By John Gruber
Due — never forget anything, ever again.
Rene Ritchie:
As hard as it is to believe someone inside Apple would leak the firmware, it just as hard to believe such a leak was possible. The firmware was live on the internet, protected only through obscured URL. That means, when the URLs were leaked, anyone could access the firmware. No VPN, login credentials, or other security checks required.
It’s absolutely the fault of the leaker but my guess is that the days of security through obscurity are done and Apple locks down the firmware delivery process ASAP.
I don’t want to get into a “blame the victim” scenario, but Ritchie makes a good point here. The wrongdoer is the person who leaked the URLs. But given how sensitive these GM builds of iOS 11 were, there’s no way they should have been publicly accessible. The richest company in the world — and a computer company at that — must do better than security by obscurity.
★ Tuesday, 12 September 2017