Watered Down Phishing Protection In IPhone OS 3.1?

← Back to Stories (view on slashdot.org)

Watered Down Phishing Protection In IPhone OS 3.1?

Posted by CmdrTaco on Thursday September 10, 2009 @03:27AM from the i-feel-better-already dept.

CrazyCanucklehead writes "Security Researcher Michael Sutton discusses his findings when looking at the advertised anti-phishing features in the recently released iPhone OS 3.1. It turns out that the protection is far less than what is provided in OS X and the feature may not provide any protection at all."

98 comments

Min score:

Reason:

Sort:

Your official guide to the jigaboo presidency by Anonymous Coward · 2009-09-10 03:33 · Score: -1, Troll

Congratulations on your purchase of a brand new nigger! If handled properly, your apeman will give years of valuable, if reluctant, service.
INSTALLING YOUR NIGGER.
You should install your nigger differently according to whether you have purchased the field or house model. Field niggers work best in a serial configuration, i.e. chained together. Chain your nigger to another nigger immediately after unpacking it, and don't even think about taking that chain off, ever. Many niggers start singing as soon as you put a chain on them. This habit can usually be thrashed out of them if nipped in the bud. House niggers work best as standalone units, but should be hobbled or hamstrung to prevent attempts at escape. At this stage, your nigger can also be given a name. Most owners use the same names over and over, since niggers become confused by too much data. Rufus, Rastus, Remus, Toby, Carslisle, Carlton, Hey-You!-Yes-you!, Yeller, Blackstar, and Sambo are all effective names for your new buck nigger. If your nigger is a ho, it should be called Latrelle, L'Tanya, or Jemima. Some owners call their nigger hoes Latrine for a joke. Pearl, Blossom, and Ivory are also righteous names for nigger hoes. These names go straight over your nigger's head, by the way.
CONFIGURING YOUR NIGGER
Owing to a design error, your nigger comes equipped with a tongue and vocal chords. Most niggers can master only a few basic human phrases with this apparatus - "muh dick" being the most popular. However, others make barking, yelping, yapping noises and appear to be in some pain, so you should probably call a vet and have him remove your nigger's tongue. Once de-tongued your nigger will be a lot happier - at least, you won't hear it complaining anywhere near as much. Niggers have nothing interesting to say, anyway. Many owners also castrate their niggers for health reasons (yours, mine, and that of women, not the nigger's). This is strongly recommended, and frankly, it's a mystery why this is not done on the boat
HOUSING YOUR NIGGER.
Your nigger can be accommodated in cages with stout iron bars. Make sure, however, that the bars are wide enough to push pieces of nigger food through. The rule of thumb is, four niggers per square yard of cage. So a fifteen foot by thirty foot nigger cage can accommodate two hundred niggers. You can site a nigger cage anywhere, even on soft ground. Don't worry about your nigger fashioning makeshift shovels out of odd pieces of wood and digging an escape tunnel under the bars of the cage. Niggers never invented the shovel before and they're not about to now. In any case, your nigger is certainly too lazy to attempt escape. As long as the free food holds out, your nigger is living better than it did in Africa, so it will stay put. Buck niggers and hoe niggers can be safely accommodated in the same cage, as bucks never attempt sex with black hoes.
FEEDING YOUR NIGGER.
Your Nigger likes fried chicken, corn bread, and watermelon. You should therefore give it none of these things because its lazy ass almost certainly doesn't deserve it. Instead, feed it on porridge with salt, and creek water. Your nigger will supplement its diet with whatever it finds in the fields, other niggers, etc. Experienced nigger owners sometimes push watermelon slices through the bars of the nigger cage at the end of the day as a treat, but only if all niggers have worked well and nothing has been stolen that day. Mike of the Old Ranch Plantation reports that this last one is a killer, since all niggers steal something almost every single day of their lives. He reports he doesn't have to spend much on free watermelon for his niggers as a result. You should never allow your nigger meal breaks while at work, since if it stops work for more than ten minutes it will need to be retrained. You would be surprised how long it takes to teach a nigger to pick cotton. You really would. Coffee beans? Don't ask. You have no idea.
MAKING YOUR NIGGER WORK.
Niggers are very, very averse to work of any kind. The nigger's most
1. Re:Your official guide to the jigaboo presidency by Anonymous Coward · 2009-09-10 03:54 · Score: -1, Offtopic
  
  I'd mod your black ass up if I could
Far Less than OS X by neonprimetime · 2009-09-10 03:41 · Score: 4, Insightful

It turns out that the protection is far less than what is provided in OS X and the feature may not provide any protection at all.

the iphone in general contains far less than what is provided in OS X so this doesn't come as a surprise to me.

now, whether or not iphone 3.1 phishing protection is a big oversite on apple's part is another discussion and a worthy one at that
1. Re:Far Less than OS X by Anonymous Coward · 2009-09-10 03:44 · Score: 1, Informative
  
  It's spelled oversight.
2. Re:Far Less than OS X by Anonymous Coward · 2009-09-10 03:54 · Score: -1, Flamebait
  
  For all intents and purposes, the iPhone is 100% secure like all Apple products. This protection, even rudimentary is just icing on the cake.
3. Re:Far Less than OS X by Hurricane78 · 2009-09-10 03:55 · Score: 4, Insightful
  
  the iphone in general contains far less than what is provided in a real smartphone so this doesn't come as a surprise to me.
  There, fixed that for ya!
  *ducks*
  
  --
  Any sufficiently advanced intelligence is indistinguishable from stupidity.
4. Re:Far Less than OS X by InsertWittyNameHere · 2009-09-10 04:02 · Score: 1
  
  To be fair, do any phones offer anti-phishing on the device?
5. Re:Far Less than OS X by Anonymous Coward · 2009-09-10 04:06 · Score: 1, Informative
  
