Linked by Thom Holwerda on Mon 1st Apr 2013 12:25 UTC
Apple "Last Friday, The Verge revealed the existence of a dead-simple URL-based hack that allowed anyone to reset your Apple ID password with just your email address and date of birth. Apple quickly shut down the site and closed the security hole before bringing it back online. The conventional wisdom is that this was a run-of-the-mill software security issue. [...] It isn't. It's a troubling symptom that suggests Apple's self-admittedly bumpy transition from a maker of beautiful devices to a fully-fledged cloud services provider still isn't going smoothly. Meanwhile, your Apple ID password has come a long way from the short string of characters you tap to update apps on your iPhone. It now offers access to Apple's entire ecosystem of devices, stores, software, and services."
Thread beginning with comment 557274
To view parent comment, click here.
To read all comments associated with this story, please click here.
RE: it happens to everyone
by BallmerKnowsBest on Mon 1st Apr 2013 18:12 UTC in reply to "it happens to everyone"
BallmerKnowsBest
Member since:
2008-06-02

You know last April there was a 0 day flaw in hotmail, last November there was a Gmail security flaw, did you write a 'when will Microsoft/Google get serious about security?'


Fallacy ahoy: false equivalence. Not that your question would make sense anyway, since Thom wasn't the author of this article to begin with.

Of course, the difference is that those were relatively new flaws, while Apple has consistently released products with security vulnerabilities that everyone else learned how to avoid years (if not decades) ago. That, and Microsoft/Google tend to fix those issues quickly, as opposed to Apple's approach of "steadfastly deny that the problem even exists, then maybe get around to fixing it after 2-3 weeks of bad press."

I know you think it's ok to be biased but, really?


Please. Everyone knows that, coming from an iFanboy, "biased" really just means "not sufficiently-biased in favor of Apple." Not that I should be surprised, of course, since that's a standard apologetics tactic: when you can't refute the message, then attack the messenger.

Apple does what everyone else does. They run automated security tests and when those tests don't cover a particular case a security lapse occurs.


More false equivalence. If you think Apple's security is the same as "everyone else", then maybe you should look up the name "Mat Honan":

http://www.wired.com/gadgetlab/2012/08/apple-amazon-mat-honan-hacki...

A company with the size and resources of Apple has absolutely NO excuse for regularly releasing products with such basic, serious security failings. And it shouldn't be surprising to anyone: when you have a "technology" company with "form over function" as its guiding philosophy, those types of engineering failures are inevitable.

Although this exploit was 'dead simple' it was also not at all 'obvious' as it was not previously discovered.


Switching gears to the post-hoc fallacy? The fact the flaw wasn't discovered previously doesn't prove anything about its obviousness, it just proves that the flaw wasn't discovered previously (derp).

It's equally possible that the flaw went undiscovered because barely anyone actually uses the service. Actually, that's probably more likely, given the way that Apple's previous attempts at online services/social media were all spectacular failures.

Reply Parent Score: 5

v RE[2]: it happens to everyone
by Tony Swash on Mon 1st Apr 2013 23:01 in reply to "RE: it happens to everyone"
RE[3]: it happens to everyone
by Alfman on Tue 2nd Apr 2013 00:21 in reply to "RE[2]: it happens to everyone"
Alfman Member since:
2011-01-28

Tony Swash,

Do you have evidence at all that IOS as an operating system is technically more secure than any of the other mobile platforms or are you claiming things merely because they fit within your world view? It's a serious question. Please provide a source with real details explaining exactly how the IOS operating system is more secure without any of the usual apple fanboy spin-doctored BS.


As for the walled garden, the iphone store moderators are notorious for scrutinizing applications based on morality and banned functionality, but what indication do you have that applications get any attention from a qualified security expert?

