Funny thing is windows phone was pretty secure for the time but everyone rejected it^apparently iOS is horribly exploitable, like many have been telling you for some time.
It is worth noting that none of the exploits bypassed the new, PAC-based JIT hardenings that are enabled on A12 devices.
Now, add in two additional snippets of information:“It feels like the amount of effort that went into the exploits is very significant,” said Charles Holmes, a managing principal research consultant who focuses on mobile security at Atredis partners. “Maintaining capabilities off of the last three years of iOS and a combination of hardware devices and firmware—a lot of time and effort went into that. My gut feels like some nation was behind maintaining that capability.”
Its even more secure now, if you consider security through obscurity to be a thing.Funny thing is windows phone was pretty secure for the time but everyone rejected it
Too true, my final windows phone Nokia 630 never had any web ads or Facebook ads. Nobody bought them because the audience was so small.Its even more secure now, if you consider security through obscurity to be a thing.
I'm still rocking a 1020.
iPhones have never been "obscure" and Apple has never depended on security by obscurity for the iOS platform.
Uh? I don't recall iPads being used as server hardware.Keep telling yourself this. You're wrong.
I just gave up on my Lumia 950 like a month ago. I'm amazed by how ahead of its time it was in several ways.Its even more secure now, if you consider security through obscurity to be a thing.
I'm still rocking a 1020.
Lack of useful apps killed itI just gave up on my Lumia 950 like a month ago. I'm amazed by how ahead of its time it was in several ways.
People are sheep. Win phone should have killed it.
I think he's saying that there's quite a few companies where the admins have to take iOS into account as they let their employees use iPhones and iPads. That actually caused one of the security issues with iOS that Apple patched earlier this year, where they have a program for enterprise customers to have a special certification that lets them manage the apps without the normal Apple locks.Fortunatley for server admins, iOS is not used in their practice. The bossman who has an iPad in the executive office, however, might be a liability to the company.
Sorry you're absolutely wrong about this, but then I'm fairly certain you know what they meant by obscurity in this case and are just trying to be argumentative. Apple has hardly been open about their security methods and that's actually gotten worse over time as they now just go "we have a secure processor, it handles everything, trust us!" which we're seeing is actually not secure because if the secure processor can be compromised or exploited it can defeat the rest of the security measures.iPhones have never been "obscure" and Apple has never depended on security by obscurity for the iOS platform. It has always been locked down far tighter than Android. Apple doesn't want unauthorized non-AppStore code to run, even if it's not malicious.
iOS has always had a far greater emphasis on security than Android.
Anything that connects to the internet can be exploited. Including iOS devices. I would suggest though that Apple is far more likely than any Android vendor to actually patch and push the updates. And for a much longer period of time.But keep pretending like iOS doesn't have MAJOR security issues in spite of Apple's fluff that they're doing so much for security.
See above, Apple has to let some external management or else they wouldn't be used in those markets, and that has opened things up to lots of exploits.
The thing is, I don't think it was difficult to port apps to it. That's not the issue really, the issue is maintaining those apps and providing support. Companies didn't make enough money from users on those devices to make it worth the support costs. Microsoft was even porting apps themselves to try and entice companies to go with it, but they weren't biting because having workable apps was never the issue.Lack of useful apps killed it
Microsoft’s hope that being easy to port apps from google/Apple was foolish. Why would either company allow MS to collect money for them.
There's no patch & update to be had when the vulnerabilities are hidden. The implant left no trace on the device, only used exploit chains to load itself in RAM. A simple device reboot would erase it, but by that time it would have already uploaded enough sensitive data to allow (permanent) access to the victim's online accounts.I would suggest though that Apple is far more likely than any Android vendor to actually patch and push the updates. And for a much longer period of time.
Not quite true any more.iPhones have never been "obscure" and Apple has never depended on security by obscurity for the iOS platform. It has always been locked down far tighter than Android. Apple doesn't want unauthorized non-AppStore code to run, even if it's not malicious.
iOS has always had a far greater emphasis on security than Android.
. . . such as a clueless executive, or what have you. I get that much. You think they'd be segmented from core infrastructure though.I think he's saying that there's quite a few companies where the admins have to take iOS into account as they let their employees use iPhones and iPads.
From briefly looking at product pages for a few AM1 motherboards, I can tell you that Asus and Gigabyte (at least) don't look like they've got BIOS revisions newer than ones released in 2016. Whatever vulnerabilities there were in Kabini are pretty much still there.I also haven't seen much mention of patching on the low end for Atom and AMD's AM1 platform.
The issue is that, they are becoming part of the core infrastructure, because people want their smartphones and are transitioning to them being integral to their workflow (and that's gonna get worse when AR systems start to take off). Its not just the owners and ignorant execs, the entire company (including the IT people) want the slick devices. Blackberries weren't cutting it any more. Heck, even Google and Microsoft were forced to allow iOS and support it, and then Apple was forced to capitulate security options for large organizations. Heck, its enough that even high ranking (highest ranking really) government officials are even willing to compromise things so they can use their devices.. . . such as a clueless executive, or what have you. I get that much. You think they'd be segmented from core infrastructure though.
Yes, yes, spare me the nonsense argument (FYI, devices that can't connect are also exploitable). Again, this isn't about saying that others are as bad or worse. In fact, your attitude is exactly some of the problem. We're seeing that faith/trust in Apple (or any company/person) is misguided, and that the people saying we shouldn't be trusting Apple just because they do a big show claiming they're more secure turned out to be right. I would agree they're more likely to patch than Android, but when its still this ridiculously terribly pathetically bad, then it doesn't even hardly matter.Anything that connects to the internet can be exploited. Including iOS devices. I would suggest though that Apple is far more likely than any Android vendor to actually patch and push the updates. And for a much longer period of time.
Those are the ones I expect to present the biggest security problems to organizations these days.Heck, its enough that even high ranking (highest ranking really) government officials are even willing to compromise things so they can use their devices.
I had completely forgotten about DDIO. Actually I don't remember if I ever knew about it in the first place. Why am I not surprised? Disabling RDMA looks like it could have some pretty serious performance implications for clusters.Back on topic, another day, another Intel security issue:
Another day, another cache base attack exposing Intel's lack of access right enforcement on the cache. That's one deep rabbit hole.Back on topic, another day, another Intel security issue:
![]()
Weakness in Intel chips lets researchers steal encrypted SSH keystrokes
DDIO makes servers faster. It can also allow rogue servers to covertly steal data.arstechnica.com
At least Intel isn't ignoring it, guess we'll see if Anandtech will like they have been other Intel vulnerabilities lately.
RDMA is only used as convenience by the researchers, it's DDIO that needs to be turned off. And DDIO is a transparent performance improvement, so transparent that it apparently can't be secured. One would guess after early examples like Firewire system architects would get the memo that unrestricted direct memory access from outside the CPU is always a bad idea.I had completely forgotten about DDIO. Actually I don't remember if I ever knew about it in the first place. Why am I not surprised? Disabling RDMA looks like it could have some pretty serious performance implications for clusters.
Thread starter | Similar threads | Forum | Replies | Date |
---|---|---|---|---|
G | Question Massive new Intel manufacturing facility coming to Ohio | CPUs and Overclocking | 38 |
Similar threads |
---|
Question Massive new Intel manufacturing facility coming to Ohio |