  Yah, cause after all my BlackBerry Curve had anti-phishing... wait no it didn't... and that windows mobile phone work gave me had... wait no it didn't... granted both had such awful browsers I don't think many people even used them. Either way it's really popular to rag on Apple for things not being entirely perfect. Fact is I'm more excited about the loads of other things that came with 3.0 and less worried about perhaps a less than great anti-phishing black list. Besides I think you've gotta be pretty stupid to get caught by a phishing attack.
6. Re:Far Less than OS X by Jurily · 2009-09-10 04:20 · Score: 1
  
  To be fair, do any phones offer anti-phishing on the device?
  Do users of any other phone need it?
7. Re:Far Less than OS X by Tom · 2009-09-10 04:26 · Score: 0, Troll
  
  > To be fair, do any phones offer anti-phishing on the device?
  >
  > Do users of any other phone need it?
  Only the part that constantly brags about how their smartphone of choice has this one important feature that the iPhone doesn't, and therefore it is superior in every way.
  
  --
  Assorted stuff I do sometimes: Lemuria.org
8. Re:Far Less than OS X by Anonymous Coward · 2009-09-10 04:28 · Score: 0
  
  Blackberry?
9. Re:Far Less than OS X by Anonymous Coward · 2009-09-10 04:36 · Score: 0
  
  Ummm, if they have web browsers then they need it just as much as iPhone users do.
10. Re:Far Less than OS X by Minion+of+Eris · 2009-09-10 04:43 · Score: 1
  
  If your BlackBerry Smart phone is connected to a BlackBerry Enterprise Server, and you use the BlackBerry Browser (as opposed to Internet Browser or whichever browser your carrier supplies in their software package), then all off your requests pass through the server, instead of "directly" to the 'net over your carrier - as a result, you share whatever filters/protections IT has put in place on the server. If you are BES connected, then you get whatever spam/phishing protection is enabled in your email client at work.
  
  --
  Please don't dominate the rap, Jack, if you got nothin' new to say.
11. Re:Far Less than OS X by AnalPerfume · 2009-09-10 04:47 · Score: 1
  
  You're missing the point, it's shiny, and Steve has given it the stamp of cool and he's the only person on the planet officially allowed to do that, so he should know cool when he sees it. That should be enough for you. Or are you a commie? /sarcasm.
12. Re:Far Less than OS X by Anonymous Coward · 2009-09-10 04:48 · Score: 0, Troll
  
  It's spelled intensive purposes.
13. Re:Far Less than OS X by Monkeedude1212 · 2009-09-10 04:54 · Score: 2, Insightful
  
  The difference between Windows Mobile not having phishing filters and the IPhone not having phishing filters is that Windows Mobile never at any point gave you an illusion of protection.
  If you haven't been trained on basic internet usage - its VERY easy to fall for phishing attempts. We've been browsing the net for years now, and all it takes is someone who says "You can pay your bills online" for someone to try and google how to do it on their own and then fall into a trap.
  I'd say Cross Server Scripting has gotten the best of at least half my friends. Fortunately most of them didn't have any valuable information.
14. Re:Far Less than OS X by Anonymous Coward · 2009-09-10 05:09 · Score: -1, Offtopic
  
  No it isn't; the expression is "for all intents and purposes". "For all intensive purposes" just sounds like nonsense.
15. Re:Far Less than OS X by Hurricane78 · 2009-09-10 05:10 · Score: 1
  
  What's a BlackBerry? What's a Windows Mobile phone?
  No, I know what they are. But why bring out the obscure ones?
  Oh, I know, because on my Symbian phone, I can "install and tweak whatever I want"(TM), including anti-phishing stuff. :)
  (Hmm, I think that's even possible on those two systems above.)
  
  --
  Any sufficiently advanced intelligence is indistinguishable from stupidity.
16. Re:Far Less than OS X by MMC+Monster · 2009-09-10 05:26 · Score: 0, Troll
  
  Also, no one in their right mind uses Windows Mobile to browse the internet. :-)
  Seriously, though, given the percentage of iPhone users that actually use Mobile Safari (much higher than any other single mobile device), they really should get phishing protection like a desktop. Wasn't there a /. article a while back about people using iPhones as their only computer?
  
  --
  Help! I'm a slashdot refugee.
17. Re:Far Less than OS X by Anonymous Coward · 2009-09-10 05:28 · Score: 0
  
  The Curve does have one advantage over the iPhone and most other competitors., it enables accidentally dialing your local emergency # six times in a month while the phone's locked. Can't do that on an iphone unless the SIM's been pulled. Score: Curve 1, iphone 0.
18. Re:Far Less than OS X by david_thornley · 2009-09-10 05:30 · Score: 0, Offtopic
  
  Nonsense? An intensive purpose is one that's clearly focused. Doing something with the aim of getting to a particular movie theater is an intensive purpose. Doing something with the aim of promoting world peace is not. Now, it seems to me that one intensive purpose is unlikely to have much to do with another one, and so there really wouldn't be many things to generalize over them, but other people seem to disagree.
  
  --
  "When you have eliminated the unacceptable, whatever is left, however improbable, must be the truthiness" - Holmes
19. Re:Far Less than OS X by MobileTatsu-NJG · 2009-09-10 05:36 · Score: 2, Funny
  
  To be fair, do any phones offer anti-phishing on the device?
  Do users of any other phone need it?
  Oh, come on. Web browsing on other phones isn't that bad.
  
  --
  
  "I like to lick butts!" by MobileTatsu-NJG (#32700246) (Score:5, Informative)
20. Re:Far Less than OS X by david_thornley · 2009-09-10 05:39 · Score: 0, Troll
  
  Most phones either don't provide a web browser, or provide one so painful that nobody's going to use it long enough to get phished. With that protection, who needs specific anti-phishing measures?
  
  --
  "When you have eliminated the unacceptable, whatever is left, however improbable, must be the truthiness" - Holmes
21. Re:Far Less than OS X by contrapunctus · 2009-09-10 06:26 · Score: 1
  
  but it's about web sites, you see over sites: oversite.
22. Re:Far Less than OS X by Minion+of+Eris · 2009-09-10 06:29 · Score: 1
  
  try standby mode instead of lock (it's the little button up on top of the 'phone).
  
  --
  Please don't dominate the rap, Jack, if you got nothin' new to say.
23. Re:Far Less than OS X by Anonymous Coward · 2009-09-10 07:30 · Score: 0
  
  I use opera on my winmo phone you insensitive clod. I even have tabs :)
24. Re:Far Less than OS X by indiechild · 2009-09-10 14:43 · Score: 1
  
  Elaborate?
25. Re:Far Less than OS X by Anonymous Coward · 2009-09-10 14:53 · Score: 0
  
  Which is why it's so popular! Only nerds need to SSH into something from a smartphone.
26. Re:Far Less than OS X by Anonymous Coward · 2009-09-10 22:03 · Score: 0
  
  No man a doodley "intensive purpose" is marketing a doodley speak for people in black turtleneck seaters! a dodoley
Slight catch in that last sentence by The+Ancients · 2009-09-10 03:50 · Score: 2, Insightful

FTA:
If you work for Apple, please comment on why you went with watered down phishing protection on the iPhone.
If anyone from Apple does comment, we'll not know for sure as they'll not be able to identify themselves sufficiently. As such, everything we do see will just be guesses. Some may make sense and quite probably be right, but who knows...

--
The Mothership
I've got built-in phishing protection. by jtownatpunk.net · 2009-09-10 03:57 · Score: 5, Insightful

It works really well. If I don't know how I got to a site, I don't enter my banking information. Simple. It's amazing how well that works. If I get an email from "my bank" asking me to click on a link to verify something, I don't click on the link. If I think that it has the slightest chance of being legit, I'll open a web browser and type my bank's URL in by hand and log into my account. If the original email was legit, I'll be prompted to do whatever it is they need. If I get an email asking me to reply with my username and password, I know it's a scam. How could anyone NOT know that's a scam? It's not frickin' rocket science.
Instead of putting all this effort into anti-phishing technology, we should make people less stupid.
1. Re:I've got built-in phishing protection. by pak9rabid · 2009-09-10 04:05 · Score: 1
  
  Seconded (only because I don't have mod points at the moment)
2. Re:I've got built-in phishing protection. by bFusion · 2009-09-10 04:06 · Score: 4, Funny
  
  If you invent anti-stupid technology, I'm sure you'd be a near instant millionaire.
3. Re:I've got built-in phishing protection. by stokessd · 2009-09-10 04:14 · Score: 3, Informative
  
  It's not frickin' rocket science.
  Instead of putting all this effort into anti-phishing technology, we should make people less stupid.
  The problem is that the API for "people" is really old, and many of the functions appear to be deprecated (see driving a non-syncromesh manual transmission, hunting, fabricating arrow points, etc). It's much easier to foam rubber coat the world, than to try to make "people" smarter (See modern playgrounds for freshly instantiated "people").
  Sheldon
4. Re:I've got built-in phishing protection. by mcgrew · 2009-09-10 04:18 · Score: 1
  
  Instead of putting all this effort into anti-phishing technology, we should make people less stupid.
  You can make people less ignorant, but there is no way to make them less stupid.
  
  --
  Free Martian Whores!
5. Re:I've got built-in phishing protection. by starglider29a · 2009-09-10 04:21 · Score: 0
  
  This problem is self limiting... People who are stupid enough to fall for a phishing scam will have their finances and credit pwned so badly that they won't be able to GET an iPhone.
  
  Though maybe people would be less susceptible if they didn't think that their browser/OS/phone was idiot-proof. Maybe the best phishing protection is to declare that there isn't any phishing protection. Motorcyclist drive more carefully than people in air-bagged cars.
6. Re:I've got built-in phishing protection. by Tom · 2009-09-10 04:23 · Score: 3, Insightful
  
  Instead of putting all this effort into anti-phishing technology, we should make people less stupid.
  Rational analysis tells me that's the wrong approach. Inventing a 100% reliable anti-phishing technology is considerably easier than making people less stupid.
  
  --
  Assorted stuff I do sometimes: Lemuria.org
7. Re:I've got built-in phishing protection. by Anonymous Coward · 2009-09-10 04:27 · Score: 2, Funny
  
  You think making people less stupid is easier??
  Please excuse me while I clean up the drink I just snarfed all over my laptop!
8. Re:I've got built-in phishing protection. by sakdoctor · 2009-09-10 04:30 · Score: 5, Funny
  
  My Nigerian company, in a Joint venture with a Russian company, actually sells an anti-stupid product.
  It really works, and it's available to buy TODAY!
  http://shop1337.youscam.ru/darwin/get_smart_stupid
9. Re:I've got built-in phishing protection. by Tweenk · 2009-09-10 04:30 · Score: 1
  
  we should make people less stupid.
  Unfortunately that is a physical impossibility, so your plan fails.
  Moreover the wide access to technology depends on it being accessible to stupid people - otherwise they wouldn't buy them and the technology companies would fold. There is just no solution to this problem: idiots will always get their computers hacked, fall for scams, get their credit cards stolen etc. no matter how secure we make them. The only way to cope with this is to minimize the effects they can have on other people.
  
  --
  Those who would give up liberty to obtain working drivers, deserve neither liberty nor working drivers.
10. Re:I've got built-in phishing protection. by Nadaka · 2009-09-10 04:33 · Score: 1
  
  Hey... I still drive a manual (though admittedly it is syncromesh), I still hunt, I still fabricate arrow heads. These are largely relegated to hobbies, but some people really do still do these things.
11. Re:I've got built-in phishing protection. by greyline · 2009-09-10 04:52 · Score: 2, Funny
  
  I think so many people tried to visit your site, it went down. Can I just post my information here for your product?
12. Re:I've got built-in phishing protection. by cadeon · 2009-09-10 04:56 · Score: 4, Funny
  
  we should make people less stupid.
  Your post advocates a
  ( ) technical ( ) legislative ( ) market-based (X) demographic
  approach to fighting phishing. Your idea will not work. Here is why it won't work. (One or more of the following may apply to your particular idea, and it may have other flaws which used to vary from state to state before a bad federal law was passed.)
  ( ) Phishers can easily use it to harvest email addresses
  ( ) Mailing lists and other legitimate email uses would be affected
  ( ) No one will be able to find the guy or collect the money
  (X) It is defenseless against brute force attacks
  (X) It will stop phishing for two weeks and then we'll be stuck with it
  (X) Users don't want to be educated
  (X) Microsoft will not put up with it
  ( ) The police will not put up with it
  ( ) Requires too much cooperation from phishers
  (X) Requires immediate total cooperation from everybody at once
  ( ) Many email users cannot afford to lose business or alienate potential employers
  Specifically, your plan fails to account for
  ( ) Laws expressly prohibiting it
  (X) Lack of centrally controlling authority for information
  ( ) Open relays in foreign countries
  ( ) Ease of searching tiny alphanumeric address space of all email addresses
  (X) Asshats
  ( ) Jurisdictional problems
  ( ) Unpopularity of weird new taxes
  ( ) Public reluctance to accept weird new forms of money
  ( ) Huge existing software investment in SMTP
  ( ) Susceptibility of protocols other than SMTP to attack
  ( ) Willingness of users to install OS patches received by email
  ( ) Armies of worm riddled broadband-connected Windows boxes
  ( ) Eternal arms race involved in all filtering approaches
  (X) Extreme profitability of phishing
  ( ) Joe jobs and/or identity theft
  (X) Technically illiterate politicians
  (X) Extreme stupidity on the part of people who do business with spammers
  (X) Dishonesty on the part of spammers themselves
  ( ) Bandwidth costs that are unaffected by client filtering
  (X) Outlook
  and the following philosophical objections may also apply:
  (X) Ideas similar to yours are easy to come up with, yet none have ever been shown practical
  (X) Accessibility
  ( ) SMTP headers should not be the subject of legislation
  ( ) Blacklists suck
  ( ) Whitelists suck
  ( ) We should be able to talk about Viagra without being censored
  ( ) Countermeasures should not involve wire fraud or credit card fraud
  ( ) Countermeasures should not involve sabotage of public networks
  (X) Countermeasures must work if phased in gradually
  ( ) Sending email should be free
  (X) Why should we have to trust you and your information?
  ( ) Incompatiblity with open source or open source licenses
  ( ) Feel-good measures do nothing to solve the problem
  ( ) Temporary/one-time email addresses are cumbersome
  ( ) I don't want the government reading my email
  (X) Killing them that way is not slow and painful enough
  Furthermore, this is what I think about you:
  ( ) Sorry dude, but I don't think it would work.
  (X) This is a stupid idea, and you're a stupid person for suggesting it.
  ( ) Nice try, assh0le! I'm going to find out where you live and burn your house down!
13. Re:I've got built-in phishing protection. by Anonymous Coward · 2009-09-10 04:59 · Score: 1, Insightful
  
  You Can't Fix Stupid - Ron White
14. Re:I've got built-in phishing protection. by jellomizer · 2009-09-10 04:59 · Score: 1
  
  Until you make a type and misspell your banks website domain name. (or are you stupid enough to have a nice bookmark wide open for anyone to click on to see who you bank with) then you go to a site that look just like your bank. Heck it may even have a valid security certificate, and you just got fished.
  So you know how you got onto you site. However you a simple mistake... To bad you didn't have a Phishing protection to tell you that you went somewhere wrong.
  It is not that people are stupid. But they let their guards down at some point when they do most of the time they are lucky but you can get that one point where you let you guard down and you make the mistake then bingo you are in trouble.
  The really stupid people in the world think everyone else is stupid. The smart people in the world realize that they are not that smart and know to take advantage of help and tools to help offset their shortcomings.
  
  --
  If something is so important that you feel the need to post it on the internet... It probably isn't that important.
15. Re:I've got built-in phishing protection. by mehrotra.akash · 2009-09-10 05:23 · Score: 1
  
  I dont think that the iPhone is targeted to people who actually know how to protect themselves, many of them would be using blackberries/nokia E/WinMo series or other business focused handsets as their primary phone and the iPhone as a secondary media device.
  "Instead of putting all this effort into anti-phishing technology, we should make people less stupid."
  then only those who want a media player would want iPhones
  Note: all my comments are based on the original unjailbroken iPhone, have not encountered a newer version
16. Re:I've got built-in phishing protection. by goldmaneye · 2009-09-10 05:35 · Score: 1
  
  I disagree that no protection is the best protection. Plenty of people make simple typing errors all the time when they go looking for a website. Bank0fAmerica (it's a zero; could you tell?) looks an awful lot like BankOfAmerica. As phishing attacks get more and more sophisticated, eliminating any kind of protection makes less and less sense; even smart people can get taken in by an expertly-executed phishing attack that uses a URL that very closely mimics the correct URL and a website that looks nearly identical to the actual website.
  
