Bonum Certa Men Certa

Security Problems in iOS and Windows

Utah State Prison Wasatch Facility with Apple



Summary: Ways in which proprietary operating systems (even with excessive restrictions) get exploited and therefore cannot be kept under control by their users

SOFTWARE that contains code which cannot be audited is less likely to be secure. Many security folks agree on this point. Well, rather than use Linux as Apple engineers were about to do (Steve Jobs reportedly vetoed), Apple chose to pick code it need not contribute back to when building iOS, one of the world's most restrictive platforms. Just because iOS is as locked down as a nail on a coffin does not make it secure, either. Appleʼs iOS dials calls without warning, researcher asserts" and an original post says:



I feel the risk posed by how URL Schemes are handled in iOS is significant because it allows external sources to launch applications without user interaction and perform registered transactions. Third party developers, including developers who create custom applications for enterprise use, need to realize their URL handlers can be invoked by a user landing upon a malicious website and not assume that the user authorized it. Apple also needs to step up and allow the registration of URL Schemes that can instruct Safari to throw an authorization request prior to yanking the user away into the application.


Apple has not managed to make the platform secure by expelling everything from it (except the list of "apps" that Apple approves). Kevin Lynch has just alleged that Apple is lying about its reasons for blocking Adobe Trash (Flash):

Last week, critics hammered Adobe over a report showing that Flash drained the new MacBook Air's battery life by several hours. It's not the first time Adobe has been in fisticuffs with Apple: the companies have been duking it out ever since Steve Jobs began ridiculing Flash and touting its alleged-killer, HTML5. Today, in an interview with Fast Company, Adobe CTO Kevin Lynch answered critics who might say HTML5 is somehow more efficient than Flash.


Irrespective of whether Apple is lying or not, Adobe Trash needs to go away. It's a sore spot and it does not belong on the Web. But the point to be made here is that Safari is not secure, with or without Trash. Apple just cannot really use "security" as an excuse for blocking potentially millions of applications (or "apps" as Apple likes to call them, as if "applications" is too big a word for its clients to memorise).

Over at Microsoft's side of things, "Stuxnet attack unleashes a torrent of SCADA hacks":

Intelligence agencies and private cybersecurity companies worldwide are scrambling to reinforce online defenses against a tsunami of malware directed at online industrial control systems in the wake of a successful attack on Iran’s uranium enrichment plants by the Stuxnet worm.

Demand for experienced Supervisory Control and Data Acquisition software experts in the IT security marketplace now has reached record levels, according to various sources.

The sophistication and apparent effectiveness of the Stuxnet worm served as a reminder that national intelligence agencies can deploy formidable attacks when they focus their energies on a single target and do so knowing that their assaults probably will be traced back to their source.


More links about Stuxnet can be found in the links below.

  1. Ralph Langner Says Windows Malware Possibly Designed to Derail Iran's Nuclear Programme
  2. Windows Viruses Can be Politically Motivated Sometimes
  3. Who Needs Windows Back Doors When It's So Insecure?
  4. Windows Insecurity Becomes a Political Issue
  5. Windows, Stuxnet, and Public Stoning
  6. Stuxnet Grows Beyond Siemens-Windows Infections
  7. Has BP Already Abandoned Windows?
  8. Reports: Apple to Charge for (Security) Updates
  9. Windows Viruses Can be Politically Motivated Sometimes
  10. New Flaw in Windows Facilitates More DDOS Attacks
  11. Siemens is Bad for Industry, Partly Due to Microsoft
  12. Microsoft Security Issues in The British Press, Vista and Vista 7 No Panacea
  13. Microsoft's Negligence in Patching (Worst Amongst All Companies) to Blame for Stuxnet
  14. Microsoft Software: a Darwin Test for Incompetence
  15. Bad September for Microsoft Security, Symantec Buyout Rumours
  16. Microsoft Claims Credit for Failing in Security
  17. Many Windows Servers Being Abandoned; Minnesota Goes the Opposite Direction by Giving Microsoft Its Data
  18. Windows Users Still Under Attack From Stuxnet, Halo, and Zeus
  19. Security Propaganda From Microsoft: Villains Become Heroes

Recent Techrights' Posts

The FSF Board and FSF Beard
So the FSF's Board has grown
Law Firms Facing the Consequences for Patently Abusive Litigation on Behalf of Microsoft Employees Who Got Arrested for Strangulation and Had Done Even Worse Things
Having spent 1.5 years bullying me with patronising letters on behalf of Microsofters, last week they got served a massive bill and, in effect, lost the Hearing
LLMs Breaking Everything
Computing and the Net became a playground for scammers and "bros", like people who "invented" fake currencies and also try to tell us that LLMs spewing out things will have some real value
 