It's not like vulnerable iphone applications are unfounded or rare. I'm citing a few examples here, but known IOS app vulnerabilities are not rare. These aren't apple's own vulnerabilities, but it does show that apple's guardians are not doing a great job of vetting app security in the apple store. It would seem apple isn't as good at security as independent security auditors.

http://seclists.org/fulldisclosure/2013/Feb/91
http://www.derkeiler.com/Mailing-Lists/Full-Disclosure/2012-10/msg0...
http://packetstormsecurity.com/files/120397/VL-864.txt
http://seclists.org/fulldisclosure/2013/Mar/8
http://www.exploit-db.com/exploits/24484/
http://cxsecurity.com/issue/WLB-2013020090

Apple's own IOS software has had it's own history of serious vulnerabilities as well. Some of these flaws are actually what permit us to jailbreak the iphone(s) in the first place.

http://browsers.about.com/b/2007/08/02/iphone-update-fixes-serious-...
http://blogs.mcafee.com/mcafee-labs/iphone-dos-vulnerability
http://securitywatch.pcmag.com/apple/283835-iphone-ipad-jailbreak-w...
http://www.pcworld.com/article/169436/Black_Hat_Reveals_iPhone_SMS_...
http://www.computerweekly.com/news/1280090073/Apple-races-to-fix-iP...
http://theiphonewiki.com/wiki/AT+XAPP_Vulnerability


I'm not a security researcher myself, so I cannot say how IOS stacks up to android or anything. But the OP was onto something when he said it happens to everyone.

Reply Parent Score: 6

RE[2]: it happens to everyone
by kristoph on Mon 1st Apr 2013 23:18 in reply to "RE: it happens to everyone"
kristoph Member since:
2006-01-01

Please read again what you wrote and give it some thought. You disputed my points with absolutely no tangible support at all. You simply said they were 'false'. You reference an article that is totally unrelated to technology - which is what I was speaking about - and was a pure social engineering hack. You discounted my opinion because you claim I was a 'fanboi'.

It's weak dude. If you have a solid argument then make it, demonstrate it with facts, without insults and name calling. Your arguments will carry much more weight and people - even those that disagree with you - would give you much more respect.

I'll add that I made a point of saying that it was Microsoft who places the greatest emphasis on security and I absolutely think Google Chrome as a browser has the best security out there and gmail makes the most effort to eliminate phishing scams.

On the other hand Mac OS X has a much lowest malware infection rate (and the gap has increased now that, by default, you can't install unsigned apps) then Windows and iOS has virtually no Malware while Android is riddled with it. I understand this is because Apple simply locks down it's platforms (which many think is a bad thing) but if you bother to read what CIO's are saying their much more comfortable with Apple's security then any other for desktop/mobile use.

Anyhow I am not here to apologize for anyone, I simply think that Thom is pushing his agenda (and he has made it clear on a number of occasions he has a 'bias') and I think that's sort of lame. We don't need to bash one another to have an intelligent discussion on the merits of one platform or another. The pre-Thom OSNews was much more egalitarian, and much more respectful, and I think it sucks that that's changed.

Reply Parent Score: 2

moondevil Member since:
2005-07-08

On the other hand Mac OS X has a much lowest malware infection rate (and the gap has increased now that, by default, you can't install unsigned apps) then Windows and iOS has virtually no Malware while Android is riddled with it. I understand this is because Apple simply locks down it's platforms (which many think is a bad thing) but if you bother to read what CIO's are saying their much more comfortable with Apple's security then any other for desktop/mobile use.


Except, exactly like on the Windows 9X -> XP transition, many users disable this security mechanisms, because they see it as something that gets in the way.

Reply Parent Score: 1

JAlexoid Member since:
2009-05-19

On the other hand Mac OS X has a much lowest malware infection rate (and the gap has increased now that, by default, you can't install unsigned apps) then Windows and iOS has virtually no Malware while Android is riddled with it. I understand this is because Apple simply locks down it's platforms (which many think is a bad thing) but if you bother to read what CIO's are saying their much more comfortable with Apple's security then any other for desktop/mobile use.


Yes, I do know what a lot of CIOs think. Since I happen to work with a lot of them directly. Apple's security on the desktop is no more a concern as it is on Windows. CIOs are aware what and how, most of them are not stupid individuals and know where the problems lie.
Same goes for Android vs iOS, it's more an issue of MDM tool support than anything else... And even then none of the CIOs that have MDM solutions in place or have researched them are against either of the platforms.

Reply Parent Score: 2