What kind of good security design has "less security" as the default?
It's a security design flaw, simple as that. From: Jonathan Link [mailto:[email protected]] Sent: Saturday, 12 November 2011 1:30 PM To: NT System Admin Issues Subject: Re: Stupid iPhone 4S Security Loophole Fine disagree. It is a huge stretch to call something a design flaw if a setting can be changed by the user. Not your first, though. On Friday, November 11, 2011, Kurt Buff <[email protected]<mailto:[email protected]>> wrote: > I disagree. The reason I think it's a design flaw, IMO, is that > settings with security implications should be set to the more secure > setting by default. I suppose you could get all airy about it and say > that their approach to design is flawed - that is, Apple seem to be in > favor of ever feature turned on out of the box so that users are > fooled into believing they don't have to make decisions. > > The basic stance should be: Turn off almost everything by default, and > let the user choose to turn on what they want afterward. > > Microsoft is learning this lesson. Apple hasn't yet. OpenBSD has > mastered this lesson, and FreeBSD pretty much has it down pat, too. > > I will say that I think that this particular issue isn't of > Earth-shattering proportions, but it seems to be in line with Apple's > general outlook... > > Kurt > > On Fri, Nov 11, 2011 at 15:56, Jonathan Link > <[email protected]<mailto:[email protected]>> wrote: >> No. It is user configurable. >> At worst, Apple didn't disclose the security implications. Since it is a >> consumer device I am unsurprised. >> On Friday, November 11, 2011, Kurt Buff >> <[email protected]<mailto:[email protected]>> wrote: >>> that's not a bug, that's a design flaw. >>> >>> On Fri, Nov 11, 2011 at 14:40, Micheal Espinola Jr >>> <[email protected]<mailto:[email protected]>> wrote: >>>> Ah, but that's not a bug - its a feature. >>>> >>>> -- >>>> Espi >>>> >>>> >>>> >>>> >>>> >>>> On Fri, Nov 11, 2011 at 2:15 PM, Stu Sjouwerman >>>> <[email protected]<mailto:[email protected]>> >>>> wrote: >>>>> >>>>> You may have missed this, but there is a hole in Siri, the much-touted >>>>> iPhone 4S personal assistant. The default setting for the new A.I. is >>>>> "On", which means that even when a user's phone is locked, anyone >>>>> could pick it up, hold down the home button and tell Siri to send >>>>> texts and emails. OUCH! >>>>> >>>>> There's an easy fix though, if you don't want Siri to work when the >>>>> phone is locked, simply change the default setting from "Allow access >>>>> to Siri when locked with a passcode" to "Off." Just make sure it's done. >>>>> >>>>> Warm regards, >>>>> Stu >>>>> >>>>> >>>>> ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ >>>>> ~ <http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/> ~ >>>>> >>>>> --- >>>>> To manage subscriptions click here: >>>>> http://lyris.sunbelt-software.com/read/my_forums/ >>>>> or send an email to >>>>> [email protected]<mailto:[email protected]> >>>>> with the body: unsubscribe ntsysadmin >>>>> >>>> >>>> ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ >>>> ~ <http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/> ~ >>>> >>>> --- >>>> To manage subscriptions click here: >>>> http://lyris.sunbelt-software.com/read/my_forums/ >>>> or send an email to >>>> [email protected]<mailto:[email protected]> >>>> with the body: unsubscribe ntsysadmin >>> >>> ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ >>> ~ <http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/> ~ >>> >>> --- >>> To manage subscriptions click here: >>> http://lyris.sunbelt-software.com/read/my_forums/ >>> or send an email to >>> [email protected]<mailto:[email protected]> >>> with the body: unsubscribe ntsysadmin >>> >>> >> >> ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ >> ~ <http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/> ~ >> >> --- >> To manage subscriptions click here: >> http://lyris.sunbelt-software.com/read/my_forums/ >> or send an email to ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ <http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/> ~ --- To manage subscriptions click here: http://lyris.sunbelt-software.com/read/my_forums/ or send an email to [email protected]<mailto:[email protected]> with the body: unsubscribe ntsysadmin ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ <http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/> ~ --- To manage subscriptions click here: http://lyris.sunbelt-software.com/read/my_forums/ or send an email to [email protected] with the body: unsubscribe ntsysadmin
