Article <utd0pn$1hqpd$1@paganini.bofh.team>

Warning: mysqli::__construct(): (HY000/1203): User howardkn already has more than 'max_user_connections' active connections in D:\Inetpub\vhosts\howardknight.net\al.howardknight.net\includes\artfuncs.php on line 21
Failed to connect to MySQL: (1203) User howardkn already has more than 'max_user_connections' active connections
Warning: mysqli::query(): Couldn't fetch mysqli in D:\Inetpub\vhosts\howardknight.net\al.howardknight.net\index.php on line 66
Article <utd0pn$1hqpd$1@paganini.bofh.team>

Deutsch English Français Italiano

<utd0pn$1hqpd$1@paganini.bofh.team>

View for Bookmarking (what is this?)
Look up another Usenet article

Path: ...!news.mixmin.net!weretis.net!feeder8.news.weretis.net!paganini.bofh.team!not-for-mail
From: Sten deJoode <StendeJood@nospam.net>
Newsgroups: misc.phone.mobile.iphone,comp.sys.mac.system,comp.mobile.ipad
Subject: Re: Are iPhones subject to ransomware attacks?
Date: Tue, 19 Mar 2024 17:41:10 -0400
Organization: To protect and to server
Message-ID: <utd0pn$1hqpd$1@paganini.bofh.team>
References: <ut26gf$2e534$1@dont-email.me> <l5jvq8Fj8sdU1@mid.individual.net> <ut45bs$itts$1@paganini.bofh.team> <l5lsi4Fs60gU1@mid.individual.net> <ut7p0q$10ih8$1@paganini.bofh.team> <l5pbvaFdsdbU1@mid.individual.net> <65f77da3$0$3158686$882e4bbb@reader.netnews.com> <l5puflFges3U1@mid.individual.net> <0001HW.2BA85B9000464F4570000C9D138F@news.eternal-september.org> <65f833a3$0$2187653$882e4bbb@reader.netnews.com> <l5r52lFm4ctU1@mid.individual.net> <0001HW.2BA8C97000600F7170000C5B938F@news.supernews.com> <65f939fc$0$6398$882e4bbb@reader.netnews.com> <0001HW.2BA9E42F002C8A0A70000989438F@news.supernews.com>
Mime-Version: 1.0
Content-Type: text/plain; charset="us-ascii"
Content-Transfer-Encoding: 8bit
Injection-Date: Tue, 19 Mar 2024 21:41:12 -0000 (UTC)
Injection-Info: paganini.bofh.team; logging-data="1633069"; posting-host="KwzIAAXG6Ff1eRCAVfbVhg.user.paganini.bofh.team"; mail-complaints-to="usenet@bofh.team"; posting-account="9dIQLXBM7WM9KzA+yjdR4A";
User-Agent: 40tude_Dialog/2.0.15.41 (Beta 38)
Cancel-Lock: sha256:F+BjCdAnEd0Ht2/dqUTg8WZOeHh1enXA9TFh+6QLq28=
X-Notice: Filtered by postfilter v. 0.9.3
Bytes: 4880
Lines: 75

On Tue, 19 Mar 2024 11:18:07 -0400, WolfFan wrote:

> a zero-day is, by definition, something new and unexpected. 

That's not entirely correct, where the nuance is where it matters.

Why do you think iOS is the most exploited smartphone OS in history?
 <https://www.cisa.gov/known-exploited-vulnerabilities-catalog>

Given Apple has more zero-days in iOS by many times over than Android,
the real distinction of what a zero day is for such an Apple newsgroup, 
is that *it's only Apple who is unaware of its zero-day bugs*.

Everyone who is writing malware knows about these zero-days before Apple,
and, the proof is all of them are _reported_ to Apple (who was clueless).

Apple's QA by all accounts is atrocious. So bad, the same zero-day bugs
shows up in subsequent releases, even after Apple fixed them once.

That's how terrible Apple's QA is (even Federighi complained about QA).

Apple has had so many zero-day bugs in the kernel and webkit that I stopped
counting, but the point is that they sell these things on the black market.

What a zero-day is, in this context, is a bug that is known to everyone
(who is writing malware) but which is not yet known to Apple.

> It is perfectly 
> possible to block known attacks. 

And yet Apple's QA is so non existent that multiple times they had to fix
the same zero-day bug in subsequent releases, because they made it again!

> it is impossible to block unknown attacks, 

What? Are you nuts?
You block against what can happen.

Such as buffer overflows (which are the root of a bulk of the attacks).

What you're really saying is Apple spends all their money on advertising
that they tested the system instead of actually testing the system.

It's why only one company in all of high tech has the lowest R&D spend in
the world - adn that's Apple. Steve Jobs had to defend it then and it's
still the case now that Apple spends 10 times more on advertising than R&D.

> as YOU HAVE NO FUCKING IDEA WHERE THE ATTACK IS COMING FROM OR HOW IT WILL BE 
> MADE, BECAUSE THE ATTACK IS *NEW* AND *FROM AN UNEXPECTED SOURCE*.

WTF? Are you nuts?

Google reported that Apple hasn't ever tested, nor even exercised about 10%
of teh code in iOS that Google analyzed for the Project Zero effort.

Google counted something like a dozen cases (which they responsibly
reported to Apple) where the code was so bad, it was essentially a bug in
and of itself.

Since Apple never tests their iOS code sufficiently, it's clear that Apple
could spend some of that money they spent in advertising a silly yellow
iPhone instead on some QA in the R&D run by Craig Federighi.

Don't you remember the leaked email from Federighi telling QA to start
testing? Apple has _never_ sufficiently tested any of its code for bugs.

Apple advertises white papers instead saying it's impossible to have them.

> You are incapable of reading for comprehension.

You have no idea that Apple's basic strategy is to spend money on marketing
instead of on R&D which is one of the reasons why iOS is, by far, the most
exploited smartphone operating system in the history of smartphones.
 <https://www.cisa.gov/known-exploited-vulnerabilities-catalog>

Apple never finds its zero-day bugs... hackers find them for Apple.