×

Welcome to the Slashdot Beta site -- learn more here. Use the link in the footer or click here to return to the Classic version of Slashdot.

Thank you!

Before you choose to head back to the Classic look of the site, we'd appreciate it if you share your thoughts on the Beta; your feedback is what drives our ongoing development.

Beta is different and we value you taking the time to try it out. Please take a look at the changes we've made in Beta and  learn more about it. Thanks for reading, and for making the site better!

iTunes Flaw Allowed Spying on Dissidents

Hugh Pickens writes (1984118) writes | more than 2 years ago

Security 3

Hugh Pickens writes writes "Democracy and free speech activists worldwide have something new to worry about — cyberwarfare via iTunes — as the Telegraph reports that Gamma International sells computer hacking services to governments offering "zero day" security flaws, that allows access to target computers "with the ability to take control of the target systems functions to the point of capturing encrypted data and communications." FinFisher spyware, known to be used by British agencies and offered to Egypt’s feared secret police, takes advantage of an unencrypted HTTP request that is filed by iTunes when Apple Software Updater is inactive redirecting users' web browsers to a customized web page that pretends Flash is not installed on the user's computer then installing a sophisticated piece of spyware that sends info on a user's activities directly to foreign intelligence services. The latest iTunes software update, 10.5.1, released on November 14 appears to have fixed the exploit FinFisher used after a prominent security researcher warned Apple about this dangerous vulnerability in mid-2008, yet Apple "waited more than 1,200 days to fix the flaw,” writes security researcher Brian Krebs. "The disclosure raises questions about whether and when Apple knew about the Trojan offering, and its timing in choosing to sew up the security hole in this ubiquitous software title.""

3 comments

Lets hope (1)

AHuxley (892839) | more than 2 years ago | (#38162712)

this makes the front of slashdot over the next few day....
You have Apple (hear nothing, log nothing, patch nothing), spyware, HTTP and the now safe https, UK use and so much more :)
Check for New Comments
Slashdot Account

Need an Account?

Forgot your password?

Don't worry, we never post anything without your permission.

Submission Text Formatting Tips

We support a small subset of HTML, namely these tags:

  • b
  • i
  • p
  • br
  • a
  • ol
  • ul
  • li
  • dl
  • dt
  • dd
  • em
  • strong
  • tt
  • blockquote
  • div
  • quote
  • ecode

"ecode" can be used for code snippets, for example:

<ecode>    while(1) { do_something(); } </ecode>
Sign up for Slashdot Newsletters
Create a Slashdot Account

Loading...