Any old fart app can pull the UDID and send it to a central server. It does NOT take much to push an app through, grab yourself some UDIDs, Google the name of some random FBI agent with a very important-sounding title, and attribute everything to your 1337 skillz.
I don't know what's more worrying: the fact that people still can't grasp this concept, or the fact that people take everything AntiSec says as gospel.
This is the third fucking Apple UDID story in 24 hours. Can we please move on to shit that actually matters?
...after all, I'm not expecting much from an organization (AntiSec) whose only penetration method is hitting a webserver with old obsolete phpMyAdmin vulnerabilities. Found this in my webserver logs today:
Direct most of that anger to app developers who gather that information and store it on their poorly-secured servers. That's probably where the FBI (or more likely AntiSec) got all the information from.
other person identifiers (which were supposedly stripped before release)
Hopefully you can understand why I have my doubts in this scenario. It's like Joseph Smith and the gold tablets. "Only I'm allowed to see them, so I'll stare into this top hat and read everything to you."
Also, apps (and app updates) from the last year or so that use the UDID in any way have been rejected by Apple on that basis alone. Any app that uses the UDID as its sole authentication mechanism would hopefully not contain any sensitive personal information, and fortunately anyone that dumb probably couldn't code their way out of a wet paper bag.
I could be completely wrong and the FBI might just like to track some magic hashes for shits and giggles, but I think it's far more likely that Anon slipped some random fart app through to collect a bunch of UDIDs and used the conveniently-timed Java vulnerability to conjure up a believable breach scenario.
...with the general attitude I saw from Slashdot regarding the original story. It almost sounds like a complete fake just because what the hell would the FBI possibly do with a deprecated SHA1 hash of a few device-unique identifiers? Verify that their super-secret gub'mint database of everyone's iPhone MAC addresses and MEIDs has no row errors?
It's worth reiterating from the other story that Apple doesn't even accept apps that reference the UDID any more, and it was never used as a security or authentication feature in the first place. It's like saying "lol, you got pwned, I just got the MD5 hash of your entire hard drive, LULZ LULZ LULZ WE ARE ANON"
If the FBI really wanted some useful information, they could swipe your ESN/MEID and track you down to a cellular level. Hell, they probably already have. Smile at the camera!
...In other unrelated news, when I had tuberculosis all the restaurants in my area kicked me out when they found me coughing on their salad bars. How dare they stifle my freedoms! Police state!
"i'm a hip cool new President. I use Blackberries and Twitter and Reddit and I brew my own beer. I'm just like all you young impressionable voters. Hey, look, we're open-sourcing the White House website! Open source is cool, right? Hey, who wants some free stuff? Young people like free stuff, right? How about healthcare? You guys don't understand any of it so have some for free. Naw, I promise, it's just as good as the other stuff. And nevermind who's paying, you guys don't make enough yet to worry about that..."
Still waiting for President Obama to show up to a convention wearing Converses and empty Rayban frames while he gives a speech ironically.
That'll get them one workstation, one software license of their choice, and a PhD student for a year, tops.
Also, wouldn't a flying-wing aircraft designed for passenger travel be incredibly inefficient in terms of space usage? Look at the B2 - most of its body is the wing and engine structure and a tiny cockpit for 2 crew members, plus a bomb bay. Imagine trying to scale up the B2 to fit 100+ people - it'd be gargantuan. It could handle the weight just fine (the B2 carries 50,000lbs of ordinance already), but to fit that many people comfortably would be quite a feat. IANA aerospace engineer so please correct me if I'm wrong.
Your comment isn't getting any replies. Perhaps try closing with a personalized question - like, "Does ending YOUR crappy blog with a question get more people to respond?" That will help you to facilitate enhanced social media 2.0 engagement and boost your Klout score!
This is where I stopped reading, because if you can present an observation that blatantly flawed right out of the gate, then I expect nothing of value from the rest of your comment.
Your argument of the majority of customers subsidizing the power-users is flawed. It makes the assumption that an "unlimited" plan is the only plan being offered - this is false in most cases. T-Mobile offers a capped data plan in addition to unlimited. Also, there's no way to price Unlimited plans in such a way that proportionately reflects their usage compared to tiered plans - how much should they be, infinity dollars?
Now Sprint, on the other hand, has an all-or-none unlimited data package. That seems a little absurd, and I can see how someone barely using 100MB a month would be a little peeved by having to pay full price for an unlimited plan when they could get by with much lower plans at a lower cost.
Did you buy a subsidized phone and go with their classic plan?
I'm on a two-line 2-year contract with 1000 shared minutes, unlimited texting for both phones, and unlimited data for one for $70. Then again, I just got their Value plan and bought used phones from eBay, so my monthly bill is lower as a result. You should look into it - the math works out to about $200 in savings over the life of the 2-year contract.
