In episode 129, Alan Cohn and I dive deep on the Government Oversight Committee’s predictably depressing and unpredictably entertaining report on the OPM hack. Cheeky Chinese hackers register their control sites to superhero alter egos.
Latest in Apple
Readers will recall last spring's battle over the San Bernardino iPhone. The FBI had Syed Farook's work phone, but it was locked, with security protections including a ten-tries-and-you're-out on PIN attempts.
Michael Specter and the “Keys Under Doormats” (KUD) group have an interesting post, entitled “Apple's Cloud Key Vault, Exceptional Access, and False Equivalences” responding to my earlier post on Apple’s Cloud Key Vault.
The conversation so far has meandered somewhat over different sites, so if you’ve not been following along, the conversation thus far is:
Author’s note: Despite appearing under my byline, this post actually represents the work of a larger group. The Keys Under Doormats group includes Harold Abelson, Ross Anderson, Steven M. Bellovin, Josh Benaloh, Matt Blaze,Whitfield Diffie, John Gilmore, Matthew Green, Susan Landau, Peter G. Neumann, Ronald L. Rivest, Jeffrey I. Schiller, Bruce Schneier, Michael A.
Just over a week ago, at the BlackHat hacker convention in Las Vegas, Ivan Krstić, Head of Security Engineering and Architecture at Apple gave a talk entitled “Behind the scenes of iOS Security,” the slides of which are available here.
As a matter of established legal precedent, the police can compel someone to provide their fingerprint onto a fingerprint reader. Equally well-established is that exigent circumstances—including "the need to prevent the imminent destruction of evidence in individual cases"—can justify conducting a search before obtaining a warrant.
No holds are barred as a freewheeling panel of cryptographers and security pros duke it out with me and the Justice Department over going dark, exceptional access, and the Apple-FBI conflict.
A few weeks ago, as anyone who is not living under a rock will remember, the FBI withdrew its effort to force Apple to unlock an iPhone because, as it told the court, it gained access to the phone through a previously undisclosed vulnerability. Apple then publicly turned around and asked the FBI to disclose the vulnerability that it had found to it -- a request that Ben characterized as digital chutzpah.
On February 16, US Magistrate Judge Sheri Pym, responding to an FBI request, ordered Apple to provide software to bypass the company's technical protections; this would unlock the work phone of Syed Farook, one of the two San Bernardino terrorists. Apple appealed the order.
A grieving father in Italy has written to Apple’s chief executive, Tim Cook, to beg him to unblock his dead son’s iPhone so he can retrieve the photographs stored on it.