SHARE
TWEET

Untitled

a guest Jul 28th, 2014 993 Never
Not a member of Pastebin yet? Sign Up, it unlocks many cool features!
  1. The 30 Lies of @violetblue - A Lie in Almost Every Sentence!
  2. An overview of the questionable journalistic principles that led to this article:
  3. Source: http://www.zdnet.com/the-apple-backdoor-that-wasnt-7000031781/
  4.  
  5. > Before the iPhone came out, and long before anyone heard the name "Ed Snowden," the most common use of the word "backdoor" was relegated to an industry that applied the term as a colorful anatomical descriptive, helping potential customers select the preferred access point for their adult entertainment.
  6.  
  7. FALSEHOOD 1. In fact, Violet proves herself wrong later on in the article when she links to OWASP's paper https://www.owasp.org/images/a/ae/OWASP_10_Most_Common_Backdoors.pdf which outlines definitions longly held in technology for DECADES that a backdoor is defined as 1. "a hidden entrance to a computer system that can be used to bypass security policies", 2. "an undocumented way to get access to a computer system or the data it contains", or 3. "a way of getting into a guarded system without using the required password". For Violet to equate a” backdoor" as having a pre-Snowden meaning solely relevant the porn industry is not only categorically false, but intentionally misleading by Violet as an overt attempt to discredit anyone who uses the term “backdoor” in a technological way as a conspiracy theorist. She does just this further into her article.
  8.  
  9. > Last weekend, a hacker who's been campaigning to make a point about Apple security by playing fast and loose with the now widely-accepted definition of "backdoor" struck gold when journalists didn't do their homework and erroneously reported a diagnostic mechanism as a nefarious, malfeasant, secret opening to their private data.
  10.  
  11. FALSEHOOD 2 There has been no campaign to make any point about Apple security. There has been an accepted, peer-reviewed journal paper, in a reputable forensics journal. Violet has falsely attempted to re-label an accepted academic journal paper as "campaign" to smear Apple, and has provided no proof whatsoever that Zdziarski has attempted to do so. A look at Zdziarski’s blog and Twitter stream, quite the contrary, show many attempts to prevent embarrassment of Apple or accusations of conspiracy.
  12.  
  13. FALSEHOOD 3 Accusing Zdziarski of "playing fast and loose"; Violet here is using loaded language to attempt to discredit Zdziarski (Zdziarski of the academic paper and all relevant research). She refers to as a "campaign", without any facts or statements of proof as to Zdziarski's motivation or prolonged “campaigning”, and is already, by the second sentence, attempting to discredit Zdziarski with accusatory and derogatory terminology.
  14.  
  15. FALSEHOOD 4 “struck gold”. Here, Violet is falsely suggesting, without any proof provided, that Zdziarski considers it some type of reward or positive outcome that journalists have misrepresented his research, SETTING THE STAGE to judge Zdziarski by suggesting within the second sentence that Zdziarski's intent was to have journalists misled / misreport the research. Again, without presenting any proof.
  16.  
  17. FALSEHOOD 5. “secret opening”. Violet makes the false statement that Zdziarski attempted to mislead journalists to believe that these services were intentionally conspired as secret, however she cannot and does not attempt to back this accusation up with any facts or proof to show that Zdziarski had conspired to do this.
  18.  
  19. > Speaking at the Hackers On Planet Earth conference in New York, Jonathan Zdziarski said that Apple’s iOS contains intentionally created access that could be used by governments to spy on iPhone and iPad users to access a user's address book, photos, voicemail and any accounts configured on the device.
  20.  
  21.  
  22. FALSEHOOD 6. Zdziarski did specifically say that the services were intentionally placed by Apple (and even maintained), however Violet is accusing Zdziarski of suggesting that Apple's intent in creating them was so that they could be used by governments to spy. Zdziarski never made this accusation, Violet offered no proof to substantiate her accusation, and in fact Zdziarski is on record numerous times DENYING that sensationalist point of view.
  23.  
  24. > As he has been doing since the Snowden documents started making headlines last year, Mr. Zdziarski re-cast Apple's developer diagnostics kit in a new narrative, turning a tool that could probably gain from better user security implementation into a sinister "backdoor."
  25.  
  26. FALSEHOOD 7. Violet has accused Zdziarski of re-casting Apple's developer diagnostics, however the file_relay service - the focal point of the talk - had NOT EVEN BEEN DISCLOSED by Apple until AFTER the talk; therefore, how could Zdziarski possibly attempt to re-cast anything?
  27.  
  28. FALSEHOOD 8. Violet accused Zdziarski of "doing [this] since the Snowden documents started making headlines", however offers no proof of this; in fact, Zdziarski's first contribution occurred only months prior to the talk, with the acceptance of an academic paper outlining his research.
  29.  
  30. FALSEHOOD 9. Violet refers to a "developer diagnostics kit". There is no such thing. In fact, of all three services outlined in the talk, only pcapd is even disclosed to developers or its use documented (which Zdziarski does not dispute). Violet has offered no proof that this "developer diagnostics kit" even exists; the other two services: file_relay and house_arrest, are used exclusively and internally by Apple, and are not intended for developers.
  31.  
  32. FALSEHOD 10. Violet accuses Zdziarski of implying a "sinister backdoor"; quite the contrary, Zdziarski has ALWAYS maintained that the technical definition of a backdoor has absolutely nothing to do with conspiracy or intent; but rather an undisclosed technological bypass. Zdziarski also used very careful wording in both the paper and the talk to be sure to diffuse any attempts to draw a conspiracy theory of any kind out of the research. Violet offered no quotes or other proof whatsoever that Zdziarski attempted to turn this research into a conspiracy accusation toward Apple.
  33.  
  34. > The "Apple installed backdoors on millions of devices" story is still making headlines, despite the fact that respected security researchers started debunking researcher Jonathan Zdziarski's claims the minute people started tweeting about his HopeX talk on Sunday.
  35.  
  36. FALSEHOOD 11. "debunking" No security researcher has debunked the technological points of Zdziarski's research; in fact, many have confirmed the vulnerabilities and weaknesses, including author and well respected reseracher Dino Dai Zovi, who wrote a TL;DR on the subject. MobileIron, a well respected security company, even published a "how to protect yourself from backdoors" article as a followup. A number of other researchers, CEOs, and other technology-savvy members of the community have stepped up publicly to support Zdziarski’s research with articles, blog postings, and tweets. The only point that has been argued, actually, has been an argument about semantics and whether the technical definition of "backdoor" should apply to the file_relay service outlined in the research. Violet has taken a discussion about semantics and somehow used it to attempt to convince her readers that all of Zdziarski’s research has been debunked, falsely, and without any proof. This kind of public dismissal, even without proof, can be damaging to the reputation of a researcher, no matter how unfounded, and Violet should know this given her background.
  37.  
  38. FALSEHOOD 12. "the minute people started tweeting about it". Violet has attempted to falsely, and without any evidence, make Zdziarski's research appear as already debunked, when in reality there has been absolutely no such thing whatsoever. The technological points made in the research still stand, are acknowledged by many security researchers, and their existence even caused Apple to disclose what they claim was their original intent in a knowledge base article.
  39.  
  40. > Since Mr. Zdziarski presented "Identifying back doors, attack points, and surveillance mechanisms in iOS devices", his miscasting of Apple's developer diagnostics as a "backdoor" was defeated on Twitter, debunked and saw SourceClear calling Zdziarski an attention seeker in Computerworld, and Apple issued a statement saying that no, this is false.
  41.  
  42. FALSEHOOD 13. “miscasting”s. Again, Violet attempts to make Zdziarski appear to intentionally be miscasting a "developer diagnostic kit" that does not exist as a sinister conspiracy theory, without any proof or statements to back up her claims whatsoever.
  43.  
  44. FALSEHOOD 14. defeated on Twitter. Without a single quote from Twitter, Violet attempts to make the argument that the collective of Twitter has rejected the notion of "backdoor", when in fact the security community is quite torn in half about whether or not the file_relay technologically meets the criteria of being a backdoor.
  45.  
  46. > In fact, this allegedly "secret backdoor" was added to diagnostic information that has been as freely available as a page out of a phone book since 2002.
  47.  
  48. FALSEHOOD 15 “secret backdoor”; again, Violet attempts to paint a conspiracy theory without any proof that Zdziarski attempted to infer that Apple had conspired to allow government to spy on its devices. Zdziarski has been noted on record - repeatedly - as denying this conspiracy likely exists, and has warned journalists in writing, through his blog, not to sensationalize on a conspiracy notion.
  49.  
  50. FALSEHOOD 16 “diagnostic information... 2002”. Here, Violet outlined old documentation describing pcapd, and has completely missed the point that Zdziarski was referring to A COMPLETELY DIFFERENT SERVICE when describing the undisclosed file_relay service. Violet appears to be working very hard here to attempt to discredit Zdziarski by ignoring the actual service that was central to Zdziarski's talk and research. Zdziarski is well aware that pcapd has been around for a very long time, however pcapd is not the service Zdziarski was suggesting may be a backdoor. Violet has completely missed the point of this portion of the research.
  51.  
  52. > The packet capture software used for diagnostics referenced by Mr. Zdziarski in support of his claims is similar in functionality as the one that's installed on every Apple laptop and desktop computer for diagnostics. So his numbers of "backdoors" allegedly installed by Apple for wide-ranging nefarious purposes are off by like, a billion.
  53.  
  54. FALSEHOOD 17. Regurgitation of the last sentence; here Violet again attempts to pass off the "packet capture" as the service Zdziarski was alleging to be associated with the backdoor; she clearly here is either completely lying or has made a grave error in completely misunderstanding the nature of Zdziarski's intent to disclose file_relay as the service appearing to be a backdoor.
  55.  
  56. > It appears that no one reporting Zdziarski's claims as fact attended his talk, watched it online, and less than a handful fact-checked or consulted outside experts.
  57.  
  58. FALSEHOOD 18. Violet has provided no proof or examples of any claims of "fact" by anyone, nor made any attempt to determine whether anyone had attended the talk or watched it online. In fact, Zdziarski intervieed with Paul Wagensale (Tom's Guide) who attended the talk, and ran a piece on the talk. A number of other reporters and researchers also attended the talk, many who later wrote about it. Violet makes a completely unsubstantiated argument here, in an attempt to single out Zdziarski and insult anyone who supported his research.
  59.  
  60. > Which is, incidentally, what I did. I saw the talk begin to gain momentum on Twitter, then quickly flushed the idea of a story when the researchers I consulted kindly told me there was no "there" there.
  61.  
  62. FALSEHOOD 19. Violet provided no statements from researchers that she consulted to confirm her claims, and did not establish that anyone had said there was no "there". Additionally, Violet completely failed to attempt to contact Zdziarski of the research to ask questions or obtain clarification on any of the points to her story.
  63.  
  64. > Regardless of the problems with Mr. Zdziarski's sermon, the (incorrect) assertion that Apple installed backdoors for law enforcement access was breathlessly reported this week by The Guardian, Forbes, Times of India, The Register, Ars Technica, MacRumors, Cult of Mac, Apple Insider, InformationWeek, Read Write Web, Daily Mail and many more (including ZDNet).
  65.  
  66. FALSEHOOD 20. “Sermon”. Here, Violet attempts to further discredit/embarrass/chastise Zdziarski by referring to his research (which again began with a peer-reviewed academic paper) as a "sermon", and has voted down his assertions as incorrect without a shred of evidence posted in the article.
  67.  
  68. FALSEHOOD 21. Violet made the false statement that every other news agency that reported on this research as anything having an opinion that did not match her own as wrong. Further, Violet provided absolutely no specific citations of any of those articles and what was wrong with them, made non arguments, and provided no proof that any of the other articles were wrong.
  69.  
  70. > People were told to essentially freak out over iPhones allowing people who know the passcode and pairing information to use the device.
  71.  
  72. FALSEHOOD 22 Without providing ANY proof, Violet has wrongly accused Zdziarski of leading all journalists to "freak out" over his research. In fact, Zdziarski has provided via a number of quoted tweets from journalists he spoke with, that every single one of them had been given a level-headed "don't panic" talk from Zdziarski. What's more, his original blog post BEGAN with the words "DONT PANIC" right underneath the link to the research, followed by a stern warning to journalists not to "freak out" about it, and further attempted to clarify why they shouldn't. Zdziarski has since offered Violet $100 (via Twitter) to find one single journalist who would publicly say that he attempted to mislead him into panicking, and Violet has not come forward to collect the bounty.
  73.  
  74. > If you're the kind of person that walks into a public library, plugs in your iPhone and gives the public computer and every rando who accesses it permission to access everything on your phone forever, then okay, maybe you should freak out.
  75.  
  76. FALSEHOOD 23. Here, Violet attempts to patronize Zdziarski further while simultaneously showing that she has no technical grasp of the threat models outlined in Zdziarski's research, which DID NOT involve any type of scenario where the general public would be threatened in any way.
  77.  
  78. > 'I meant a different kind of backdoor' The researcher erroneously stated that Apple "confirmed" his allegations when in fact the company had done the opposite.
  79.  
  80. FALSEHOOD 24. Here, Violet attempts to accuse Zdziarski of changing his story with regards to his allegations of a potential backdoor, again without showing any proof whatsoever. Zdziarski has been consistent in his definition of a backdoor since giving the talk, and in fact has attempted to clarify his definition of a backdoor as "technological" and not based on "conspiracy". Those who attended the talk heard the phrase "undocumented services" rather than backdoor, and when backdoor was used one time, it was only used to explain that Zdziarski could find no other word that fit the technological definition he was referring to.
  81.  
  82. > In light of much debunking in security communities and Apple's statement, Zdziarski published a blog post backpedaling on the interpretation of "backdoor" -- yet still affirmed his narrative.
  83.  
  84. FALSEHOOD 25. Here, Violet attempts to continue dismissing Zdziarski's research as "debunked" when, in fact, the security community by and large has accepted the research's technical findings of weaknesses in Apple's security. Violet shows no proof whatsoever that any of the research has been debunked, except by her own personal opinion, which has essentially amounted to lying about it.
  85.  
  86. FALSEHOOD 26. Backpedaling. Here, Violet continues to accuse Zdziarski of changing his position with regards to backdoor, when in fact Violet herself does not appear to have a firm grasp on Zdziarski's own definitions, as she did not attend his talk nor did she ever attempt to contact him with questions for the story.
  87.  
  88. > According to OWASP, a "backdoor" is defined as: A hidden entrance to a computer system that can be used to bypass security policies (MS definition).  An undocumented way to get access to a computer system or the data it contains.  A way of getting into a guarded system without using the required password.
  89.  
  90. FALSEHOOD 27. Here, Violet contradicts the very first sentence of her own story by establishing that the terminology of "backdoor" in fact did have significant technical merit in a pre-Snowden era.
  91.  
  92. > When Apple explained the diagnostics toolset and published a detailed support document, Zdziarski said that Apple's acknowledgement of its not-secret developer tools only proved him right, and that this meant Apple was admitting to his claims of making iOS vulnerable to authorities' snooping by design.
  93.  
  94. FALSEHOOD 28. Here, Violet refers to the tools as "not-secret", however the file_relay service (the service referred to as a backdoor by Zdziarski) had never been previously disclosed until this document by Apple, after Zdziarski's talk. Additionally, house_arrest had never been properly documented, and it had never been disclosed that pcapd was capable of running on all non-development iOS devices. Violet attempts to, without any proof, falsely establish that all three of these services have been well documented by Apple in the past, which is not the case.
  95.  
  96. > Zdziarski says he "doesn't believe for a minute that these services are intended solely for diagnostics."
  97.  
  98. FALSEHOOD 29. An out-of-context quote; placed in context, this was dismissing Zdziarski's believed downplaying of these services as being "solely" for diagnostics; the pure personal nature of the data they relay makes them unsuitable for diagnostics only, based on the slides from his talk which had already debunked that general notion prior to Apple's response, for a number of reasons.
  99.  
  100. > And with one word -- "believe" -- we have the nut of what's becoming a big problem in the state of security and journalism for everyone.
  101.  
  102. FALSEHOOD 30. Here, Violet is taking an out of context quote and using it to beat Zdziarski over the head, and insult both the security industry and journalism, when in reality it is Violet who has not provided a single shred of proof to back up any of her outrageous claims against Zdziarski or his character.
RAW Paste Data
We use cookies for various purposes including analytics. By continuing to use Pastebin, you agree to our use of cookies as described in the Cookies Policy. OK, I Understand
Top