This jailbreak thing is indeed a real live exploit running in the wild, but it's a trojan (kind of) since you are asking it to do one thing (display a PDF) and it does another (jailbreak the phone).
I wouldn't say it's a trojan. A trojan tricks the user into running some code which does something nasty the user doesn't expect. The user expects that his phone will be jailbroken, not that a PDF is displayed. After all, the web page says "this will jailbreak your Iphone". It doesn't matter what kind of exploit is used.
Ohh? The webpage promisses to give the user access to thousands of apps that Apple won't allow on iPhones, while also opening up dozens of exploitable holes - sure as hell sounds like your definition of a trojan.
Macs (and the iPhone) do not yet have any active viruses in the wild.
True, that. No self-replicating agents that infect host applications for iPhone or Mac.
But there are self-replicating agents that survive independent of host applications for the iPhone. The rickroll worm is still active and scanning network ranges frequently enough that you probably want to turn off 3G while you install sshd, so you have time to change the root password.
Funny that you have to bring up a virus that only works on jailbroken iPhones to prove there are viruses for iPhones in the wild.
I was expecting Giant mutant boars rampaging through cities and destroying buildings and then ultimately being stopped by a Giant Robot (or a Giant Lizard).
Too bad that can change several times a day even if you stay at the same place. Even if you only recalculate every time you refill, you'd have to take the price of the remains in the tank into account.
Out of interest, I tried the grip of death on my work Blackberry, and I couldn't get more than a 10db signal drop worst case, whereas the iPhone 4 averages a 20 db drop according to Anandtech.
Also, the Blackberry includes a numeric display of the signal strength, rather than only displaying the data only via a possibly-fiddled-by-the-marketing-department bar chart.
So how much signal did your Blackberry have compared to the iPhone before any touching started?
My thought exactly. Maybe only elitist snobs took the survey? In fact, according to the study author, the surveys were taken via Facebook, which I would expect already has a bias to it.
Not to mention how many Facebookies call themselves "independent geeks".
[iPad ownership] People who plead guilty to sins of indulgence are more likely to own an iPad.Those who
identified lust as their biggest sin are 70% more likely, while self-professed gluttons are
88% more likely.
Macintosh users are more likely to be iPad Critics than Windows users.They’re also more likely to be Owners.Windows users are more likely to simply not be interested.
Teenagers are over 4 times more likely to be critics than adults in their 40s.
Critics are like early technology adopters.They
lack, however, the early adopters’ trendsetting characteristics.Critics are less
imaginative, enthusiastic and extraverted than the average person.
Teenagers are over 4 times more likely to be critics than adults in their 40s.
People with kind, humble personalities are unlikely to know what the iPad is.
Odd thing: biggest sin among iPad owners is "Gluttony", among haters "Greed". Most noticeable is the low education of the critics (mostly due to young age, likely)
See that? On the same day, 16th of July, they funneled dozens of journalists through those "Black Labs". Now this may have been the only one who has video footage - but lets face it: this is a DUPE
Umm... WHAT? Sorry to burst your conceit bubble there, Sparky, but... "Many eyes make bugs shallow" does not apply to Safari, because Safari is not open source software.
Webkit (the open source rendering engine that Safari uses) is not vulnerable. Chrome and Chromium (also built on Webkit) are also not vulnerable.
Well, yes and no.
Jeremiah Grossman said...
@Anonymous, Tom: I believe this may be a WebKit issue and not just Safari. While it is difficult to confirm now, I suspect this technique did in fact affect Chrome. Had some discussions with Google a while back surrounding this topic and recall them finding/fixing something, but I don't really get all the details straight. Will have to find an older Chrome version somewhere to confirm...
@anonymous: this hack may have worked on Chrome at one time, but no longer. Trying to confirm, but difficult to get old OS X copies.:)
"the unwarranted collection of e-mails, passwords and other personal data of those who failed to protect their networks with passwords."
Sure, the data wasn't protected in any way, and it was broadcast in public - but why store it, if all you want is the MAC Address and the SSID. And why would you then claim that all you stored is exactly that and nothing more until it comes out that wasn't the case?
because the proceessing of the data(SSID/macaddr is in each packet, and gps location and time) is done offline? or it's kept in case the "beta" software may crash if it encounters a packet type that it wasn't expecting, or.... provide me a good theroy of something they could have gotten, and what they could do with it. gmail uses SSL, VPNing to work will protect your work e-mail as will the use of encryption in outlook, setup by the IT guy[s] at work.
