Apple security problem! Patch your systems urgently

[Jdsk]

I only accept cookies when I so choose and from trusted sites.
(To top up using a voucher for example.)
And I always delete them straightaway.

Understanding cookies and how to manage them is an important part of the greater awareness that I'd like to see.

Jonathan

[kwackers]

PS: I've been involved in many identity and confidentiality projects and one national campaign. "I have nothing to hide" comes up time and time again. AFAICR no-one has ever responded to the obvious challenge to publish what they do have by publishing it.

I quite often claim "I have nothing to hide" but it's not as simplistic a statement as it first appears.
By "nothing to hide" what I really mean is the balance between protecting my privacy and someone managing to figure out stuff about me favours the "knock yourself out" approach.
I wouldn't actively make details public but the amount of effort to discover them is far higher than I personally worry about, if you figure it out then so what.
I suspect such is true of most people.

At the end of the day if someone wants my porn viewing list they can just PM me.
Anything I consider to be truly private doesn't exist on the web anyway.

[PDQ Mobile]

I only accept cookies when I so choose and from trusted sites.
(To top up using a voucher for example.)
And I always delete them straightaway.

Understanding cookies and how to manage them is an important part of the greater awareness that I'd like to see.

Jonathan

And yet you were amongst those who criticized me for not accepting cookies from a redirected (to an unknown, from an original internet search link) on another thread.

How do us mere simple internet users "understand" cookies?

What should we "understand"?
How can we possibly differentiate good from dodgy or dangerous?


There is a simpler option.
And if a site doesn't function then I simply will not use it.

[Psamathe]

From my browser (built-in security protection - I do also have several additional measures beyond built-in blocks but this one from the built-in block)

Ian

[mjr]

From my browser (built-in security protection - I do also have several additional measures beyond built-in blocks but this one from the built-in block)
Screenshot 2021-03-29 at 12.56.11.png

Please save me repeating the experiment: google, tapatalk or something else?

[Psamathe]

From my browser (built-in security protection - I do also have several additional measures beyond built-in blocks but this one from the built-in block)
Screenshot 2021-03-29 at 12.56.11.png

Please save me repeating the experiment: google, tapatalk or something else?

Google Analytics. But I also have piwik "hard blocked" at a prior check so it wouldn't show up on that report (that this forum used to use, no idea now it's completely blocked).

Ian

[simonineaston]

But for many of us this constant need to "keep up man" is an unwelcome pressure...

So true! And there's an irony to learning of the urgent need to patch your phone software via a bunch of friendly cyclists, too!!

[Mick F]

Because you clearly have private data on your 'phone... your AppleID and your passcode.

And I expect a lot more... how about posting a screen dump of your recent 'phone calls and messages?

I can't.
Recent phone calls are deleted. Why would I want a list?
Messages are deleted. Why keep them?

Don't you all do that?

Anything I consider to be truly private doesn't exist on the web anyway.

Spot on.

[Jdsk]

Because you clearly have private data on your 'phone... your AppleID and your passcode.

And I expect a lot more... how about posting a screen dump of your recent 'phone calls and messages?

I can't.
Recent phone calls are deleted. Why would I want a list?
Messages are deleted. Why keep them?

Don't you all do that?

No, most people keep them so that they can easily reply rather than entering the contact details each time, and so that they know who contacted them when, and in case there's any content in messages that could be needed later.

But you know this already.

Jonathan

[Psamathe]

Because you clearly have private data on your 'phone... your AppleID and your passcode.

And I expect a lot more... how about posting a screen dump of your recent 'phone calls and messages?

I can't.
Recent phone calls are deleted. Why would I want a list?
Messages are deleted. Why keep them?

Don't you all do that?
....

Some years ago I used to work for a company who's mobile PDA devices seemed particularly popular with drug dealers. And once under Police custody the officers would notice the "accused" frantically pressing keys on their device to discover they'd deleted their list of contacts. So we'd be passed the device with formal requests to recover the data - which generally took us longer to verify the legality of the request than to actually recover the data (printer was the slowest part of the process).

And then the credit card scam where some computer science students thought themselves really smart as they'd written their own encryption routines ... until some special Police unit investigating such crimes asked for our help and we provided them the actual data without too much trouble.

Ian

[[XAP]Bob]

[...] It's serious enough to need a "single bug" patch, which has been released for all iOS devices dating back to 2013!

That's not a level of support you get with any other phone vendor or mobile os...

Well, the mobile os I'm using at seems to have been updated regularly since 2007, so I don't think that's true.

If you mean devices not os, several Android devices from 2013 are still getting updates, including the Google Nexus 7, LG G2 and Samsung Galaxy S4.

Really? - the S4 (as far as I can tell) is still back on Android 5.0.1 at the latest, which is 2014 vintage - and nothing before 8 was receiving updates last year.

Not counting custom ROMs here for obvious reasons.

Credit to Apple for fixing their "brown paper bag" bug quickly, but it's no more than we should expect.

I agree, that it should be completely non newsworthy... but one thing Apple do significantly better than other manufacturers is support older products, and they have done so for years.

Samsung recently mad a song and dance about moving to giving four years of support on new phones:
https://www.theregister.com/2021/02/23/ ... nt_you_to/

That doesn't tally with your assertion that you already have 8 years of supported updates from your S4.

[[XAP]Bob]

Because you clearly have private data on your 'phone... your AppleID and your passcode.

And I expect a lot more... how about posting a screen dump of your recent 'phone calls and messages?

I can't.
Recent phone calls are deleted. Why would I want a list?
Messages are deleted. Why keep them?

Don't you all do that?

Anything I consider to be truly private doesn't exist on the web anyway.

Spot on.

Depends what you call private - your bank details are all online, whether you use internet banking or not - as are all of your financial doings - tax, both local and national, purchases, everything you do that can possibly be traced to you (i.e. anything paid for with anything other than cash, or paid for with cash, but using a voucher or store card.

Messages are a very useful way of reminding businesses what they said, and reminding me for that matter.
Similarly call history is rather useful when you're telling someone that you have already called about problem A...

[kwackers]

Depends what you call private - your bank details are all online, whether you use internet banking or not - as are all of your financial doings - tax, both local and national, purchases, everything you do that can possibly be traced to you (i.e. anything paid for with anything other than cash, or paid for with cash, but using a voucher or store card.

My bank details are actually available from my website or via email, no need to hack my phone.
People use them to send cash to me all the time.

Whilst I don't go out of my way to make such things public apart from where there's a benefit for me the reality is I honestly don't care that much about such information.
So my "I have nothing to hide" stands in that if you make the effort and figure it out - good on you, but so what?

Where there's a genuine potential benefit (other than spamming me or being a nuisance) I use multifactor auth and tbh getting cash out of my bank is so difficult that even I can't be bothered half the time!

[[XAP]Bob]

It was an example for MickF...

But your journeys past ANPR cameras etc are also logged... there is enough information out there to put together a rather scary amount of detail on most people's lives.
No individual bit might be considered private on it's own, but the aggregation of data - that's a different matter.

[kwackers]

No individual bit might be considered private on it's own, but the aggregation of data - that's a different matter.

I agree about the aggregate but that's gov level surveillance rather than phone hacking and if the gov are making the effort to keep an eye on me then I'm done for anyway.
At some level you simply have to trust them (to a degree) - if I didn't I'd make a lot more effort to be anonymous.