T-Mobile has great "4G" coverage in my area. I live on the outskirts of the Kansas City metro area. My new T-Mobile smartphone gets 6-7Mbps downstream, while my Verizon iPhone (which I am reluctantly dropping due to Verizon's shoddy pricing plans) clocks in at 1.5Mbps. I ran these tests side-by-side and the numbers from three subsequent tests came in strongly in favor of T-Mobile. I found that particularly unacceptable on Verizon's part since their service costs easily twice as much.
Do you live out in the boondocks? In that case, I'd certainly understand why their coverage wouldn't be as strong.
Why would either side be considered unprofessional for naming more witnesses than they need? Please explain further. I'm aware that rejections happen for a multitude of reasons, so it would seem that having alternates is a must.
Though I personally fail to see why it's a big deal, and I understand that a time limit is a time limit, all she would have to say is "you need to cut this list down to only the witnesses you plan to present", not "you wouldn't submit this unless you were smoking crack".
My opinion remains that this judge is very unprofessional.
Regardless of which side it favors, this is very unprofessional behavior coming from a judge presiding over a very influential case that could result in millions, even billions, of dollars in damages.
I'm in full agreement that the entire legal system is in need of extensive reform, but it shouldn't come in the form of cowboy (or cowgirl) judges making off-the-cuff remarks like those we've been hearing from Judge Koh.
Judge Koh, you're making it very clear that you don't find this trial to be a good use of your time. In that case, remove yourself. You have the power - rather, the responsibility - to remove yourself from a trial if you know or feel that you cannot provide fair and equal treatment to both plaintiff and defendant. Otherwise, you have a legal duty to preside over this case in a fair and professional manner.
Slashdot Mirror
You keep using that word. I do not think it means what you think it means.
Any old fart app can pull the UDID and send it to a central server. It does NOT take much to push an app through, grab yourself some UDIDs, Google the name of some random FBI agent with a very important-sounding title, and attribute everything to your 1337 skillz.
I don't know what's more worrying: the fact that people still can't grasp this concept, or the fact that people take everything AntiSec says as gospel.
This is the third fucking Apple UDID story in 24 hours. Can we please move on to shit that actually matters?
62.76.44.162 - - [05/Sep/2012:12:45:38 -0500] "GET /w00tw00t.at.blackhats.romanian.anti-sec:) HTTP/1.1" 404 162 "-" "ZmEu" /phpMyAdmin/scripts/setup.php HTTP/1.1" 404 162 "-" "ZmEu" /phpmyadmin/scripts/setup.php HTTP/1.1" 404 162 "-" "ZmEu" /pma/scripts/setup.php HTTP/1.1" 404 162 "-" "ZmEu" /myadmin/scripts/setup.php HTTP/1.1" 404 162 "-" "ZmEu" /MyAdmin/scripts/setup.php HTTP/1.1" 404 162 "-" "ZmEu"
62.76.44.162 - - [05/Sep/2012:12:45:38 -0500] "GET
62.76.44.162 - - [05/Sep/2012:12:45:38 -0500] "GET
62.76.44.162 - - [05/Sep/2012:12:45:39 -0500] "GET
62.76.44.162 - - [05/Sep/2012:12:45:39 -0500] "GET
62.76.44.162 - - [05/Sep/2012:12:45:39 -0500] "GET
Well gosh golly gee willikers, thems sure are some mighty clever hackers right there!
Direct most of that anger to app developers who gather that information and store it on their poorly-secured servers. That's probably where the FBI (or more likely AntiSec) got all the information from.
other person identifiers (which were supposedly stripped before release)
Hopefully you can understand why I have my doubts in this scenario. It's like Joseph Smith and the gold tablets. "Only I'm allowed to see them, so I'll stare into this top hat and read everything to you."
Also, apps (and app updates) from the last year or so that use the UDID in any way have been rejected by Apple on that basis alone. Any app that uses the UDID as its sole authentication mechanism would hopefully not contain any sensitive personal information, and fortunately anyone that dumb probably couldn't code their way out of a wet paper bag.
I could be completely wrong and the FBI might just like to track some magic hashes for shits and giggles, but I think it's far more likely that Anon slipped some random fart app through to collect a bunch of UDIDs and used the conveniently-timed Java vulnerability to conjure up a believable breach scenario.
...with the general attitude I saw from Slashdot regarding the original story. It almost sounds like a complete fake just because what the hell would the FBI possibly do with a deprecated SHA1 hash of a few device-unique identifiers? Verify that their super-secret gub'mint database of everyone's iPhone MAC addresses and MEIDs has no row errors?
It's worth reiterating from the other story that Apple doesn't even accept apps that reference the UDID any more, and it was never used as a security or authentication feature in the first place. It's like saying "lol, you got pwned, I just got the MD5 hash of your entire hard drive, LULZ LULZ LULZ WE ARE ANON"
If the FBI really wanted some useful information, they could swipe your ESN/MEID and track you down to a cellular level. Hell, they probably already have. Smile at the camera!
...In other unrelated news, when I had tuberculosis all the restaurants in my area kicked me out when they found me coughing on their salad bars. How dare they stifle my freedoms! Police state!
