Posted by: oldmacbloggit | November 24, 2011

We apologise for the late arrival…

I wasn’t really expecting to write about “government Trojans” on this blog, though it’s come up several times elsewhere, as in blogs by Robert Lipovsky and David Harley at ESET, not to mention an AVAR conference paper David and Craig Johnston presented some time ago. And in fact, while the commentary on FinFisher in Brian Krebs article on Apple Took 3+ Years to Fix FinFisher Trojan Hole, it’s obviously the unusually long delay in patching the iTunes vulnerability that underpinned FinFisher that catches the eye: Krebs first wrote about the vulnerability for the Washington Post in 2008, and says that Apple were notified on July 11th of that year.

While most commentators seem to be assuming that this is probably a case of slipping attention on Apple’s part, I have seen it suggested (not by Krebs) that the company (a) might have been requested to leave the hole unplugged so that a government trojan could continue to operate (b) left it unplugged because it only affected Windows users.

Neither seems likely to me: Apple may or may not care about users of its Windows software, but it does care about its own reputation, and neither of those ideas would reflect well upon the company ethically. Sometimes, the cock-up theory just seems so much more likely than the conspiracy theory.

Old Mac

Leave a Reply

Fill in your details below or click an icon to log in: Logo

You are commenting using your account. Log Out /  Change )

Google photo

You are commenting using your Google account. Log Out /  Change )

Twitter picture

You are commenting using your Twitter account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )

Connecting to %s

This site uses Akismet to reduce spam. Learn how your comment data is processed.


%d bloggers like this: