iPhone 3GS protects data through encryption of information in transmission, at rest on the device, and when backed up to iTunes."
In the past I used a Palm Pilot extensively and had a program called CryptoPad that used Blowfish encryption and I knew the backup was also encrypted which required a desktop version of the program to access the backups. I've been looking for an encryption product for the iPad Touch which has become my daily use PDA, so this really bothers me that I can't encrypt things and have confidence that they're secure.
Apparently Apple's encryption and business-level security is badly flawed. And that sucks.
http://marienfeldt.wordpress.com/2010/03/22/iphone-business-security-framework/
http://www.wired.com/gadgetlab/2009/07/iphone-encryption/
![[identity profile]](https://www.dreamwidth.org/img/silk/identity/openid.png){kind=small}
no subject
Date: 2010-05-31 08:04 am (UTC)Seems like that's happening now.
no subject
Date: 2010-05-31 08:23 am (UTC)That's now changed, particularly with cross-site scripting exploits and the ability for a site to download an exploit that will directly compromise your system.
I've never had a virus or trojan on any of my computers, personal or work, because of my computer habits. I've been attacked successfully once: my (then) laptop (Win XP with a Zone Alarm firewall and anti-virus) had a program installed that I knew had a hack but I didn't think the exploit applied to me. It did. Someone was able to use it to uninstall my anti-virus and was working on my firewall when I realized what was happening and yanked my wireless card out of its socket. That's the only time I've been hacked.
Macs have been safer in that they were too small of a market share to be worth exploiting, but I read something today that said they are the dominant player in the laptop market above $1,000. I find that interesting, and I know the laptop that I'm typing this on (a Mac) definitely cost more than $1,000.
Since Macs are based on Unix, I think they are inherently more secure and difficult to hack than Windows boxes. But if you look at the annual Pwn 2 Own competitions (http://en.wikipedia.org/wiki/Pwn2Own), Macs are compromised very quickly under strict circumstances that loosely resemble real-world circumstances. But every platform ends up compromised.
The desktop market is overwhelmingly Windows, and is likely to stay that way. In mobile phones, I read today that the iPhone has over 3.4 million units sold, so that's pretty substantial.
I didn't buy my Mac for security, I bought it for stability. I've had 3-6 OS-level crashes in the almost 3 years that I've had it. The longest it's been up without a reboot was almost 70 days, I'm very happy about that. If I were paranoid about security, I'd be running the NSA's version of BSD with mega-locked-down services. But the more locked-down a computer is, the less flexible it becomes because you can only use vetted software and services.
no subject
Date: 2010-06-01 02:47 am (UTC)