A Couple Of Quick Hits
Both are from the BBC:
1. Security holes unearthed in Apple’s iOS7 – the ever helpful Siri will put a locked iPhone in aircraft mode where it can’t be tracked, and you can still get all of the address information from a locked phone. The ‘fixes’ are promised in the next update.
2. RSA warns over NSA link to encryption algorithm – the random number generator in the RSA toolbox doesn’t actually generate random numbers, it generates a known sequence for NSA to use to break the encryption.
In a service note for iPhone purchasers – the new phones have the batteries glued in to make it really difficult to replace a bad battery. They want to sell you a new phone, not fix the one you own.
OT: Cat Blogging is obviously delayed by tour guiding.
2 comments
I remember one of the programming languages on the PC in early-days Windows MS C (or was it VB?) had a pseudorandom sequence generator that required a seed. You could give it a constant seed, which always returned the same sequence (useful for debugging) or you could give it, say, some low-order bits from the system clock (for supposedly better randomization). Trouble was, in that version of Windows on some PCs, the low-order bits of the system clock always returned one of the same two bit patterns. Ooooops!
The problem with that version of iOS is the same as the one that afflicted early versions of Blogger (well, it still does, but to a lesser degree): too damned many options. A user can reasonably be expected to examine and set perhaps a half dozen options, but when it gets to several dozen or a hundred, users will stick with the default, on the assumption that Apple (or Blogger/Google) has already vetted those values.
It may have been VB because MBasic had a totally worthless random function, but their early C was no work of art either.
I know that a lot of people have pointed out that Windows can be a hell of a lot more secure than it normally is precisely because the defaults are for most of the protective options turned off. If they were shipped turned on and people had to turn them off, most systems would be better protected, because people wouldn’t bother.
People want tools and don’t want to spend a lot of time setting them up, so too many options only appeals to geeks, and the guys who get paid to fix them when strange things happen.