Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Known iTunes Flaw Used By Governments To Spy


  • Please log in to reply
9 replies to this topic

#1 Andrew

Andrew

    Bleepin' Night Watchman


  • Moderator
  • 8,259 posts
  • ONLINE
  •  
  • Gender:Not Telling
  • Location:Right behind you
  • Local time:10:41 AM

Posted 27 November 2011 - 07:11 AM

A British company called Gamma International marketed hacking software to governments that exploited the vulnerability via a bogus update to iTunes... The hacking software, FinFisher, is used to spy on intelligence targetsí computers... Apple was informed about the relevant flaw in iTunes in 2008, according to Brian Krebs, a security writer, but did not patch the software until earlier this month, a delay of more than three years.

Read more:
http://www.telegraph.co.uk/technology/apple/8912714/Apple-iTunes-flaw-allowed-government-spying-for-3-years.html
http://www.itproportal.com/2011/11/25/apple-takes-three-years-fix-security-flaw-itunes/
http://www.zdnet.co.uk/blogs/communication-breakdown-10000030/apple-took-years-to-fix-itunes-spyware-vulnerability-10024873/
http://www.redorbit.com/news/technology/1112429000/law-enforcement-accused-of-using-itunes-security-flaw-to-spy/


BC AdBot (Login to Remove)

 


#2 cryptodan

cryptodan

    Bleepin Madman


  • Members
  • 21,868 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Catonsville, Md
  • Local time:05:41 PM

Posted 27 November 2011 - 09:58 AM

I wonder if this would have spread like it did if they removed the word government from the titles of the articles and from the articles themselves. I bet you that it wouldn't because in this anti-government world anything anti-government gets spread like wild fire.

Just my opinion.

#3 killerx525

killerx525

    Bleepin' Aussie


  • Members
  • 7,220 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Melbourne, Australia
  • Local time:04:41 AM

Posted 27 November 2011 - 04:21 PM

Won't be using Itunes anymore or any Apple product, can't be trusted and it's dodgy.

>Michael 
System1: CPU- Intel Core i7-5820K @ 4.4GHz, CPU Cooler- Noctua NH-D14, RAM- G.Skill Ripjaws 16GB Kit(4Gx4) DDR3 2133MHz, SSD/HDD- Samsung 850 EVO 250GB/Western Digital Caviar Black 1TB/Seagate Barracuada 3TB, GPU- 2x EVGA GTX980 Superclocked @1360/MHz1900MHz, Motherboard- Asus X99 Deluxe, Case- Custom Mac G5, PSU- EVGA P2-1000W, Soundcard- Realtek High Definition Audio, OS- Windows 10 Pro 64-Bit
Games: APB: Reloaded, Hours played: 3100+  System2: Late 2011 Macbook Pro 15inch   OFw63FY.png


#4 cryptodan

cryptodan

    Bleepin Madman


  • Members
  • 21,868 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Catonsville, Md
  • Local time:05:41 PM

Posted 27 November 2011 - 05:45 PM

Won't be using Itunes anymore or any Apple product, can't be trusted and it's dodgy.


anyone can insert: Flaw in {product name here} allows government to spy on the people who use them. You should be more concerned about the hardware you use and where it comes from then software. Most of the computer hardware we use comes from countries and nations that are currently actively attacking the US Infrastructure to find weaknesses. All it would take would be a SSD type device implanted to record and send out audio transmissions to foreign dignitaries who would then use that information to attack us further and deeper.

So for your argument and statement to ring true you would have to stop using electronics all together.

#5 the_patriot11

the_patriot11

    High Tech Redneck


  • BC Advisor
  • 6,763 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Wyoming USA
  • Local time:11:41 AM

Posted 27 November 2011 - 11:52 PM

well said cryptodan. Only, its still not entirely possible-because were around computers every day. I mean, how do we know the traffic cameras arnt transmitting information to china? it gets a bit insane, a certain level of paranoia is healthy, but theres a point where it goes to far. I mean seriously, oh wow apple had this bug that allowed the government to spy on certain people. First off its not apples fault-I mean the bug was there but bugs exist in any software, and it was the government that exploited it. Now, sure apple could have fixed it sooner, so technically shame on apple, but on the other hand, why would they spy on you? or most of us? Unless your doing something blatantly illegal, the government has no reason to want to spy on you. and even then it better be something big like terrorism, even if you use your phone to record and pirate movies, thats still pretty small fish in the big scheme of things.

picard5.jpg

 

Primary system: Motherboard: ASUS M4A89GTD PRO/USB3, Processor: AMD Phenom II x4 945, Memory: 16 gigs of Patriot G2 DDR3 1600, Video: AMD Sapphire Nitro R9 380, Storage: 1 WD 500 gig HD, 1 Hitachi 500 gig HD, and Power supply: Coolermaster 750 watt, OS: Windows 10 64 bit. 

Media Center: Motherboard: Gigabyte mp61p-S3, Processor: AMD Athlon 64 x2 6000+, Memory: 6 gigs Patriot DDR2 800, Video: Gigabyte GeForce GT730, Storage: 500 gig Hitachi, PSU: Seasonic M1211 620W full modular, OS: Windows 10.

If I don't reply within 24 hours of your reply, feel free to send me a pm.


#6 Andrew

Andrew

    Bleepin' Night Watchman

  • Topic Starter

  • Moderator
  • 8,259 posts
  • ONLINE
  •  
  • Gender:Not Telling
  • Location:Right behind you
  • Local time:10:41 AM

Posted 28 November 2011 - 02:54 AM

I wonder if this would have spread like it did if they removed the word government from the titles of the articles and from the articles themselves. I bet you that it wouldn't because in this anti-government world anything anti-government gets spread like wild fire.

Just my opinion.


Governments, many people forget, are our servants, not our masters. We entrust them with great powers; powers which will be, and have been, abused if not restrained by the vigilance of the people. History, back to the earliest nations and all the way up through today, is replete with oppressive and totalitarian governments. This dark catalog of human crime which we call history has rightly made those who study it wary and mistrusting of those who would seek to repeat it, even if only through their ignorance. The argument that 'those who have done nothing wrong have nothing to hide' ignores the existence of the intrinsic rights due to every human being: the personal sovereignty which no government may encroach upon without just cause; it sits in stark contrast to the reality which history reveals, a history of protecting the servant at the dire expense of the masters.

Apple, through its failure to act, has condoned and contributed to these sorts of abuses. They abandoned their duty to their customers, and worse their duty to do what is right. They have demonstrated that they are not to be trusted, and the negative press they receive is punishment for this.

Would this story be so widely disseminated if no governments were involved? Probably not. But the rapid spread of the story speaks not, I think, to the prevalence knee-jerk anti-government reactionaries but rather to the widely acknowledged significance of government involvement.

Edited by Andrew, 28 November 2011 - 02:55 AM.


#7 cryptodan

cryptodan

    Bleepin Madman


  • Members
  • 21,868 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Catonsville, Md
  • Local time:05:41 PM

Posted 28 November 2011 - 12:23 PM

Then Andrew, I question the sources who released this information in a time where there is much anti-government sentiment in the world due to the economic times? Why did they not release this information or publish these stories when that researcher found out about it. Is it for them to release the information instantly instead of a time when there so much hatred for the Government which is evident in the Occupy Movements? 3 years ago would have been ample timing instead of now.

Also I am a strict believer in keep your nose clean and the government wont have anything to provide "Just Cause or enact Due process on you". That has come back since I joined the Navy.

Just cause you are a person doesn't make you immune from the Government. At any point in time my communications can be tapped via my phone, my internet, my dealings of private nature? But you know i got nothing to hide, and if I did I would lose my job and go to prison for a long long time.

That is my 2 cents.

#8 Andrew

Andrew

    Bleepin' Night Watchman

  • Topic Starter

  • Moderator
  • 8,259 posts
  • ONLINE
  •  
  • Gender:Not Telling
  • Location:Right behind you
  • Local time:10:41 AM

Posted 28 November 2011 - 02:30 PM

The motivations of the person who brought the story to light are not germane to the discussion over whether what Apple did (or did not) was right. Neither is the fact that worldwide people are expressing their dissatisfaction with their governments and the economic and political hegemony of the super-rich. Government in general is indeed the subject of much derision these days, but this state of affairs did not develop in a vacuum. Dissatisfaction on the scale of the Occupy Movement does not arise without legitimate complaints against the system which have not been redressed through less extreme measures.

You return again to the argument that having done nothing wrong is ample protection against government surveillance when we know for a fact that this is not so. What of the NSA wiretapping of US citizens without a warrant? What of New York City police surveillance and arrest members of targeted political groups preceding the 2004 RNC and similar actions by the London police during the 2009 G20 summit? Or the EU's INDECT program? Or the 1.9 trillion entry database of phone calls maintained by the NSA? The FBI's Carnivore? These are just a few of the various instances of governments abusing their police powers. And these governments are supposed to be the good guys. Governments in general have a poor track record when it comes to respecting due process or adhering to the requirement of there being a just cause for surveillance.

And what about the not-so-good-guys? The governments around the world that actively and violently oppress their citizens? Apple's failure to act may have had lethal consequences for their customers in these nations.

Edited by Andrew, 28 November 2011 - 02:31 PM.


#9 lti

lti

  • Members
  • 583 posts
  • OFFLINE
  •  
  • Local time:11:41 AM

Posted 28 November 2011 - 08:34 PM

I haven't used any Apple software since QuickTime decided that it was capable of opening all file types, not just multimedia files. It set itself as the default program to open PDF files, Microsoft Office documents, all text document formats, and all compressed archive formats along with all multimedia files.

#10 BlackSpyder

BlackSpyder

    Bleeping Big Rig


  • BC Advisor
  • 2,456 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Huddleston, VA USA (Home Sweet Home)
  • Local time:01:41 PM

Posted 28 November 2011 - 09:06 PM

Here's the rub, Apple has a near monopoly on Personal Media Players, their iP(ad/od/hone) pretty much requires iTunes, (I've personally tried a few *nix alternatives and found none really work as decently, it's sad when the proprietary software is just as broken as day one Open source projects). The fact that it has taken 3 years to fix what is a major security flaw after being notified about it, is unacceptable.

As for the government spying on me, yeah I know they do it. I bought enough materials to make high explosives last year to potentially take over a second world country, what'd I do with it fertilized corn, wheat, and soy fields (and reloaded a couple thousand rounds of 45ACP, .30-06, and .243) Yeah that recipe was given out in pamphlets at every Ag-fair between 1950 and 1970, everyone and their brother knows it. Point, everything has an alternate purpose and the government watches for the little arrows to line up and in most cases they never do (even if the person is planning something).

That said why dont people just uninstall "Bonjour" (Apple's updater) and uncheck the box in Preferences for "check for updates automatically".



and yes the "Patriot" Act needs to die.

Posted Image







0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users