Overclock.net › Forums › Industry News › Software News › [Forbes] iPhone Security Bug Lets Innocent-Looking Apps Go Bad
New Posts  All Forums:Forum Nav:

[Forbes] iPhone Security Bug Lets Innocent-Looking Apps Go Bad - Page 2

post #11 of 24
Quote:
Originally Posted by Futan View Post
While I agree, it is important that it gets out there. As the OP said "Security through obscurity never works".
It's only important that it "gets out there" if the company ignores your report. This guy didn't even bother trying to take the appropriate steps. No one was trying to hide through obscurity...
post #12 of 24
Quote:
Originally Posted by Riou View Post
I don't think Apple wants anyone to discover its insecurities. How can you really test how insecurities of the OS if you cannot test everything?
Of course Apple wants to know security flaws, so they can fix them, it is absurd to think otherwise. Nobody was barred from testing anything either, someone just broke the rules making an example.

That's like being the guy who invented the gun, and then shooting someone with it to prove it works, then wondering why you got in trouble for murder. Whether a discovery was made or not, according to Apple the owners of the App Store - you don't make it known in such a manner that breaks our rules. This is perfectly reasonable, I am not "defending Apple OMG NOT ON OCN!!" either, just pointing out how ludicrous your claims are.
 
ThinkPad W510
(12 items)
 
The Arkbird
(14 items)
 
CPUGraphicsRAMHard Drive
i7 3840QM Quadro K2000M 4x8gb Intel 525 Series 240gb mSATA 
Optical DriveCoolingOSMonitor
Tray-load DVD Factory Windows 7 Pro 1080P "Ultrasharp" panel 
KeyboardPowerCase
Integrated Big 'ol brick M4700 chassis 
CPUMotherboardGraphicsRAM
i7 820QM 4318-CTO Quadro FX 880M 4x4gb 
Hard DriveOptical DriveCoolingOS
X-25M G2 DVD Stock Arch x64 
MonitorKeyboardPowerMouse
1080P touch screen IPS Clicky Brick Adapter UltraNav 
CPUMotherboardGraphicsRAM
4x Xeon E7440s HP DL580 G3 Motherboard Rev. 1.1 ATi Rage XL Samsung ECC DDR2 
Hard DriveOptical DriveCoolingOS
15K HP Ultra320 SCSI DVD Burner Bare Heatsinks + Chassis Airflow The Ever-Changing Distro... 
MonitorPowerCase
Only For Diagnostics.. 2x1300w (Redundant, Delta OEM) HP 4U Rackmount 
  hide details  
Reply
 
ThinkPad W510
(12 items)
 
The Arkbird
(14 items)
 
CPUGraphicsRAMHard Drive
i7 3840QM Quadro K2000M 4x8gb Intel 525 Series 240gb mSATA 
Optical DriveCoolingOSMonitor
Tray-load DVD Factory Windows 7 Pro 1080P "Ultrasharp" panel 
KeyboardPowerCase
Integrated Big 'ol brick M4700 chassis 
CPUMotherboardGraphicsRAM
i7 820QM 4318-CTO Quadro FX 880M 4x4gb 
Hard DriveOptical DriveCoolingOS
X-25M G2 DVD Stock Arch x64 
MonitorKeyboardPowerMouse
1080P touch screen IPS Clicky Brick Adapter UltraNav 
CPUMotherboardGraphicsRAM
4x Xeon E7440s HP DL580 G3 Motherboard Rev. 1.1 ATi Rage XL Samsung ECC DDR2 
Hard DriveOptical DriveCoolingOS
15K HP Ultra320 SCSI DVD Burner Bare Heatsinks + Chassis Airflow The Ever-Changing Distro... 
MonitorPowerCase
Only For Diagnostics.. 2x1300w (Redundant, Delta OEM) HP 4U Rackmount 
  hide details  
Reply
post #13 of 24
Quote:
Originally Posted by Futan View Post
While I agree, it is important that it gets out there. As the OP said "Security through obscurity never works".
Security through "hey everyone, look what I did! you can do the same" is counter productive as well.

Of course it's possible that he tried to contact Apple and they didn't want to hear it so this was his only option but there's nothing that suggests that atm.
Bubbles
(13 items)
 
  
CPUMotherboardGraphicsRAM
Intel i5 3570k @4.7 GA-z77x-ud5h Crossfire 7950's / Heatkiller GPU-X³ 79X0 16gb Samsung 30nm  
Hard DriveHard DriveCoolingCooling
Samsung F3 OCZ Vertex 3 XSPC Raystorm EK Coolstream 360 + XSPC RX240 
OSMonitorKeyboardCase
Windows 8 Pro Crossover Q27 CM Quick Fire Rapid (Reds) NZXT Switch 810 
Mouse
Roccat Savu  
  hide details  
Reply
Bubbles
(13 items)
 
  
CPUMotherboardGraphicsRAM
Intel i5 3570k @4.7 GA-z77x-ud5h Crossfire 7950's / Heatkiller GPU-X³ 79X0 16gb Samsung 30nm  
Hard DriveHard DriveCoolingCooling
Samsung F3 OCZ Vertex 3 XSPC Raystorm EK Coolstream 360 + XSPC RX240 
OSMonitorKeyboardCase
Windows 8 Pro Crossover Q27 CM Quick Fire Rapid (Reds) NZXT Switch 810 
Mouse
Roccat Savu  
  hide details  
Reply
post #14 of 24
Thread Starter 
Apple is just digging its head into the sand.
post #15 of 24
Quote:
Originally Posted by Riou View Post
Apple is just digging its head into the sand.
By doing _____? Where did it say that Apple ignored the exploit or is trying to cover it up?
post #16 of 24
Thread Starter 
Quote:
Originally Posted by PoopaScoopa View Post
By doing _____? Where did it say that Apple ignored the exploit or is trying to cover it up?
Apple does not want people to find bugs in its walled garden.

Apple's policy basically meant no one would know it is possible to allow an application to remotely control any iPhone/iPad/iPod through its server and run any command the developer wanted to.

Apple is punishing security experts who are helping to make iOS more secure. Who is to say this insecurity has not already been found before and used by criminals?

Security through obscurity can only hide you for so long and has been proven to be ineffective.
post #17 of 24
Quote:
Originally Posted by Riou View Post
Apple does not want people to find bugs in its walled garden.

Apple's policy basically meant no one would know it is possible to allow an application to remotely control any iPhone/iPad/iPod through its server and run any command the developer wanted to.

Apple is punishing security experts who are helping to make iOS more secure. Who is to say this insecurity has not already been found before and used by criminals?

Security through obscurity can only hide you for so long.
Aren't you going to rationalize away my criticism of your claims before continuing to make them?
 
ThinkPad W510
(12 items)
 
The Arkbird
(14 items)
 
CPUGraphicsRAMHard Drive
i7 3840QM Quadro K2000M 4x8gb Intel 525 Series 240gb mSATA 
Optical DriveCoolingOSMonitor
Tray-load DVD Factory Windows 7 Pro 1080P "Ultrasharp" panel 
KeyboardPowerCase
Integrated Big 'ol brick M4700 chassis 
CPUMotherboardGraphicsRAM
i7 820QM 4318-CTO Quadro FX 880M 4x4gb 
Hard DriveOptical DriveCoolingOS
X-25M G2 DVD Stock Arch x64 
MonitorKeyboardPowerMouse
1080P touch screen IPS Clicky Brick Adapter UltraNav 
CPUMotherboardGraphicsRAM
4x Xeon E7440s HP DL580 G3 Motherboard Rev. 1.1 ATi Rage XL Samsung ECC DDR2 
Hard DriveOptical DriveCoolingOS
15K HP Ultra320 SCSI DVD Burner Bare Heatsinks + Chassis Airflow The Ever-Changing Distro... 
MonitorPowerCase
Only For Diagnostics.. 2x1300w (Redundant, Delta OEM) HP 4U Rackmount 
  hide details  
Reply
 
ThinkPad W510
(12 items)
 
The Arkbird
(14 items)
 
CPUGraphicsRAMHard Drive
i7 3840QM Quadro K2000M 4x8gb Intel 525 Series 240gb mSATA 
Optical DriveCoolingOSMonitor
Tray-load DVD Factory Windows 7 Pro 1080P "Ultrasharp" panel 
KeyboardPowerCase
Integrated Big 'ol brick M4700 chassis 
CPUMotherboardGraphicsRAM
i7 820QM 4318-CTO Quadro FX 880M 4x4gb 
Hard DriveOptical DriveCoolingOS
X-25M G2 DVD Stock Arch x64 
MonitorKeyboardPowerMouse
1080P touch screen IPS Clicky Brick Adapter UltraNav 
CPUMotherboardGraphicsRAM
4x Xeon E7440s HP DL580 G3 Motherboard Rev. 1.1 ATi Rage XL Samsung ECC DDR2 
Hard DriveOptical DriveCoolingOS
15K HP Ultra320 SCSI DVD Burner Bare Heatsinks + Chassis Airflow The Ever-Changing Distro... 
MonitorPowerCase
Only For Diagnostics.. 2x1300w (Redundant, Delta OEM) HP 4U Rackmount 
  hide details  
Reply
post #18 of 24
Quote:
Originally Posted by Riou View Post
Apple does not want people to find bugs in its walled garden.

Apple's policy basically meant no one would know it is possible to allow an application to remotely control any iPhone/iPad/iPod through its server and run any command the developer wanted to.
No company wants people to exploit their software... How does that prove they try to cover up vulnerabilities? They keep patching the exploits with new updates and someone else finds a new way to do it again. It's a cat and mouse game.

Quote:
Originally Posted by Riou View Post
Apple is punishing security experts who are helping to make iOS more secure. Who is to say this insecurity has not already been found before and used by criminals?

Security through obscurity can only hide you for so long and has been proven to be ineffective.
You don't really understand how the security industry works do you? Apple doesn't punish "security experts". They actually pay people to find exploits. What this so called developer did wasn't to report the vulnerability, he made it public without even contacting Apple. No one is trying to hide through obscurity. You like to throw that phrase around a lot without any proof of it being done.

Come back when you know what you're talking about.
post #19 of 24
Quote:
Originally Posted by OC'ing Noob View Post
He willfully and intentionally broke the rules, released his findings instead of discussing them internally with Apple, then has the idiocy and audacity to call them rude for showing him the door? The stupidity of people continue to amaze me everyday.
There was a guy many years back who came up with this bug in windows xp or 98se that you could use an app to send a packet to an ip and it would instantly blue screen the OS. I believe it was called OOB and discovered and created into an app called winnuke by a guy named HaZaR... none the less about 2 months after he created it... Microsoft hired him. I want to say it was one of the first times a tech/software company snatched up a hacker that found ways to exploit their work.

I was a little script kiddie back then so this was exciting for me.
Mini Gaming
(19 items)
 
The Green Hornet
(21 items)
 
Cloud 9
(17 items)
 
CPUMotherboardGraphicsRAM
Intel 4790k Asus Maximus VII Impact EVGA Titan X SC G.Skill Trident-X 16gb 2400mhz  
Hard DriveHard DriveCoolingCooling
Samsung M.2 SM951 Samsung 850 Pro Bitfenix Maximus Impact full block 2x XSPC 240mm Slim Radiators 
CoolingCoolingCoolingOS
Swiftech MCP355 Pump EKWB 100mm Tube Reservoir 6 Gentle Typhoon AP15 Windows 8.1 Pro 
MonitorMonitorKeyboardPower
Asus ROG Swift 3x Dell U2311H Logitech g512 Corsair AX860i 
CaseMouseAudio
Corsair Carbine Air 240 (Black) Logitech G502 Logitech G430 
CPUMotherboardGraphicsRAM
i7 930 @ 4.4ghz Gigabyte G1 Assassin Asus Radeon 7970 12GB Dominator 1600mhz 
Hard DriveHard DriveHard DriveHard Drive
Mushkin Chronos SATA3 SSD 2 TB Samsung  Patriot Inferno 120gb SSD 2 TB Samsung 
Hard DriveCoolingCoolingCooling
2 TB Samsung Swiftech Apogee XT XSPC RX240 Radiator Swiftech MCR320 
OSMonitorMonitorKeyboard
Windows 7 Ultimate x64 30" Apple Cinema Display 3 - 24" Dell IPS  Logitech Slim Illuminated 
PowerCaseMouse
Coolermaster SilentPro 1000w Coolermaster Cosmos 2 Razer Naga 
CPUMotherboardGraphicsRAM
Intel i7 6700k Gigabyte GA-7170X-Gaming GT EVGA Titan-X Superclocked 32 GB - Kingston HyperX 2400mhz 
Hard DriveHard DriveHard DriveCooling
Samsung SM951 M.2 Samsung 950 EVO - 1 TB Samsung 7200 RPM - 2 TB Corsair H100iGTX 
OSMonitorMonitorKeyboard
Windows 10 Pro x64 HP Envy 34c Asus ROG Swift PG278Q Corsair K65 RGB - Reds 
PowerCaseMouseMouse Pad
Corsair AX860i NZXT H440 (White) Logitech G502 Ikea Galant White 
Audio
Logitech G430 
  hide details  
Reply
Mini Gaming
(19 items)
 
The Green Hornet
(21 items)
 
Cloud 9
(17 items)
 
CPUMotherboardGraphicsRAM
Intel 4790k Asus Maximus VII Impact EVGA Titan X SC G.Skill Trident-X 16gb 2400mhz  
Hard DriveHard DriveCoolingCooling
Samsung M.2 SM951 Samsung 850 Pro Bitfenix Maximus Impact full block 2x XSPC 240mm Slim Radiators 
CoolingCoolingCoolingOS
Swiftech MCP355 Pump EKWB 100mm Tube Reservoir 6 Gentle Typhoon AP15 Windows 8.1 Pro 
MonitorMonitorKeyboardPower
Asus ROG Swift 3x Dell U2311H Logitech g512 Corsair AX860i 
CaseMouseAudio
Corsair Carbine Air 240 (Black) Logitech G502 Logitech G430 
CPUMotherboardGraphicsRAM
i7 930 @ 4.4ghz Gigabyte G1 Assassin Asus Radeon 7970 12GB Dominator 1600mhz 
Hard DriveHard DriveHard DriveHard Drive
Mushkin Chronos SATA3 SSD 2 TB Samsung  Patriot Inferno 120gb SSD 2 TB Samsung 
Hard DriveCoolingCoolingCooling
2 TB Samsung Swiftech Apogee XT XSPC RX240 Radiator Swiftech MCR320 
OSMonitorMonitorKeyboard
Windows 7 Ultimate x64 30" Apple Cinema Display 3 - 24" Dell IPS  Logitech Slim Illuminated 
PowerCaseMouse
Coolermaster SilentPro 1000w Coolermaster Cosmos 2 Razer Naga 
CPUMotherboardGraphicsRAM
Intel i7 6700k Gigabyte GA-7170X-Gaming GT EVGA Titan-X Superclocked 32 GB - Kingston HyperX 2400mhz 
Hard DriveHard DriveHard DriveCooling
Samsung SM951 M.2 Samsung 950 EVO - 1 TB Samsung 7200 RPM - 2 TB Corsair H100iGTX 
OSMonitorMonitorKeyboard
Windows 10 Pro x64 HP Envy 34c Asus ROG Swift PG278Q Corsair K65 RGB - Reds 
PowerCaseMouseMouse Pad
Corsair AX860i NZXT H440 (White) Logitech G502 Ikea Galant White 
Audio
Logitech G430 
  hide details  
Reply
post #20 of 24
Quote:
Originally Posted by OC'ing Noob View Post
He willfully and intentionally broke the rules, released his findings instead of discussing them internally with Apple, then has the idiocy and audacity to call them rude for showing him the door? The stupidity of people continue to amaze me everyday.
That's true, but there's still some element of forgiveness expected in the security industry. Apple also hired the guy who wrote the best jailbreaks out there.
我的电脑
(17 items)
 
  
CPUMotherboardGraphicsRAM
Intel i5-2500k Gigabyte Z68A-D3-B3 LGA 1155 EVGA GeForce GTX 960 4GB SSC G.SKILL Ripjaws 2x4GB DDR3-1333 
Hard DriveHard DriveOptical DriveCooling
Samsung Spinpoint F3 1TB Crucial M4 120GB Lite-On LightScribe 24X SATA DVD+/-RW Dual Laye... Cooler Master Hyper 212 Plus 
OSMonitorPowerCase
Windows 7 Ultimate 64-bit 21.5" Samsung SyncMaster EX 2220 Antec HCG-520 Corsair 400T 
MouseMouse PadAudioAudio
Razer Naga Razer Goliathus Sennheiser HD595 Sennheiser PC350 
  hide details  
Reply
我的电脑
(17 items)
 
  
CPUMotherboardGraphicsRAM
Intel i5-2500k Gigabyte Z68A-D3-B3 LGA 1155 EVGA GeForce GTX 960 4GB SSC G.SKILL Ripjaws 2x4GB DDR3-1333 
Hard DriveHard DriveOptical DriveCooling
Samsung Spinpoint F3 1TB Crucial M4 120GB Lite-On LightScribe 24X SATA DVD+/-RW Dual Laye... Cooler Master Hyper 212 Plus 
OSMonitorPowerCase
Windows 7 Ultimate 64-bit 21.5" Samsung SyncMaster EX 2220 Antec HCG-520 Corsair 400T 
MouseMouse PadAudioAudio
Razer Naga Razer Goliathus Sennheiser HD595 Sennheiser PC350 
  hide details  
Reply
New Posts  All Forums:Forum Nav:
  Return Home
  Back to Forum: Software News
Overclock.net › Forums › Industry News › Software News › [Forbes] iPhone Security Bug Lets Innocent-Looking Apps Go Bad