AMP Reviews
  • You asked and we delivered! AMPReviews now provides the option to upgrade to VIP access via paid subscription as an alternative to writing your own reviews. VIP Access allows you to read all the hidden content within member-submitted reviews AND gives access to private VIP-only forums in each city. You can upgrade your account INSTANTLY by visiting the Account Upgrades page in your own user profile and using a valid credit card to purchase a subscription. You can get to this page by clicking the link in any review, by clicking the red "See the Details Now" banner on the home page, and by clicking the Purchase Private Details link in the navbar at the top of every page

Apple and Security

krideynyc

krideynyc

Registered Member
Messages: 3,282
Reviews: 9
Joined
#41
#41
Srhsrh said:
Gotten in, executed, detected, shut down, cleaned. with readily available tools. Been there, done that.
Click to expand...
]OK. You and I obviously see this differently. This is not just access. This is more than that. Your next point supports my claim about the level of sophistication implemented.
Srhsrh said:
What puzzles me is how it pushed out that much data, but nothing got alerted. He must have not considered himself a target and had nobody or nothing watching. It’s odd given his financial status, visibility, and the ownership of a far left newspaper. Phones are where it’s at these days for stealing info. People stick everything on them, and pay little attention to locking them down because irs so inconvenient.
Click to expand...
The data collection was designed to be as unobtrusive as possible. The entire attack points to a long term data collection of Bezos phone. Not part of any standard off the shelf hacking tool.
 
krideynyc

krideynyc

Registered Member
Messages: 3,282
Reviews: 9
Joined
#43
#43
Srhsrh

Srhsrh

Registered Member
Messages: 1,200
Reviews: 3
Joined
#44
#44
Well, what Bezos did was unique in terms of telling the world he got hacked. Most important guys cant afford to do that.
https://www.inc.com/jason-aten/14-b...-at-risk-due-to-this-major-security-flaw.html
this is a fun one too, but it is androids and iOS.
I like it for this quote

”The first is that most of what we think of in terms of security for our devices and personal information is more theater than actual protection.”

that’s how I feel about this. People just believe the charade and dumbly trust these devices, then walk around with a device that’s easily compromised, stolen, spied on, lost and has their whole life on it. The little security they do provide gets shut off, because it’s annoying.
 
krideynyc

krideynyc

Registered Member
Messages: 3,282
Reviews: 9
Joined
#45
#45
Srhsrh said:
Well, what Bezos did was unique in terms of telling the world he got hacked. Most important guys cant afford to do that.
Click to expand...
I'm not counting on those guys to publicly admit they were hacked. I'm counting on the IT Security Industry to report those incidents. In both instances, only one known attack has been documented.
 
Srhsrh

Srhsrh

Registered Member
Messages: 1,200
Reviews: 3
Joined
#46
#46
krideynyc said:
I'm not counting on those guys to publicly admit they were hacked. I'm counting on the IT Security Industry to report those incidents. In both instances, only one known attack has been documented.
Click to expand...
Oh, I can tell you from working in the business, thousands of attacks occur for every one that gets reported. Legally, it’s not always possible to publish.
 
krideynyc

krideynyc

Registered Member
Messages: 3,282
Reviews: 9
Joined
#47
#47
Srhsrh said:
Oh, I can tell you from working in the business, thousands of attacks occur for every one that gets reported. Legally, it’s not always possible to publish.
Click to expand...
Well, I will counter that with saying they can mentioned prior similar attacks as long as the details were made public, all maintaining the NDA.
 
Srhsrh

Srhsrh

Registered Member
Messages: 1,200
Reviews: 3
Joined
#48
#48
krideynyc said:
Well, I will counter that with saying they can mentioned prior similar attacks as long as the details were made public, all maintaining the NDA.
Click to expand...
Well the trick to publishing is being able to recreate the attack in a generic environment normally. And getting your lawyers to approve.
 
krideynyc

krideynyc

Registered Member
Messages: 3,282
Reviews: 9
Joined
#51
#51
Srhsrh said:
Hah, Wish you were a lawyer for Microsoft, Google or Apple.
Click to expand...
They would say the same thing. As long as the details are already out in the public, they can confirm previous instances of a similar attack without divulging the specific details. FTI and Bezos left the door wide open for anyone in the industry to say if a similar attack has been documented. Even with National Security involved. This isn't a case of a mass general infection. It's an unique and individualized attack. Nothing I've discussed isn't found within the FTI report, or in the public domain.
 
