Bonum Certa Men Certa

Security Problems in iOS and Windows

Utah State Prison Wasatch Facility with Apple



Summary: Ways in which proprietary operating systems (even with excessive restrictions) get exploited and therefore cannot be kept under control by their users

SOFTWARE that contains code which cannot be audited is less likely to be secure. Many security folks agree on this point. Well, rather than use Linux as Apple engineers were about to do (Steve Jobs reportedly vetoed), Apple chose to pick code it need not contribute back to when building iOS, one of the world's most restrictive platforms. Just because iOS is as locked down as a nail on a coffin does not make it secure, either. Appleʼs iOS dials calls without warning, researcher asserts" and an original post says:



I feel the risk posed by how URL Schemes are handled in iOS is significant because it allows external sources to launch applications without user interaction and perform registered transactions. Third party developers, including developers who create custom applications for enterprise use, need to realize their URL handlers can be invoked by a user landing upon a malicious website and not assume that the user authorized it. Apple also needs to step up and allow the registration of URL Schemes that can instruct Safari to throw an authorization request prior to yanking the user away into the application.


Apple has not managed to make the platform secure by expelling everything from it (except the list of "apps" that Apple approves). Kevin Lynch has just alleged that Apple is lying about its reasons for blocking Adobe Trash (Flash):

Last week, critics hammered Adobe over a report showing that Flash drained the new MacBook Air's battery life by several hours. It's not the first time Adobe has been in fisticuffs with Apple: the companies have been duking it out ever since Steve Jobs began ridiculing Flash and touting its alleged-killer, HTML5. Today, in an interview with Fast Company, Adobe CTO Kevin Lynch answered critics who might say HTML5 is somehow more efficient than Flash.


Irrespective of whether Apple is lying or not, Adobe Trash needs to go away. It's a sore spot and it does not belong on the Web. But the point to be made here is that Safari is not secure, with or without Trash. Apple just cannot really use "security" as an excuse for blocking potentially millions of applications (or "apps" as Apple likes to call them, as if "applications" is too big a word for its clients to memorise).

Over at Microsoft's side of things, "Stuxnet attack unleashes a torrent of SCADA hacks":

Intelligence agencies and private cybersecurity companies worldwide are scrambling to reinforce online defenses against a tsunami of malware directed at online industrial control systems in the wake of a successful attack on Iran’s uranium enrichment plants by the Stuxnet worm.

Demand for experienced Supervisory Control and Data Acquisition software experts in the IT security marketplace now has reached record levels, according to various sources.

The sophistication and apparent effectiveness of the Stuxnet worm served as a reminder that national intelligence agencies can deploy formidable attacks when they focus their energies on a single target and do so knowing that their assaults probably will be traced back to their source.


More links about Stuxnet can be found in the links below.

  1. Ralph Langner Says Windows Malware Possibly Designed to Derail Iran's Nuclear Programme
  2. Windows Viruses Can be Politically Motivated Sometimes
  3. Who Needs Windows Back Doors When It's So Insecure?
  4. Windows Insecurity Becomes a Political Issue
  5. Windows, Stuxnet, and Public Stoning
  6. Stuxnet Grows Beyond Siemens-Windows Infections
  7. Has BP Already Abandoned Windows?
  8. Reports: Apple to Charge for (Security) Updates
  9. Windows Viruses Can be Politically Motivated Sometimes
  10. New Flaw in Windows Facilitates More DDOS Attacks
  11. Siemens is Bad for Industry, Partly Due to Microsoft
  12. Microsoft Security Issues in The British Press, Vista and Vista 7 No Panacea
  13. Microsoft's Negligence in Patching (Worst Amongst All Companies) to Blame for Stuxnet
  14. Microsoft Software: a Darwin Test for Incompetence
  15. Bad September for Microsoft Security, Symantec Buyout Rumours
  16. Microsoft Claims Credit for Failing in Security
  17. Many Windows Servers Being Abandoned; Minnesota Goes the Opposite Direction by Giving Microsoft Its Data
  18. Windows Users Still Under Attack From Stuxnet, Halo, and Zeus
  19. Security Propaganda From Microsoft: Villains Become Heroes

