One look at the headline and summary and I thought this must be another hack-job by "Prince McLean". And sure enough. He missed his calling as a propaganda writer... Wait, actually he found it.
I'm a bit lost and perhaps you will think I'm silly for not knowing that. Is "Prince McLean" = Daniel Eran Dilger?
One look at the headline and summary and I thought this must be another hack-job by "Prince McLean". And sure enough. He missed his calling as a propaganda writer... Wait, actually he found it.
What's interesting is how in a relatively isolated community like AppleInsider these editorials and the respondents, who seem to only get their information from Apple fan sites, create a sort of feedback loop of misinformation. If you always preach to the choir or are a member of the choir, pretty soon any information from the real world looks so bizarre and out of place that you can justify any crazy position, such as "those evil EFF scum, how dare they question our sainted Apple!"
Please present what you think is factually wrong in this article.
I'm a little surprised by this article. Normally, Appleinsider is a great place for straight-forward news regarding Apple and related industry stories. Its not normally the place for opinion pieces spliced in with some facts.
While I agree that people shouldn't blame Apple when they use their devices in a way that is not intended and find certain features broken, the information in this article implies that *ALL* iPhones that have been jailbroken have the tendency to break the security layers of the handset, and break PNS.
The only affected iPhones that are experiencing these problems are those that were not officially activated through iTunes on Apple's servers. This basically means that "legitimate" customers, anyone who has an active iPhone service plan on an approved network, will be able to generate the proper certificates for their device and activate Push Notification. iPhones that were activated OUTSIDE iTunes, "illegitimate" users, did not generate the proper certificates on Apple's server for their device, and thus cannot utilize Push Notification.
Apple could better solve this issue by allowing "hacktivated" devices the chance to register on their servers regardless of whether or not they have an active iPhone plan. I happened to test whether or not my old iPhone 3G (legitimately activated) would receive notifications if the SIM card were removed, and it DOES effortlessly, similar to an iPod Touch. So the capability is there, and the phone behavior is there.
Please present what you think is factually wrong in this article.
I wouldn't consider the article "factually wrong," however there is a bit of misinformation. Jailbreaking the iPhone doesn't inherently break Apple's security regarding push notification -- Its only if you try to activate the phone outside of iTunes to use an unofficial carrier sim after a fresh restore do you experience the problem.
I am running my old iPhone 3G and the new 3GS jailbroken, and have not recieved any unintended notifications nor am I worried.
While I agree that people shouldn't blame Apple when they use their devices in a way that is not intended and find certain features broken, the information in this article implies that *ALL* iPhones that have been jailbroken have the tendency to break the security layers of the handset, and break PNS.
Actually, the article says "Destroying the application security layer of the iPhone does not itself automatically break PNS, but results in the system having no legitimate certificates to use in performing push notifications."
So no, there is no 'implication' that jailbreaking the iPhone breaks PNS automatically, and instead the opposite is true.
Also, jailbreaking = breaking application-signing security. Without that, there is no effective security on the phone. So yes, jailbreaking does "has the tendency to break the security layers," as that is its explicit purpose. You have to break the security system to install your own or third party, non-security signed code. That's what jailbreaking means.
Quote:
The only affected iPhones that are experiencing these problems are those that were not officially activated through iTunes on Apple's servers. This basically means that "legitimate" customers, anyone who has an active iPhone service plan on an approved network, will be able to generate the proper certificates for their device and activate Push Notification. iPhones that were activated OUTSIDE iTunes, "illegitimate" users, did not generate the proper certificates on Apple's server for their device, and thus cannot utilize Push Notification.
If you think this is an important distinction, I can add clarification to the article. The reality is that this issue is being reported almost everywhere else as being a security problem Apple is responsible for. This article is indicating that the issue is related to improperly copied security certificates, rather than those generated as part of a 'normal' activation.
