Hacker Timesnew | past | comments | ask | show | jobs | submitlogin

The Pegasus thing didn't even survive a reboot, it was reinstalled by using the 0-day again on a fresh boot. Replacing the image would have done nothing if they were flashing a version that still had the iMessage vulnerability.


But if that imessage vulnerability was FOSS and you could flash your own image, you could fix it and move on with your life.


>But if that imessage vulnerability was FOSS and you could flash your own image

1. the vulnerability wasn't FOSS. It was kept under wraps because otherwise it would get discovered and apple would patch it

2. what makes you think that amateurs working in their free time can patch 0days faster than the vendors themselves?


Because these "amateurs" build all the essential tools we rely on today. That wasn't Apple. I cannot really believe what crap I have to read here. Vendor lock in is a huge factor for insecurity in software.


Amateurs behind what essential tools? Tell me a tool and a name. I've been thinking hard for 10 minutes and every FOSS tool I used the past week has highly regarded and well payed professionals behind it.

Maybe in 1995 it was like that, it's not now.


It's not yet even possibly to reliably detect the infection because of the closed nature of the device.

I think I'd like to check my iPhone, but I can't reliably do that.

So that, for a start, would help.


>I think I'd like to check my iPhone, but I can't reliably do that.

but you can, via itunes backup.


Reading the dump? That isn't nearly as effective as giving users the ability to administer their system. That is in no way an alternative.


its not like there are no security vulnerabilities in FOSS apps either


No, but when they appear, _you can fix them_.


Are there actual hard numbers on whether open-to-all-eyes is beneficial at all scales?

For example, do public eyes actually catch and did more Linux bugs than three letter agencies? And would this situation be worse if Linux were a very well funded, closed source Windows?

I’m ignorant on whether the open source security mantra is founded upon religion or evidence.


Classical FUD.

> For example, do public eyes actually catch and did more Linux bugs than three letter agencies?

Is it so important, who found a bug? TLA can find a bug, and then it has a choice: TLA can use it to spy on other countries, or TLA can fix it to protect their own country.

Your TLA may choose to leave your country unprotected, but it is the problem of your country.


Sorry, not an attempt at FUD. As I wrote, I’m entirely ignorant on whether there is hard evidence one way or another on the topic.


Although they do contribute, believing three letter agencies wouldn't try to leave backdoors is certainly the former.




Guidelines | FAQ | Lists | API | Security | Legal | Apply to YC | Contact

Search: