Hacker Newsnew | past | comments | ask | show | jobs | submitlogin

It's not security by obscurity. It's security by minimizing the attack service by being extremely picky about what you sign. When it is paramount that the code you sign is correct you can't go signing a ton of different projects from people who may not even care about security as much as you do.

>For instance if your iPhone is infected with malware

Then restarting it will remove it. So far Apple has had a perfect record with this unlike Android.



> Then restarting it will remove it. So far Apple has had a perfect record with this unlike Android.

Not things like Pegasus.

It does not minimise attack surface, but minimise ways _you_ can ensure there is nothing on the phone that shouldn't be there.


We're talking about the verification of the boot chain, and last I heard, Pegasus has never subverted that: its strategy is to break back in after every reboot.


Well, you won't know the details because Apple keeps them to themselves and you won't be able to verify it. So that is pointless.




Guidelines | FAQ | Lists | API | Security | Legal | Apply to YC | Contact

Search: