Slashdot Mirror
Apple Outs Anti-Jailbreak Update
Stoobalou writes "Apple has issued an emergency update for devices running the iOS 4 mobile operating system. iOS 4.0.2 plugs the security hole exploited by the iPhone Dev Team to allow pain-free jailbreaking of the iPhone 4 and its manifold siblings as well as... actually, that's about it."
If jailbreakme can use that exploit then so can someone malicious. Imagine having your phone bricked because you viewed the wrong PDF on some website. The update is a very good thing.
I appreciate jailbreaking, but security is more important. What about older devices? Maybe McAfee or Symantec will have a solution.
There are a million of them. Why not buy one you don't have to jailbreak?
Bet it'd be cheaper too.
Now we're going to have to wait a week before another exploit is released publicly. Shucks.
...while the exploit is only used (that we know of) for the jailbreak at this point, it could potentially be used for much worse...to wait for the next more substantial update to patch the exploit would be careless on Apple's part.
If jailbreakme can use that exploit then so can someone malicious. Imagine having your phone bricked because you viewed the wrong PDF on some website. The update is a very good thing.
That's true. Although recently jailbreakme got some legal footing about the legality of jail-breaking a phone, the way they did it was an issue, so it's good that the hole was broken.
Another good example, not of bricking a phone, was shown on the UK tv news last night - of an example app on Android being able to record arbitrary audio after performing a similar hack.
So although this says it's anti-jailbreak, that's just secondary - it was one hell of a hole in the first place.
Java gaming nut - http://www.retep.org/ or for the rail http://uktra.in/
Exactly- phrased differently- "A vulnerability actively being exploited in the wild was patched".
Granted, some of those actively exploiting it were the owners of the devices... but hey. You seriously don't know if it was being exploited by others for financial gain. If they were that good, you'd never know. I'm all for patching the vuln.
"Never underestimate the bandwidth of a station wagon full of tapes hurtling down the highway" -Andrew Tanenbaum
We have to go back to jailbreaking the old fashioned way with a computer and a USB cable - it'll take ten minutes rather than five now and require you to RTFM. And all because Apple wants to fix a gaping security hole. DAMN THEE DRACONIAN STEVE JOBS!!1!
catch (HumourFailureException e) { e.user.send("You, sir, are a humourless idiot."); }
I am curious as to how much longer we will go until the next security hole isn't used so benevolently.
Who's up for a virus that can't be removed by the user once it's in? How about a friendly bugger that takes advantage of your contact list? For that matter, let's bring back the old dialer viruses and have your phone call a 10$/minute hotline every night for an hour.
It'd be a small miracle if no other security issues have been found since the release of iOS 4. The fact that the jailbreak exploit is the only thing that's being fixed suggests that Apple values retaining control over their device higher than fixing other security issues.
Thirded. Usually I would say Apple was just trying to keep people from unlocking their phones...but I think that was just a symptom of the problem they were trying to fix here.
Living With a Nerd
Bricked? I thought you could just re-synch your phone and restore it.
Tic-Tac-Toe, Global Thermonuclear War, and relationships all have the same winning move.
Apple has not released the fix for the iPod Touch 1G and the iPhone 2G, so the iPhone Dev Team themselves are working on a fix that will work on all devices. So you'll be able to basically jailbreak and then plug the hole that was used to do it.
Donate free food here
http://www.thinq.co.uk/2010/8/12/jailbreak-hackers-unleash-exploit-code/ Unless people update really soon, assorted malware could cut a swath through the iOS 4 user base.
for great justice
Why buy a device that you cannot control?
Because you can't control the close substitutes that are being sold either. For example, all three major video game consoles are like iPhones in that they need to be jailbroken to run anything interesting.
This is a massively publicized remote exploit. That is the most critical sort of security issue for an operating system. There is nothing strange about them prioritizing it.
Nerd rage is the funniest rage.
Indeed. And similarly, it was wrong that the original news of the exploit was publicised as a good thing (or, at worst, neutral), rather than being publicised as a major security hole (like you know they would have had it have been something like Internet Explorer).
Of course, it is a problem that you need to jailbreak an Iphone to enable basic functionality. But if the media has such a problem with that, maybe they could actually focus on that instead of praising Apple all the time, or conflating the issue with security exploits; or maybe give some coverage to the more popular platforms (Symbian, RIM, Android) that don't need to be jailbroken, instead of the overwhelming coverage of Apple all the time.
So this doesnt address the performance issues many ipod-touch/3g owners have been experiencing?
People, what a bunch of bastards
I still am amazed that Apple releases the iPhone code with simple, easy to discover passwords that are the same across every device. That is UNIX rule 101 - "protect root". Knowing the password means that if you can execute arbitrary code on the iPhone via any means, you can su to root and break out of the user space security protection. User priviledge controls have been the basis of UNIX security for as long as UNIX has been around (as it has been for most OSs to more or less a degree)
If the iPhone had random root passwords on each device, and used certificates to trust iTunes, the risk of a driveby attack doing permanent (ie surviving reboot) damage must be lower? Or have I missed something obvious here?
What about the GamePark holdings' handhelds? They run lots of cool stuff.
My little Linux and tech blog
I wouldn't be jailbreaking my iPhone if there was a way to remove SIM lock. Right now Apple & AT&T has forced me into a situation where AT&T won't provide unlock code (asks to go some unlock shop and pay for the unlock) and Apple doesn't really care. Only option is to jailbreak to get blacksn0w running.
If Steve/government (in many countries in Europe it is mandated that after contract period unlock key is given) would force AT&T to provide unlock codes for everyone out of contract then most of the jailbreaking business would go away.
I still it is an important question. Despite your cynicism.
[Why not have a script that just cynically comments 'I am so clever I have seen it all before' on every article.]
My little Linux and tech blog
1. These sorts of exploits are found for every device all the time. This one was just famous because people used it to get root access to their own phone.
2. @comex et al are not immediately irresponsible and evil for exploiting and exposing a vulnerability. Isn't that what DEFCON and BlackHat devote entire conventions to?
3. If Apple just provided a safe way to get root access to your own device (like every other computer you've ever purchased) people wouldn't have to resort to using security holes.
4. With the the 2G iPhone and iPod Touch now unpatched by Apple, the only way to secure them is to jailbreak them and install the Cydia patch that is now available. Ironic.
It's amazing that slashdot can spin this as anything other than a good thing. Bottom line – the phone had a serious security vulnerability that allowed people to brick/use the phone for various nefarious tasks. Apple fixed it, spinning this as anything other than an important bug fix is downright irresponsible.
This exploit is the least of their problems ... http://www.sbsfaq.com/?p=2165
Of course, it is a problem that you need to jailbreak an Iphone to enable basic functionality. But if the media has such a problem with that, maybe they could actually focus on that instead of praising Apple all the time
They're afraid of being modded down.
Living With a Nerd
I thought android phones needed to be "rooted". Double standard much?
Be fair - its "advanced" functionality that comes with a modest but non-zero set of additional responsibilities for the user, along with a moderate amount of additional power. If it was truly "basic functionality" then there wouldn't be many millions of people quite successfully and happily using their devices without it.
You're special forces then? That's great! I just love your olympics!
And yet the activesync lock-up remains....
gaming consoles don't usually know your phone number, your contacts, your e-mail
Your Xbox 360 console knows all these if you routinely use Xbox Live Gold. Your Live account is associated with an e-mail address, and Gold subscribers have Skype and a list of gaming contacts. Even a Wii console knows your contacts' Wii Numbers.
a device that has the sole purpose of playing video games.
What sole purpose? Look at U.S. PS3 commercials that claim the console only does everything. Besides, it wouldn't be as much of a sole purpose if the platform were more open. For example, once the Nintendo DS got reliably cracked, a media player called MoonShell and a basic PIM called DSOrganize popped up.
you really think it is an important question? You don't think it has been answered over and over and over again.. Many people, nerd and geeks included, even those 'informed' buyers have compared competitors devices and like the Apple product. If YOU don't, that is fine... move on.. Or maybe start a blog about how much you hate Apple... I dunno, or keep trolling slashdot... Actually, I take it all back, keep trolling Slashdot, it's easier to ignore you here. Lest you be 'that guy' who hangs out at the big box stores spouting your opinion to anyone who will listen.
> 2010: The Year of the Linux Phone
It is! Android and others!
What about the GamePark holdings' handhelds? They run lots of cool stuff.
I saw zero ads in TV or print for the GP2X or GP2X Wiz. Is there anything that A. runs lots of cool stuff, B. is marketed to the general public in the United States, and C. isn't tied to a $1,500 cell phone plan? As far as I can tell, it's pick any two: iPod Touch is B and C, GP2X is A and C, and Android phones are A and B.
In modern parlance, "bricked" means "mildly inconvenienced for about 30 minutes" rather than "made completely inoperable to the point where the hardware is now about as useful as a standard brick" and "zero day" means "sometime within the next 5 years after the actual software was released in the first place."
Where is the "Obvious" mod thing when you need it? I think it was pretty clear and obvious that any exploit that originates from outside needs to be patched and fast. That was the first thing I thought when the jailbreak web page was announced.
Here's what gets me though -- it really took a frightening amount of time for that one to get patched and released. I expected a week or less and it was longer than expected. But I have to say that this puts Apple's OS at least on par with Windows and, quite frankly, I suspect it is far worse.
article title should be fixed to "Apple sends out update to fix PDF Vulnerability" ;)
Cry me a river, try being a Kindle advocate.
Hey, did you know you can backup your Kindle downloads to your computer? YES REALLY. Every fricken time.
And that's just one of many constant misconceptions.
Democrats or Republicans. They are both taking us to the same place and they are not afraid of us anymore.
Some Android phones. And if you have a dev bootloader (ie. the folks you bought your phone from aren't assholes), there aren't any security exploits involved in the process anywhere.
Also, the set of things you can do on an Android phone without root is substantially larger than the set of things you can do on a non-jailbroken iPhone (replacing the built-in apps, for instance).
androids don't "need" to be rooted unless your particular phone company disables functionality that you want to use. The most relevant example of this is tethering, most phone companies will only enable it after you agree to pay $xx/month more for the privilege to use functionality your phone has native support for.
That said, I've never owned an iPhone so I don't know what you gain by jailbreaking it.
Doesn't this update just patch the PDF exploit and not the other methodologies used by Dev-Team to jailbreak? And wasn't the PDF exploit developed by someone not on the Dev-Team? I'll gladly stand corrected if this is not true, but I thought I read this somewhere.
My mom always said, "Jim, you're 1 in a million." Given the current population, there are 7000 of me. God help us all!
Android phones only need to be rooted if you're doing something that requires root access - for everything else running unsigned (i.e. third party, non-market) apps is simply a matter of unchecking a box in the settings, so no, it's not quite the same thing (as you'd know if you had ever tried to send an MP3 via bluetooth from an Android phone to an iPhone, for instance - they both have this ability but only one allows you to do it without rooting the device).
"Of course, it is a problem that you need to jailbreak an Iphone to enable basic functionality."
If you think jailbreaking is necessary to enable "basic functionality" on an iPhone, I'd love to see what your definition of basic functionality is. I think you meant to write "advanced and technical functionality that relatively few people really need [want]." While I don't have an iPhone, I have an iPod Touch that I use constantly for school, work, and fun. After jailbreaking it to see what the hype was about, I quickly reverted to normal because for me jailbreaking interfered with the functionality of my iPod. Frankly, many (not all) people jailbreak for access to pirated apps. I know that's stereotyping a bit but it is the case for many people.
Indeed. And similarly, it was wrong that the original news of the exploit was publicised as a good thing (or, at worst, neutral), rather than being publicised as a major security hole (like you know they would have had it have been something like Internet Explorer).
This is Apple news, it's always a cause for whining. Jailbreak ? OMG HAX, it's the end the world! Security update ? OMG, evil Apple want to stop users taking control of their device.
Of course, it is a problem that you need to jailbreak an Iphone to enable basic functionality.
This is bullshit, basic functionality ? You gain the ability to run unsigned, unapproved software. A locked iPhone will do the same as any locked smartphone.
But if the media has such a problem with that, maybe they could actually focus on that instead of praising Apple all the time, or conflating the issue with security exploits
The media praise Apple all the time ? This is bullshit on the same order as the "liberal media." It's confirmation bias: you get annoyed by stories that you perceive as pro-Apple and consequently see them everywhere.
or maybe give some coverage to the more popular platforms (Symbian, RIM, Android) that don't need to be jailbroken, instead of the overwhelming coverage of Apple all the time.
Don't know about the others but Android phones need to be jailbroken to gain full control, they just call it being "rooted". In fact Google recently pulled an app that would root your phone from their store (oh the irony!).
Android phones get plenty of coverage btw, they just don't specifically talk about the OS as much which you would expect it being a phone.
If all else fails, immortality can always be assured by spectacular error.
Apple,
4.0.1 is far from perfect - how about addressing a few of the following bugs before worrying about jailbreakers:
- Poor Bluetooth compatibility. Accessories that worked under iOS3 are flaky (or do not work at all) in iOS4. Lots of BT functions are broken - phone book transfer - switching between audio and handsfree results in no audio, frequent BT disconnects...etc.
- Occasionally upgrades to 4.0.1 result in poor battery life and excessive operating heat from the device (I have seen this on at least 5 phones). Wiping the device and restoring the phone fixes the issue (in every case so far) - so it's an upgrade problem
- Pathetic performance on the 3G model. Either make the performance better or exclude the device from further upgrades.
- Poor radio performance. I have heard a few complaints from my users that cellular radio performance is worse after the iOS4 upgrade. Phones frequently fail-over to Edge when 3G is available on other devices.
Trading a stable phone for multitasking was not what we wanted when our users upgraded to iOS4.
-ted
the preceding comment is my own and in no way reflects the opinion of the Joint Chiefs of Staff
It isn't just anti-jailbreak, it's patching a pretty serious security flaw.
A file browser, the ability to share files via bluetooth or to install whatever software you want are pretty basic these days, computers and even phones have had such functionality for many years (I had a mid-range phone back in 2004/5 that could do all this). People compromise on form over function all the time (that's why supercars lack a lot of the basic amenities of the family run-around, or stiletto heels are cripplingly bad for women to walk on, but people buy them anyway) - it doesn't mean they wouldn't like the function too, given the chance.
What basic functionality?
Tethering? The phone already does that, without jailbreaking. Installing non-app store apps? I wouldn't call that basic - the phone is just not designed and promoted to work that way (ie, if you want to do other things with it, you're moving away from 'basic' and into 'unsupported, potentially advanced' functions).
The biggest reason I've seen for jailbreaking my phone (although I haven't done so) is to enable use of the phone as an AP, rather than having to tether to my Powerbook and then share my wifit that way, but the number of times I've needed to share my connection when there's been nothing but 3G access is limited. Either way, that's hardly basic functionality.
I guess VoIP is verging on basic, but there are apps that work over wifi - the 3G restrictions are carrier based.
I agree that this exploit has been spun the wrong way - as a positive thing to enable easy jailbreaking. Any security hole is never a positive thing, regardless of the beneficial things you can do with it. I'm glad it has been addressed, although I am hoping it will also be fixed for users of 2G and 3G iPhones who haven;t upgraded to iOS4.
Jailbroken iPhones can patch the vulnerability by installing PDF Patch (CVE-2010-1797) that was released by saurik this morning.
Although recently jailbreakme got some legal footing about the legality of jail-breaking a phone, the way they did it was an issue, so it's good that the hole was broken.
Was jailbreaking a phone ever prosecuted as an illegal act? I think that ruling by the LoC is a bit overrated.
-mkb
"Because you can't control the close substitutes that are being sold either."
N900.
FOSS phone with nokia reliability, root access and software available from debian-like repositories with a nice GUI. WIN.
(OK, it's not as slim or pretty as an iPhone, but it rocks in terms or functionality)
The exploit didn't originate from outside, the exploit is a flaw in the OS - unless you just mean an exploit in the OS which was actively being targetted by users from outside (it's worth clarifying as there was a lot of assumption in the beginning that this was somehow Adobe's fault since it was the PDF renderer).
the hole plugged that stops some jailbreak from working could be exploited via malicious guys on the net to own your device via a hosted PDF. which isn't cool.
I run: Windows, OS X, Linux, FreeBSD. Just because you have a hammer, doesn't mean everything is a nail.
But if the media has such a problem with that, maybe they could actually focus on that instead of praising Apple all the time, or conflating the issue with security exploits; or maybe give some coverage to the more popular platforms (Symbian, RIM, Android) that don't need to be jailbroken, instead of the overwhelming coverage of Apple all the time.
With the exception of right wing political media that get together for weekly talking points, "The Media" doesn't collude together for a common focus. Most reporters know next-to-nothing about the beat they cover unless it is a personal passion, and expecting them to dig deep is incredibly naive, especially in a time like today when a skeleton crew covers virtually everything.
You have people like Engadget saying "hooray, we can root our iPhones!" and you have people like CNet saying "iPhones are hot shit!", and then you have every tiny tech beat for every newspaper in the country creating stories from that and the massive wave of popularity Apple has garnered. I'd love to see more non-specialty reporting on the history of locking down devices, but you'll have to wait for someone like Wired (who, despite their flaws, is a news hybrid) to try to cross that bridge first.
for a small bribe of an ox and six chickens, you too can cause a multi-billion dollar company's stock to blip down and make a killing in the market!
That has something to say about our society's priorities, and I don't think any of it is good.
the preceding comment is my own and in no way reflects the opinion of the Joint Chiefs of Staff
You do realize that the iPhone does tethering, but AT&T charges $20 to enable it? That is a carrier restriction, not an Apple restriction.
Imagine having your phone bricked because you viewed the wrong PDF on some website.
Imagine a world where you don't have to break into your own device.
So, they're metrosexual then.
I'm not saying that it was not more of a good thing than a bad thing - but I AM going to say that the security vulnerability solved a problem for a lot of people. It may have also opened a door to malicious code, but that doesn't negate the idea that being able to install the code -you- want on your phone is good.
:)
Next, I expect to see root kits that patch their own back doors.
A rooted Android phone is almost always still decently secure, and usually the rooting process involves something with adb, something a Dalvik VM app will be hard pressed to get unless it asks for permissions.
Say a piece of malware gets downloaded from Google's Marketplace. The su app pops up asking, "hey, the Vomitron Toaster app wants root privs?" Anyone with a clue is going to tick "no" and "remember this decision". In a couple hours after the app gets flagged, Google fires off the kill switch and the app gets zapped from the store and phones.
Rooting gives one more functionality, but it doesn't significantly add functionality to a device like an IOS JB does.
Here is the funny thing. If I want a command line shell to do stuff on a phone, Android is easy -- download a terminal app. The iPhone, I need to do the following:
1: JB the device. /etc/sshd/sshd_config to only allow access via RSA key, and disallow root access.
2: Hunt down "MobileTerminal 426", the Debian package.
3: Get on a wireless network.
4: Enable OpenSSH.
5: ssh into phone, change root and mobile password to something respectable (20+ characters.)
6: scp the Debian package and install it.
7: Install sudo from Cydia and configure it so I don't need to type in the insanely long password when I want root access.
8: Edit
9: Make sure the sshd is turned off in SBSettings unless it is needed. It will turn back on after a reboot.
All this so I can have full command line access to my iPhone and a method of copying files to and from the filesystem without restriction. The reason why I do the gymnastics with sshd as opposed to uninstalling it is so I can sftp in.
To boot, the only command line terminal app [1] that works on the iPhone (the Terminal app in Cydia is not iOS4 compatible and crashes on startup) doesn't seem to have the ability to do control keys other than control-C. Of course, I wonder if I can just use a normal app and ssh to loopback, but so far, that hasn't worked unless the device is on a Wi-Fi network.
Personally, if someone can make a good terminal emulator and put it on Cydia, I'd pay $5-$10 for it. Especially if it has an easy mechanism for doing control and meta keys, so if I feel insane enough to run emacs, I can.
[1]: A true terminal app that uses a shell and such. There are apps for ssh and such, but those don't have access to the whole phone's filesystem, and I doubt they would get approved if they had the ability to do so.
Hey, did you know you can backup your Kindle downloads to your computer? YES REALLY. Every fricken time.
A Google search for kindle backup 1984 brought up this page, which claims that even after you have restored a backup, if Amazon has removed a book for alleged copyright infringement, it may delete the copy that you just restored the moment you turn wireless back on.
Is it actually doing something malicious or just displaying a message?
Track your TV Shows with your iPhone - FREE
In modern parlance, "bricked" means "mildly inconvenienced for about 30 minutes" rather than "made completely inoperable to the point where the hardware is now about as useful as a standard brick" and "zero day" means "sometime within the next 5 years after the actual software was released in the first place."
Well, hell hath no fury like a geek who's been mildly inconvenienced.
Track your TV Shows with your iPhone - FREE
N900.
On May 15, 2010, I visited a Best Buy store, a RadioShack store, and a T-Mobile store in my home town. None of the three stores had this Nokia handset in stock. Google nokia n900 fort wayne indiana didn't appear to turn up anything either. Nor have I seen it advertised in print or on television anywhere near the extent that iPhone has been.
I just wish that Apple would put a mechanism in similar to what Android has in place where apps can go validate they are licensed to run on the device, and if not, don't run, or point the user to the App Store to buy a licensed copy. This way, the security of apps won't be reliant on keeping users from JB-ing their devices.
With Google's new API to check if an app is licensed, pirates have to hack each app, one by one, in order to get them working on unauthorized phones. Maybe Apple can follow suit, so people who like a "#" sign prompt on their phone can have it, but the pirates will be fighting an uphill battle.
Some Android phones. And if you have a dev bootloader (ie. the folks you bought your phone from aren't assholes), there aren't any security exploits involved in the process anywhere.
Also, the set of things you can do on an Android phone without root is substantially larger than the set of things you can do on a non-jailbroken iPhone (replacing the built-in apps, for instance).
- Even Google's own Nexus One needs to be rooted.
- Replacing the bootloader similarly isn't easy to begin with and not getting any easier either : "DroidX bootloader locked tight." And it will only get worse now Google itself is out of the handset game.
- The most popular Android phones come with undeletable crapware.
I want to like Android, I really do, but it doesn't help that most of the things people say about it are half-truths at best.
If all else fails, immortality can always be assured by spectacular error.
Back in the jail with y'all !
Imagine having your phone bricked because you viewed the wrong PDF on some website.
Imagine a world where you don't have to break into your own device.
Imagine what would happen if everyone who didn't like the way random corporations treated their customers voted with their feet. It's not as if there aren't any alternatives. I for one don't own a single Apple product and I get by in life with no trouble.
I guess VoIP is verging on basic, but there are apps that work over wifi - the 3G restrictions are carrier based.
Skype now works over 3G.
If all else fails, immortality can always be assured by spectacular error.
Even back in the linux router modding days, "brick" was starting to lose its meaning. Someone announced a "de-bricking" technique and it started a whole debate on what "bricked" really meant.
I therefore propose new terminology: "turd" is when you can't fix it with JTAG or similar. You can still build houses out of turds, but it takes a lot more talent and dedication.
"You're right," Fisheye says. "I should have set it on 'whip' or 'chop.'"
What I have a problem with is that I own a 1st gen iPod touch; bought just a couple weeks before the gen 2's came out, so it's just under 2 years old. I cannot install iOS4, so I cannot install this patch. In essence, I have a device that works perfectly fine, but that has a gapping security hole in it that Apple refuses to patch. Why should I run out and buy another $300 device when the one I have now works perfectly fine? I'm really pissed right now. I also have 2 MacBook Pro's, and an iPad. Is Apple going to abandon them after 2 years? Probably. It's really aggravating how Apple is the "most environmentally concerned" electronics/computer company, yet they want me to throw away my perfectly functional device and buy a new one. Sure, I have the option to run Opera (it warns when downloading a PDF), jailbreak it and install the patch (which is what I'll probably end up doing) or just use it as a *gasp* iPod, but the point is I shouldn't have to. I don't want or need the other crap that comes with iOS4. I just want the damn security patch.
I would rather have seen a court ruling banning the prevention of jailbreak-type behavior, not just for phones, but for all consumer devices (game consoles, handheld items like e-book readers, etc).
The custom firmware setups for the PSP, for instance, are leaps and bounds ahead of the "official" firmware function-wise. PDF and image reader functions, improved video playback formats that the PSP firmware doesn't have (and in smaller space too), the ability to independently control the processor speed yourself rather than relying on sony's bitch firmware - at one point one CFW developer actually had a "save state" function that could enable completely shutting down the device (for improved battery life) and saving the system RAM to memory stick for resumption of an in-process game later.
"DRM" and "Protection" are bullshit.
I just won't update. Thanks to sauriks patch I can have my pie and eat it too. I like your phone, but seriously. F you apple.
The problem is that you may know what you are doing, the average Slashdot reader may know what they are doing, but the majority of the people who buy smartphones would have no clue the ramifications of a "#" prompt on their device.
This is why I hope that Apple addresses app piracy via a different mechanism than keeping the walls of the walled garden up. Something that makes it difficult enough to keep Joe Sixpack from rooting/JBing their device, but easy enough for a person with a semblance of a clue to do it.
For example, rooting the Droid X without using the one click app. For anyone who has UNIX experience, it is simple... copy the exploit, run it, copy su and the app that goes with it, continue on. However, for Joe Sixpack who thinks UNIX are guys who sing in high pitched voices, it keeps him from getting root. This is a good thing, as it solves the dancing bunny problem.
If Joe Sixpack gets root, malicious apps can get root, and Joe Sixpack will then blame/sue Google, the maker of the cellphone, and the cellular provider for not being secure enough.
Do what i do, don't buy them
If this exploit is so dangerous, why did Apple not fix the flaw in older devices?
Seriously? Now I'm feeling old. I still thought it meant that.
spinning this as anything other than an important bug fix is downright irresponsible.
You must be new here.
-nd
I'd like to change the notification sounds on my iphone. The problem is there is no way to do that without jailbreaking. I'm sure there are more than a few people who would like that functionality.
Well, hell hath no fury like a geek who's been mildly inconvenienced.
It saddens me how truthful your comment is.
Once, the author of a webcomic I read posted the day's comic a few hours late. When the comic eventually was posted he also posted a pissed off message saying he had received literally hundreds of emails from angry people, many of whom were threatening to sue for not posting the comic as scheduled. Apparently waiting a few hours for 30 seconds of free entertainment ruined their day.
They say a little knowledge is a dangerous thing, but it's not one half so bad as a lot of ignorance. - Terry Pratchett
When I accidentally left my iPod Nano in the pouch of my UnderArmour hoodie when I sent it through the wash over the weekend and now it won't turn on at all -- that's bricked. If I could re-flash it and fix it, then it wouldn't really be bricked, would it? But apparently kids these days can't tell the difference.
Not likely, I have had a iphone for a few years now and it does everything I need it to do and more. I am a developer, I love the battery life and performance of my device as well as it's usage of native code to write fast and efficient applications.
Got Code?
The main article states that iOS4 is updated. That is incorrect.
iOS 3x, or more correctly "iPhone OS 3" has also been updated in order to remove the flaw from iPads.
- Jesper
My security clearance is so high I have to kill myself if I remember I have it...
Another good example, not of bricking a phone, was shown on the UK tv news last night - of an example app on Android being able to record arbitrary audio after performing a similar hack.
citation please.
i ask because i really doubt it was a similar hack. most of these so-called android trojans and viruses rely on 1) getting a user to install a non-market app for which they need to have explicitly allowed in their settings and 2) granting the app permissions to do malicious things.
http://www.facebook.com/group.php?gid=133380463371767&ref=ts
This is a petition to the U.S. Government's FCC (Federal Communication Commission) to mandate an unlock of all iPhones. We paid for the phone, we should be able to use it how we see fit.
Please post a message on the wall saying "Please unlock"
Only people with a US iPhone and contract please.
Spammers will be reported and banned.
"many (not all) people jailbreak for access to pirated apps" -- on what do you base that conclusion. It's not like the Cydia store offers pirated apps. I think most people jailbreak their iPhones to get useful apps that Apple will not approve for the Apple store. In most cases Apple doesn't approve these apps because they compete with an Apple product or take away from the gouging...er...I mean revenue desires of Apple or AT&T Wireless.
Two examples of this which apply to why I jailbreak my iPhone: Google Voice and data tethering. Apple wouldn't approve the Google Voice for the Apple Store. Apple/ATTWS only started offering data tethering with iOS 4.0...and you have to pay ATTWS an extra $20 a month (charing you a monthly fee to use data you're already paying for). Not only that, you have to get rid of your unlimited data plan and get a tiered data plan.
A jailbroken iPhone has allowed me to tether my iPhone and/or use it for a mobile hot spot using my current iPhone's unlimited plan w/o having to pay ATTWS an extra $240/year for the privilege of using my own data.
if you disable most of the smart search functionality, it speeds up considerably, but is still not as fast as the 3.0 OS.
Bring back the old version of slashdot.
I disagree. The iPhone is HUGELY popular, so you've got a very large audience interested in a jailbreak for the latest versions of its operating system. It's certainly good/positive news when that ability is made available to users. Unfortunately, the METHOD used highlighted a security flaw that put all iPhone users at risk of Internet-based attacks.
As for "needing to jailbreak an iPhone to enable basic functionality"? That's a stretch, don't you think? Just how do you define "basic functionality" of a smartphone? I'd think it would mean such things as the ability to make and take both local and long distance calls on it, to use the included camera to take and save photographs, and for the music player to function properly, downloading, saving, and properly playing music files. All of this works just as advertised on one. You've got the ability to download many, many free applications or games, and purchase many many more. Again, no jailbreaking required.
The things people want to jailbreak the phone for are really NOT basic functionality at all. They include such things as running "Installous", an installer that aids in locating and installing pirated/cracked applications so you can cheat developers out of the money they're asking for their apps. Oh, and apps like "MyWi" which enable tethering without paying AT&T extra to do it legally. (I'm not passing judgment here on if that's "right" or "wrong". I'm just pointing out, these aren't really defined anywhere as basic features required to use the device....)
The media does a lot of praising of Apple because they get how their products appeal to the masses. Sometimes, technology "power users" dislike what Apple has done, because they feel too many things are "dumbed down" or choices made for them. But that's EXACTLY what makes their products stand out as superior to everyone else. Most people just want to take part in using a given technology, without having to become an expert on it just to make it useful for them. The iPod took the world by storm not because it offered the most features of any portable music player, but because it simplified everything down to the bare essentials. You could teach your grandma to get around a music playlist and adjust iPod settings with the big scroll wheel in the middle of it. By contrast, grandma was NOT interested in some player with 50 small buttons and multi-layered complex menus letting you adjust arcane details or even clicking through multi-band equalizer settings.
What's the difference between needing to jailbreak the iPhone and rooting an Android phone to remove crapware that the carriers install or to allow side loading (AT&T Android phones),etc?
That is a carrier restriction, not an Apple restriction.
My understanding is that the iphone (unlike other more basic phones) initially didn't allow tethering at all and now only allows it if the carrier specifically enables it.
So depending on where you are and what carrier you use the ipone tethering situation ranges from something the network can charge extra for to shit out of luck.
note: i'm known as plugwash most places but i screwd up registering that here somehow in the past and now can't register
Labeling this flamebait implies that he is insulting people by calling them gay. Thus everyone who has down-modded it sees the concept of being gay as something negative. Clearly this was meant as a joke and to take it as an insult means you are bringing your own beliefs about the negative connotation of being gay into the modding process.
Please mods leave your bigotry out of the modding process. People can be gay and still be normal people.
Please answer in the form of something you haven't already been able to do for about fifteen or so years on your desktop/laptop computer.
Play major-label video games and homemade video games on the same under-$1000 device, and then shove the device in my pocket. GPH products and Nokia N900 don't have major-label games on them, and it's hard to walk in and buy an Android device without a cellular service plan in the United States. The closest to this model is iPod Touch.
Play major-label video games and homemade video games on the same under-$1000 device, with two to four people gathered in the same room, without having to buy multiple copies of each game. Sure, home theater PCs allow this, but genres conducive to screen sharing such as fighting games are underrepresented among major-label PC games.
I thought android phones needed to be "rooted". Double standard much?
the main reason for jail breaking an iphone is to allow installation of non-app store apps. you can and have always been able to do that on any stock android device.
now that tethering is available in the OS (or via the debugging port) there's really no reason to root your android phone. here are the to possible reasons though just to represent the other side of the issue,
1) there are a few functions, such as taking a screen capture that do require root. maybe someone can chime in with other possible uses.
2) if you have an older device where the manufacturer isn't providing updates, you need to root before installing custom ROMs
Shame you posted this anonymously, it's currently sitting at 0, Insightful. Can we stop this iPhone doublethink when it comes to security holes? This is a remote root hole. Someone can gain root on an iPhone just by making the owner visit a malicious web page. Fixing this hole is not a conspiracy to stop people jailbreaking their phones, it's a fix for a serious hole. Criticise Apple all you like for shipping the hole in the first place or for the time taken to provide the fix, but don't criticise them for addressing a serious vulnerability.
I am TheRaven on Soylent News
THis is the one thing that at least has me tempted to jailbreak my iPhone.
Beyond that...there's nothing on the "Unapproved App Store" that I remotely give a shit about. But thats just me.
09 F9 11 02 9D 74 E3 5B D8 41 56 C5 63 56 88 C0
Actually it ranges from "free of charge" to "shit out of luck": my carrier enables it for every iPhone on their network.
No kidding!!! What do you say at this point?
Dell sells them online. I am sure the will ship to Fort Wayne.
Handheld devices are generally things that a buyer wants to hold in his hand before whipping out the credit card. Because neither any local store nor any of my AFK friends has an N900 for me to try, I don't know whether I would find its ergonomics usable. According to Dell's terms of sale, Dell charges a 15% restocking fee if I buy a product, find it unusable for any reason other than a defect, and return it. I will still be out of pocket the restocking fee, shipping, and return shipping.
You don't need iTunes to sync contacts. There are third party sync apps that sync your music, photos, contacts, calendars etc without the use of iTunes.
Bluetooth file transfer, I did forget that. Going via the usb cable to get images off is a little restrictive sometimes, but hardly a reason to jailbreak unless you are constantly sending files that way.
That's one of the funniest things I've read here. I'm getting image of 100 Peter Parker type guys working themselves up into a minor tizzy.
The subject who is truly loyal to the Chief Magistrate will neither advise nor submit to arbitrary measures (Junius)
the iPod Touch is not tied to a $1500 cell phone plan.
I said that:
But the existence of jailbreaks, such as the one mentioned in the article, implies the necessity of jailbreaks. This in turn implies that out of the box, the iPod Touch doesn't necessarily "A. run[] lots of cool stuff".
Just file this under "CmdrTaco Hates Apple." In fact, I propose that as a new hash tag.
But then I realized the cable was blue, so I only gave it one star. I hate blue.
No, it's only a confirmation that at least one moderator has been huffing a bit too heavy on the crack pipe today. Usually, there are at least five of them.
