Want to read Slashdot from your mobile device? Point it at m.slashdot.org and keep reading!


Forgot your password?

Comment there are ways (Score 1) 169

There is tech to inspect compiled code and try to find malicious bits, even in an automated fashion, that won't be fooled by an idle loop. It's far from perfect or being a silver bullet, but it is there and getting better by the day.

Look at what the security firms are now calling "sandboxing". Look here: https://en.wikipedia.org/wiki/Malware_analysis#Free_automated_malware_analysis_services.5B2.5D

This is most probably what Apple does already, and clearly needs to get better at.

The bad news is that _it's bound_ to happen again.

This is why I agree with BronsCon, Apple should open doors to the sec community, but I don't think it will happen anytime soon.

BronsCon mentions sideloading as a possible way to do analysis, I don't know if this is the case (can sideloaded apps break the sandbox model?) but jailbreaking would obviously do.

Comment What about security (Score 1) 145

I don't subscribe to this rose-tinted point of view, especially if you look at all this beautiful tech from the security standpoint.
Most of the tech we deal with today was originally designed without security concerns. In most cases, security is an afterthought.
So much for sitting back and taking a break.


Intego's "Year In Mac Security" Report 132

david.emery notes the release of Intego's "Year In Mac Security" report (PDF), adding: "Mac OS X and iPhones that haven't been jailbroken fare pretty well (although vulnerabilities exist, there's not been a lot of exploitation). Apple does come in for criticism for 'time to fix' known vulnerabilities. Jailbroken iPhones are a mess. The biggest risk to Macs are Trojan horses, often from pirated software."

"Lead us in a few words of silent prayer." -- Bill Peterson, former Houston Oiler football coach