  Regarding your analogy with motorcycles, statistics compiled by the National Highway Traffic Safety Administration suggest that motorcyclists might actually drive less safely than people in air-bagged cars. In a fatal collision, when compared to passenger vehicles involved in such collisions, motorcyclists were found to be:
  
  (1) More likely to have been speeding.
  (2) More likely to have had their license suspended.
  (3) More likely to have been driving with a suspended license.
  (4) More likely to have been legally intoxicated.
  (5) More likely to have a previous DUI on their record.
  
  Please note: The report does not suggest that these behaviors are prevalent among motorcyclists, and it is not in any way my intention to suggest that they are. Most motorcyclists that I have seen on the road drive in a very safe manner. I am just summarizing the statistics from the NHTSA report.
  
  Source: http://www.nhtsa.dot.gov/portal/nhtsa_static_file_downloader.jsp?file=/staticfiles/DOT/NHTSA/Traffic%20Injury%20Control/Articles/Associated%20Files/810990.pdf
17. Re:I've got built-in phishing protection. by MobileTatsu-NJG · 2009-09-10 05:38 · Score: 2, Insightful
  
  Instead of putting all this effort into anti-phishing technology, we should make people less stupid.
  You can make people less ignorant, but there is no way to make them less stupid.
  You know, it's funny, chicks look at our fashion sense the same way we look at their understanding of the internet.
  
  --
  
  "I like to lick butts!" by MobileTatsu-NJG (#32700246) (Score:5, Informative)
18. Re:I've got built-in phishing protection. by Gulthek · 2009-09-10 05:45 · Score: 1
  
  Speaking as a parent of a toddler: modern playgrounds are AWESOME. At a nearby park there is a frikin' 3 story spiral tunnel slide! A ladder that leads to a rock wall about 5' up that kids can climb along then drop down (yes, drop) onto a big flat slide. An obstacle course of monkey bars that go UP from about 6' to 8' then end at a raised platform on a sprawling playset.
  All in all, playgrounds seem far more dangerous (and awesome) than the tiny slides and see-saws I played on as a kid. I'm actually pretty jealous.
19. Re:I've got built-in phishing protection. by sbeckstead · 2009-09-10 05:47 · Score: 1
  
  Please do, we'll contact you when the product ships!
  
  --
  Why bother
20. Re:I've got built-in phishing protection. by sbeckstead · 2009-09-10 05:48 · Score: 1
  
  Seconded!
  
  --
  Why bother
21. Re:I've got built-in phishing protection. by jargon82 · 2009-09-10 05:51 · Score: 1
  
  Having kids is really just an excuse to keep playing with their toys, at least for men.
22. Re:I've got built-in phishing protection. by Gulthek · 2009-09-10 05:52 · Score: 1
  
  Oh also, manual transmission FTW. My wife has actually never owned a car that was anything else.
23. Re:I've got built-in phishing protection. by johndiii · 2009-09-10 05:55 · Score: 2, Insightful
  
  I agree with your point about no protection not being the best protection, but I don't think that the statistics that you cite demonstrate the point that you are trying to make. The notion that motorcycle crashes in general have a greater incidence of fatality means that behavior that causes crashes will correlate better with motorcycle fatalities than with passenger vehicle fatalities.
  A more meaningful number would be something like the number of crashes per vehicle mile. Or perhaps the number of injury-producing crashes per vehicle mile. Even then, a conclusion might be slippery, because motorcycles do not tend to get into minor accidents like parking lot fender-benders, but even a minor motorcycle accident is more likely to produce an injury than a passenger car accident.
  
  --
  Floating face-down in a river of regret...and thoughts of you...
24. Re:I've got built-in phishing protection. by Anonymous Coward · 2009-09-10 05:55 · Score: 0
  
  Hey, my transmission is not synchromesh, you insensitive clod!
25. Re:I've got built-in phishing protection. by 0110011001110101 · 2009-09-10 06:15 · Score: 1
  
  hahah silly man. I have 9 different banks bookmarked in my browser to fool people who break into my house, log into my computer and scan my favorites to see where I bank. There are like "beyotch why steal your tv when i can find out where you bank boooyyyy!". But then they see my 9 bookmarks, and they are like.. oh f#*$ this guy is smart, but still they start clicking. At some point they will click on my wachovia link (most robbers bank with wachovia) and decide they need to check their account balance.. bad news for them because thats my own fishing site and they are unknowingly giving me their password... hah! suckaz! The funny part is, not one of those nine bookmars are my bank, actually my banks website is spelled out with random letter positions from each of those 9 bookmarks. I look each one up and then build a string from that, then copy and paste that into my browser. You are thinking, what if you cant remember all the letter positions in each bookmark smarty pants?? well, i have that taken care of, see next to my keyboard is my Wells Fargo checkbook.. and inside of that the hidden combination of letter sequences is written out. So... good luck robber b*tches! I'm all covered yo!
  
  --
  Don't anthropomorphize computers: they hate that.
26. Re:I've got built-in phishing protection. by mcgrew · 2009-09-10 06:36 · Score: 1
  
  I don't know, there are a few women I know that know more about the internet than some slashdotters, and other women who have less fashion sense than me (and I wear pretty much the same kind of clothes I wore decades ago).
  To me, fashion=stupid.
  
  --
  Free Martian Whores!
27. Re:I've got built-in phishing protection. by KingPin27 · 2009-09-10 06:38 · Score: 1
  
  Having kids is really just an excuse to keep playing with their toys, at least for men.
  Unless all you have are girls then all you do is spend most of your time with them undressing and re-dressing various assortments of barbies..... Ugh!
  
  --
  "i lost my dignity on a slippery wiener"
28. Re:I've got built-in phishing protection. by MobileTatsu-NJG · 2009-09-10 06:54 · Score: 1
  
  To me, fashion=stupid.
  Right. So would it be fair for me to say you're not beating the hotties off with a stick?
  No offense intended, I didn't mean that as an attack. Frankly, I'm not one to talk. My point is that we, as geeks/nerds think other people are stupid, yet other people think we are stupid.
  I have a feeling that example isn't going to go over to well so I'll use another. There are peeps out there that would think *I* am stupid because I don't know how to change the oil in m car. I could retort that I think those people are stupid for not knowing how to write a useful Mel script. If I look extra not-cool right now, you're getting my point.
  
  --
  
  "I like to lick butts!" by MobileTatsu-NJG (#32700246) (Score:5, Informative)
29. Re:I've got built-in phishing protection. by amoeba1911 · 2009-09-10 07:02 · Score: 1
  
  Sign me up too please! Here's my name, address, birthday, social security number, bank account and routing number, credit card number.
  
  Thanks!
30. Re:I've got built-in phishing protection. by amoeba1911 · 2009-09-10 07:07 · Score: 2, Insightful
  
  The day you invent anti-stupid technology, the stupid will get stupider.
31. Re:I've got built-in phishing protection. by geekboy642 · 2009-09-10 07:32 · Score: 1
  
  I wish I could afford an automatic transmission. Sure, there's something to be said for a proper gearshift, but after a decade of stop-and-go driving in the city, I'm ready to not use a clutch anymore.
  
  --
  Just another "DOJ fascist authoritarian totalitarian bootlicker" -- Zeio
32. Re:I've got built-in phishing protection. by mcgrew · 2009-09-10 07:44 · Score: 1
  
  Actually, the "out of fashion" thing works for me. Women want the "bad boys" because they have a need to change them, and you don't have to be a true "bad boy" for the effect to work. The first thing a woman does after she gets her hands on me is try and get me to get rid of the sweater.
  And I don't think I've ever seduced a woman. I suck at it, but some do come on to me. Unfortunately, some gay men do, too.
  As to changing the car's oil, that's not stupidity, it's ignorance. You could learn to change the oil in your car, a truly stupid person couldn't. When I say "fashion=stupid", fashion is a waste. I'm not going to throw out a perfectly good pair of jeans just because fashion says jeans should be a darker color blue, and I'm not going to throw away my comfortable jeans because tight fitting ball busters are in style.
  
  --
  Free Martian Whores!
33. Re:I've got built-in phishing protection. by Dishevel · 2009-09-10 08:10 · Score: 1
  
  How could anyone NOT know that's a scam? It's not frickin' rocket science.
  Instead of putting all this effort into anti-phishing technology, we should make people less stupid.
  As a rule in advanced societies people get more stupid and less able.
  
  --
  Why is it so hard to only have politicians for a few years, then have them go away?
34. Re:I've got built-in phishing protection. by MobileTatsu-NJG · 2009-09-10 08:19 · Score: 1
  
  As to changing the car's oil, that's not stupidity, it's ignorance. You could learn to change the oil in your car, a truly stupid person couldn't.
  This is ultimately the point I was trying to make. We agree, man.
  Have a good day.
  
  --
  
  "I like to lick butts!" by MobileTatsu-NJG (#32700246) (Score:5, Informative)
35. Re:I've got built-in phishing protection. by starglider29a · 2009-09-10 08:29 · Score: 1
  
  In a fatal collision...
  Ah, but what about the collisions that never happened? That's the point. A rider without the protection of a cage will driver gingerly and NOT GET into a fatal collision. Whereas, a driver who knows that their airbag will deploy will drive less carefully than a car without airbags.
  
  But, says Steven Peterson, professor of economics at Virginia Commonwealth University, "An airbag allows me to drive more aggressively but not face any more risk." In fact, drivers of airbag-equipped cars get into and cause more accidents, negating the safety benefits for drivers and increasing the risk to others.
  And here's a stat you won't find... Bikers with NO helmet, NO leather will drive VERY carefully. NOT relying on airbag or even traffic laws to protect them.
  
  The person surfing the web should be babysitting their OWN stuff because anti-phishing measures make better phishers, and idiot proofing makes better idiots.
  
  And when I get an email from Bank0fAmerica telling me my account needs X, click here to login... I delete it without reading it. Zero or not. Keep telling them that they are safe and they eventually won't be.
36. Re:I've got built-in phishing protection. by Anonymous Coward · 2009-09-10 11:25 · Score: 0
  
  If you invent anti-stupid technology, I'm sure you'd be a near instant millionaire.
  No, I will be. You see, I have a patent on anti-stupid. I call it "smart" (TM)
37. Re:I've got built-in phishing protection. by Anonymous Coward · 2009-09-10 13:11 · Score: 0
  
  Maybe you can't make *this individual* less stupid, but you can make future generations less stupid. By not babyproofing everything (future generations won't stick forks into electrical sockets?)
  This is a joke, mostly...
38. Re:I've got built-in phishing protection. by davidshewitt · 2009-09-10 14:28 · Score: 1
  
  In Soviet Russia, our anti-stupid product sells YOU!
39. Re:I've got built-in phishing protection. by intheshelter · 2009-09-11 01:03 · Score: 1
  
  I've got no mod points right now, but I have to say your reply was kind of dumb. I think you might fall under the stupid demographic for actually dissecting his tongue in cheek idea.
I RTFA by mcgrew · 2009-09-10 04:05 · Score: 2, Insightful

That's troubling. Phishing protection that doesn't work is more dangerous than no protection at all. At least if you know you have no protection you'll be more careful.

--
Free Martian Whores!
1. Re:I RTFA by Webcommando · 2009-09-10 04:35 · Score: 1
  
  That's troubling. Phishing protection that doesn't work is more dangerous than no protection at all. At least if you know you have no protection you'll be more careful.
  I know where people are coming from on this but it is a first pass at a new capability. Should they used the same mechanism as Safari on OSX (i.e. Google database)? Maybe, but perhaps there is a reason why that wasn't appropriate.* Perhaps there was a specific challenge they hadn't resolved for 3.1
  
  I think it is encouraging that they made an attempt and expect to see some improvements as the engineering team gets real world feedback on the feature. Regardless, I don't think I normally go to sites on my iPhone that I don't already know from normal browsing and have a shortcut already.
  
  * As an aside, if I was Apple, I'd start finding alternative ways of providing key content (maps, videos, etc.) to my phone that didn't rely on Google. Never sole source to a supplier that starts competing directly with you.
  
  --
  I love the sound of distortion in the morning -- webcommando
2. Re:I RTFA by Bill,+Shooter+of+Bul · 2009-09-10 05:26 · Score: 1
  
  Phishing sites come into existence so fast, that I really wonder how much use any phishing filter is. But any protection is better than none, though I'd recommend not trumpeting it too loudly for the exact same reason you gave.
  
  --
  Well.. maybe. Or Maybe not. But Definitely not sort of.
3. Re:I RTFA by jtownatpunk.net · 2009-09-10 07:42 · Score: 1
  
  If people were smart enough to "be more careful", they wouldn't need phishing protection in the first place. :)
mnerd by Anonymous Coward · 2009-09-10 04:11 · Score: 0

You do realize that just about any security feature of any platform could be broken or circumvented and "may not provide any protection at all"
Doesn't matter anyway by ironicsky · 2009-09-10 04:21 · Score: 1

It doesn't matter how many bells and whistles, security and user protection systems you put on a device. A dumb user is still a dumb user. Look at your typical computer user. Even though they are using the latest A/V software, their ISP scans for email viruses and spam, they are using Firefox which has anti-phishing protection, a firewall program or a router with SPI, and malware protection software they still manage to blow their computer out of the water on a regular basis requiring tech support to fix it, or fall victim to a phishing scheme. This is 10 years of doing consumer tech support talking. Most user's have the "Press Yes" mentality. The dialog could clearly state, press Yes to install this nice virus on your computer, and without reading it, they would hit yes.

The best solution out there is to actually train users of online devices to know how to spot problems or suspicious sites, programs, etc. Until the users are trained how to recognize problems they won't learn how to deal with them.
You bought an iPhone... by f0rk · 2009-09-10 04:23 · Score: 1

... you're already fished.
Latency by topham · 2009-09-10 04:34 · Score: 1

Latency is the likely reason to not go with the Google lookup method.
Besides, don't know about you, but I'd prefer that not all my browser habits be logged to the government.
1. Re:Latency by AnalPerfume · 2009-09-10 04:45 · Score: 1
  
  I wasn't aware Google = Government, with a few exceptions like China. Any closed source application can be tracking you and you'd never know. Chances are Apple are doing the same in all sorts of ways, for the same reasons Google do....targeted advertising. They want to know more about you so they can put an advert up which is more likely to appeal to your wallet opening tendencies.
  
  At least with Google you don't need to use Google apps to access the services, you can use open or closed source third party apps like Firefox which has an addon to limit what information Google get from you when you do use their services. More than that, you can choose not to use Google at all. With the iPhone Apple ensure that some of their apps are the ONLY option. They won't allow any competing web browser so your stuck with theirs, regardless of whether they've stuffed it with spyware or not. Same goes with iTunes, do you believe they don't track what media you have? Are you really that naieve?
2. Re:Latency by mehrotra.akash · 2009-09-10 05:28 · Score: 1
  
  actually, google would make a great government and in reality might just get big enough to start buying small countries at first and then slowly expand and become the world government
  just imagine, if i wanted to go from point A to B anywhere in the world, i could easily look it up on google as, google being the world government would have all the information necessary, and no passports/restrictions/different currency conversions,etc would be required
  even better, they might just be able to plan your life, just imagine that you want to spend X days in A y in B and z in C, google could automatically plan a trip, apply for your leave at office and the amount of money would be deducted from your bank account, all with just 1 click
3. Re:Latency by dhaines · 2009-09-10 06:44 · Score: 1
  
  You are not stuck with Apple's browser on the iPhone. A casual search turned up 15 web browser apps before I stopped counting.
  
  I'd provide links, but someone might be tracking.
But...but... by dreamchaser · 2009-09-10 04:39 · Score: 0, Troll

But it's Apple! I thought everything from Apple was considered magically delicious here. Now I'm confused :(
1. Re:But...but... by Monkeedude1212 · 2009-09-10 05:01 · Score: 1
  
  No, you're thinking of ONE product from GENERAL MILLS.
Snap judgements by 93+Escort+Wagon · 2009-09-10 04:43 · Score: 1, Flamebait

Given that the iPhone OS 3.1 was just released yesterday, I've got to wonder just how thoroughly this blogger investigated anything.
Note that doesn't mean I think the features in question are good or bad - but really, I'm not going to put much stock into anything anyone wrote up after at most a few minutes of use.
Sigh... I'll be so happy when blogs die their already-overdue natural death.

--
#DeleteChrome
1. Re:Snap judgements by Monkeedude1212 · 2009-09-10 04:57 · Score: 3, Informative
  
  He went to the popular testing site Phishtank and tried the phone out against a bunch of different phishing attempts. He says not one was blocked.
2. Re:Snap judgements by amicusNYCL · 2009-09-10 05:37 · Score: 1
  
  Note that doesn't mean I think the features in question are good or bad - but really, I'm not going to put much stock into anything anyone wrote up after at most a few minutes of use.
  His central point was that he couldn't find a single site that was flagged as a phishing site. He even bolded that for you. If you can disprove that, go ahead and post a comment to his blog, he doesn't have any comments yet of people offering sites that do actually get flagged.
  