The harder Apple fights to lock the phones the more it will push developers and power users to Android.
i would guess they don't care. the problem with allowing easy root access to the phone is that it would make the phone less secure (for users that don't understand, which is a lot of iphone users), less stable, and most important: harder to support.
that's always been true on desktops. give users root, or the equivalent on windows, and they install all sorts of nasty software and muck around in places where they shouldn't. it's a sysadmin's nightmare. i remember a user many years ago that had his /usr/bin folder *magically* disappear.
the cost of supporting some number of rooted devices is greater than letting the few power users that absolutely must have root go to some other platform.
The majority of men I know considers physical contact (as in sex) with other men as creepy and a total abomination but at the same time many of them have close friendships with men without any sexual attraction what so ever.
For them is 'getting off' with other men simply impossible, their little man goes very limp at the thought alone.
"The likes of Facebook and WhatsApp are free to those whose privacy is of zero value."
I'd mod this as +1 insightful. The force of "scratch an itch" that drives open source development is the principle of "hell hath no fury like a geek who's been mildly inconvenienced."
I have found a few reasons for jailbreaking - and I used Jailbreakme to break it. The first is backgrounding Apps. Apple, in their "brilliance", decided to limit this to just the iPhone 3GS and the iPhone 4. I can now run Pandora in background on my iPhone 3G. Second are things that add or compete with Apple apps. Being able to download files in Safari is a huge thing. So are running ports of VLC that allow me to play files other than in the crazy resolution and .h264 that Apple requires - i can now play MPEGs as well as a few other formats. Another app I have lets me download youtube videos. Sure, I can fire up my PC, use firefox and flashgot, pull the videos, run them MediaCoder or Adobe Meida Encoder, import them into iTunes then sync my iPhone, but this is way more convienent.
We paid for the phone, we should be able to use it how we see fit.
Actually, no, you didn't pay for the phone, at least not all of it. You paid $200, and AT&T paid more to Apple as a subsidy.
I'm sure I'm in the /. minority on this, but I really don't see the big deal about getting an unlocked phone in the US. They're not currently available from Apple, but if they were they'd cost about $600, based on what they sell for in Canada, and you're not entitled to have the iPhone you paid $200 for (subsidized) unlocked, so some questions:
The sense of entitlement by a lot of people is becoming increasingly disturbing. You want the iPhone 4 unlocked, but you don't (I assume) want to pay the full price for it, and you want the government to step in and tell AT&T / Apple to unlock a subsidized phone. Whatever. You are not entitled to an unlocked iPhone for $200.
I still cannot find the droids I am looking for...
I'm a long-suffering Ubuntu user, and I agree with you wholeheartedly.
If Macs are gay then bring on the gay. Ubuntu -- and for that matter -- all the other *nix distros I've used are clunky, fugly, and stupid. They're great for people who know what they're doing. For the 90% of users who just want the compruter to facebook, it's a damn pain in the ass. *nix is designed by people who have no sense of marketing nor design, and it shows. Apple's attitude is that "it's not enough to be good, you have to look good doing it." MS's attitude is "it's like your old comfy jeans. You're never going to throw them away." *nix's attitude is "BIKE SHORTS MOTHERFUCKER RTFM".
Let's be fabulous and make 2011 the year of the Linux desktop -- while we're still using desktops, FFS.
---
ECHELON is a government program to find words like bomb, jihad, plutonium, assassinate, and anarchy.
So what you are saying is that Apple should leave the hole allowing a PDF to do remote code execution (which no PDF reader should allow), then they should harass all users every time they download a PDF to tell them it might have the ability to own their device (since they decided to leave the huge security hole) and all this just so that people who want to jailbreak their phones don't have to plug them into a computer via USB? You were kidding, right?
WHAT? The real security issue is that a website could own your device. Who cares that jailbreakers were using this to do something they wanted to do to their own devices, it could just as easily have been malicious.
You said: Once they do that, these vulnerabilities will no longer have a beneficial side to them.
I'm sorry, but what the heck are you talking about? I can think of a ton of vulnerabilities that would have a "beneficial" side to them. Say, for instance, a website were to install a key logger and capture all your passwords, or credit card numbers, or whatever... This vulnerability is far worse than simply allowing people to jailbreak their phones. It gives some other entity remote code execution to your device and that is pretty much the worst sort of vulnerability and Apple is right to patch it as quickly as possible. Period.
Even Google's own Nexus One needs to be rooted
It doesn't "need" to be rooted. You "can" root it. The deal is the fact that you can root to enable extra functionality that most people wouldn't care about. Such as replacing the kernel, overclocking, using a terminal to directly access the OS internals. Most reasons to jailbreak an iPhone can be done on an Android phone without ever having to root it.
Replacing the bootloader similarly isn't easy to begin with and not getting any easier either : "DroidX bootloader locked tight [droiddog.com]." And it will only get worse now Google itself is out of the handset game.
As GP said, it depends on the phone. Some phones, like the original Droid, are very easy to root. Download the official motorola program to flash it, download the .sbf file, run said program with said file. Then install superuser. As for the Droid X, how bout A One-Click Root?
The most popular Android phones come with undeletable crapware
This is unfortunate and sucks horribly. Only root would allow you to delete the crapware, which is making me clambor to hope that a better, non-screwed, android phone will emerge before it is time for me to upgrade.
As far as half-truths, the same could be said of the iPhone, and nearly every electronic device. Many people will speak highly using half-truths to make something sounds great, others will do the opposite, lying through their teeth to make something sound horrible. Research and figure out for yourself, go with what works for you. So far it seems the problem is not Android, the problem is the manufacturers using it (Moto locking the bootloader, Moto and HTC loading crapware onto the phones, the carriers preventing the crapware from being deletable, etc.)
So, where does it say that this is a basic function of the phone? It is very clearly designed to *not* work that way.
If you want to install non-vetted software, the iPhone is not the phone for you, unless you want to jailbreak it - ie, it;s not missing a basic function; it was never designed to have it in the first place.
It's no joke. BTW - Ubuntu should come out of the closet a bit - they could use some of that gayness - even their redesigned color scheme is fugly.
If you try to please everyone you end up satisfying no one. Apple has found a workaround by just making everyone think the same way.
"Most people, I think, don't even know what a rootkit is, so why should they care about it?"
it looks like that is a problem with Exchange, and has nothing to do with the iphone (other than the person who actually took screenshots of the Flash SMS uses an iphone, not surprising given most phones have no way to take screenshots :)
-1, flamebait? WTF?!
Your citations are highly convincing.
"Most people, I think, don't even know what a rootkit is, so why should they care about it?"
I agree with you. Especially on the topic of the sense of full entitlement by people becoming disturbing. There's a crazy influx of narcissism and egotism in America. Everyone feels they deserve everything because they're so important.
Oh well, nice post.
Even before that, I'd say Palm Pre. It's sold by 3 out of 4 carriers and Palm intentionally leaves in a backdoor for OS modifications and homebrew.
Wise men say, "Forgiveness is divine, but never pay full price for late pizza."
Apple's attitude is that "it's not enough to be good, you have to look good doing it." MS's attitude is "it's like your old comfy jeans. You're never going to throw them away." *nix's attitude is "BIKE SHORTS MOTHERFUCKER RTFM".
Let's be fabulous and make 2011 the year of the Linux desktop -- while we're still using desktops, FFS.
Perfect! Best description I've seen recently...
"Going to war without the French is like going deer hunting without your accordion." ~General Norman Schwarzkopf
I'm hostile enough to the lock down that I wouldn't buy a phone with it, so to me the fact that there are major security holes on the phone just means that there are major security holes.
Nerd rage is the funniest rage.
Android is not a more popular platform. Neither Gartner, Canalys, Comscore nor Admob put Android anywhere near iOS in market share. Only NPD do. The most obvious of NPDs failings is they only cover the US market.
http://en.wikipedia.org/wiki/Usage_share_of_operating_systems
We paid for the phone, we should be able to use it how we see fit.
Actually, no, you didn't pay for the phone, at least not all of it. You paid $200, and AT&T paid more to Apple as a subsidy.
It's still a sale and not a lease. They fact that the sale price is subsidized via the sale of another product (2 year service contract) does not make it any less of a sale. If you buy a burrito and a bag of chips, the drink is only 25 cents. If you apply for a Macy's credit card, you get additional 40% off your purchase.
I'm sure I'm in the /. minority on this, but I really don't see the big deal about getting an unlocked phone in the US. They're not currently available from Apple, but if they were they'd cost about $600, based on what they sell for in Canada, and you're not entitled to have the iPhone you paid $200 for (subsidized) unlocked, so some questions:
You are confusing subsidized vs unlocked. They are 2 different things. I thought you could already get it unsubsidized, but not unlocked (at least in the U.S.).
Why would I want any "smartphone" without a data plan? What's the point? If that was my goal I'd go back to an iPod and a cheap Nokia
I don't know why you would want it, but that's not the point. One could still use it as a Wifi device with VoIP capabilities, etc. You may want to use it on T-Mobile, or get a plan from Canada, or sell it / give it to someone else from another country.
The only other carrier in the US is T-Mobile, but apparently they use some different frequencies and not everything works right, so I need AT&T anyway.
No you don't - 3G frequencies are different. Voice and 2G are the same.
Since I need a dataplan ($15 or $25 a month from AT&T), why would I pay $400 more for the unlocked phone, which amortized over 24 months is $16.67 a month?
Again, you are confusing subsidized vs unlocked.
The sense of entitlement by a lot of people is becoming increasingly disturbing. You want the iPhone 4 unlocked, but you don't (I assume) want to pay the full price for it, and you want the government to step in and tell AT&T / Apple to unlock a subsidized phone. Whatever. You are not entitled to an unlocked iPhone for $200.
Besides the "entitlement" argument, I agree with your point there - I am not convinced the government should step in.
On the other hand, you can get phones on contract. This involves signing up for a specified number of months, and possibly paying something up front. In this case, you're buying the phone, however you're essentially buying it on credit and paying it off over 12-24 months. In this case (at least over here) the phones generally come unlocked, so you can move to a different network if you wish, but you'll still have to pay your contract's monthly fee, even if you don't use the network.
In the latter case, I feel it's perfectly fair to consider the phone to belong to the customer. They've paid for it, and the service.
The other difference between the US and the UK is this ridiculous notion of crippled phones - over here, they might sometimes be locked to a network to cover the subsidy, but I've never had one which has had features deliberately disabled by the network which is what preventing you rooting the device basically amounts to.
I don't think you're really disagreeing with me, I think you're presenting another scenario that I actually agree with you on. But I can only speak for myself.
For those of you that are having download issues (I did with one device, but not with another... strangely), here are the iOS 4.0.2 direct download links:
iPhone 3G: http://appldnld.apple.com/iPhone4/061-8802.20100811.XcfpR/iPhone1,2_4.0.2_8A400_Restore.ipsw
iPhone 3GS: http://appldnld.apple.com/iPhone4/061-8805.20100811.Dcr4e/iPhone2,1_4.0.2_8A400_Restore.ipsw
iPhone 4: http://appldnld.apple.com/iPhone4/061-8807.20100811.3Edre/iPhone3,1_4.0.2_8A400_Restore.ipsw
iPod Touch 3G: http://appldnld.apple.com/iPhone4/061-8554.20100811.Bgt54/iPod3,1_4.0.2_8A400_Restore.ipsw
SOURCE: http://forum.gsmhosting.com/vbb/f456/iphone-4-0-2-direct-link-1070402/
Because T-Mobile charges $20 less a month (for the plan I just got for a MT3G) if you buy the phone outright.
Thus, if you keep it for the two years, it gets cheaper...
For us carnivores, "Sucking the marrow out of life" isn't a transcendentalist philosophy but a practical instruction.
That's a lingering effect of homophobia. Like racism, it's harder to completely remove than it first appears. Wait, weren't we talking about Apple jailbreaks?
You know smart-phones can do more then go onto the internet right? Not everybody who wants one wants it for web access.
When I accidentally left my iPod Nano in the pouch of my UnderArmour hoodie when I sent it through the wash over the weekend and now it won't turn on at all -- that's bricked.
It'll probably be fine. Put it in a ziplock bag with dry rice and as many of those dessecant packets as you can scrounge up and leave it for a few days. If you can open it up, do that and make sure it's all dry inside. I've done similar things with lots of electronic devices, and as long as you didn't blow any caps (unlikely with surface mount technology) and there is no hard drive, you're probably going to be OK. Had the same thing happen with an iPod Touch, and it turned out just fine.
by Mike Buddha -- Someday the mountain might get him, but the law never will.
For jailbreakers who want to be safe and keep their jailbreak, search for "PDF Loading Warner" in the Cydia store. It's a pop-up that will warn you if Safari is attempting to load a PDF, so you can cancel it if you're not expecting to be viewing a PDF.
For iPhone 2G and iPod Touch 1G users, there's no Apple-approved solution to the PDF exploit.
The jailbreak community is working on an actual PDF patch to fix the exploit. This could be the only solution for iPhone 2G/iPod Touch 1G users, to jailbreak their device and install the patch.
It's in test phase now, but you can get a copy: http://twitter.com/saurik/status/20958834996
--
#include <malloc.h>
free(your.mind);
One of the things the jaulbreak developers did, was to close the exploit before apple did, on more devices than apple did.
So, to close the exploit, you'd use the exploit to jailbreak your phone, and then patch it.
For most any phone from AT&T, after the contract is up, they will let you unlock it. This makes since, because after the contract is done, you have effectively paid for it, and it does belong to you. I just recently did this with a Motorola RAZR V3xx. I called them up, said the phone was from an ended contract, and asked to unlock it. There were no questions or uncertainty, just "I can help you with that", and the person then gave me the unlock code and instructions after getting the phone's IMEI number.
This does not happen with the iPhone. After your contract is over, you still are not allowed to unlock it.
In addition, I personally will probably be paying the full ($600) price for my next iPhone, so that I am not tied into a contract. Why shouldn't I be able to have the phone unlocked?
Also, don't forget that you need to enter a contract with AT&T to get an iPhone in the first place. If you decide to get the phone for $200, you'll need to pay an extra $325 - $10 a month if you end the contract early. Plus there's the $36 for activation. If you cancel in the first month, you must return the phone, so you have to pay for at least one month of service, which is $65. So if you go this route, you end up paying a minimum of $200+$315+$36+$65=$616 plus taxes and fees.
So no, it is not in fact possible to have any sort of iPhone for a mere $200. Your complaints about entitlement are misplaced.
So that you can combine the capabilities of your iPod and cheap Nokia in one convenient device. I know everyone's situation and geography is different, but damn, I think almost the only time I'm not within reach of a wifi network, is when I'm driving or camping. Not that I'd want an iPhone anyway (and I agree about the $600-vs-$200 point), but there's a lot to be said for not having data plans. That's a lot of money for something that, for me, would be just a few more percentage points of functionality.
As copyright owner of this comment, I authorize everyone to defeat any technological measure which limits access to it.
Actually, no, you didn't pay for the phone, at least not all of it. You paid $200, and AT&T paid more to Apple as a subsidy.
If you cancel your contract (or if it ends), does AT&T get the phone back? No. Therefore, it is a sale, not a lease or rental, which means that you do in fact own the phone.
I think the issue of Jailbreaking is more about running the apps you want and configuring the phone to work the way you want. Apple and AT&T exert significant control over an OOTB iPhone. Jailbreaking it puts the control in the hands of the user (and the authors of the malicious apps they install).
WHAT? The real security issue is that a website could own your device.
Relax. Take a deep breath. I'll wait. If you're ready now, I'll explain.
You said: Once they do that, these vulnerabilities will no longer have a beneficial side to them
I'm sorry, but what the heck are you talking about? I can think of a ton of vulnerabilities that would have a "beneficial" side to them. Say, for instance, a website were to install a key logger and capture all your passwords...
That was my fault for writing an ambiguous sentence. I should have said, "Once Apple gives control of the phone to the users, these vulnerabilities will no longer have a beneficial side to iPhone owners."
The exploits are a bad thing, I agree with you. However, since they currently have a legitimate use with a beneficial value to owners, there's an active incentive to keep phones unpatched and to delay updating when new firmware is released, because you're afraid updating it might disable your jailbreak. That is the greatest security issue there is: it encourages people to keep using phones with known exploits, and they do this on purpose, fully aware that there's an exploit, and fully aware that there's a fix for it.
Well, because then, this exploit was reported as jailbreaking in the first place. Not sure you had raised the same issue then.
I pay AT&T $200 and sign a 2 year contract ($~75/month). It is not $200 only, the cost is amortized over the period of the contract.
I cannot break that contract without legal recourse from AT&T. Why does AT&T have additional entitlement?
If I want/need to move to another carrier, I should be able to do so by paying the surrender value for the remainder of the contract, and take my working phone and my number to another carrier of my choice.
AT&T looses nothing, unless, they expect that the user will fork out additional funds. If there is sense of entitlement it is not with most users, but with AT&T.
Spot on.
The main thing I wanted to do this for..was to get a good free terminal, so I could ssh into my boxes at home.
The first thing I installed was the MobileTerminal program under Feature Package. Whenever I try to run it..it promptly crashes.
Is there another terminal out there that works?
Also, I'm not finding a great deal of information about what all packages are out there, with good descriptions. The on Cydia...the descriptions if any are not terribly helpful.
Is there a good site out there that lists programs available for JB phone, with good descriptions...maybe even with a rating system for people to mark what works and doesn't?
I'm new to this...and having a hard time finding good solid info out there...
Light travels faster than sound. This is why some people appear bright until you hear them speak.........
So... if I fail to find males sexually arousing, I'm a homophobic? And what about gay men, if they fail to find women attractive, they're heterophobic? Are lesbians heterophobic unless they can "get off" with males?
That's just the stupidest thing I've read this week, and I read slashdot daily.
If jailbreakme can use that exploit then so can someone malicious. Imagine having your phone bricked because you viewed the wrong PDF on some website. The update is a very good thing.
Never mind the fact that OS X, WINDOWS and LINUX all suffered from the same exploit via Type 42 Fonts. Freetype was immediately updated. http://www.kb.cert.org/vuls/id/275247
I'm assuming you're on iOS 4.0.x. In that case, it is best right now to check on Saurik's twitter (http://twitter.com/saurik) as he is the developer of MobileTerminal. He currently has known bugs - including a nasty MobileSubstrate crash, sounds like what you're seeing - when running on iOS 3.2.x and 4.0.x. MobileTerminal last worked reliably on version 3.1 and earlier.
For the last time, PIN Number and ATM Machine are redundancies!
It's not a basic function because it never had it? How could the iphone lack basic functionality if you define basic functionality as what the iphone offers?
I know that's the goal you are going for but it is a pretty blatant fallacy you are using to get there.
Who says that the subscription model of purchase is the only one you can get? The last industry that did this was television receivers. Let me ask you a simple question, do you rent your television? If not why not? Because you seem convinced that it is the only way that a mobile phone can be bought. It's morons like you who have fallen into the trap of assuming that everybody else is as stupid as yourself that make it unlikely that we will be able to escape from the absurdly high costs of data plans on smart phones any time soon. The cost of running data over a phone is peanuts as it was for voice but we have all become used to paying a bloody fortune because of the huge subsidy for the phone itself. Perhaps you hadn't noticed the obscene profits being made by mobile carriers, or the bloated cost of the licenses that they pay to the government for airspace. I'm not convinced that you are not a shill for the mobile industry. Who do you work for?
Facts are history now plebs have politics for religion on social media.
I agree, that $600 or whatever though seems like a highly inflated place, now I'm far from in the know and correct me if I'm wrong but whats the difference between iPod and iPhone, AFAIK its just the phone gubbins, and what's the price difference? In terms or performance money could be much better spent elsewhere. The point really is people only want it because its an iPhone and anything with an i infront is hotshit. They dont care what it actually is or can do they just want to be able to pull one out of their pocket and be 'in'. And like everything they want it cheap(free) and they want it now.
Wanna buy a shirt?
https://www.redbubble.com/people/stealthfinger/shop?asc=u
Except, after you jailbreak, you can install a CVE patch to the PDF exploit via Cydia (the jailbreak version of the App store).
So my jailbroken 4.0.1 phone is more secure than your unbroken 4.0.1 phone.
http://www.wireless.att.com/learn/articles-resources/early-term-fees.jsp
It's a lease-to-own. You just pay it off by the end of your contract, or you pay the early termination fee if you want out before you have.
You know smart-phones can do more then go onto the internet right? Not everybody who wants one wants it for web access.
This may seem like an insane idea, but can they somehow be used to make phone calls?
This space unintentionally left blank.
This is a petition to the U.S. Government's FCC (Federal Communication Commission) to mandate an unlock of all iPhones.
No it's not. It's a Facebook page. I hate to be the one to tell you this, but even if you get 10,000,000 people, the FCC still won't care because, well, it's just a Facebook page.
Advice: on VPS providers
We paid for the phone, we should be able to use it how we see fit.
Actually, no, you didn't pay for the phone, at least not all of it. You paid $200, and AT&T paid more to Apple as a subsidy.
You're missing two exceptions: when it's an iPod, or when it's an iPhone 4 that was purchased factory unlocked directly from Apple.
Either way, neither Apple nor a telco is subsidizing the purchase.
citation please.
Welcome to Slashdot. We're discussing here. You might find that it's a different than, say, Wikipedia.
Advice: on VPS providers
That's one of the funniest things I've read here. I'm getting image of 100 Peter Parker type guys working themselves up into a minor tizzy.
Good God, let's not bring the Spiderman clone saga into this...
Advice: on VPS providers
Yes, if you cancel your contract you pay a fee - but you still keep the phone. If it was a lease, you could give back the phone and not pay the early cancellation fee. AT&T doesn't appear to give you that option. Also, as far as I can tell from that page, if you buy the phone with a two year contract and cancel it immediately, you pay $325. If you buy the phone with a contract, finish that contract, start a new contract and cancel that one immediately - you still pay $325.
Or just use something like Easy Root by UnstableApps.com. It roots your phone without needing adb or a computer at all. Of course, it uses an exploit to gain root priv's too :)
Unstable Apps: Our Android Apps Don't Suck
I'm going to jump in as well with "that's the stupidest thing I've heard all day".
If a lesbian doesn't get off from a man does that make her a heterophobe?
Ditto for a gay man.
if he can't sustain an erection for sex with a woman does that make him a heterophobe?
utterly absurd.
It's possible to simply find sexual contact with one of the sexes unpalatable.
In other news, people who can't stand the taste of broccoli pronounced Brassicaphobes.
I agree with much of what you said, just 2 little points:
As GP said, it depends on the phone. Some phones, like the original Droid, are very easy to root. Download the official motorola program to flash it, download the .sbf file, run said program with said file. Then install superuser. As for the Droid X, how bout A One-Click Root?
I was talking about replacing or patching the bootloader not rooting there. The DroidX comes with some pretty heavy measures to prevent it, just like the iPhone does. The point was that the hardware is already locked down as tight as the iPhone, the software less so probably because the carriers aren't as specialized in hacking the OS.
So far it seems the problem is not Android, the problem is the manufacturers using it (Moto locking the bootloader, Moto and HTC loading crapware onto the phones, the carriers preventing the crapware from being deletable, etc.)
You can't separate the 2 though, there's no platonic ideal Android floating around only Android as it is used out in the real world. That's why I would have preferred Google kept making their own handsets (even if I wouldn't have bought one), at least they were more open in every sense.
If all else fails, immortality can always be assured by spectacular error.
The desiccant packets are a waste of time, but you can go buy some closet anti-moisturizing crystals at your local hardware store. I've used them for closet moisture removal before, the stuff is called Dri-Z-Air (among other names... but that's the brand I bought.) Put the crystals in a pie pan with a pie rack on top of it and the parts on top of that, put them in the aforementioned bag.
