Bonum Certa Men Certa

Security Problems in iOS and Windows

Utah State Prison Wasatch Facility with Apple



Summary: Ways in which proprietary operating systems (even with excessive restrictions) get exploited and therefore cannot be kept under control by their users

SOFTWARE that contains code which cannot be audited is less likely to be secure. Many security folks agree on this point. Well, rather than use Linux as Apple engineers were about to do (Steve Jobs reportedly vetoed), Apple chose to pick code it need not contribute back to when building iOS, one of the world's most restrictive platforms. Just because iOS is as locked down as a nail on a coffin does not make it secure, either. Appleʼs iOS dials calls without warning, researcher asserts" and an original post says:



I feel the risk posed by how URL Schemes are handled in iOS is significant because it allows external sources to launch applications without user interaction and perform registered transactions. Third party developers, including developers who create custom applications for enterprise use, need to realize their URL handlers can be invoked by a user landing upon a malicious website and not assume that the user authorized it. Apple also needs to step up and allow the registration of URL Schemes that can instruct Safari to throw an authorization request prior to yanking the user away into the application.


Apple has not managed to make the platform secure by expelling everything from it (except the list of "apps" that Apple approves). Kevin Lynch has just alleged that Apple is lying about its reasons for blocking Adobe Trash (Flash):

Last week, critics hammered Adobe over a report showing that Flash drained the new MacBook Air's battery life by several hours. It's not the first time Adobe has been in fisticuffs with Apple: the companies have been duking it out ever since Steve Jobs began ridiculing Flash and touting its alleged-killer, HTML5. Today, in an interview with Fast Company, Adobe CTO Kevin Lynch answered critics who might say HTML5 is somehow more efficient than Flash.


Irrespective of whether Apple is lying or not, Adobe Trash needs to go away. It's a sore spot and it does not belong on the Web. But the point to be made here is that Safari is not secure, with or without Trash. Apple just cannot really use "security" as an excuse for blocking potentially millions of applications (or "apps" as Apple likes to call them, as if "applications" is too big a word for its clients to memorise).

Over at Microsoft's side of things, "Stuxnet attack unleashes a torrent of SCADA hacks":

Intelligence agencies and private cybersecurity companies worldwide are scrambling to reinforce online defenses against a tsunami of malware directed at online industrial control systems in the wake of a successful attack on Iran’s uranium enrichment plants by the Stuxnet worm.

Demand for experienced Supervisory Control and Data Acquisition software experts in the IT security marketplace now has reached record levels, according to various sources.

The sophistication and apparent effectiveness of the Stuxnet worm served as a reminder that national intelligence agencies can deploy formidable attacks when they focus their energies on a single target and do so knowing that their assaults probably will be traced back to their source.


More links about Stuxnet can be found in the links below.

  1. Ralph Langner Says Windows Malware Possibly Designed to Derail Iran's Nuclear Programme
  2. Windows Viruses Can be Politically Motivated Sometimes
  3. Who Needs Windows Back Doors When It's So Insecure?
  4. Windows Insecurity Becomes a Political Issue
  5. Windows, Stuxnet, and Public Stoning
  6. Stuxnet Grows Beyond Siemens-Windows Infections
  7. Has BP Already Abandoned Windows?
  8. Reports: Apple to Charge for (Security) Updates
  9. Windows Viruses Can be Politically Motivated Sometimes
  10. New Flaw in Windows Facilitates More DDOS Attacks
  11. Siemens is Bad for Industry, Partly Due to Microsoft
  12. Microsoft Security Issues in The British Press, Vista and Vista 7 No Panacea
  13. Microsoft's Negligence in Patching (Worst Amongst All Companies) to Blame for Stuxnet
  14. Microsoft Software: a Darwin Test for Incompetence
  15. Bad September for Microsoft Security, Symantec Buyout Rumours
  16. Microsoft Claims Credit for Failing in Security
  17. Many Windows Servers Being Abandoned; Minnesota Goes the Opposite Direction by Giving Microsoft Its Data
  18. Windows Users Still Under Attack From Stuxnet, Halo, and Zeus
  19. Security Propaganda From Microsoft: Villains Become Heroes