Links 22/06/2025: Giving Up on Smartphones and 'Jaws' at 50
Links for the day
Gemini Links 22/06/2025: Furniture Construction and Bubble for Comments
Links for the day
Links 22/06/2025: Windows TCO Tales and YouTube Getting More Hostile to Users
Links for the day
New Report From the EPO's Staff Representatives in The Hague (LSCTH) Reveals Many Unsolved Issues
Local Staff Committee The Hague (LSCTH) wrote to staff just before the weekend
Links 22/06/2025: More Slop Lawsuits (Copyrights) and "America’s Oligarch Problem"
Links for the day
Gemini Links 22/06/2025: Gigantic Toolchest and Annoying Bots
Links for the day
The Calling
Persist and persevere, justice will come your way
So Far Every BetaNews 'Article' is LLM Slop, So BetaNews is Officially Just a Slopfarm
They just don't seem to value what they have
IBM Rumour: Mass Layoffs (RAs) Lists Being Made for Consulting, With Effect in July 2025
Bogus companies with no viable products and no world-leading (in their field) staff are doomed to perish
Links 21/06/2025: Data Breach With 16 Billion Passwords, Dutch Government Recommends Children Under 15 Stay off TikTok and Instagram
Links for the day
Gemini Links 21/06/2025: Notes about Typst (and LaTeX) and Opos
Links for the day
Microsoft's Competition Tactics: Sabotage GNU/Linux Installs, Block Chrome
Edge is dying
1989: Free Software as "Open" Software (OSI Didn't Coin "Open Source", It Also Predates Linux)
"One man's fight for Free software"
The Microsoft OOXML Modus Operandi: Throw 1,000 Pages of Other People's Work for a Judge to Read Ahead of a One-Hour Meeting
No time to discuss this - that's the point
Formalities Officers (FOs) at the EPO Are in Trouble, Reveals Internal Report
We already know, based on an HR pattern we saw at IBM and elsewhere, that reallocating roles can be prerequisite for dismissal and those who do so expect many to resign anyway
The Web is Slop and FUD, Let's Go to Gemini Protocol
Lupa sees self-signed capsules at 92.4%
Over at Tux Machines...
GNU/Linux news for the past day
IRC Proceedings: Friday, June 20, 2025
IRC logs for Friday, June 20, 2025
Links 21/06/2025: Phone Bans for Concerts, Tensions in Taiwan Strait
Links for the day
Gemini Links 21/06/2025: Spoilers, Public Yggdrasil Node, Changes to AuraGem Search
Links for the day
"Six years of Gemini!"
From gemini://geminiprotocol.net
Gemini Links 20/06/2025: Summer Updates and Hardware Failures
Links for the day
Links 20/06/2025: Google Shareholder Sues Google and Google Sued for Defamatory Slop ('Hey Hi') Word Salads ('Summaries')
Links for the day
Linux Journal Might Have Become the Latest Slopfarm Targeting "Linux", the Trends Are Concerning for Dying News Sites
They tarnish the Web with junk and then die
On "Learning to Code"
quality may suffer, plus things get bloated
Quick Points Regarding This Week's Court Hearing
it paves the way for us to squash all the SLAPPs from Microsofters
Common Mistake: Believing Social Control Media Will Document Your Writings/Thoughts and Search Engines Like Google Will Help You Find These
Many news sites wrongly assumed that posting directly to Twitter would be acceptable
The Manchester Bees and This Hot Summer
We have had a fantastic week so far this week
Gemini Protocol Enters Its Seventh Year, Growth Has Accelerated!
Maybe in June 20 2026 there will be over 3,500 active capsules?
Mastodon and the Fediverse Have an Issue: Liability for Content (Even in Other Instances) and Costs
self-hosting is the only logical path forward
Why Microsoft and Its 'Hey Hi' (Slop) Frenzy Fail While Sinking in Deep, Growing Debt
Right now, like Twitter around the time it was sold to MElon, "open" "hey hi" is a big pile of debt with a lot to pay for that debt (interest payments)
Europe is Leaving Microsoft, the Press Coverage Isn't Sufficiently Helpful
The news is generally positive, but the press coverage leaves so much to be desired
Slopwatch: Linuxsecurity, BetaNews, and Linux Journal
slippery slope
Over at Tux Machines...
GNU/Linux news for the past day
IRC Proceedings: Thursday, June 19, 2025
IRC logs for Thursday, June 19, 2025
Gemini Links 20/06/2025: Gemini Protocol Turns 6!
Links for the day