• Open Menu Close Menu
  • Apple
  • Shopping Bag
  • Apple
  • Mac
  • iPad
  • iPhone
  • Watch
  • TV
  • Music
  • Support
  • Search apple.com
  • Shopping Bag

Lists

Open Menu Close Menu
  • Terms and Conditions
  • Lists hosted on this site
  • Email the Postmaster
  • Tips for posting to public mailing lists
Re: [Fed-Talk] A serious security issue with iOS (iPad and iPhone)
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [Fed-Talk] A serious security issue with iOS (iPad and iPhone)

  • Subject: Re: [Fed-Talk] A serious security issue with iOS (iPad and iPhone)
  • From: "Pike, Michael (IHS/HQ)" <email@hidden>
  • Date: Thu, 23 Feb 2012 17:10:10 +0000
  • Thread-topic: [Fed-Talk] A serious security issue with iOS (iPad and iPhone)
All they really have to do is have the phone track the MAC address. That will alleviate a big issue. While not fail safe ( as a MAC can be spoofed) it would stop my damn phone from connecting to all the "attwifi" networks that are now running in my office from android hot spots.

I created a monster here.

If I were a malicious identity theft pro, I could drive around my neighborhood and log all the SSIDs.

Then follow the person to their place of business or where ever they hang out, set up a wifi with the same name as their home wifi and snoop away when they connect.

Remember most users are not tech like us. They just type.

And apple encourages that. My bet is the further we get into different lion cats for the operating system they will have it to where it's as limited as ios. Won't even have a unix prompt anymore.

Apple server products are an effing joke now. We moved everything to Ubuntu and I'll never look back.

I still enjoy the desktop OS for development but the more it gets locked down, the more limiting it will be.

Sandboxed apps will be very limiting. How is an FTP client supposed to be useful if it can only access it's own folder?

Mike

Transcribed by Siri on my iPhone 4S

On Feb 23, 2012, at 8:51 AM, "Silberberg, David" <email@hidden> wrote:

> I don't think this problem is specific to Apple devices/OSes.  If I connect my Windows laptop to an unsecured wireless network called Linksys (or whatever) at one location, it's going to automatically connect to a similarly named network at another.  The first time I connect to a common-named network, I'm going to get prompted; after that there's no other check other than the SSID name.
>
> Seems to me there's been all kinds of discussion on the web about NOT using default or common SSID names.  For my two cents, it's up to the "service provider" to ensure that the SSID is unique.  That would "force" a user to recognize the fact that a device was trying to connect, and give them the opportunity to allow or kill the connection.
>
>
>
> David Silberberg
> Don't anthropomorphize computers, they hate it
>
> -----Original Message-----
> From: fed-talk-bounces+david.silberberg=email@hidden [mailto:fed-talk-bounces+david.silberberg=email@hidden] On Behalf Of Henry B. Hotz
> Sent: Wednesday, February 22, 2012 11:16 PM
> To: Fed Talk
> Subject: Re: [Fed-Talk] A serious security issue with iOS (iPad and iPhone)
>
> I believe that attwifi works as described partly because it's not a protected/encrypted network.  Doesn't mean it's not a problem of course.
>
> If you read the explanation below the "ask to join" switch, it clearly says that known networks will be joined automatically regardless of the position of the switch.  Another consequence is that any access point which mimics the security configuration of a known network will be trusted.  Same for a MacOS laptop.
>
> Hey, guys, we all knew that the security of WiFi was c*&($ anyway, right?  It's not entirely Apple's fault.
> ------------------------------------------------------
> The opinions expressed in this message are mine, not those of Caltech, JPL, NASA, or the US Government.
> email@hidden, or email@hidden
>
>
> _______________________________________________
> Do not post admin requests to the list. They will be ignored.
> Fed-talk mailing list      (email@hidden)
> Help/Unsubscribe/Update your Subscription:
>
> This email sent to email@hidden
>
> _______________________________________________
> Do not post admin requests to the list. They will be ignored.
> Fed-talk mailing list      (email@hidden)
> Help/Unsubscribe/Update your Subscription:
>
> This email sent to email@hidden

 _______________________________________________
Do not post admin requests to the list. They will be ignored.
Fed-talk mailing list      (email@hidden)
Help/Unsubscribe/Update your Subscription:

This email sent to email@hidden
References: 
 >[Fed-Talk] A serious security issue with iOS (iPad and iPhone) (From: "Pike, Michael (IHS/HQ)" <email@hidden>)
 >Re: [Fed-Talk] A serious security issue with iOS (iPad and iPhone) (From: Todd Heberlein <email@hidden>)
 >Re: [Fed-Talk] A serious security issue with iOS (iPad and iPhone) (From: "Pike, Michael (IHS/HQ)" <email@hidden>)
 >Re: [Fed-Talk] A serious security issue with iOS (iPad and iPhone) (From: "Villano, Paul Mr CIV USA TRADOC" <email@hidden>)
 >Re: [Fed-Talk] A serious security issue with iOS (iPad and iPhone) (From: "Henry B. Hotz" <email@hidden>)
 >Re: [Fed-Talk] A serious security issue with iOS (iPad and iPhone) (From: "Silberberg, David" <email@hidden>)

  • Prev by Date: Re: [Fed-Talk] Security architecture for 10.8?
  • Next by Date: Re: [Fed-Talk] A serious security issue with iOS (iPad and iPhone)
  • Previous by thread: Re: [Fed-Talk] A serious security issue with iOS (iPad and iPhone)
  • Next by thread: Re: [Fed-Talk] A serious security issue with iOS (iPad and iPhone)
  • Index(es):
    • Date
    • Thread