Quote:
Apple could better solve this issue by allowing "hacktivated" devices the chance to register on their servers regardless of whether or not they have an active iPhone plan. I happened to test whether or not my old iPhone 3G (legitimately activated) would receive notifications if the SIM card were removed, and it DOES effortlessly, similar to an iPod Touch. So the capability is there, and the phone behavior is there.
Yes, it requires generating the appropriate certificates, and the installation of a SIM card forces the iPhone to tie activation of push to activation of service. Expecting Apple to develop unique technology to enable push activation separately from service activation is part of the reason why it is not in the interests of the company to support "unanticipated uses." At the same time, Apple has several reasons to support "alternative activation," one being the desire to get grey market phones into China.
You need a fake certificate only to activate an iPhone in a carrier in which it can't be activated.
If you jailbreak a legally activated iPhone you actually are using your original certificate created when you activated it through iTunes
Dude, just asking for clarification you know?
Prince specifically states:
Quote:
Originally Posted by Prince
Destroying the application security layer of the iPhone does not itself automatically break PNS, but results in the system having no legitimate certificates to use in performing push notifications. Essentially, the user's credentials for signing into Apple's PNS messaging servers, which are generated by the device itself in normal conditions, are broken along with the application security layer.
Which I take to mean that the apps installed (AIM etc.) have no legitimate security certificates. This makes sense to me given that the majority of apps on jailbroken phones are illegal apps (not obtained through the app store or by paying for them), so they most likely don't have the right certificates.
So, you are saying that in this situation notifications will still work if the iPhone is not "hacktivated"? Or are you in agreement with this but standing on the hopeful idea that jailbroken phones *aren't* full of stolen apps most of the time?
Destroying the application security layer of the iPhone does not itself automatically break PNS, but results in the system having no legitimate certificates to use in performing push notifications.
Which I take to mean that the apps installed (AIM etc.) have no legitimate security certificates. This makes sense to me given that the majority of apps on jailbroken phones are illegal apps (not obtained through the app store or by paying for them), so they most likely don't have the right certificates.
So, you are saying that in this situation notifications will still work if the iPhone is not "hacktivated"? Or are you in agreement with this but standing on the hopeful idea that jailbroken phones *aren't* full of stolen apps most of the time?
Ups, I have missed that part, " but results in the system having no legitimate certificates to use in performing push notifications".
This it's factually wrong, jailbreaking an iPhone to run unsigned code doesn't eliminate legitimate certificates, they're there to use with Apple servers. If you only jailbreak the phone you can't use it. It must be activated through iTunes and then you will have legitimate certificates or you have to hacktivate it outside iTunes and is the latets which will have the PNS problems, not the former.
So, if you jailbreak the iPhone and the you use iTunes to activate it, PNS will work as intended.
Ah, I have jailbroken my iPhone and I don't have any pirated application, I just jailbroken it to use SBSettings.
PS. And yes, anyone who blames Apple for that problem it's wrong or is malicious, it's not Apple fault. If you fake your MAC address and try to jion a network with this address you will have problems, but it's not fault of the device maker, it's youtr fault for faking it.
Please present what you think is factually wrong in this article.
Any links to articles blaming Apple for this issue? You can usually tell when Dan has his kool-aid hat on when he sites stories or sources attacking Apple and then doesn't provide any links.
Jailbreaking is not the issue here, it's what people do with it. Simply jailbreaking the phone is not a guarantee to break the PNS.
I believe that there's a certain level of uncertainty in jailbreaking the phone (i.e. not knowing which software modifications were done) but that should not translate to: do not jailbreak otherwise you will break PNS.
Funny how that all of the reports surrounding the PNS relate to the AIM application, but not the various Twitter apps that support push, Beejive, or any of the others?