Recent Techrights' Posts

Google: We Run and Fund Diversity Programs, Please Ignore How Our Own Staff Behaves
censorship is done by the recipients of the grants
European Patent Office (EPO) Has Serious Safety Issues, This New Report Highlights Some of Them
9-page document that was released to staff a couple of days ago
Microsoft-Run FUD Machine Wants Nobody to Pay Attention to Microsoft Getting Cracked All the Time
Fear, Uncertainty, Doubt (FUD) is the business model of "modern" media
Congratulations to Debian Project Leader (DPL) Andreas Tille
It would not be insincere to say that Debian has issues and those issues need to be tackled, eventually
David Graeber, village wives & Debian Outreachy internships
Reprinted with permission from disguised.work
 
If Red Hat/IBM Was a Restaurant...
Two hours ago in thelayoff.com
Why We Republish Articles From Debian Disguised.Work (Formerly Debian.Community)
articles at disguised.work aren't easy to find
Paul Tagliamonte & Debian Outreachy OPW dating
Reprinted with permission from disguised.work
Disguised.Work unmasked, Debian-private fresh leaks
Reprinted with permission from disguised.work
[Meme] Fake European Patents Helped Fund the War on Ukraine
The European Patent Office (EPO) does not serve the interests of Europe
IRC Proceedings: Saturday, April 20, 2024
IRC logs for Saturday, April 20, 2024
Over at Tux Machines...
GNU/Linux news for the past day
Torvalds Fed Up With "AI" Passing Fad, Calls It "Autocorrect on Steroids."
and Microsoft pretends that it is speaking for Linux
Gemini Links 21/04/2024: Minecraft Ruined
Links for the day
Links 20/04/2024: Apple is Censoring China’s App Store for the Communist Party of China
Links for the day
Links 20/04/2024: Accessibility in Gemini and Focus Time
Links for the day
20 April: Hitler's Birthday, Debian Project Leader Election Results
Reprinted with permission from Daniel Pocock
September 11: Axel Beckert (ETH Zurich) attacks American freedoms
Reprinted with permission from Daniel Pocock
20,000 victims of unauthorized Swiss legal insurance scheme
Reprinted with permission from Daniel Pocock
Matthew Garrett, Cambridge & Debian: female colleague was afraid
Reprinted with permission from disguised.work
Neil McGovern & Ruby Central part ways
Reprinted with permission from disguised.work
Links 20/04/2024: Chinese Diplomacy and 'Dangerous New Course on BGP Security'
Links for the day
Over at Tux Machines...
GNU/Linux news for the past day
IRC Proceedings: Friday, April 19, 2024
IRC logs for Friday, April 19, 2024
The Latest Wave of Microsoft Crime, Bribes, and Fraud
Microsoft is still an evil, highly corrupt company
Links 19/04/2024: Running a V Rising Dedicated Server on GNU/Linux and More Post-"AI" Hype Eulogies
Links for the day
Gemini Links 19/04/2024: Kolibri OS and OpenBSD
Links for the day
[Video] Novell and Microsoft 45 Years Later
what happened in 2006 when Novell's Ron Hovsepian (who had come from IBM) sealed the company's sad fate by taking the advice of Microsoft moles
[Meme] EPO “Technical” Meetings
an institution full of despots who commit or enable illegalities
EPO “Technical” Meetings Are Not Technical Anymore, It's Just Corrupt Officials Destroying the Patent Office, Piecewise (While Breaking the Law to Increase Profits)
Another pillar of the EPO is being knocked down
Red Hat Communicates the World Via Microsoft Proprietary Spyware
Red Hat believes in choice: Microsoft... or Microsoft.
Sven Luther, Lucy Wayland & Debian's toxic culture
Reprinted with permission from disguised.work
Chris Rutter, ARM Ltd IPO, Winchester College & Debian
Reprinted with permission from disguised.work
[Video] Microsoft Got Its Systems Cracked (Breached) Again, This Time by Russia, and It Uses Its Moles in the Press and So-called 'Linux' Foundation to Change the Subject
If they control the narrative (or buy the narrative), they can do anything
Links 19/04/2024: Israel Fires Back at Iran and Many Layoffs in the US
Links for the day
Russell Coker & Debian: September 11 Islamist sympathy
Reprinted with permission from disguised.work
Sven Luther, Thomas Bushnell & Debian's September 11 discussion
Reprinted with permission from disguised.work
G.A.I./Hey Hi (AI) Bubble Bursting With More Mass Layoffs
it's happening already
Over at Tux Machines...
GNU/Linux news for the past day
IRC Proceedings: Thursday, April 18, 2024
IRC logs for Thursday, April 18, 2024