  --
  "Our two-party system is like a bowl of shit looking at itself in a mirror." - Lewis Black
3. Re:Snap judgements by johndiii · 2009-09-10 05:39 · Score: 1
  
  He's not just a "security researcher" - he's an official blogger for Zscaler, a "cloud security" vendor. Essentially, they seem to provide security-checking proxies. My take is that he would have a vested interest in portraying the iPhone (or any platform not protected by Zscaler) as insecure.
  The PhishTank list has 2279 entries. I'd be interested to know how many he tried, and which ones.
  
  --
  Floating face-down in a river of regret...and thoughts of you...
Let me Blow your mind. by k_187 · 2009-09-10 04:52 · Score: 1

Anything from Apple is considered magically delicious and explicitly loathed here.

--
11 was a racehorse
12 was 12
1111 Race
12112
He didn't do his research. by nneonneo · 2009-09-10 05:44 · Score: 4, Interesting

I followed the same steps as outlined in TFA: download the verified online phishing list, pick a few URLs and load each into MobileSafari.

The very first one on the list, citibanking.ru, was blocked by both Firefox and MobileSafari. Since it was at the top, I thought that perhaps it was too recent (reported Sept 10, 2009), so I went down the list a bit, and got colorear.org/ray/, also blocked on Firefox and MobileSafari (reported Aug 26, 2009). guildoftibia.w.interia.pl was also blocked on both (reported July 28, 2009). I also found a few that were blocked on neither, but none that were blocked only on one and not the other, suggesting that MobileSafari uses Google's list (further reinforced by the fact that the "about" link takes you to a help page on Google.

So, I call sloppy research on the part of this security researcher (who writes "In fact, I have yet to identify a single phishing page blocked on the iPhone", emphasis his), since I was quite easily able to find several pages which were blocked.
1. Re:He didn't do his research. by nneonneo · 2009-09-10 05:52 · Score: 1
  
  For those of you who are curious and have never seen the phishing warning, here it is (two images were combined to show the full height of the message).
2. Re:He didn't do his research. by teshuvah · 2009-09-10 06:44 · Score: 1
  
  I have a 32GB iPhone 3GS phone, and I just put http://citibanking.ru/ into MobileSafari and the webpage loaded. I did not get the phishing warning or anything. Something is very inconsistent here if it works for some and not for others.
3. Re:He didn't do his research. by nneonneo · 2009-09-10 06:48 · Score: 1
  
  Is it running iPhone OS 3.1, and is the Fraud Warning option enabled under Settings->Safari?
4. Re:He didn't do his research. by teshuvah · 2009-09-10 06:50 · Score: 1
  
  Yes, forgot to mention I am running iPhone OS 3.1. And yes, fraud warning is turned on in settings. What model of iphone do you have? how are you connecting - wireless or 3G/edge?
5. Re:He didn't do his research. by nneonneo · 2009-09-10 07:10 · Score: 1
  
  iPod touch, first generation, firmware 3.1.1 (released yesterday), WiFi.
6. Re:He didn't do his research. by teshuvah · 2009-09-10 07:21 · Score: 1
  
  3.1.1? I only have 3.1 and it says I am up to date. Maybe this is a bug in 3.1 for the iPhone but it works for the iPod touch 3.1.1?
7. Re:He didn't do his research. by nneonneo · 2009-09-10 07:27 · Score: 1
  
  It's basically the same version, but the iPhone edition is labeled 3.1, while the iPod edition is 3.1.1. I don't think there's a major difference in the actual software.
  
  Still, it's quite curious that it works for me but not for you. This would explain Michael's more recent observations.
Who cares? by Stone+Wolf99 · 2009-09-10 06:57 · Score: 0, Troll

Iphone security is already a joke. There's no anti-virus, firewall, or malware protection of any sort. Get a keylogger on one and any competent hack could bankrupt by buying up Itunes, the first time the owner buys anything on the app stores or itunes. That doesn't even count what could happen if someone were to actually make a purchase at an actual website with the thing. Apple is more worried about protecting the phone from people who want to put their own applications and themes on it, than they are with making it secure. Go figure.
Phishing vs. blacklists vs. whitelists by Animats · 2009-09-10 08:34 · Score: 1

The trouble with phishing blacklists is that if you take a hard enough line to make them work, there's collateral damage. Blacklisting by URL is useless; most attackers with a clue use a different URL in each email. Even blacklisting by full domain is no longer enough; many attackers use a bogus subdomain for each phishing e-mail.
If you take a hard line and blacklist at the second-level domain, blacklists are more effective. We measure the collateral damage of doing that. We (as SiteTruth) maintain an updated list of major domains being exploited by phishing scams. This is a list of domains that are both in PhishTank with a hostile URL, and OpenDirectory, as "major". Today, there are only 37 domains on the list, which is about as low as it's ever been. The high was around 175, back in 2008. This matters because the big-name sites are likely to be whitelisted, and phishers look for exploits that will let them use a big-name domain to evade filters.
We nag sites into fixing security holes which allowed some phishing site to exploit them. Microsoft, Yahoo, and eBay have cleaned up their act. Only a few major sites are still on the list. Google is on the list because someone figured out a way to use a Google Docs spreadsheet to host a phishing site. Piczo.com, a free hosting service now hosting 103 phishing URLs, just doesn't seem to care. The other sites with more than one entry tend to be dying hosting services: Geocities, FortuneCity, RoadRunner.
The problem of big-name sites being exploited by phishers is coming under control. It's probably safe to blacklist by second-level domain now. (If only Google gets their act together and deals with that spreadsheet exploit.)