"You're right," Fisheye says. "I should have set it on 'whip' or 'chop.'"
So... if I fail to find males sexually arousing, I'm a homophobic?
No. But if homosexuality creeps you out, you're demonstrating that you can't cope with the idea of homosexuality. That's phobia.
Bow-ties are cool.
There was a lot of fear talk, but as far as I could tell the gist was that people were getting SMS messages with "scary" wording in them. Whatever.
It did remind me of the SMS bug that Apple fixed a while back (for the record, they are far from alone in having an SMS bug) -- maybe someone has discovered a new bug in SMS? Possibly.
SMS is an afterthought as far as the telcos are concerned, and their only interest is in getting people to pay for it. Consequently there is not even the concept of security in it. SMS simply uses "dead space" in the "ping" messages sent by a tower to a phone. That's it.
I could, with only one registry key edit (granted, on the older ROMs,) tether.
To my stock smartphone. (Not stock any more, but hey.)
I could also tether to my previous stock smartphone, with the addition of one $30 program.
Oh, and I've got a smartphone that was even promoted as offering free tethering, out of the box, no additional software needed.
No monthly fee, no rooting/jailbreaking (because both already gave root) needed.
Want to know what the phones are?
An HTC Touch Pro (Windows Mobile 6.1,) a Palm Centro (Palm OS 5.4.9,) and a Kyocera QCP-6035 (Palm OS 3.5.2.)
But this is not about homosexuality creeping them out. This is about this men finding sex with other men creepy, which is a totally different thing from what you're talking about.
I can cope with the idea of homosexuality perfectly fine, and homosexuality doesn't creep me out. I do consider the idea of me having sex with another man disgusting, creepy, and an absolute abomination, and no, that doesn't make me homophobic - it makes me a heterosexual male with no sexual attraction whatsoever towards males.
Sorry about that... I think I was reading into your post what I wanted to read, since I had already read several posts above saying exactly what I thought you were saying. Doh. (Inserts foot in mouth =D).
The grandparent said "The majority of men I know considers physical contact (as in sex) with other men as creepy and a total abomination" which sounds a bit more extreme than merely not being interested in such contact.
Try reading Fundies Say The Darndest Things and weep for humanity. WEEP!
Forget magic. Any technology distinguishable from divine power is insufficiently advanced.
Actually you're wrong, there's a large number of heterosexual people who engage in sexual acts with people of the same sex just for physical pleasure or a various number of other reasons. The accepted medical definition of gay is someone who feels an emotional attraction to someone of the same sex. If you're a straight man you can get off with another man, it's just the way human body works, falling in love with that man that's a totally different story.
Wow. You are really confused. If you have consensual homo sex then you are a homo. FULL STOP. The definition of gay is someone who is physically attracted to someone of the same sex you moron. Feelings have nothing to do with it. If you are a guy and you have had sex with another guy then you are a homo. Got it?
This seems awfully silly. I mean, if you dance, does that make you a "dancer"? Does that categorization immediately and irrevocably define you?
Some of what you say makes sense. If someone lives under the pretense of not being gay but engages in homosexual activities, their own claims about their orientation can be overridden by simple observation of fact. But I think one has to be careful of labels in general. Labeling people is not always a bad thing, the practice exists because it's useful. We can understand greater things by thinking of them in terms of broad concepts. But if someone chooses not to define themselves as "straight" or "gay" or "bi", why is it so important to you that they wind up in one of these categories?
And who was it who said "If you label me, you negate me"?
Bow-ties are cool.
Why would I want any "smartphone" without a data plan? What's the point? If that was my goal I'd go back to an iPod and a cheap Nokia
Personally I find the combination of the two devices into one unit more convenient, even without a data plan...
Rather, I don't have that exact combination. I have an old Treo. I discontinued the data plan service after the first year because it was too expensive. But I still like the phone itself. I just like having PDA-style functionality on my phone.
You want the iPhone 4 unlocked, but you don't (I assume) want to pay the full price for it, and you want the government to step in and tell AT&T / Apple to unlock a subsidized phone. Whatever. You are not entitled to an unlocked iPhone for $200.
IMO either people should be allowed to unlock their phones, or else the company "selling" the phone should make it clear that the customer doesn't actually own the phone. You can't have it both ways. Of course, that's my opinion. In fact the current law says otherwise. Companies can sell a product and maintain restrictions over how the hardware is used (DRM, etc.) - and it is illegal to circumvent those restrictions under many circumstances.
Bow-ties are cool.
You know smart-phones can do more then go onto the internet right? Not everybody who wants one wants it for web access.
This may seem like an insane idea, but can they somehow be used to make phone calls?
As long as you don't hold them the way you'd hold a phone, yes.
Yeah, I went there.
Bow-ties are cool.
For the record the only thing that doesn't work right with T-Mobile and the iPhone is the 3G data access. EDGE works fine. If this matters or not depends on where you are. Some places T-Mobile EDGE is actaully faster than AT&T's 3G.
yeah, maybe that person was just posting to satisfy their ego and weren't really trying to add anything useful to the conversation.
But this is not about homosexuality creeping them out. This is about this men finding sex with other men creepy, which is a totally different thing from what you're talking about.
I don't think it is, really. A "creepy" reaction is still fear. I mean, why the strong reaction? Why does the idea hold so much power over you when it comes up?
Seems to me that this is a conflict - like id vs. superego or something. The strong reaction being the result of an effort to keep the idea out of your mind.
I mean, I don't think a person who reacts to the idea of homosexuality as you describe is necessarily a "bad person" or anything - I think how one treats others is the important criterion there. But I'd still describe it as a kind of homophobia.
Bow-ties are cool.
Sorry about that... I think I was reading into your post what I wanted to read, since I had already read several posts above saying exactly what I thought you were saying. Doh. (Inserts foot in mouth =D).
Well, like I said, I do understand my wording was ambiguous. Using pronouns when the subject isn't clear tends to cause misunderstandings such as these. I was typing a comment that made sense to me, and didn't bother to proofread it, because, you know...it's slashdot :)
No harm, no foul.
So, essentially you don't consider email to be basic functionality. The thing is, I do. Aside from that, why not just send it via MMS? Or is that another example of something that other phones don't have that you don't consider to be basic functionality? (In the interest of full disclosure: I'm still using the original iPhone which doesn't have MMS support.)
Greetings and Salutations.... /. rants, though, and may be worth it. Simply printing a petition page from a website, signing it, and sending it in is not going to do squat. That is the moral equivalent of the single petition with many signatures....Not much impact.
This is true. The fact of the matter is that ONE of the ways government officials determine what the public wants is that the official (ok...his interns) put all the correspondence that has come in about a particular bill or topic into three stacks - pro and con and neutral. (Which includes the rambling rants that cannot be figured out). They then measure the heights of the stacks of paper, and, the tallest one wins!.
So...if you want to make an impact, you really need to sit down, print off a letter; put it in envelope and send it to the representative you want to influence. While petitions are a feel-good thing, that facebook petition, if printed off, would produce, perhaps, 50 pages (if it really had 10,000 folks signing it, at 200 names per page and a ream of paper is about 2" thick). That is, at most, a quarter inch of paper. Now, a stack of only 1000 individual letters is going to be close to five inches high... Guess which will give more impact? A stack of 10,000 letters is over 3' tall.....and has that much more impact.
Of course, the other thing that undercuts the impact of the letters is if they are all obviously printed from the same source. So...yes...you actually have to type a short note in your own words and send it along. It should not take longer than one of these
Finally....for elected folks, adding a large contribution to their campaign fund never hurts (*smile*). This is, after all, America!
Pleasant dreams
dave mundt
YAB - http://blog.beemandave.com/
...thereby keeping it off the secondary market.
Why should you run out and buy another $300 device? Because you have reached the end of the effective life of the last $300 device you bought.
Fool me once...
So no, it is not in fact possible to have any sort of iPhone for a mere $200.
http://tampa.craigslist.org/search/?areaID=37&subAreaID=&query=iphone&catAbb=sss
Let me put it this way - maybe it's the fact that English is not my native language that is obfuscating what I'm trying to say. However, the word creepy is also defined (at least on Merriam-Webster) as "annoyingly unpleasant", which has nothing to do with fear.
Anyway, I find the idea of me having sex with a man as "creepy" as me having sex with a tree, a pickup truck, a 97 year old woman or a small kitchen appliance. That's because I'm not attracted to any of those, so the idea of me actually having sex with any of them is fucking creepy.
Big kitchen appliances, on the other hand...
Last I checked, none of the Apple phone line up has bricking fuses built in. In fact, if you try and jailbreak a phone with the wrong software, it just doesn't work. No perma-brick, unlike some Android phones.
No fanboyism here, just pointing out an error in your reason.
Ironically, the net effect of the hack is to put people with jailbroken iPhones at risk, because they don't have the fix, and the exploit is now known. Somebody will have to reproduce Apple's patch (or jailbreak the patched OS by another method) before jailbroken iPhones will be safe.
> As for "needing to jailbreak an iPhone to enable basic functionality"? That's
> a stretch, don't you think? Just how do you define "basic functionality" of a smartphone?
Depends on your perspective now doesn't it. You see a smartphone and I see a small computer with a cell modem. Any computer I can't program and or install any third party program I want onto is defective and must be repaired or replaced.
Democrat delenda est
Enabling tethering is probably my #1 reason. I don't care what AT&T's contract says; tethering is a function of the phone, not the service. I suspect this is why nobody's ever had their service terminated for tethering; AT&T knows they'd lose a court battle, and they don't want to set a precedent, let alone publicize this information.
Aside from tethering, SBSettings is quite handy (change brightness, kill tasks, enable/disable radios, etc. much faster than exiting an app and navigating to Settings).
Changing the lock screen to display useful data is nice, but I haven't found an app that does that well in iOS4.
3G Unrestrictor is great for getting full quality video over 3G and downloading apps larger than 10MB from the actual App Store. (As for why this works: They can't filter by TLD because AT&T provides land-based internet services, and filtering by IP is untenable, so they simply ask the phone if it's on 3G or WiFi).
And then there's the ability to simply copy files to the phone that jailbreaking provides.
https://www.eff.org/https-everywhere
My understanding is that the iphone (unlike other more basic phones) initially didn't allow tethering at all and now only allows it if the carrier specifically enables it.
Your understanding is incomplete. Tethering was always possible on the iPhone, but since AT+T did not want to allow it, Apple didn't include a simple way to enable it. Now that AT+T has decided that tethering is OK if you pay extra for it, Apple has included the simple enable mechanism.
Enabling no-added-cost tethering is the best reason to jailbreak an iPhone.
What sole purpose? Look at U.S. PS3 commercials that claim the console only does everything.
That was before they removed the otherOS functionality, which enabled it to 'do everything'.
Actually, a petition to the FCC needs to be signed on paper and delivered on paper. You can not form a valid petition on Facebook.
I'm sure it feels good to rant with a bunch of like minded buddies though.
It was thoughtful of Apple to fix that bug for me. Too bad I already got the Cydia virus. :)
As much as I hate defending Apple,
That actually has to do with the GSM Spec. It's flash or class 0 SMS (classes defined at the bottom of that page) which is not saved. Granted Apple should not have set the phone to automatically display class 0 SMS's but it's mostly social engineering.
Class 0 SMS's have been used a lot in cyber bullying lately.
Calling someone a "hater" only means you can not rationally rebut their argument.
This is what I dont get about Apple fanboys, they claim Apple is "not like the other companies" yet they do the exact same things.
The problem with the mobile phone industry, as is so often pointed out by Apple fanboys in Android discussions is the carriers. Well I agree but Apple is doing exactly nothing to move us away from that system. The problem is vertical integration, the carriers control the hardware, software and the service. Apple in this instance has still got the hardware and software married to each other, then they are having an affair with the carrier by removing/selectively enabling features the carriers dont want.
Lambaste Google all you want about the N1, at least with Android I have the source code and as impractical as it seems I _can_ make my own phone (w/ obligatory blackjack and hookers).
Calling someone a "hater" only means you can not rationally rebut their argument.
Tethering was not always available on the Iphone, it was a feature added into the 3rd revision of the OS and could be disabled at the carriers behest.
Enabling tethering is the best reason to buy a different phone that supports the functionality outside of the carrier and doesn't restrict the applications you can install.
Calling someone a "hater" only means you can not rationally rebut their argument.
Installing non-Microsoft apps? I wouldn't call that basic.
No.. Wait... I would.
So it's like we've always said, it's Apple's way or the highway and if you want to do anything that is not "approved" like using your own mail client well your SOL. This is not a feature, dear fanboys. Imagine if MS said you can only you IE on Windows without hacking it.
BZZZZT, wrong
But thanks for playing.
Stock Android and Nokia phones on Australian telco's can use Skype or other VOIP services over 3G where as a stock Iphone cannot. Why, well because the law in Australia says I pay for the data I can use it however I like and the carrier doesn't get a say in it. The 3G restriction is phone based.
Calling someone a "hater" only means you can not rationally rebut their argument.
I think this is less of a case of "the most open platform doesn't always win" and more of a case of "the most closed platform always loses" which has plenty of historical examples (most poignantly from the now defunct Apple Computers).
There are more open platforms then Android such as Maemo. Although Android is fairly open so I suppose it's the difference between Linux and OpenBSD (don's flame resistant suit and lets loose the dogs of FOSS fanboyism).
Calling someone a "hater" only means you can not rationally rebut their argument.
The thing I'm thinking is, if there was a remote root hole that did not enable people to jailbreak their phones, would Apple have moved so fast to fix it? Also, amazingly, their idea of a patch is a complete new firmware release - it sits at 380mb for the 3GS and 590mb for the iphone 4. Considering the amount of downloading that happens every time there is a patch, and the popularity of the phones, a regular release cycle could possible chew up a whole lot of internet out there.
Starbucks, Harbuckle of Breath.
It seems to me that the OP was expressing a perfectly valid opinion. The fact you disagree with it does not make it a troll.
Calling someone a "hater" only means you can not rationally rebut their argument.
Are you talking about the custom ROM on a HTC Desire or Samsung Galaxy S?
Wonder why I'm a PC gamer?
You know, the PC, the "console" with the most games available for it.
Calling someone a "hater" only means you can not rationally rebut their argument.
Neither do any Android phones.
None here either, but pointing out a flaw in your reasoning.
BTW, I have installed custom ROM's on my Milestone which has the supposed functionality you describe. It doesn't perma-brick, you just need to restore the device to factory settings (via the boot-loader).
Calling someone a "hater" only means you can not rationally rebut their argument.
Are you talking about the custom ROM on a HTC Desire or Samsung Galaxy S?
I already have a dumbphone on a $7/mo plan with Virgin Mobile USA; I don't want another $60/mo phone line. Why do the devices you mention cost $600, compared to an iPod Touch that costs one-third that?
You know, the PC, the "console" with the most games available for it.
PC has the most single-player games and online games, yes. But as I've pointed out elsewhere, localhost multiplayer is underrepresented in PC games, even for players who have the required big HDTV monitor and four USB gamepads. For example, apart from Street Fighter IV and MUGEN, fighting games are console-only.
But, as I asserted, there aren't any exploits involved. "Rooting" a Nexus One can be done using vendor-supported tools in a vendor-supported manner.
No, they aren't. Sure, they aren't marketing the N1 to consumers any longer, but it's still on sale as a dev phone.
A friend of a friend is the publisher of the article, he waited a good week before submitting publicly.
The issue they've found is that an incoming sms causes all the contacts, calendar and emails get shipped off to a remote server.
Apple and Telstra has tried to keep a lid on it as much as they can, the consultant who initially found it has discovered 9 iPhones over the past week with same symptoms.
I'd like to pass something back to the guy who discovered this bug. So just a few Q's.
If its social engineering its still a concern because it falls within criteria of "security exploit". If so to what end does this help a hacker gain access? Unless you're stipulating is its just a mere prank/joke.
Class 0 SMS or not, shouldn't there be something at the application level to stop it from putting up nasties on the screen? Does pressing "dismiss" get rid of it?
I'm not that guy but I hope you dont mind if I have a go at answering them.
Yes and no. A social engineering attack is entirely dependent on the user believing it (OMG This Virus is going to shred my dog and burn my hard drive), the root cause of this is most often stupidity and unfortunately there is no known fix for stupid (well, there is education but that has mixed results).
Its a problem we face that can be exploited so it's a yes but its a problem we cant fix with a patch so also it's a no.
It can be used for jokes and pranks as it has been done in the past but now it's being used for bullying (harassment).
I agree, I dont know why class 0 SMS is still being automatically displayed/not saved, especially with the potential for abuse. Pressing "dismiss" does get rid of it, further more it does not save it (the only reason it's so good for bullying is that there is no evidence).
Calling someone a "hater" only means you can not rationally rebut their argument.
Thanks. The guy in question is fairly high up the food chain in vulnerability assessment (and works for one of the 3 big AV companies).
I can safely say everyone working in the security industry is beating their knife and fork at the dinner table waiting for Apple to screw up in this way. Not to take a shot at Apple, moreover, wanting to be the first company to be able to "save" Apple and be the front runner in SmartPhone AV.
I'm going to respond back to his email with some of the things you raised. I'll also see if he was able to track any outgoing data off the iPhone, as it stands I wouldn't be surprised if it is just a face value hack and no data is stolen but he has said contacts and emails do get sent.
For a moment i thought it could of been a strcat() exploit, using the rejoin of SMS's to smash the stack (I know a little old school but you never know).
I updated my iPhone3G(32) to 4 and that was that. Brick time. Dead as a doornail, no response from any buttons, no acknowledgement when attached by cable to iTunes on Macbook. And it happened the day my AppleCare expired. HA Ha, ulp!#$ The shine is wearing off Apple a little bit, and my fanboi status may not last as long as I do. I need my iPhone to be a good phone first then some other things later. And I need my MacBook Pro and Mac Pro to be reliable day after day. If my Mac Pro dies after Apple Care expires, I will be hard pressed to know who to buy from next.
Or just use something like Easy Root by UnstableApps.com. It roots your phone without needing adb or a computer at all. Of course, it uses an exploit to gain root priv's too :)
Ironically, an app Google pulled from Android Market.
If all else fails, immortality can always be assured by spectacular error.
you paid the phone 200$ and a 2 years contract (not just 200$). and it's not like you can just walk away from the contract. in the end you end up paying the phone full price (indirectly of course) so yes tou're intitled to an unlocked phone. if I (or you) step in a store and want to buy the phone (full price) why shoudn't I (or you) get it unlocked?? here in canada it's almost impossible (unless you go to some shady small store) there's no way to buy an unlocked phone. you want one you have to go through a carrier even if it's the "full price" it locked to their network. and you have to fork 200$ it you want them to unlock it for you. for instance tellus is offering the E72 at 349$ with no contract .. it is locked, on nokia.com it is sold for 349$ unlcoked!
all that asside (don't remember where exactly) I read that the iphone4 costs like ~250 to manufacture and is sold arour 700 (unlcoked from apple in canada)
addendum My father is with rogers he called them to inquire about iphone4 (he's been with them for around 10 years now) they told him if he wanted it he had to fork the full price (650 for the 16) and guess what? Locked
Funny.. but imagine life as a sales rep or contractor. You browse some site in the morning and now your phone doesn't work. It will be 7 or 8 hours before your back to your PC and in that 7 or 8 hours none of your customers not being able to contact you.
That is serious lost revenue and not a mild inconvenience.
where exactly did he say that apple should not fix??
fair play or whatever the name of their DRM does just that ... tou can't just copy the application and run it
basic int the way that it is my phone I can do what ever the hell I want with it ... I don't need apple's blessing to do it.
for one I want to write an app for my sake don't want to sell it to anyone ... how the hell can I do that ???
other than Jb I need to pay F 100$/year to apple WHY?
if there was a remote root hole that did not enable people to jailbreak their phones, would Apple have moved so fast to fix it?
There is no such thing. A remote root hole allows anyone to gain root access to the device. A jailbreak allows the owner to gain root access to the device. Any vulnerability that gives everyone root access to the device will, by definition, allow the owner to gain root.
The jailbreak exploit, however, probably encouraged Apple to move quickly by demonstrating that the vulnerability was being exploited in the wild. It would be pretty trivial for a malicious person to see how the jailbreak worked and use the same exploit to distribute malware.
I am TheRaven on Soylent News
I noticed that Google is cracking down on their Android OS by removing EasyRoot from the App store at Verizon's request Saturday then a bunch more Android tethering apps at T-Mobiles request this week. Then I noticed that someone else in the Android App store had introduced a Trojan that was costing Android users serious money by sending SMS messages transferring money to fake 'charities" such as the hackers bank account.
Not to be outdone the report surfaces of a slick Trojan emptying bank accounts in Europe without the users knowledge in the Windows OS.
All these holes in an OS can end up costing either the carrier serious money in lost revenue or the end user serious money in an empty bank account. I have said it before, out of all the choices one has today, at the present time Apple is the one that is least likely hurt you with their Internet connected products. They have a lot to lose when problems are detected and move as fast as possible to fix them to protect their name.
There are some who are quite vocal in their opposition to Apple but in reality they are no more than a high tech version of the scum rioting for free and subsidized housing permits who then bring crime with them if they move into your neighborhood with government assistance.
They want as much as possible in life for free and open doors for yours too.
most computer shops see that as an opportunity to do business. why wouldn't apple? When you buy a desktop the hardware is under warranty anything else is your problem and if you come back with a virus problem the shop will be glad to help for a price. if you come back for a hardware problem they'll be happy to help too but free of charge as long as it is under warranty.
Did anyone else find a bajillion grammatical errors in that article? Judging by his name, I'd assume that English is the author's primary language... that article is barely coherent.
It is the drugs my son.
Those are some well worded replies.
Hmm, big kitchen appliances...
"The likes of Facebook and WhatsApp are free to those whose privacy is of zero value."
This is Slashdot we're talking about. "Apple quick to patch serious security flaw and protect its users' devices, whilst incidentally breaking the most alarming jailbreak technique to date" (which I'm sure plenty of people will have sent in) doesn't generate as many clicks as "Big mean corporate giant Apple stop you from jailbreaking your device and stomp all over your freeeeeedom". Simple as that really.
Of course, anyone who knows what they're doing and does enjoy the jailbreak when it's available (like myself), can simply have the sense back up their shsh blobs through Cydia, avoid updating, and apply the community-developed security patch instead. Or if it matters that much, buy a less restricted phone.
"Enabling no-added-cost tethering is the best reason to jailbreak an iPhone."
Isn't that just another way of saying the best reason to jailbreak is so I can go out and steal a service.
Nowhere did I say whether it's an Apple restriction or not. If it's a restriction, it's a restriction - other phones I can buy on networks that don't have this restriction.
But hey, I see the pro-Apple mods are out in form, modding up straw man arguments, and modding down anyone who disagrees.
And a quick search suggests Apple do have a hand in this too.
Enabling no-added-cost tethering is the best reason to jailbreak an iPhone.
But that was my original point, anyway. The whole question of whether it was Apple's idea or AT&T's is a straw man argument made up by tooyoung.
I love how stating the bare facts is deemed by the astroturfers to be "troll" - evidently the Iphone is so bad, you don't need to make it up: even the basic specifications are assumed to be the result of trolling!
Because you can't control the close substitutes that are being sold either. For example, all three major video game consoles are like iPhones
Don't change the subject because you were wrong.
You are correct that I was wrong that the video game consoles are like iPhones. They don't have a cellular radio. Please allow me to rephrase my original comment more accurately:
Because you can't control the close substitutes that are being sold either. For example, all three major video game consoles are like iPod Touch products.
A HTC Desire costs A$600 whilst an Ipod touch costs A$400
In the United States, an unlocked HTC Desire costs 500 to 600 USD while an iPod Touch costs 200 USD.
You've heard of a Lan party right.
For a LAN party to work, each player has to own his own PC. A lot of families still have fewer PCs than people, and if one member of the household has dismantled the PC and taken it to a LAN party, another member of the household cannot use it to pay bills or go on Facebook until the first person has returned. And I don't see how one would carry a desktop PC from home to the site of the party on a bicycle.
Different games have different audiences, so your point being?
Say a company too small for a console license wants to develop a game for a console audience. What should the company do to prevent the universal customer reaction from being "Nice game you got there; too bad it's only for the PC."
Can I plug my Street Fighter II cartridge into my Wii?
Super Street Fighter II is in Virtual Console. If you're talking specifically about not rebuying, then there's a cartridge reader for the PC, but one would still run into the screen size problem.
I have been corrected on that point - stock iPhones now can use VoIP on 3G now. It was carrier based in the US, just like tethering (which my stock UK iPhone does just fine), and unlocking, which my UK carrier will do for me but still can't be done in the states. I just hadn't checked the changes in VoIP because my plan means I just don't need it.
You are attempting to equate the phone with a standard Windows PC, which is a bit disingenuous - it's more accurate to compare it to a games console. Sure, some PS3s can install Linux, but I would hardly call that a basic function of the device (for 95% of the target audience). You can't use PS3 games on an Xbox 360, which I'm sure is not a feature.
If you want an Apple platform that is not set up this way (and sold and promoted to work this way) then that's what the Apple Mac is for, where you can install anything you like (assuming you have appropriate software first - eg, if you want to run windows software you'll need an emulator or a copy of Windows itself).
What's with all the hostility and attempted sarcasm? I'm not trying to personally wound people who don't agree. It just makes your arguments look childish.
Because you just can't do that, and you know that ahead of time. It's not something the iPhone does.
If you buy a two door car do you also complain that it's missing the "basic functionality" of being able to get people into the back through the rear doors, which it doesn't have, without hacking the car to fit some? You knew when you bought it that it didn't have rear doors, and my car or a car you already own has them, so why doesn't this one?!!
If you want to write an app for your smartphone that is just for you, then you should look for a smartphone that has that capability - phones that run Android fit that market.
Sounded reasonable to me. Guy saw a story about an Android getting hacked. Of course, you previous post did state that it was all the users' fault for installing the apps. Good point, a secure platform should let anything be installed. Yup.
Vote monkeys into Congress. They are cheaper and more trustworthy.
I would love to know what these people were basing their lawsuits on. "Loss of daily laughter"? "Crippling emotional loss"? "Lack of any social life"? The author should have told them to "bring it on" and then counter-sue for his waste of time. Probably could pay his hosting costs for a few years.
Makes me wonder if these people threaten lawsuits against the USPS if their mail is late one day...
Vote monkeys into Congress. They are cheaper and more trustworthy.
Which is why I always have a non-smart phone with me all the time. Can't hack a phone that is only a phone (well, over a network, anyway).
People like the shiny and fancy, and at the same time forget that a basic tool can still get the job done, normally with less risk. As geeky as I want to be, I'm more risk adverse.
Vote monkeys into Congress. They are cheaper and more trustworthy.
"There is a jailbreak application that prompts the user before downloading any PDF via the Safari browser, meaning that you have to allow the browser to download any exploit."
I, at least, read this as saying that instead of fixing the problem the jailbreak application that he would prefer Apple mimic, simply prompts a user every time they download a PDF so they have to allow the browser to "download the exploit." That means that the exploit is still in the PDF being downloaded, its just that a website can't secretly send you to a PDF when you think you are getting a webpage.
Oh, and the point of all this being that the OP wants to be able to jailbreak his phone through his browser even though any method of making changes to the OS via a webpage represents a serious security hole in the browser.
Good point, a secure platform should let anything be installed. Yup.
code, or even use software much?
there's plenty of legit reasons to install non-market apps. there are also plenty of legit reason fo apps to request access to read your contacts and send SMS messages etc. so tell me, how does this secure platofrm you are dreaming inspect the app developer to determine if they have good intentions?
ever used any of the 3 major desktop operating systems? all of them allow apps to request "root" access. all three of them leave it up to the user to make a decision
for me that means if you jailbroke your phone there is a temp fix if you don't want to update. (by the way there is a fix on cydia as of yesterday a true fix not somthing that prompts. And it works). In no way that implies "why tf did apple fix the issue?!!!?!?!"
My point was Basic or Advanced features set a side the damn thing is mine and I should be able to do what ever I want with it with or without apples blessing. If they don't provide a reasonable official way to do it then I have carte blanche to do what ever it takes to achieve that. ... if I buy a tow door car and want a third I can HACK it to add an other door the manufacturer of the car has nothing to say and can't possibly sue me for doing that.
And let me rais you one: if you but a car and the manufacturer tells you sorry man you can only use a TOMTOM GPS device in our car.
.. I lost my other (dumb) phone and It was a gift. I would never had bought it on my own given that I know what I know now, b/c I didn't know anything about it or any smart phone for that matter before this. For me a phone is a phone ".".
Until just few weeks ago jailbraking wasn't legal (nor illegal) in the US. Here in canada it's still not explicitly legal (even the new bill stats explicitly that unlocking phones would be legal but nothing on jailbraking and since there are TPMs involved then it will most probabaly be illegal). to take on your CAR analogy
Before you get to "so why did you buy it?" I didn't buy my iphone
I don't hate apple nor do I "love" them. I own a macbook pro and it's wonderful - a bit over priced but it's well worth the trouble- and it doesn't have the "non"limitation the iphone has.)
You know smart-phones can do more then go onto the internet right? Not everybody who wants one wants it for web access.
This may seem like an insane idea, but can they somehow be used to make phone calls?
yes and without needing internet access as well :)
The car analogy you gave is beside the point. If you buy a car and want to mod it you can buy what ever part you want from any one you want. I don't see Mazda forcing people to buy MazdaSpeed parts (if the part is deemed safe by whatever authorities in place it can be manufactured and sold by anyone to anyone willing to buy it).
(sorry hit the submit button too soon by accident)
The car analogy you gave is beside the point. If you buy a car and want to mod it you can buy what ever part you want from any one you want. I don't see Mazda forcing people to buy MazdaSpeed or Mazda approved parts (if the part is deemed safe by whatever authorities in place -not Mazda- it can be manufactured and sold by anyone to anyone willing to buy it). And if it did the gov would be breathing down it's neck for Monopoly issues and people would be suing.
So, sell the iPhone, or return it to the store and exchange it for a different one that does do what you want, even if it was a gift - you can return it and get out of any phone contract you're in.
Of course you can hack a car and add a third door, just like you can with the iPhone. However, don;t expect the warranty to be valid on the phone or the car after you do this unsupported thing (that you are within your rights to do in both cases), however, the lack of back doors on the car and the lack of 3rd party installation ability on the phone does not mean that the phone or car is "lacking basic features" since they were never on the thing in the first place - lots of objects lack "basic" features that other objects have. Back doors on 2 door cars, third party installs on smartphones, cordless jugs on electric kettles, number pads on small bluetooth keyboards, eraser on the back end of a pencil....
If you truly were given your iPhone and you quickly realised that in the first month it didn't do what you needed and you're on a contract, then you are unfortunate, but hey - it was a gift. If it was on pay as you go, just sell it and use the proceeds to get a new phone.
No, but if you have a warranty with Mazda and you install parts yourself, or from a non-authorised repair place, you will void your warranty.
Other than that, Mazda don;t care what you do with your car. They just won't support you if you "go off the Mazda-approved path".
Much like a smartphone.
who's asking for support?? I'm not saying that mazada should offer your warranty after that, the point is that mazda is not impeding on your ability to do so! Apple is not letting people do that (unless you jailbrake).
as I said "basic or advanced" feature set aside! Advanced or basic is a mater of personal taste. the phone is mine and I should be able to do what ever I want with it.
and no you can't just walk out of contract (it costs like 300$)
I never mentioned warranty to begin with, and I'm not expecting apple to honor it after I jailbrak my phone (which I DID)!
How are Apple stopping you?
You have to modify your phone to be able to do this stuff, just like you have to modify your car if you want to install doors, or install a different engine or something not originally designed for the car that may require different mountings, or hose adapters, or changing the ECU (which is a proprietary nightmare on some cars).
You can leave any contract before 30 days at no penalty. You have consumer rights.
Since you don't need root access for standard tethering (i.e. EasyTether, using a phone as a 3G modem over USB or bluetooth) and since it uses standard Android APIs, I'm not sure that disabling tethering on Android is possible. In fact I'm using it now on my Droid to send this.
I assume you can use EasyTether even on AT&T's droid phones.
Support SETI@home
Blame slashdot for that misinformation. I was under the impression that if you flashed a Milestone with an unsigned ROM, you blew a microfuse and that was that.
(Either way, both our phones are more locked up than a WinMobile 6.5 phone.)
http://www.baitbus.com/ guess your statistics are wrong. Your forgot to factor money.
So... if I fail to find males sexually arousing, I'm a homophobic? And what about gay men, if they fail to find women attractive, they're heterophobic? Are lesbians heterophobic unless they can "get off" with males? That's just the stupidest thing I've read this week, and I read slashdot daily.
I think you just misunderstood, what he said was that the considering contact with another man creepy is just a lingering effect of societal homophobia, to which I totally agree.
So at the end we seem to all agree with my original statement: sexuality is about who you're attracted to, not about who you have sex with.
is it legal? in US may be (but hey since whene??) in canada ... no !
for some definitions of "interesting" sure. The PS3 still plays FFXIII and GT5 better than linux on it...
All of the above was encrypted with a Quad ROT-13 method. Unauthorized decryption is in violation of the DMCA.
Why would I want any "smartphone" without a data plan? What's the point? If that was my goal I'd go back to an iPod and a cheap Nokia
You want a single device that will let you make phonecalls and browse slashdot while at home. I have little use for mobile internet 98% of the time. A standalone GPS is better than a iPhone for nav in my car anyways.
The only other carrier in the US is T-Mobile, but apparently they use some different frequencies and not everything works right, so I need AT&T anyway.
That isn't a question, and yes you are right.
Since I need a dataplan ($15 or $25 a month from AT&T), why would I pay $400 more for the unlocked phone, which amortized over 24 months is $16.67 a month?
Good question, I'm fine with it, as long as it doesn't have a fee for ending early, simply the remainder of the balance of the loan. Yes it needs to be written in the contract as a loan, not hidden in the costs.
I believe the GP is confusing "jailbroken" and "unlocked", I would like to see all consumer goods shipped "jailbroken", having the baseband unmodifiable is fine(of course all of that really should be done in silicon then). I bought the device, and am paying for the service it receives(outside of 911 in the USA) so I should be able to do what i like to the device. Could you imagine the uproar that would ensue if apple had a clause in the purchase agreement that said, "The purchaser agrees to minimally obscure the iPhone at all times, and will give all of their children current and future the middle name of 'Steve', in honor of 'Steve Jobs'" Basically I would be very happy to own an iPhone if the apple store was simply the "apple approved/screened" store, and i was free to do what i like with the device.
All of the above was encrypted with a Quad ROT-13 method. Unauthorized decryption is in violation of the DMCA.
I see your point in my poor definition of what I perceive as the potential problem. The point I was trying to make was unauthorized access to data, where the user does not even know the data is being accessed. Before you get yippity again, if there is no 3rd party overview of app software, how do you know that that app is not going to steal all of your data and send it back somewhere?
This was not a code issue, nor an app asking for access issue. It was an issue about non-authorized, non-asking access to data. [I could make some snarky remark asking you if you ever installed LimeWire (or whatever) and had your computer compromised.]
Vote monkeys into Congress. They are cheaper and more trustworthy.