Thanks for the response.
That is not a backdoor.
I see your point, it's not technically a backdoor, but one does have to wonder why Apple doesn't make it much more difficult to circumvent the "security wipe" that anyone can accomplish with a jailbreak and some third party tools. While semantically it's not a "backdoor", it's still a flaw in the implementation. We may never know if that was done purposefully or not.
It is also not a backdoor to just try every password to unlock a phone or decrypt a file.
Agreed, but I've never implied that in the first place.
The only reason Apple would be involved is because this is a hardware device and Apple can do it faster, cheaper, and more efficiently than individual law enforcement agencies.
Recent NSA disclosures have shown there may be other reasons. Experts so far really can’t confirm whether Apple has an iPhone backdoor, better decryption capabilities, or just more advanced techniques they use. That's where it stands. It really depends on the security expert you talk to. Some lean strongly towards a backdoor while others lean strongly against the possibility. But, you won't find any real experts that will say they know for sure just yet.
I woudn't have leaned towards an iPhone backdoor until after recent NSA disclosures showed that there's more than meets the eye when it comes to government/corporate collaboration. Of course, I hope I'm wrong on this.
It is only a few political activists that use "open source" as a critiera.
I'm not sure what you mean when you say use it as a "criteria", but many corporations use Open Source technology. Times have changed. I've worked with a multi-billion dollar publishing company that uses it extensively for a host of reasons, including better security (in their case).
More on this: http://www.dmst.aueb.gr/dds/pubs/jrnl/2012-JSS-OSS-Industry-Use/html/SG11.html
Sometimes open source has the best solution and sometimes it doesn't.
Sure, that's basically what I've said already in my previous post.
The idea that open source is more secure is based on the so-called "Linus's Law". Only Torvalds never said that and it is a proven myth.
You linked to "Facts and Fallacies of Software Engineering" by Robert L. Glass. It's a bit more complex than what you imply. Linus' Law doesn't just pertain specifically to security bugs. Rather, it applies to all bugs including security bugs.
Studies have shown that Open Source projects have less bugs than proprietary projects. But, you can also find (often industry-sponsored like Microsoft) studies that show the opposite.
Like I said earlier, all Open Source projects aren't alike. Some projects don't have enough participation to be more secure (ratio to amount of lines of code) and other very popular projects have tremendous amounts of "eyeballs" in relation to the amount of code. Like I said, there's compelling reasons to choose open source over proprietary code as long as you make a calculated, educated decision.
If you have a small amount of lines of code and a tremendous amount of input, it's very likely to be more secure than propieatry code where you have to trust instead of verify.
Not true at all. OS X is based on UNIX, which is inherently more secure than Windows because it was designed to be so. The OS X kernel is not "battle-hardened". It was just a forgotten college research project until Apple based its new OS on it.
Your logic falls apart there. Apple didn't convert it over to a proprietary kernel until around 2006. It was most certainly battle-hardened over those years. I agree that's not literally the only reason it's more secure than Windows, but I didn't never said it that way. Even Apple itself says that embracing open source contributes to its security. Microsoft, on the other hand, to its detriment has had a much more difficult relationshiop with open source over the years, to say the least.
Being open source, you don't have to worry about Apple backdoors in Truecrypt. Anyone can download the source and create their own backdoors.
That's not how it works, changes are peer-reviewed and verfied with a simple md5 check. You seem to be very focused on diparaging Open Source with inaccurate info, I'm not sure why.
Why on earth would Apple put a backdoor into the operating system so that the NSA could have access
Because the government may have required them do to so. It's well known that some (including the FBI) will use Apple products because of its better secuirty (for various reasons) that can thwart investigations, etc. The governmenet has even said as much.
You are claiming that OS X is secure, or rather, it would be if Apple didn't fill it full of backdoors.
That's innacurate. I've never claimed that OS X is full of backdoors nor even a single backdoor. I'm merely asking about the possibility of a backdoor in the DMG format and/or OS in light of recent NSA disclosures. I'm by far not the only one asking these questions since the disclosures were made public, including many security experts worldwide.
If you are worried about DMGs then don't use them.
I'm personally not worried about DMGs. I have clients that have implemented the technology and I'm investigating in forums all around the world to gather consensus. This Apple thread is only one of about 30 where I've initiated the discussion. Unfortunately, out of all the other forums this is the only one where I've been met with hostility and derision, by the way. But, I'm not one to be detered by bullies.
If you think Truecrypt is the gold standard, then use that.
I use many more security implementation aside from TrueCrypt. I've never implied it's a "gold standard" in all situations. It does have more features that DMG like plausible deniablity, etc. - But, for all I know, the DMG format is just as secure or more secure overall.
All you need is data, time, money, and cryptographic expertise. Who has all of that?. Wait, weren't you worried about the NSA. Bummer dude.
Please be polite, thanks. When you resort to an insulting demeanor it only makes me take you less seriously.
Most top secuirty experts have said that if certain encyrption is implemented carefeully and properly even the NSA can't crack it. The math behind encryption is sound and the NSA can't magically crack the best implementation depsite their vast resources. Most experts say that teh NSA very likely relies on mistakes in implementation and possible backdoors.
I do appreciate your challenging input, overall. Thank you.