Overclock.net › Forums › Industry News › Software News › [Forbes] iPhone Security Bug Lets Innocent-Looking Apps Go Bad
New Posts  All Forums:Forum Nav:

[Forbes] iPhone Security Bug Lets Innocent-Looking Apps Go Bad - Page 3

post #21 of 24
Quote:
Originally Posted by Stizuner View Post
There was a guy many years back who came up with this bug in windows xp or 98se that you could use an app to send a packet to an ip and it would instantly blue screen the OS. I believe it was called OOB and discovered and created into an app called winnuke by a guy named HaZaR... none the less about 2 months after he created it... Microsoft hired him. I want to say it was one of the first times a tech/software company snatched up a hacker that found ways to exploit their work.

I was a little script kiddie back then so this was exciting for me.
That is a completely different situation. Anyone can create an app to be used on a Windows computer. The guy in question here signed up for the developer's program with clearly stated participation rules that he willfully and intentionally broke then proceeded to publicly announced the exploit and giving other script kiddies a chance to exploit it first rather than communicating with Apple to fix the exploit. The guy deserved the boot he got and if he has any pride as a human being, he shouldn't complain about the consequences of HIS actions.

Quote:
Originally Posted by mountains View Post
That's true, but there's still some element of forgiveness expected in the security industry. Apple also hired the guy who wrote the best jailbreaks out there.
Forgiveness is given, never expected. People do not deserve forgiveness, the affected party is the one who decides that. The guy broke the rules intentionally. Jailbreakers are not bound by the developer program and a jailbreak in itself is not a security exploit like the one this particular person released which can actually harm Apple's iOS customers.
Biggie Smalls
(22 items)
 
  
CPUMotherboardGraphicsRAM
Intel i5-2500K Asus P8Z77-M EVGA Titan X Corsair Vengeance DDR3 16GB 
Hard DriveHard DriveHard DriveHard Drive
Samsung 830 Pro Samsung 850 Pro Western Digital Black Caviar 64MB Cache Western Digital Black Caviar 64MB Cache 
Optical DriveCoolingOSMonitor
LG Bluray Combo Drive Corsair H50 Windows 7 Professional x64 Dell UltraSharp U3415W 
KeyboardPowerCaseMouse
Ducky Shine 4 Blue/Red Corsair AX860 Corsair Obsidian 350D Razer Deathadder Chroma 
Mouse PadAudioAudioAudio
fUnc Mouse Mat Grace m9xx DAC/AMP ELAC B6 Schiit Lyr 2 
AudioAudio
Fostex TH-X00 (ebony cups with detachable cable... Sennheiser HD650 
  hide details  
Reply
Biggie Smalls
(22 items)
 
  
CPUMotherboardGraphicsRAM
Intel i5-2500K Asus P8Z77-M EVGA Titan X Corsair Vengeance DDR3 16GB 
Hard DriveHard DriveHard DriveHard Drive
Samsung 830 Pro Samsung 850 Pro Western Digital Black Caviar 64MB Cache Western Digital Black Caviar 64MB Cache 
Optical DriveCoolingOSMonitor
LG Bluray Combo Drive Corsair H50 Windows 7 Professional x64 Dell UltraSharp U3415W 
KeyboardPowerCaseMouse
Ducky Shine 4 Blue/Red Corsair AX860 Corsair Obsidian 350D Razer Deathadder Chroma 
Mouse PadAudioAudioAudio
fUnc Mouse Mat Grace m9xx DAC/AMP ELAC B6 Schiit Lyr 2 
AudioAudio
Fostex TH-X00 (ebony cups with detachable cable... Sennheiser HD650 
  hide details  
Reply
post #22 of 24
Quote:
Originally Posted by OC'ing Noob View Post
He willfully and intentionally broke the rules, released his findings instead of discussing them internally with Apple, then has the idiocy and audacity to call them rude for showing him the door? The stupidity of people continue to amaze me everyday.
Agreed.

Quote:
Originally Posted by mountains View Post
That's true, but there's still some element of forgiveness expected in the security industry. Apple also hired the guy who wrote the best jailbreaks out there.
I'm not saying it's the exact same thing, but would you forgive someone that found out how to pick the lock to the front door of your business, and instead of telling you and showing you how you can fix it, decided to make a public display out of it, showing it everyone else instead of actually trying to help you fix your problem?

I will grant that perhaps the individual is trying to make a stronger statement to everyone else who might not know how insecure Apple's set-up is, or wants people to know that their personal device security can be compromised, but when you go to the lengths of facilitating others to do it as well, that goes beyond an honest concern and steps over into malicious behavior. There's no reason to forgive that.

Quote:
Originally Posted by OC'ing Noob View Post
That is a completely different situation. Anyone can create an app to be used on a Windows computer. The guy in question here signed up for the developer's program with clearly stated participation rules that he willfully and intentionally broke then proceeded to publicly announced the exploit and giving other script kiddies a chance to exploit it first rather than communicating with Apple to fix the exploit. The guy deserved the boot he got and if he has any pride as a human being, he shouldn't complain about the consequences of HIS actions.



Forgiveness is given, never expected. People do not deserve forgiveness, the affected party is the one who decides that. The guy broke the rules intentionally. Jailbreakers are not bound by the developer program and a jailbreak in itself is not a security exploit like the one this particular person released which can actually harm Apple's iOS customers.
Very well said.
    
CPUMotherboardGraphicsRAM
i5-2500K Biostar TP67B+ XFX HD5750 1GB 2x4GB DDR3 Corsair 1600 
Hard DriveOSMonitorPower
60GB OCZ SSD, 2x160GB HDD RAID0, 500GB+500GB+1.5TB Windows 7 Ultimate 64-bit Samsung SyncMaster 930B Antec SmartPower 450w 
Case
Antec 900 
  hide details  
Reply
    
CPUMotherboardGraphicsRAM
i5-2500K Biostar TP67B+ XFX HD5750 1GB 2x4GB DDR3 Corsair 1600 
Hard DriveOSMonitorPower
60GB OCZ SSD, 2x160GB HDD RAID0, 500GB+500GB+1.5TB Windows 7 Ultimate 64-bit Samsung SyncMaster 930B Antec SmartPower 450w 
Case
Antec 900 
  hide details  
Reply
post #23 of 24
Quote:
Originally Posted by Stizuner View Post
There was a guy many years back who came up with this bug in windows xp or 98se that you could use an app to send a packet to an ip and it would instantly blue screen the OS. I believe it was called OOB and discovered and created into an app called winnuke by a guy named HaZaR... none the less about 2 months after he created it... Microsoft hired him. I want to say it was one of the first times a tech/software company snatched up a hacker that found ways to exploit their work.

I was a little script kiddie back then so this was exciting for me.
I believe it was Windows 95, it happened in 1996 or 1997 if I remember right. It was especially useful for booting trolls out of chatrooms....booting them wayyyy out.
Foldatron
(17 items)
 
Mat
(10 items)
 
Work iMac
(9 items)
 
CPUMotherboardGraphicsGraphics
i7 950 EVGA x58 3-way SLI EVGA GTX 660ti GTX 275 
RAMHard DriveHard DriveHard Drive
3x2GB Corsair Dominator DDR3-1600 80GB Intel X25-M SSD 2TB WD Black 150GB WD Raptor 
Hard DriveOSMonitorKeyboard
2x 150GB WD V-raptor in RAID0 Win7 Home 64-bit OEM 55" LED 120hz 1080p Vizio MS Natural Ergonomic Keyboard 4000 
PowerCase
750W PC P&C Silencer CoolerMaster 690 
CPUGraphicsRAMHard Drive
Intel Core i5 2500S AMD 6770M 8GB (2x4GB) at 1333Mhz 1TB, 7200 rpm 
Optical DriveOSMonitorKeyboard
LG 8X Dual-Layer "SuperDrive" OS X Lion 27" iMac screen Mac wireless keyboard 
Mouse
Mac wireless mouse 
CPUGraphicsRAMHard Drive
i7-2600K AMD 6970M 1GB 16GB PC3-10600 DDR3 1TB 7200rpm 
Hard DriveOptical DriveOSMonitor
256GB SSD 8x DL "SuperDrive" OS X 10.7 Lion 27" 2560x1440 iMac display 
Monitor
27" Apple thunderbolt display 
  hide details  
Reply
Foldatron
(17 items)
 
Mat
(10 items)
 
Work iMac
(9 items)
 
CPUMotherboardGraphicsGraphics
i7 950 EVGA x58 3-way SLI EVGA GTX 660ti GTX 275 
RAMHard DriveHard DriveHard Drive
3x2GB Corsair Dominator DDR3-1600 80GB Intel X25-M SSD 2TB WD Black 150GB WD Raptor 
Hard DriveOSMonitorKeyboard
2x 150GB WD V-raptor in RAID0 Win7 Home 64-bit OEM 55" LED 120hz 1080p Vizio MS Natural Ergonomic Keyboard 4000 
PowerCase
750W PC P&C Silencer CoolerMaster 690 
CPUGraphicsRAMHard Drive
Intel Core i5 2500S AMD 6770M 8GB (2x4GB) at 1333Mhz 1TB, 7200 rpm 
Optical DriveOSMonitorKeyboard
LG 8X Dual-Layer "SuperDrive" OS X Lion 27" iMac screen Mac wireless keyboard 
Mouse
Mac wireless mouse 
CPUGraphicsRAMHard Drive
i7-2600K AMD 6970M 1GB 16GB PC3-10600 DDR3 1TB 7200rpm 
Hard DriveOptical DriveOSMonitor
256GB SSD 8x DL "SuperDrive" OS X 10.7 Lion 27" 2560x1440 iMac display 
Monitor
27" Apple thunderbolt display 
  hide details  
Reply
post #24 of 24
Quote:
Originally Posted by Riou View Post
I don't think Apple wants anyone to discover its insecurities. How can you really test how insecurities of the OS if you cannot test everything?
You can test everything but you should do it the right way. I think Apple should have removed the app and warned him, not terminated his account but you can understand why they did it.

He should have either demonstrated it by using his own iDevice or by contacting Apple and asking them to allow it which they probably wouldn't. If you can't get it done properly, don't do it by breaking the rules.
Kasuf
(9 items)
 
  
CPUMotherboardGraphicsRAM
Core i5 6600K ASRock Z170 Pro4 ASUS Radeon RX 480 ROG Strix Corsair Vengeance LPX 32GB 3000MHz 
Hard DriveCoolingMonitorPower
Samsung 850 EVO Noctua NH-D15 LG 34" Ultrawide (LG34UC98) Corsair HX750i 
Case
Silverstone FT05B-W 
  hide details  
Reply
Kasuf
(9 items)
 
  
CPUMotherboardGraphicsRAM
Core i5 6600K ASRock Z170 Pro4 ASUS Radeon RX 480 ROG Strix Corsair Vengeance LPX 32GB 3000MHz 
Hard DriveCoolingMonitorPower
Samsung 850 EVO Noctua NH-D15 LG 34" Ultrawide (LG34UC98) Corsair HX750i 
Case
Silverstone FT05B-W 
  hide details  
Reply
New Posts  All Forums:Forum Nav:
  Return Home
  Back to Forum: Software News
Overclock.net › Forums › Industry News › Software News › [Forbes] iPhone Security Bug Lets Innocent-Looking Apps Go Bad