Forgot your password?
typodupeerror

Comment: Re:iOS Attack Vector? (Score 1) 65

by BasilBrush (#48042071) Attached to: iOS Trojan Targets Hong Kong Protestors

Phones are sold with the latest OS version. Jailbreaks take months to come out for a particular OS version, if they come out at all.

For example there is no iOS 8 jailbreak. So no iPhone 6 or any iOS device running iOS 8 is jailbroken.

I can believe that a good proportion of pre-owned phones come with a jailbreak. But not new phones, even if they are grey market or intercepted by corrupt governments.

Comment: Re:Update to Godwin's law? (Score 1) 467

by BasilBrush (#48041953) Attached to: Obama Administration Argues For Backdoors In Personal Electronics

Crazy isn't it. It's perfectly obvious that terrorism is acts that are designed to terrorise. After 9/11 plenty of people were scared to fly, use other forms of public transport, visit large cities, or go to any busy public place. That's what made it terrorism. The act itself was mass murder - it's that larger intent to use fear to change behaviour that makes it terrorism.

Governments, politicians and security services are obviously intelligent enough to know this. Which makes their misuse of the word nothing less than deliberate propaganda.

Comment: Re:Update to Godwin's law? (Score 1) 467

by BasilBrush (#48041877) Attached to: Obama Administration Argues For Backdoors In Personal Electronics

I'm on a long term quest to watch all available episodes of Horizon (a BBC science documentary series going since the 1960s).

One of them is called "How to commit a perfect murder". I'm glad I use duckduckgo as a search engine rather than Google when I was looking that one up.

Just one example of why it's a bad idea to to let governments or corporations profile people based on what they search for.

Comment: Re:ridiculous (Score 1) 164

by BasilBrush (#48041715) Attached to: Apple Fixes Shellshock In OS X

The discovery of this is proof that many eyes DO find problems

No it isn't. The chance that these two vulnerabilities that hung round for 1-2 decades are the only ones is vanishingly small. They are an illustration that even the most mainstream of OSS code that's been around a long time hasn't been code reviewed properly.

They are proof that that many uncoordinated and unrewarded eyes DON'T find problems. Because they don't even look.

Furthermore, this was a feature it wasn't entirely a security bug

Bullshit. The vulnerability it deminstrates has been demonstrated, it is not documented, and it doesn't make any sense that that's what it does. That's not a feature.

The possibility that some people are using it in software doesn't make it a feature either. The very definition of hacking is using technology in a way that is not intended. That's what those programs are doing. Indeed malware is software that deliberately uses vulnerabilities, and that doesn't make those vulnerabilities features.

With more people aware of this new attack vector, bash is going to get more attention--- MORE eyes again.

AFTER 20 years. Having to scramble to fix something 2 decades late is not in any way an endorsement of a development practice. It's a condemnation of it. And in any case it's no different from what commercial closed source software teams would do it they similarly found out they'd been negligent with a particular code base for 20 years.

"More eyes" is a myth. You have to be a blind zealot to still believe it.

Comment: Re:Open Source is still better (Score 1) 164

by BasilBrush (#48030955) Attached to: Apple Fixes Shellshock In OS X

Apple wouldn't have known about this little known old feature turned security hole if it wasn't for open source.

Apple wouldn't have had this defect if they hadn't used open source. For sure it might (and does) have others, but given it's taken 20 years for this defect to be found, the idea that there is any superior bug finding capability in the open source arena is laughable.

The myth "With may eyes all defects are shallow" was only ever believed by the naive. Shellshock and Heartbleed have proved it was nonsense. At this time only the religious still believe it.

Comment: Re:Wrong on two counts (Score 1) 164

by BasilBrush (#48030841) Attached to: Apple Fixes Shellshock In OS X

1) We don't know when the bug was introduced, although it's clear that it was quite some time ago.

You may not, but "we" do. I posted last Thursday that this vulnerability dates back to 1994.

http://slashdot.org/comments.p...

The difference is that with OSS, they all will eventually get found and fixed. The same can't be said of closed source software.

That's religion, not fact. Furthermore your claim in the previous paragraph that "It's been shown by people much smarter than me that it's mathmatically impossible to do so." means that OSS cannot possibly fix all the bugs.

You disappear in a cloud of your own illogicality.

Comment: Re:that was fast (Score 1) 164

by BasilBrush (#48030765) Attached to: Apple Fixes Shellshock In OS X

Which is probably why this is a quick and dirty downloadable patch, rather than a proper OS update available to all with auto-update.

Those who have systems that open up BASH to the internets can get this partial fix, and get subsequent ones as BASH fixes progress. Those 99.999% for whom it's not relevant aren't bothered with pointless updates.

Comment: Re:Ahh yes (Score 1) 164

by BasilBrush (#48030681) Attached to: Apple Fixes Shellshock In OS X

Heck if you're going to rewrite in a more modern language why only move from a 1970s language to a 1980s language?

C++ does nothing to eliminate the common causes of defects and vulnerabilities - buffer overflows, dangling and unexpectedly nil pointers etc. Nor does it have anything to offer for the modern world of multiprocessing. And it's memory management is primitive.

If you're going to move forward from the 1970s, do it properly.

Comment: Re: Why isn't this auto-update? (Score 2) 164

by BasilBrush (#48030515) Attached to: Apple Fixes Shellshock In OS X

That's not a "dirty secret". Having a single component that launches all daemons is a laudable improvement over the adhoc, multiple methods that had grown up in Unix like OSs.

Linux has political problems between Linus and the systemd team, and systemd may be overreaching. None of which is relevant to OSXs entirely different component launchd.

And if anyone thinks there's any copying going on here, take note of the direction - OSX launchd dates back to 2005. Linux systemd to 2010.

Somebody ought to cross ball point pens with coat hangers so that the pens will multiply instead of disappear.

Working...