I
lettori di „Uropia, il protocollo
Maynards“ e in genere i frequentatori di questo Blog saranno abituati alla
raccolta di informazioni, testimonianze ed articoli che rappresentano le basi
tecnologiche, giuridiche ed informatiche sulle quali la distopia del romanzo è
costruita.
Troverete
infatti in questo e nei post precedenti e successivi una collezione di
informazioni direttamente tratte dal web, senza commenti o censure, dalle fonti
originali –errori tipografici compresi!- e con i link relativi.
"Apple iTunes flaw 'allowed
government spying for 3 years'
An unpatched security flaw in Apple’s iTunes software
allowed intelligence agencies and police to hack into users’ computers for more
than three years, it’s claimed.
Apple's iTunes software
is installed on more than a quarter of a billion computers
By Christopher Williams, Technology
Correpsondent
1:27PM GMT 24 Nov 2011
A British company called Gamma
International marketed hacking software to governments that exploited the
vulnerability via a bogus update to iTunes, Apple's media player, which is
installed on more than 250 million machines worldwide.
The hacking software, FinFisher, is used to
spy on intelligence targets’ computers. It is known to be used by British
agencies and earlier this year records were discovered in abandoned offices of
that showed it had been offered to Egypt’s feared secret police.
Apple was informed about the relevant flaw
in iTunes in 2008, according to Brian Krebs, a security writer, but did not
patch the software until earlier this month, a delay of more than three years.
“A prominent security researcher warned
Apple about this dangerous vulnerability in mid-2008, yet the company waited
more than 1,200 days to fix the flaw,” he said in a blog post.
"The disclosure raises questions about
whether and when Apple knew about the Trojan offering, and its timing in
choosing to sew up the security hole in this ubiquitous software title."
On average Apple takes just 91 days to fix
security flaws after they are disclosed, Mr Krebs wrote.
Francisco Amato, the Argentinian security
researcher who warned Apple about the problem suggested that "maybe they
forgot about it, or it was just on the bottom of their to-do list".
In response to reports that FinFisher
targeted iTunes, Apple has said that it works "to find and fix any issues
that could compromise systems".
"The security and privacy of our users
is extremely important,” a spokeswoman said.
This month's iTunes update 10.5.1 explained
that "a man-in-the-middle attacker may offer software that appears to
originate from Apple", adding that the "issue has been mitigated".
Gamma International has not commented on
the matter. Registered in Winchester, the firm is one of several companies that
sell computer hacking services to governments. They offer "zero day"
security flaws, which have not been publicly disclosed, so attempts to exploit
them are unlikely to be detected by anti-virus programs."
(The Telegraph, 24.11.2011, Christopher Williams)
