Sign in / up

* Posts by cnd

3 publicly visible posts • joined 24 Dec 2013

Apple Macs, iPhones, iPads, Watches, TVs can be hijacked by evil Wi-Fi, PDFs – update now

cnd

Left in the cold

You can't seriously expect us to beleive they fixed all those at one time. What basically is going on here, is that they have CLEARLY sat on a gigantic pile of critical bugs for an extended period of time, before bothering to fix them.

Why were these not fixed and patched as soon as they were found?

How big is the existing pile of stuff they're saving-up for next time?

Here is another bug for them to deal with; they pre-reserved a bunch of CVE numbers specifically for their internal critical security issues (eg: CVE-2016-1739), so we know for certain there are at the very least 7 more critical problems unpatched so far, just from the 17xx series alone. We also know they've been sitting on some of these since April last year.

And, if you watch the news, you also now know that the FBI cracked Apple security without help from Apple now as well, so their stuff is proven useless all over again.

5 1

Brit teen who unleashed 'biggest ever distributed denial-of-service blast' walks free from court

cnd
Reply Icon

headlines were affected more than computers

LOL - a single spamhaus webserver was down for one day, from an attack so small that the traffic graphs didn't even show the attack - the only "worldwide effect" this had, was on newspaper headlines. Pretty much nobody else noticed or cared.

1 0

How much did NSA pay to put a backdoor in RSA crypto? Try $10m – report

cnd
Reply Icon

Honest cryptographic mistake? - no chance

They removed the existing PRNG and inserted a new one (in exchange for a $10M payment) which they admitted was suspicious (was 1000x slower than normal, and had no security proof - their words, not mine).

The problem is that PRNG's get SAFER if you add (xor) them together - there is never any reason to REMOVE one.

They ABSOLUTELY knew they were reducing the security, because they took DELIBERATE cryptographic steps to make sure they did this (removing the secure PRNG, instead of keeping it with xor). No crypto coder would EVER do that without knowing why (which, of course, was that $10M)

(and, to state the bleeding obvious - the NSA will have made them sign an agreement for that $10M, or else face incarceration, so we will never really know the full truth... at least... not until Snowden leaks it :-)

0 0