Sophos Cloud Optix
You’ve heard of Catch-22.
Now meet Clause 10.7!
(We aren’t entirely sure that this story has a bona fide security angle, but if you don’t tell the Editor, we shan’t either, so we shall probably get away with it.)
Our story takes place in Apple’s App Store Review Guidelines.
The Guidelines start off in a surprisingly chatty (if not always strictly grammatical) sort of way:
We view Apps different than books or songs, which we do not curate.
We’d have gone for the adverb there, and said that we viewed things differently.
Not that we’re prescriptive grammarians, of course, but an adverb would look just as cool, and would have the advantage of being unexceptionably correct.
That would align a little more cleanly with what follows shortly:
If it sounds like we're control freaks, well, maybe it's because we're so committed to our users and making sure they have a quality experience with our products.
Here’s part of that vaunted “quality experience,” down in Clause 10.7 under User Interface:
10.7 Watch Apps whose primary function is telling time will be rejected
Whoa!
That pulled us up short, and had us asking, “Why?”
After a while, we thought we’d worked it out.
It’s about Apple’s desire for quality, consistency, usability and sounding like control freaks, isn’t it?
But then we realised it’s about facing reality: people just don’t use watches to tell the time any more.
Let’s be honest, that’s what mobile phones are for!
The security tilt
Actually, we’ve just thought of a way to tilt this story so it does assume a security angle.
We hereby introduce some new security slang: “To invoke Clause 10.7.”
For example:
I just tried to set up an anonymous account on the whistleblower site but I got Ten-Dot-Sevenned.
This service claims to be free but I think they're doing a Clause 10.7 on me.
We intend it as an ironic way of referring to a security rule or process that was probably intended to work for the greater good, but ended up sounding not only petty but also absurd.
A security oxymoron, like phrases that sound erudite but are self-contradictory: acutely foolish, nearly unique and uncrackable proprietary encryption algorithm.
Here are some made-up examples that we’d consider Ten-dot-Sevens:
To opt in to our Wi-Fi data collection system, please remove the text string _OPTOUT from the end of your network name.
To subscribe for free, just SMS "FREE" to shortcode 55555. (SMS cost: $0.99)
Your security is incredibly important to us. So, out of an abundance of caution, we are writing to tell you that your PII was stolen.
We’d love to collect some more Clause 10.7s.
Please share your own examples, real or hypothetical, in the comments below, or email us at tips@sophos.com.
By the way, as an incentive, we’re giving away three Naked Security T-shirts to the answers we like the most! (We’ve convinced ourselves that offering prizes in this context isn’t itself a Clause 10.7.)
→ Entries close at 23:59 British Summer Time (UTC+1) on 2015-05-07. You may enter anonymously, but you can’t win unless you give us an email address for us to let you know if you do. Sophos staff, those professionally connected to the company, and their families, are welcome to submit answers for fun, but can’t win. T-shirt styles may vary from those depicted. Sophos’s decision is final, and so on. Please read our official competition terms and conditions.
Clause 10.7 there is no app time equal to or greater than apple time.
Wifi hotspot that offers unlimited “free” wifi. However the free wifi only takes you to the companies website, you have to pay per hour for a capped usuage to access public internet.
There’s a bank we use which requires us – in order to improve our security, of course – to use their java applet and have java enabled in the browser.
No comment on the country they’re based in; but growing up in 1970’s England, it makes sense.
The same country’s tax office require java in the browser too, and explicitly instruct users to ignore the pesky java security messages which pop up about running java from unknown sources.
Sigh.
This is fairly common, and in no way secure.
Been paying for my car insurance for years, when it’s time to claim back the money i paid them all these years the insurance company spanks me with a ten-dot-seven claus asking me to start paying premium.
10.7: The world WILL run on Apple time!
10.7 applied to regular life:
I’ve been mistaken most of my life. Per Foodie Tip 10.7, peanut butter does NOT go with jelly.
10.7 applied to a company:
In order to improve the computer security of our employees, please review Company Security Policies, Clause 10.7
10.7 Documentation of Username/Password
Upon changing passwords – please provide the password and associated username to the Security Manager. This requirement is due to employees not following security standards when creating their password. Your password choice will be reviewed, and if it does not meet our standards, you will be directed to change and provide the updated password. No departments are exempt from this policy.
“For access to our free application, you must add your credit card information.”
I sure wish this one was made-up… I’ve run across this one way too many times.
