Comments on: Lifehacker, Emphasis on the ‘Hack’

By: Jack

Jack — Fri, 16 Oct 2009 23:35:04 +0000

Time and time again, crackers have shown the ability to find and exploit vulnerabilities in unforeseen ways. It is virtually impossible to predict what they will leverage and Apple must cover its ass by securing vulnerabilities if it hopes to retain customers and provide a relatively secure user experience. Appeasing a vocal minority of hackers are simply not worth the potential risks.

Despite the narcissistic paranoia, Apple is not in business to thwart the entitletards. It does what is does because it believes those actions will result in profit by creating value for its customers. The iPhone is not the Mac and to try to equate the two is absurd and calling their efforts to maintain the security and reliability of their product draconian is even more so.

By: Jack

Jack — Fri, 16 Oct 2009 22:35:00 +0000

Despite the narcissistic paranoia, Apple is not in business to thwart the entitletards. It does what is does because it believes those actions will result in profit by creating value for its customers. The iPhone is not the Mac and to try to equate the two is absurd and calling their efforts to maintain the security and reliability of their product draconian is even more so.

By: Michael A. Lowry

Michael A. Lowry — Thu, 15 Oct 2009 10:34:19 +0000

Oh come on. You’re comparing apples to oranges. Not all “exploitable vulnerabilities in the operating system” are equivalent.

The exploit that the iPhone Dev Team has been using requires physical access to the device and requires deliberate action by the user. Even if malwere existed that took advantage of this vulnerability, it would still have to be run by the user on his own computer, and would require that the user follow several explicit manual steps like connecting his iPhone at the right time and restoring the iPhone from the modified firmware bundle in iTunes.

This is a far cry from an exploit in that lets someone halfway around the world take control of your PC from without your even knowing about it.

An iPhone modified with the pwnage tool allows user to run whatever applications he wants. THIS ability could of course be exploited to, say, trick the user into installing malware on his iPhone. But the user who runs the pwnage tool knows what he’s doing. And it’s not as if the only alternative to a general purpose handheld computing device is one locked down by the manufacturer. Just imagine if you could run only Apple-approve apps on your Mac. Come now! There are other ways to make computing devices secure.

By: I Remember When It Used to Be Called ‘Fixing Bugs’ «

I Remember When It Used to Be Called ‘Fixing Bugs’ « — Thu, 15 Oct 2009 04:38:23 +0000

[...] Fixes Exploitable Bug in Boot ROM”. The bugs exploited by jailbreakers aren’t sacred. They’re bugs. [...]

By: posixninja

posixninja — Thu, 15 Oct 2009 02:22:48 +0000

You took that way out of context. This exploit does not allow you to jailbreak your phone, it allows your jailbreak to stay persistent, that's all. The only people worried are apple and their carriers.

By: The Angry Drunk

The Angry Drunk — Thu, 15 Oct 2009 02:15:39 +0000

I'm a little disappointed that the Internet Civility Squad hasn't come 'round yet to chide me on my language. Come on mother–fuckers, I'm on a schedule here.

By: posixninja

posixninja — Thu, 15 Oct 2009 01:58:32 +0000

This is only a "threat" for people who already have their phones jailbroken. That's all on their own ass. I'd you're paranoid, then dot jailbreak

By: Hamranhansenhansen

Hamranhansenhansen — Thu, 15 Oct 2009 01:56:56 +0000

> The only thing that this exploit allowed was to jailbreak your phone

Prognostication. I don't know if that's really enough to make the 99.9% of iPhone users and Apple and the 100 carriers who are not involved in jailbreaking feel good about carrying this bug around in their phone for the convenience of tinkerers.

> it's really just an attempt to make jailbreakers life more difficult.

Now you are reading minds!

By: Hamranhansenhansen

Hamranhansenhansen — Thu, 15 Oct 2009 01:51:12 +0000

> Even with the encryption on the 3GS, from what I understand, it's pretty trivial
> to
> read data directly off the internal flash.

My understanding is the encryption is there only so you can instantly remote wipe the phone by destroying the keys. It is not meant to prevent someone with physical access to the device from reading data off it if the keys are intact.

By: Hamranhansenhansen

Hamranhansenhansen — Thu, 15 Oct 2009 01:49:01 +0000

This is the kind of security rationalization they do at Microsoft and which brought us the botnet.