"i'm a hip cool new President. I use Blackberries and Twitter and Reddit and I brew my own beer. I'm just like all you young impressionable voters. Hey, look, we're open-sourcing the White House website! Open source is cool, right? Hey, who wants some free stuff? Young people like free stuff, right? How about healthcare? You guys don't understand any of it so have some for free. Naw, I promise, it's just as good as the other stuff. And nevermind who's paying, you guys don't make enough yet to worry about that..."
Still waiting for President Obama to show up to a convention wearing Converses and empty Rayban frames while he gives a speech ironically.
$2,500 workstation
$7,500 SolidWorks license
$15,000 Doctoral candidate stipend
$75,000 University-mandated "Administration" expenses
That'll get them one workstation, one software license of their choice, and a PhD student for a year, tops.
Also, wouldn't a flying-wing aircraft designed for passenger travel be incredibly inefficient in terms of space usage? Look at the B2 - most of its body is the wing and engine structure and a tiny cockpit for 2 crew members, plus a bomb bay. Imagine trying to scale up the B2 to fit 100+ people - it'd be gargantuan. It could handle the weight just fine (the B2 carries 50,000lbs of ordinance already), but to fit that many people comfortably would be quite a feat. IANA aerospace engineer so please correct me if I'm wrong.
Unattainable utopia of neckbeards and greasy ponytails?
Your comment isn't getting any replies. Perhaps try closing with a personalized question - like, "Does ending YOUR crappy blog with a question get more people to respond?" That will help you to facilitate enhanced social media 2.0 engagement and boost your Klout score!
Ha, Slashdot is so pro-Apple it's painful
This is where I stopped reading, because if you can present an observation that blatantly flawed right out of the gate, then I expect nothing of value from the rest of your comment.
http://xkcd.com/927/
But seriously, so, now we're defining metastandards? Could somebody please explain the implications of this?
This points to a class of people that are incapable of seeing facts and cannot evaluate risks.
Slashdot readers? So all those Bitcoin stories were actually just Ponzi recruitment drives... now it all makes sense!
Your argument of the majority of customers subsidizing the power-users is flawed. It makes the assumption that an "unlimited" plan is the only plan being offered - this is false in most cases. T-Mobile offers a capped data plan in addition to unlimited. Also, there's no way to price Unlimited plans in such a way that proportionately reflects their usage compared to tiered plans - how much should they be, infinity dollars?
Now Sprint, on the other hand, has an all-or-none unlimited data package. That seems a little absurd, and I can see how someone barely using 100MB a month would be a little peeved by having to pay full price for an unlimited plan when they could get by with much lower plans at a lower cost.
Is a typical Slashdot reader's wet dream.
Hell, most of the people reading this probably think they're already being followed anyway.
Did you buy a subsidized phone and go with their classic plan?
I'm on a two-line 2-year contract with 1000 shared minutes, unlimited texting for both phones, and unlimited data for one for $70. Then again, I just got their Value plan and bought used phones from eBay, so my monthly bill is lower as a result. You should look into it - the math works out to about $200 in savings over the life of the 2-year contract.
T-Mobile has great "4G" coverage in my area. I live on the outskirts of the Kansas City metro area. My new T-Mobile smartphone gets 6-7Mbps downstream, while my Verizon iPhone (which I am reluctantly dropping due to Verizon's shoddy pricing plans) clocks in at 1.5Mbps. I ran these tests side-by-side and the numbers from three subsequent tests came in strongly in favor of T-Mobile. I found that particularly unacceptable on Verizon's part since their service costs easily twice as much.
Do you live out in the boondocks? In that case, I'd certainly understand why their coverage wouldn't be as strong.
That would lose them any Federal grant money they're currently receiving or could potentially receive for IT.
It's not like BitTorrent is a widely-known standardized protocol with a handful of existing open-source clients...
...Oh. Wait.
Sorry, who are you again? I can't see your username behind that AC label.
I think you mean 20 witnesses in a 75-page report, not 75 witnesses.
Why would either side be considered unprofessional for naming more witnesses than they need? Please explain further. I'm aware that rejections happen for a multitude of reasons, so it would seem that having alternates is a must.
Though I personally fail to see why it's a big deal, and I understand that a time limit is a time limit, all she would have to say is "you need to cut this list down to only the witnesses you plan to present", not "you wouldn't submit this unless you were smoking crack".
My opinion remains that this judge is very unprofessional.
Regardless of which side it favors, this is very unprofessional behavior coming from a judge presiding over a very influential case that could result in millions, even billions, of dollars in damages.
I'm in full agreement that the entire legal system is in need of extensive reform, but it shouldn't come in the form of cowboy (or cowgirl) judges making off-the-cuff remarks like those we've been hearing from Judge Koh.
Judge Koh, you're making it very clear that you don't find this trial to be a good use of your time. In that case, remove yourself. You have the power - rather, the responsibility - to remove yourself from a trial if you know or feel that you cannot provide fair and equal treatment to both plaintiff and defendant. Otherwise, you have a legal duty to preside over this case in a fair and professional manner.