The Market Ticker
Commentary on The Capital Markets- Category [Company Specific]

I really hate people who lie by omission.

Even cops with a warrant to pull private user data off of someone's fancy new iPhone or iPad might be out of luck—Apple says that with the release of iOS 8, it's now not physically possible for even the company itself to access that info, reports the Washington Post.

In an open letter posted yesterday on the Apple website, CEO Tim Cook explains the company's commitment to customer privacy, facilitated by a new encryption process that will hopefully keep at bay attacks like the recent celebrity nude-photo hack (which, incidentally, Apple says wasn't its fault).

It "wasn't before either", unless Apple was lying before.

Here's the underlying problem as I've pointed out before: pairing records.

Your i{Phone|Pad|whatever} creates one when you connect it to a computer to sync music and similar to it.  In fact you have to create one to activate it, since that's done through iTunes.

That pairing record is effective even on a locked device and once created it is indelible and will work even if you change the passcode.  The only way to invalidate one is to do a hard reset, wiping everyone from the unit.

It doesn't have to work like this.  That's a design decision Apple made.  They could change it tomorrow.  Then, if you plugged in a locked iPhone to your computer, it would demand the passcode (or that you unlock it) before iTunes could update it.

That would solve the problem -- no passcode, no access, the pairing record is worthless standing alone without the passcode.

This, by the way, is how BlackBerry does it.  You plug the phone into Link and if it's locked it demands the password and cannot go further until you provide it.  The reason is that there is no back door in the software to "do things" to a locked device.

This is not true for Apple, even under iOS 8.

Now what Apple did apparently do is narrow the scope of what can be accessed without said passcode.  However, they didn't remove it, and application data and your camera roll are still part of the list -- it's not just your music.

If Apple was serious about privacy and security a pairing record would be useless against a locked phone.

View this entry with comments (registration required to post)

If you read my column regularly you know that one of the "items" on my list of things that BlackBerry doesn't do at present, but is sorely needed, is the means to have one device handle two completely separate cellphone accounts.


Because if you're going to have one device with both work and personal profiles you want them to be completely separate, including the phone line they're on.

Historically there have been a few phones that offered dual SIM sockets.  This is one way to solve the problem.  

The other is what the company that BlackBerry just bought does -- virtualize the SIM.

Game-changer folks.  Yes, it really is.  And now for BES-connected devices, apparently including non-BlackBerry devices, they'll be the guys with the technology to do it.

Hot damn Chen.

View this entry with comments (registration required to post)


BP Plc acted with gross negligence in setting off the biggest offshore oil spill in U.S. history, a federal judge ruled, handing down a long-awaited decision that may force the energy company to pay billions of dollars more for the 2010 Gulf of Mexico disaster.

That is a problem.

Gross negligence is a very high bar, but when met you're open to punitive damages, which can be ruinous.

This one is not over, and it's not looking good for BP....

View this entry with comments (registration required to post)

Here it comes...

On September 24, all eyes will be on BlackBerry as we host exclusive, invite-only events in Toronto, London and Dubai to show off… well I guess you’ll have to wait and see.

That would be the Passport, the expected 10.3 software-driven "phablet" style phone with a monster screen, keyboard, insanely-large battery (full-day++ life under heavy use) and large improvements in specs across the board (e.g. 12mp camera, quad-core processor, etc.)

If you want to know how large it is grab your passport.  That also will tell you how it will fit in various places, like your pocket (yes, it will.)

I already have 10.3 on my Z10 and it's awesome.  Add to that the additional memory, battery size, keyboard, much larger and higher-resolution screen and ridiculously-faster processor -- along with the expected release of Blend, the software (which is in 10.3) that will provide a "virtual terminal" into your phone from your desktop and you wind up with an integrated messaging and information system that works when you're in front of your laptop or desktop on a seamless basis and when not, it's in your pocket and goes with you.

Oh, and it's not full of either Apple's or Google's spyware.

Shut up and take my money!

View this entry with comments (registration required to post)

So getting your selfies (nude) hacked and posted won't be enough.

It appears, if the morning news stream is accurate, that Apple intends to put a wallet on your phone.

That's nice.  It also means that if it's not secure you're going to find your "wallet" pick-pocketed and you won't have jack and crap you can do about it.

Oh sure, if it's your credit card that gets stolen you're "not responsible" -- well, theoretically anyway.  That is cold comfort when you're traveling and the card turns into a piece of burnt plastic while you're on the road, leaving you with no funds and no immediate replacement either.  If that's a debit card?  Well, sucks to be you.

I suspect the iSheeple will "embrace" this, right up until they start losing their money, anyway.  Then we might finally see people wake up.


PS: I'll bet it wasn't just nude selfies that were stolen.  Think videos, tax information and all sorts of other interesting corporate data that people were dumb enough to put into the "cloud" -- and the best part of it is that I bet that particular stupidity among American consumers and businesses continues too.

Update 9/2 15:21 CT: Apple claims there was no "hack" per-se and the accounts were "individually" compromised.  If so, how did old, deleted images get retrieved?  This of course is a testable hypothesis, never mind that the so-called "hammer attack" sort (where a hacker hammers an authentication service to try to discover credentials that work) is something that should never be functional in today's world -- when someone tries that the system should lock the account out; either entirely or on an exponential-back-off basis (so each "miss" doubles the time before a valid credential can be submitted.)  The latter removes the need for a "hard lock" that has to be reset but makes attack attempts pointless since even with a correct set of credentials you learn nothing until the timer expires.  (Most sites that choose that approach also have a reset function available because otherwise a denial of service attack is rather easy to implement against someone you don't like.)

But - there's also this article, which claims otherwise and points out that irrespective of any of that it's tough crap -- you stuck the data there, even if they didn't protect against a hammer attack (and it appears they did not) and even if you never let your password out into the wild it doesn't matter -- it's your fault.  And by the way, Apple isn't alone in this -- Google does the same thing as does Amazon.

The bottom line: NONE of these companies will EVER accept responsibility for the security of data you place on these "cloud" services.  If you are in a regulated industry and thus must care, or simply do care even though there is no legal requirement to do so, these services are incompatible with your alleged needs.

View this entry with comments (registration required to post)

Main Navigation
Full-Text Search & Archives
Archive Access
Get Adobe Flash player
Legal Disclaimer

The content on this site is provided without any warranty, express or implied. All opinions expressed on this site are those of the author and may contain errors or omissions.


The author may have a position in any company or security mentioned herein. Actions you undertake as a consequence of any analysis, opinion or advertisement on this site are your sole responsibility.

Market charts, when present, used with permission of TD Ameritrade/ThinkOrSwim Inc. Neither TD Ameritrade or ThinkOrSwim have reviewed, approved or disapproved any content herein.

The Market Ticker content may be reproduced or excerpted online for non-commercial purposes provided full attribution is given and the original article source is linked to. Please contact Karl Denninger for reprint permission in other media or for commercial use.

Submissions or tips on matters of economic or political interest may be sent "over the transom" to The Editor at any time. To be considered for publication your submission must include full and correct contact information and be related to an economic or political matter of the day. All submissions become the property of The Market Ticker.