The first one I don't buy for a millisecond (more than it takes to process a wireless frame), you wait until a beacon frames comes in, and bamm you have all the information you need. There is no need to store anything else - unless that's what you are after. It's as simple as that. And that bit about "beta" software - those functions have been done over and over by others, is Google couldn't make such a trivial task work before the first Street View car left the yard, they are in the wrong business.
Listen, it's easy, you don't store stuff that takes up many times as much storage as what you say what you are looking for, unless you intend to use that for - whatever. And I want to know what that was, from Google.
"If you go around filming streets, but always do close-ups of people without their consent, and store the films despite no streets being on them"
Repeat but make sense.
If I then proceeded to release a free mapping service to everyone and made money from putting ads in then I'm fairly sure people would probably understand my motives.
Sure "If you go around filming streets, but always do close-ups of people without their consent, and store the films despite no streets being on them". Still don't get it - maybe second grade will help.
If you go around filming streets, but always do close-ups of people without their consent, and store the films despite no streets being on them - what the hell are you doing? Gee, if you weren't Google, one might suspect you harvest all kinds of private information that you have no business of having, probably to commit identity theft, or to have some nice picture of kids.
Where is the usual paranoia of the American people when it comes to Google?
I agree - but that wasn't all they scanned and stored. Which, what the summary fails to mention but the article makes quite clear, is the actual issue: "the unwarranted collection of e-mails, passwords and other personal data of those who failed to protect their networks with passwords."
Sure, the data wasn't protected in any way, and it was broadcast in public - but why store it, if all you want is the MAC Address and the SSID. And why would you then claim that all you stored is exactly that and nothing more until it comes out that wasn't the case?
Well, we all know that despite all your claims to the opposite, you may rape a child tomorrow, so we should kill you now to save the child. Case closed.
Slashdot Mirror
"alternatehistory" - really?
You mean the 3 of them?
http://www.androidpads.com/ - and they don't even count the tiny Archos ones
How is the iPad and making phone calls on the cell network?
How are all the Android pads makingphone calls on the cell network?
There is only one Phone that supports iOS, there is no point in making a difference.
There's a larger number of non-phones that run Android - do they get counted as "Android devices" in this survey?
Errm, Morris Worm anyone?
This jailbreak thing is indeed a real live exploit running in the wild, but it's a trojan (kind of) since you are asking it to do one thing (display a PDF) and it does another (jailbreak the phone).
I wouldn't say it's a trojan. A trojan tricks the user into running some code which does something nasty the user doesn't expect. The user expects that his phone will be jailbroken, not that a PDF is displayed. After all, the web page says "this will jailbreak your Iphone". It doesn't matter what kind of exploit is used.
Ohh? The webpage promisses to give the user access to thousands of apps that Apple won't allow on iPhones, while also opening up dozens of exploitable holes - sure as hell sounds like your definition of a trojan.
True, that. No self-replicating agents that infect host applications for iPhone or Mac.
But there are self-replicating agents that survive independent of host applications for the iPhone. The rickroll worm is still active and scanning network ranges frequently enough that you probably want to turn off 3G while you install sshd, so you have time to change the root password.
Funny that you have to bring up a virus that only works on jailbroken iPhones to prove there are viruses for iPhones in the wild.
That sounds nice until you realize that rapid charging of li-ion batteries heats the battery and significantly kills battery life.
Again, the motive seems to be profit.
So you are saying that Apple is keeping you from damaging your li-ion batteries for profit reasons?
I was expecting Giant mutant boars rampaging through cities and destroying buildings and then ultimately being stopped by a Giant Robot (or a Giant Lizard).
http://online.wsj.com/article/NA_WSJ_PUB:SB122937877627908421.html
And where the hell did anyone propose that? Huh?
Uh, Obama you moron. http://www.reuters.com/article/idUSN2710984620100727
"Pushing for legislation" now counts as proposing something "DRASTIC AND IMMEDIATE"?
Or, for the idiotic mass public:
"Miles per buck"
Too bad that can change several times a day even if you stay at the same place. Even if you only recalculate every time you refill, you'd have to take the price of the remains in the tank into account.
2. we MUST do something DRASTIC AND IMMEDIATE to stop it
Actually, stop doing "something DRASTIC" is more like it.
Out of interest, I tried the grip of death on my work Blackberry, and I couldn't get more than a 10db signal drop worst case, whereas the iPhone 4 averages a 20 db drop according to Anandtech.
http://www.anandtech.com/show/3794/the-iphone-4-review/2
Also, the Blackberry includes a numeric display of the signal strength, rather than only displaying the data only via a possibly-fiddled-by-the-marketing-department bar chart.
So how much signal did your Blackberry have compared to the iPhone before any touching started?
My thought exactly. Maybe only elitist snobs took the survey? In fact, according to the study author, the surveys were taken via Facebook, which I would expect already has a bias to it.
Not to mention how many Facebookies call themselves "independent geeks".
Looking at the actual poll "results" (for a better word):
Odd thing: biggest sin among iPad owners is "Gluttony", among haters "Greed". Most noticeable is the low education of the critics (mostly due to young age, likely)
wasn't this site meant to be 'news for nerds', and not 'news for sad pathetic little consumerists'
And what, pray tell, qualifies you as a "nerd"? The fact that you can't accept that all phones have a "death grip"?
See that? On the same day, 16th of July, they funneled dozens of journalists through those "Black Labs". Now this may have been the only one who has video footage - but lets face it: this is a DUPE
No joke... I'll bet recently their competitors' phones have been in these labs more than the iPhone 4g (to "prove" that they have similar problems)
How silly of them - they could have just gone to YouTube and found tons of videos showing that.
Yeah, because no one has an iPhone or iPad.
Naccio said...
@ Jeremiah Grossman: Does it work with iPad, iPhone or iPod browser?
July 22, 2010 11:56 AM Jeremiah Grossman said...
@naccio: no, it does not. Mobile Safari's behavior is different.
Umm... WHAT? Sorry to burst your conceit bubble there, Sparky, but... "Many eyes make bugs shallow" does not apply to Safari, because Safari is not open source software.
Webkit (the open source rendering engine that Safari uses) is not vulnerable. Chrome and Chromium (also built on Webkit) are also not vulnerable.
Well, yes and no.
Jeremiah Grossman said...
@Anonymous, Tom: I believe this may be a WebKit issue and not just Safari. While it is difficult to confirm now, I suspect this technique did in fact affect Chrome. Had some discussions with Google a while back surrounding this topic and recall them finding/fixing something, but I don't really get all the details straight. Will have to find an older Chrome version somewhere to confirm...
@anonymous: this hack may have worked on Chrome at one time, but no longer. Trying to confirm, but difficult to get old OS X copies. :)
"the unwarranted collection of e-mails, passwords and other personal data of those who failed to protect their networks with passwords."
Sure, the data wasn't protected in any way, and it was broadcast in public - but why store it, if all you want is the MAC Address and the SSID. And why would you then claim that all you stored is exactly that and nothing more until it comes out that wasn't the case?
because the proceessing of the data(SSID/macaddr is in each packet, and gps location and time) is done offline? or it's kept in case the "beta" software may crash if it encounters a packet type that it wasn't expecting, or.... provide me a good theroy of something they could have gotten, and what they could do with it. gmail uses SSL, VPNing to work will protect your work e-mail as will the use of encryption in outlook, setup by the IT guy[s] at work.
The first one I don't buy for a millisecond (more than it takes to process a wireless frame), you wait until a beacon frames comes in, and bamm you have all the information you need. There is no need to store anything else - unless that's what you are after. It's as simple as that. And that bit about "beta" software - those functions have been done over and over by others, is Google couldn't make such a trivial task work before the first Street View car left the yard, they are in the wrong business.
Listen, it's easy, you don't store stuff that takes up many times as much storage as what you say what you are looking for, unless you intend to use that for - whatever. And I want to know what that was, from Google.
"If you go around filming streets, but always do close-ups of people without their consent, and store the films despite no streets being on them"
Repeat but make sense.
If I then proceeded to release a free mapping service to everyone and made money from putting ads in then I'm fairly sure people would probably understand my motives.
Sure "If you go around filming streets, but always do close-ups of people without their consent, and store the films despite no streets being on them". Still don't get it - maybe second grade will help.
Where is the usual paranoia of the American people when it comes to Google?
As I see it, your MAC and SSID are never private.
I agree - but that wasn't all they scanned and stored. Which, what the summary fails to mention but the article makes quite clear, is the actual issue: "the unwarranted collection of e-mails, passwords and other personal data of those who failed to protect their networks with passwords."
Sure, the data wasn't protected in any way, and it was broadcast in public - but why store it, if all you want is the MAC Address and the SSID. And why would you then claim that all you stored is exactly that and nothing more until it comes out that wasn't the case?
Right - and that will never change in the future?
Well, we all know that despite all your claims to the opposite, you may rape a child tomorrow, so we should kill you now to save the child. Case closed.
Oops. You are right.