Follow Slashdot stories on Twitter

 



Forgot your password?
typodupeerror

Comment Re: its just more selective than allowing every LE (Score 5, Insightful) 231

Correct, you do not know much about how iPhones work but it didn't seem to stop you from speculating.

If you want to learn how the encryption works, see this explanation.

Yes, it does use dedicated cryptography hardware. Yes, the key is protected from the rest of the OS.

Comment Re: Doesn't matter. (Score 1) 80

It's these claims that make me wonder if you've used a Mac. It's easy to confirm on a Mac those claims are not true.

Yes, Image Capture settings most definitely stick. That's what is consulted when you plug in a camera device.

Again, /usr/local/ is explicitly excluded from rootless.

As for your Ruby/Perl issue. You're seriously trying to replace the system libraries first and third parties depend on? Why?! They were only ever tested with those system versions.

However, you can change the PATH by editing rc files or using the dscl tool.

Comment Re: Doesn't matter. (Score 1, Informative) 80

Have you never used a Mac? To change the default application for a camera, set it in Image Capture.app.

And, of course, idiots that think they know better can disable rootless. For those that know better, they install Perl or Ruby from source in a pace such as /usr/local/, which is designed for such installations and doesn't require disabling rootless.

Comment Re: Adding together? (Score 1) 111

It only counts fixed bugs, so for Mac OS X, that'd be bugs in 10.8.x and later for 2015.

The funny part is the AppleTV bug list. Apple lists CVE numbers for WebKit in AppleTV security updates (as all 2nd gen and later AppleTVs share code with iOS) even though the WebKit framework is inaccessible.

That is, there's no way to trigger those bugs but they still get counted.

Comment Re: Android. (Score 1) 111

No, they are not all security bugs in the software they were reported for. For example, some people make entries for third-party software when it is, in fact, the OS that prevents the third-party software from securing it.

There have also been times when things like "launching malware runs arbitrary code" get assigned CVE numbers when there hasn't actually been any bug. Because the user explicitly launched the malware.

Comment Re: Android. (Score 4, Informative) 111

There are two ways to get a CVE assigned to an issue. Either report the issue on your software yourself and a CVE gets reserved or have someone else report the issue in your software and a CVE gets assigned.

Neither method actually determines if the CVE is a security issue or the severity if it is a security issue.

Comment Re: Android. (Score 4, Informative) 111

The list is not a list of vulnerabilities. It's a list of known bugs fixed in the last year. It doesn't say anything about the severity of the bugs. For example, since Microsoft never discloses or fixes bugs in Windows Phone, it's very low on the list despite sharing a lot of code with Windows for the desktop. That doesn't mean Windows Phone is somehow more secure.

Comment Re: Android. (Score 5, Informative) 111

Because the list includes bugs found and publicly disclosed, the company that fixes the most bugs has the highest number of disclosed bugs in any list. Since Google doesn't really disclose Android bugs, many never get added to the list.

Furthermore, Apple submits self-found security bugs and gets CVEs assigned to them. Most other vendors do not report self-found bugs.

Slashdot Top Deals

Nothing in progression can rest on its original plan. We may as well think of rocking a grown man in the cradle of an infant. -- Edmund Burke

Working...