Stuart Langridge and Jeremy Garcia present an abbreviated Bad Voltage, in the lead up to Bad Voltage Live at SCaLE in Pasadena, California on March 8th! With some thoughts on what makes a good conference, some confusion as to what the hell Essential are doing releasing a paid-for email app, and a slightly different take on Apple’s Facetime bug where at least one of us thinks that maybe it’s been blown a little out of proportion.
I can confirm the comment from @sil at least it used to be the case in the UK that cheques written in January could be a year out and still accepted if the year was the previous year. Most people don’t write cheques any more so it may not be the case today.
Apart from the fact that I would never use something with an incredibly stupid name like “Facetime”:
I agree with @sil. Jeremy made it look like the bug allowed an attacker to eavesdrop on the victim without the victim ever knowing. That’s simply not true. The attacker has to establish a call and add himself to the call using the GUI, which takes a while. During that time the victim’s device is already ringing, so the victim knows there’s something going on. Eavesdropping is only possible while the call is being established, so the attacker would have to know exactly when to call to gather interesting information or call repeatedly (which the victim would start to wonder about). The victim can also hear the attacker.
I can’t speak for the whole industry but in the new business investment processing department I used to work in, if I spotted any error like that I would send the cheque and application back to the branch office for the branch management to ask the customer to come back and write a new cheque. We were dealing with thousands of pounds at a time. Everything had to be right.
Please respect our code of conduct which is simple: don't be a dick.
