A law enforcement Trojan takes advantage of the same recently patched iTunes flaw also used by Ghost Click botnet, according to a demo at a recent German trade show. Spiegel Online reports that a promo video for a variant of the FinFisher spyware application shows it exploits a vulnerability in iTunes to update the software on …
You know there is something wrong when
Goverments make 'hacking' tools illegal only for the security industry to turn around and sell hacking tools to goverments so they can spy on their citizens.
This nicely ties in with the story about Android security
Being behind so much.
I think all the delays are so that it is easy for multi-jurisdictional investigators to not lose track of a target if a wary target travels too frequently or forcibly makes the phone shut down, change firmware, or do other things.
And, since we don't always see public announcements of an update, how do we now the update we get is not crafted for us or someone in our neighborhood. If a target lives near us, but the spies/spooks/cops/union presiden'ts private investigators want to keep a firm leash on said person, then any nearby phones that can be commanded into silent wi-fi/silent blue-tooth mode could create a noose-like mesh network that "bulges" when the tracked target moves around.
Neat idea? Y/N/M?
"The latest version of iTunes requests update URLs over a secure (https) connection, thereby blocking man-in-the-middle attacks."
Unless, of course, a friendly CA is assisting the investigation.
IS WATCHING YOU!!!!!!!!