Srhsrh

Srhsrh

Registered Member
Messages: 1,200
Reviews: 3
Joined
#52
#52
Well, they didn't. And even if they end up dropping it, it gets expensive. I'm not talking about Bezos. He went public. There are situations where neither the infected party or the big tech company wants this out.
 
krideynyc

krideynyc

Registered Member
Messages: 3,282
Reviews: 9
Joined
#53
#53
Srhsrh said:
Well, they didn't. And even if they end up dropping it, it gets expensive. I'm not talking about Bezos. He went public. There are situations where neither the infected party or the big tech company wants this out.
Click to expand...
And in that case we can't confirm or deny either way. I've been unsuccessfully digging to see if there's any instances of that encrypted downloader, as that has taken some in the industry by surprise.
 
krideynyc

krideynyc

Registered Member
Messages: 3,282
Reviews: 9
Joined
#55
#55
Srhsrh said:
Have you read this?
https://medium.com/@billmarczak/bezos-hack-mbs-mohammed-bin-salman-whatsapp-218e1b4e1242
Notice the sqllite linkage? That's why I think it's all interrelated. I'm sure the file isn't the same as the mentioned Twitter one. I think we're boring everyone else here though. But I certainly haven't clicked on any WeChat or Whatsapp links since I saw this stuff.
Click to expand...
I'm fine with ending this discussion, as we've both made our points clear. I'm not pro-Apple or pro-Android. I just understand the Apple side better than most people. And in the grand scheme of things, corporate users will always be less than regular users, so I focus more on that side of IT security. With iPhones falling squarely there.

What I find ironic is that today NY Prosecutors have proof that the leaked texts were sent by Lauren Sanchez to her brother, making her the source of the leaks. Finding out about the malware on his iPhone is just pure coincidence. Still, a lot of data was pushed somewhere out of his phone, for over a year.
 
Srhsrh

Srhsrh

Registered Member
Messages: 1,200
Reviews: 3
Joined
#56
#56
krideynyc said:
I'm fine with ending this discussion, as we've both made our points clear. I'm not pro-Apple or pro-Android. I just understand the Apple side better than most people. And in the grand scheme of things, corporate users will always be less than regular users, so I focus more on that side of IT security. With iPhones falling squarely there.

What I find ironic is that today NY Prosecutors have proof that the leaked texts were sent by Lauren Sanchez to her brother, making her the source of the leaks. Finding out about the malware on his iPhone is just pure coincidence. Still, a lot of data was pushed somewhere out of his phone, for over a year.
Click to expand...
Yes, I read that, but dont really understand whether what she leaked was everything that got published or whether there's more out there. I only care about the technical side of this. If its just the stupidity of people, its kinda boring to me.
 
krideynyc

krideynyc

Registered Member
Messages: 3,282
Reviews: 9
Joined
#57
#57
Srhsrh said:
Yes, I read that, but dont really understand whether what she leaked was everything that got published or whether there's more out there. I only care about the technical side of this. If its just the stupidity of people, its kinda boring to me.
Click to expand...
The leaked texts were sold by her brother to the press. But before that was revealed, Bezos suspected his phone was hacked, and thus the whole FTI exercise. Now we know the source of the published leaks, AND that his phone was hacked by someone. The rest has already been discussed.
 
casualplayer

casualplayer

Review Contributor
Messages: 1,288
Reviews: 60
Joined
#58
#58
I'm glad you 2 have kept this on the forum not PM. You are both very knowledgeable and I for one have enjoyed the conversation and the links you both have shared.
It really is something we all should be concerned with.
 
K

kgmspa

Review Contributor
Messages: 1,347
Reviews: 4
Joined
#59
#59
So long as your phone is a turing computer you can and will be hacked. It's the price we all pay for flexability. You want it locked up? :)
 
You must log in or register to reply here.
Top