Recent Techrights' Posts

Five (or Three) Years Without Social Control Media
Glyn Moody quit X (Twitter)
Why GNU/Linux is Growing
There's growing interest in GNU/Linux right now because people do not fancy buying a new PC just to 'upgrade' (more spying) Windows
 
Microsoft's 'Lawsuit Diplomacy' (SLAPPs Riding UK Libel Law and Piggybacking UK GDPR, Inapplicable!) Will Only Give a Worse Image to Microsofters (and Microsoft), Give Exposure to Even More Suppressed Facts and Scandals
Microsoft came to dominate some sectors because of (or owing to) crimes; Microsoft won't just go away without some more crimes.
Over at Tux Machines...
GNU/Linux news for the past day
IRC Proceedings: Saturday, April 19, 2025
IRC logs for Saturday, April 19, 2025
Electronics in People's Bedrooms
Modern technology not only blurred the gap between "functions" of rooms
Gemini Links 19/04/2025: Contingencies, GTD, and Old Computers
Links for the day
Links 19/04/2025: Economic Races, Charm Offensives, and USB-C Rants
Links for the day
Links 19/04/2025: "Infantilization at Big Tech" and LLM Slop Abused in Defiance of Workplace Rules/Policies
Links for the day
Gemini Links 19/04/2025: Palm Addiction and Real Experts
Links for the day
Egypt is Controlled by Google, Not Microsoft
Moving from Microsoft to Google is not the answer
Microsofters Say They Cannot Find a Job (That They Want) Because of Techrights, But Techrights Merely Reported on Their Behaviour
Quit pointing the finger at people who are recipients of abuse or merely mention the abuse
Free Software and Standards - Not Marketing Blitz - Needed Amid Growing Severity of Dependency on Hostile Suppliers (or Another Country's Sovereignty)
ZenDiS can be described as the "Center for Digital Sovereignty of Public Administration"
When It Comes to the Web, Google is Evil and It Destroys the Web's Integrity With LLM Slop
Even academia, which is meant to keep standards high, is being lured into LLM slop
Over at Tux Machines...
GNU/Linux news for the past day
IRC Proceedings: Friday, April 18, 2025
IRC logs for Friday, April 18, 2025
Links 18/04/2025: "Fentanylware (TikTok) Exodus Continues", Chinese Weapons Allegedly in Russia Already
Links for the day
Gemini Links 18/04/2025: Price of Games and State of Tinylog
Links for the day
Sounds Like IBM is Preparing for Mass Layoffs/Redundancies in Red Hat, Albeit in "PIP" (Performance Improvement Plan) or "Relocation" Clothing
This isn't the "old" IBM; they're applying pressure by confusion and humiliation
Gemini Links 17/04/2025: Role of Language and Back to Mutt for E-mail
Links for the day
"Sayonara" (さよなら), Microsoft
Windows had fallen below iOS in some countries
Links 18/04/2025: Layoffs at Microsoft Infosys and Qt Becoming Increasingly Proprietary (Plus Slop)
Links for the day
Google News is Dying
treating MElon's algorithmic/biased site as a source of verified news
Microsoft's Attack Dogs Have Failed. Now What?
It would be utterly foolish to assume that Microsoft has any intention of changing
All Your "Github Projects" Will be Gone One Day (Just Like Skype)
If you have code you wish to share and keep, then start learning how to do so on your own
To Understand Who's Truly Controlling You Follow the Trail of Censorship (or Self-Censorship)
Do not let media steal and steer the narrative; CoCs are not about "social justice", they're about corporate domination
Fedora Already Lost Its Soul Under IBM
Fedora used to be very strict compared to many other distros and it had attracted very bright volunteers
Microsoft is Still Attacking GNU/Linux and the Net
Microsoft bribed the government using money that did not even exist
Over at Tux Machines...
GNU/Linux news for the past day
IRC Proceedings: Thursday, April 17, 2025
IRC logs for Thursday, April 17, 2025
Gemini Links 18/04/2025: Pinephone Pro and Linux is too Easy
Links for the day