What the summary fails to explain properly is that this vulnerability only works with permissions that are new when the device gets an OS update. Say you install an app and it asks for permission to use NFC, but your device's OS is old and doesn't support NFC (pre 4.0 I think). You install it anyway. Then you upgrade the OS and now it supports NFC. The app then gets the NFC permission without any further prompts or warning to the user.

That is certainly an issue, but not the huge gaping security flaw the summary makes it sound like. Apps can only ask for normal permissions that the OS offers, not bypass security or the sandbox. It's basically a UI issue.

Not in the United States mainstream media (CNN, broadcast networks, etc) and that's what matters since the US was really the only major player that cared at all about the Ukrainian invasion.

Distract the American people, and Russia knows that it can do anything it wants.

I'm thinking of a word for a kind of system where, I don't know, someone makes rules for how large chunks of assets are managed, traded, stored. This word would mean that some PEOPLE, some kind of official-sounding types of PEOPLE, would "check up" on these places, these places that handle and store and manage other people's money, or assets, stuff. They would be checking up to make sure that the people who run those places, those people, wouldn't be, knowingly or unknowingly, doing things with other people's money that they shouldn't be doing. Maybe there could be a kind of system, say, where those people doing those things, are encouraged or made to do some things, to prove, that they have the money and things that they are supposed to have, and doing the things, those things that they are supposed to do, and not doing those things that they are not supposed to be doing, to those other people's money, and assets and stuff. And that they're honest, about what they say that they're doing, and that they're not doing. Who would be doing all that checking, and what would that process be, and who would be subject to it. If only there were one simple word for all of that.

What is going to happen to all those secure credit card transactions that are the life-blood of internet commerce, when third parties figure out how to decrypt packets en-route by infiltrating the procedures of ISP's and alter them to "achieve efficiencies"?

You would think capitalists have a lot to loose if this proposal goes forward.

This is a fundamental problem all the traitorous NSA behavior has created - every time something like this comes up, we're going to wonder if THEY are behind it. Problem is, that way lies madness... we can never really know.

1) It could very well be an innocent coding error. Heck, I could see myself doing this one with the slip of the fingers in BBEdit. I probably HAVE done it at some point in time.

2) It could be an intentional bug slipped in by someone on NSA's payroll.

3) Or, it could be even more nefarious. Perhaps NSA has known about this, but thought the use case was too restricting. So they kept quiet until they were able to slip a more broadly exploitable hole in the development code (or, alternatively, something the compiler can slip into your output). Then, to force everyone to update, they reveal this older bug. We all update, and BAM! They've got us.

We can't really know, anymore.

If you are able to upgrade to iOS 7, you are not able to upgrade to 6.1.6.

Snow Leopard (10.6) is not vulnerable to this bug, since Apple did not switch from OpenSSL to their own SSL/TLS library back then yet. Just verified on my 10.6 box (to verify visit https://www.imperialviolet.org... )

On the other hand, iOS 6.1.5 is - and now I have a choice of using insecure iPhone or upgrading to 7.x.

the reason cable bills go up and no one has a choice of channels is because Disney, Discovery, Viacom and everyone else constantly raise prices and only offer their channels in one big bundle. and always add more channels.

when a channel is blacked out on their TV people always blame comcast or direct TV. they should be blaming the channel owner for wanting too much money and not giving any choice of channels.

comcast might not be a saint, but a bigger comcast will mean that any time a channel owner wants a price increase they risk losing more than half their revenue during the blackout.

Ok, everybody. Self-classification is gross, because misexistentialist says so.

In the interest of public decency, you are now "poor" if you're unable to afford food or clothing, and everyone else is "rich". There is to be no further differentiation, so we can forget all of that "middle class" nonsense.

It you were born within the bounds of the United States of America, you are an American. Everyone else is a foreigner, regardless of immigration, heritage, or temporary circumstances.

Whenever the ambient temperature is above 32 degrees Fahrenheit, it is "warm", and for the sake of avoiding disgusting differentiation, everyone must wear their state-issued "warm" clothes. At 32 degrees Fahrenheit and below, it is "cold", and we all must wear the appropriate "cold" clothing.

Of course, not everyone will want to follow these new rules, but we have a suitable and tasteful classification for that as well. Those who conform will be considered "comrades", and those who violate these basic rules for a civil society will be deemed "unpersons" and will no longer be welcome here.