Email attachments will be encrypted via an update to the iOS... ALSO... to even gain anything from that bug, a person would have to physically have your iOS in their hands, and then connect it to a computer, use third party software to extract the IOS system file, then extract your mail and attachments. So, "highly trained UNIX programmer and database guy", get your information correct before you spew it.
The issue with SSL was only an issue if a user was using an unsecured wi-fi network--which no one with half a brain should do anyway. That issue could only be a problem via a man in the middle attack wherein the person on iOS was directed to a fake site. The man in the middle, on the unsecured wi-fi network (likely at a hipster coffee shop or bookstore), could re-route the user to that fake site... but the user should realize the site is fake and not enter any personal info.
Funny how "Apple has always been behind the curve for security". I have 3 PCs and a Mac and the PCs are not secure even with MS's own security software running; that is, if I choose to ignore basic facts and phishing scams, and don't use something to prevent logging, and remove the security on my wi-fi network. Yes, the Mac is amazing. No issues there.
You chose to ignore everything I said about keyloggers. Is your Malwarebytes the free version? If so, it's useless.
Funny how Apple is to blame when Discover declined charges at Walmart but not in iTunes. Why did Discover allow the iTunes charges? You might want to ask them that. Apple does not control your card and how it's billed and whether or not Discover chooses to allow charges to process or not--Discover allowed it. The vendor does not authorize payments.
Good day to you "highly trained UNIX programmer and database guy". I'll assume that you can't name your employer etc., just as I can't -- I am also highly trained. It's a secret though, so goodluck with that. (if you really are highly trained, I am sure you'll find me)
You keep harping on that keylogger. how many times do I have to state that my Discover Card was never entered on my PC. But just to ease your interest yes I have the pay version of MB.
You have yet to explain how a Discover card entered on an iPad that is only used on iTunes got hacked. My iPad is not jail broken.
Maybe you were using a crap wi-fi network over that wi-fi network and entered your iTunes details into iTunes (meaning account name and password)you were piggybacked. Maybe you use "personal hotspot" and it happend then; I can't be sure....Your info stolen at that time and they simply signed in later to buy songs using your account. Your Discover was not hacked. Your iTunes password was used. You never had to reset to get back in to your account correct? That means they used your password. That means that they had access to the network you used and took your info at that time-, they logged your info at that time and took it--which can happen on an iPad. Just becasue you added the card a year earlier does not mean they got access then.
Later, your Discover was comprimised, likley due to online banking, cloned by manual swipe (as mine was over Christmas). They tried at WalMart online and it was declined. The iTunes issue and Walmart issue are not a result of a comprimised iTunes account. Your security code is not visible in any way in iTunes and in order to get it, someone has to be watching you at the time you ket it in which is why I keep talking about loggers. They exsist for iOS as well. Monitoring apps that are running in the background when you type in your info can record and send those details to somewhere else (in older versions of iOS that has been proven, not sure about 7.1.1). Also, check out T.Flannery's comments here: https://discussions.apple.com/thread/3812507
If you really want to verify how it happend, Discover would need to tell you. They have the location origins of the transactions as well as the abilkity to trace the origin of the end user invloved. They too have entire departments who seek that info. They can give you that info they find if you get a court order. They likley won't give it to you because you don't own the card, they do and they just let you use it is all. Once you get more info, you can cross check everything for similarities to see if it was the same source and really narrow down how, when and where this all started. Then you can get a new card and try not to let this happen again.
I am just trying to help people be realistic.
Sorry but again not the case. I don't travel much with my iPad. If I do bring it along someplace it's just to play an offline jigsaw puzzle game that does not require an internet connection. I might attach to open wifi to play some Words with Friends. But I never ever enter data over an open wifi, I never bought an app on an open wifi. Any iTunes purchases (apps only, never bought songs or music) was done at home.
I do not do online banking with my Discover card except when the new card was issued about a year ago. I setup my account triggers and emails and that's the only time I was online with it. It's on autopay, I still get a paper statement and just review the paper when it comes in the mail. I never have to log into the account.
I can't seem to get it across to you that the CC number was entered once and only once. Even if they got my iTunes password how did they get my CC number? Apple only shows the last 4 digits.
Sure, Discover might could tell them, or, far more efficiently, Apple could if they wanted to be accountble, but what they told me, and likely told this other guy, is that I would have to send a subpoena to the Apple legal department to get information on location origins. A funding source just gets a request from Apple. Apple has the information on where the transaction was originally requested. Wouldn't it make more sense for Apple to actually answer the question, versus dumping an extra burden on the consumer and the third party funding source? That's the entire problem. Apple is passing the buck.
From my last experience with Apple on my iTunes fraud issue Apple was 100% unwilling to help at all. They locked my account and told me they don't support iTunes on the 800 number. I would have to open a web ticket. I was beyond ******. Discover had no issues working with me on the problem, infact they even told me the iTunes problem is very well known issue and it's nothing I did wrong. But when I got my new card I made extra sure to strengthen my password and security questions and only use the card on my iTunes account. End result it did not help.
The web ticket with Apple was a disaster. SInce my account was locked I could not login. I get an email from Apple telling me to login to my account and change the password! Well how exactly do I that with the account being locked? I responded to the web ticket explaining my issue and got another email telling me to change my password again. After a few back and forths with the web ticket system I called the 800 number and blasted them. The person on the phone said they have no access to iTunes accounts and that's why they cannot help. So she opened a web ticket for me, and guess what, she got the same stupid answer to change the password. She put me hold, did something and guess what my account was finally unlocked. So they do have access or can at least get to the right people who can actually understand the problem.
The whole situation soured my overall Apple experience. And until someone experinces the problem, they don't have a clue how bad Apple support is.
The really interesting issue this time is so far my Apple account has not been locked out. What was different this time? I am going to guess that my account was not breached, the hackers got the number from the iTunes server and sold the number. Apple has no clue here, just that charges were denied when buying something iTunes. And that's been my point in my last few discussions with TunesFan that the security problem is on the Apple server, not the client side.
I was hacked by someone I think lives in Russia. They changed my title to Dr., changed the credit card information to a credit card that was declined, changed my zip code and then changed my phone number.
Now I cannot remove the fake credit card information because of the declined transactions. I have not even used my account since 2011 when I got rid of my iPhone. So not using it does not help one bit.
****** off on Sunday!