I was leaving a comment here, but I got 10.7’d as comments about Apple watches are against the ten dot seven clause…
I ordered an internet filtering appliance and the promised delivery date was December. In December I checked the status of the appliance and I was advised by engineering it would be mid April due to a Clause 10.7 error in the sales department. (Sales people “promise you the moon when it won’t fit in your living room”.)
Careful – you might be the next target of Apple’s copyright lawsuit department (I’m pretty sure they have a dedicated department for just copyright lawsuits now) for the phrase “ten-dot-seven”
Im pretty sure i had to pay a collection fee of €150 as stated in clause 10.7 when I won the Nigerian Lotto
I’ve experienced a security themed “ten-dot-seven” way too many times. When I forget my password for a website, and instead of forcing me to verify myself and create a new one, they conveniently offer to email me my existing password… in plain text. In 2015 this really is absurd.
I bank online, as most people do these days. When picking which bank to use I had this happen. You are rightly asked to enter a password, and you even get some top tips on how to pick a secure password. So as most sensible and security aware people would, I picked alpha-numeric, with special characters and that in no way comes close to a dictionary word. Submit, job done…. Not quite, 10.7!!! No special charaters for you and must be from the dictionary. Maybe I should write my password on my forehead, then I will remember it every time I look in the mirror…..
Or maybe when my bank rings me and then says “please answer these security questions to verify who you are” hmmm, you rang me….. (p.s. they don’t like it when you ask them questions about their banks’ past to verify who they are)
Apply has history with using the questionably grammatical use of the word different – they used the slogan ‘Think different’ from 1997 to 2002.
You can argue that “think different” is shorthand for “think different thoughts,” in which case “different” is merely an adjective standing in for a noun, and the direct object of “think.”
That’s not the case here, because the core of the sentence is “we view apps.”
Got 10.7’d by Sophos! Found out their free Antivirus works only for Mac, no active protection for Windows. Just free remedial tools. They have 10 but no .7 in their terms!
Actually, there *is* a way to get the full-on Sophos Anti-Virus for Windows, active protection and everything, for free! If you use the free Sophos UTM Home Edition it protects up to 50 devices on your home LAN *and* gives you up to 12 SAV for Windows licences to go with it. Could be just the thing if you have children to keep safe online, or if you’re the IT geek in a shared house.
So you *can* get our endpoint protection for free for on Mac, Linux, Android…and Windows!
(We do try to mention the “free Windows anti-virus” deal every time we mention the free Sophos UTM…but I have to admit that those 12 Windows licences are hidden gems 🙂
Might not be exactly what you want or need, but just in case it works for you, try here (registration required):
http://www.sophos.com/en-us/products/free-tools/sophos-utm-home-edition.aspx
“We take security seriously! Please enter a password that is not more than 10 characters, not less than 4 characters. Only alphanumeric characters and dots are allowed”
– Your password is stored in a varchar(10) and we don’t want you to try with out SQL injection magics. Hashing? Did you mean hash brownies?
Phoning the bank and having to say 2 digits of your 4-digit online ‘secure’ pin as part of the verification process. Discussing with the employee that I wasn’t comfortable giving away 50% of an alleged ‘secure’ PIN they explained that they don’t actually see the PIN on-screen, just a notification if my answer was correct or not …. hmm, OK, not filling me with confidence here.
Bearing in mind that users are given 3 attempts to get the question right I asked the employee what there was in-place to prevent them simply asking for the 1st and 3rd digit, receiving a correct answer but then telling the user they were wrong and then asking them for the 2nd and 4th digit ….. and thus ending up with the full ‘secure’ PIN.
The employees replied there was nothing in-place to stop that.
Hilariously, if a user fails to offer 2 correct digits after 3 attempts they are then simply asked for the standard address, postcode and DoB information !!!
10.7 We may ask you to tell us your secret secure 4-digit PIN 🙂
Copyright Owner’s Clause 10.7: We have granted you permission to use our DRM-protected movie in your project, but we won’t give you a DRM-free version out of piracy concerns, and this permission will be void if you circumvent DRM in any way!!
(FYI, most, if not all, video editors will not work with DRM-protected videos.)
Or, a more security related-one: Don’t worry, we’ve tested our WinFixer software, and it’s malware-free! (WinFixer was a pretty common rogue/fake antivirus program on Windows.)
IDK I’m bad at this…
Apple Appstore Clause 10.7 any app that makes phone calls other then the phone App built inside the os itself will not be permitted in the App store (these apps include Viber, Vtork, Fring) this is hypothetical