Politics, Weather, Photography, and the Dog
Thursday 27 February 2014

Security guru Bruce Schneier wonders if the iOS security flaw recently reported was deliberate:

Last October, I speculated on the best ways to go about designing and implementing a software backdoor. I suggested three characteristics of a good backdoor: low chance of discovery, high deniability if discovered, and minimal conspiracy to implement.

The critical iOS vulnerability that Apple patched last week is an excellent example. Look at the code. What caused the vulnerability is a single line of code: a second "goto fail;" statement. Since that statement isn't a conditional, it causes the whole procedure to terminate.

If the Apple auditing system is any good, they would be able to trace this errant goto line not just to the source-code check-in details, but to the specific login that made the change. And they would quickly know whether this was just an error, or a deliberate change by a bad actor. Does anyone know what's going on inside Apple?

Schneier has argued previously that the NSA's biggest mistake was dishonesty. Because we don't know what they're up to, and because they've lied so often about it, people start to believe the worst about technology flaws. This Apple error could have been a stupid programmer error, merge conflict, or something in that category. But we no longer trust Apple to work in our best interests.

This is a sad state of affairs.

Thursday 27 February 2014 08:27:46 CST (UTC-06:00)  |  | US | Software | Business | Security#
Search
On this page....
About that iOS "flaw"
Countdowns
The Daily Parker +3481d 22h 05m
Italy 1d 23h 54m
IDTWHQ move 19d 00h 09m
Parker's 9th birthday 19d 15h 09m
My next birthday 100d 19h 14m
Categories
Aviation (366) Baseball (110) Best Bars (10) Biking (46) Chicago (999) Cubs (199) Duke (134) Geography (368) Higher Ground (5) Jokes (284) Kitchen Sink (711) London (70) Parker (203) Daily (204) Photography (156) Politics (307) US (1147) World (286) Raleigh (21) Readings (8) Religion (68) San Francisco (94) Software (217) Blogs (83) Business (251) Cloud (91) Cool links (152) Security (105) Travel (260) Weather (755) Astronomy (94) Windows Azure (64) Work (101) Writing (15)
Links
Archive
<May 2015>
SunMonTueWedThuFriSat
262728293012
3456789
10111213141516
17181920212223
24252627282930
31123456
Full archive
Blogroll
About
David Braverman and Parker
David Braverman is the Chief Technology Officer of Holden International in Chicago, and the creator of Weather Now. Parker is the most adorable dog on the planet, 80% of the time.
Legal
All content Copyright ©2015 David Braverman.
Creative Commons License
The Daily Parker by David Braverman is licensed under a Creative Commons Attribution-Noncommercial-No Derivative Works 3.0 United States License, excluding photographs, which may not be republished unless otherwise noted.
Admin Login
Sign In
Blog Stats
Total Posts: 4816
This Year: 202
This Month: 37
This Week: 3
Comments: 0