How's this? Instead of blaming Apple or people who have jailbroken their phones, I blame AOL.
biased? how so.. it says "Destroying the application security layer of the iPhone does not itself automatically break PNS, but (when combined with an "unofficial activation" required to use it with unofficial service providers) results in the system having no legitimate certificates to use in performing push notifications. Essentially, if the phone is not properly activated as intended through iTunes, the user's credentials for signing into Apple's PNS messaging servers (which are generated by the device itself in normal conditions) are broken along with the application security layer."
biased? how so.. it says "Destroying the application security layer of the iPhone does not itself automatically break PNS, but (when combined with an "unofficial activation" required to use it with unofficial service providers) results in the system having no legitimate certificates to use in performing push notifications. Essentially, if the phone is not properly activated as intended through iTunes, the user's credentials for signing into Apple's PNS messaging servers (which are generated by the device itself in normal conditions) are broken along with the application security layer."
The article have been corrected and now it's not biased.
As a pedestrian consumer who does not hack, jailbreak, etc., should I care? Yawn.
Actually, you should. Any messages you send to someone who has used this "pushfix" hack will possibly be sent to random people - whether you are JB or not. In fact, the person mentioned in the article was sending a message from his mac in iChat to a hackitvated phone, not from it.
That being said, "pushfix" was only ever an alpha release. Once I heard of all the issues (well before this story) I steered clear (I'm on a hacktivated 2G iPhone). I'm sure the dev-team will find a better solution in the future.
Comments
One look at the headline and summary and I thought this must be another hack-job by "Prince McLean". And sure enough. He missed his calling as a propaganda writer... Wait, actually he found it.
I'm a bit lost and perhaps you will think I'm silly for not knowing that. Is "Prince McLean" = Daniel Eran Dilger?
If so, then I can understand so many thinks
One look at the headline and summary and I thought this must be another hack-job by "Prince McLean". And sure enough. He missed his calling as a propaganda writer... Wait, actually he found it.
What's interesting is how in a relatively isolated community like AppleInsider these editorials and the respondents, who seem to only get their information from Apple fan sites, create a sort of feedback loop of misinformation. If you always preach to the choir or are a member of the choir, pretty soon any information from the real world looks so bizarre and out of place that you can justify any crazy position, such as "those evil EFF scum, how dare they question our sainted Apple!"
Please present what you think is factually wrong in this article.
While I agree that people shouldn't blame Apple when they use their devices in a way that is not intended and find certain features broken, the information in this article implies that *ALL* iPhones that have been jailbroken have the tendency to break the security layers of the handset, and break PNS.
The only affected iPhones that are experiencing these problems are those that were not officially activated through iTunes on Apple's servers. This basically means that "legitimate" customers, anyone who has an active iPhone service plan on an approved network, will be able to generate the proper certificates for their device and activate Push Notification. iPhones that were activated OUTSIDE iTunes, "illegitimate" users, did not generate the proper certificates on Apple's server for their device, and thus cannot utilize Push Notification.
Apple could better solve this issue by allowing "hacktivated" devices the chance to register on their servers regardless of whether or not they have an active iPhone plan. I happened to test whether or not my old iPhone 3G (legitimately activated) would receive notifications if the SIM card were removed, and it DOES effortlessly, similar to an iPod Touch. So the capability is there, and the phone behavior is there.
Please present what you think is factually wrong in this article.
I wouldn't consider the article "factually wrong," however there is a bit of misinformation. Jailbreaking the iPhone doesn't inherently break Apple's security regarding push notification -- Its only if you try to activate the phone outside of iTunes to use an unofficial carrier sim after a fresh restore do you experience the problem.
I am running my old iPhone 3G and the new 3GS jailbroken, and have not recieved any unintended notifications nor am I worried.
Please present what you think is factually wrong in this article.
In Spain there is said "a half truth is worse than a lie".
"Dev team hackers trying to get jailbroken phones to work with PNS made the mistake of adding an existing certificate to "fix" the problem".
Yes this is partially true, but it refers no to jailbroken phones but jailbreaked + hacktivated iPhones.
Si, it's not factually wrong but it's not the true. Perhaps because you didn't know it.
This basically means that "legitimate" customers, anyone who has an active iPhone service plan on an approved network
And also factory unlocked iPhones like Italian ones on any network with or without service plan.
While I agree that people shouldn't blame Apple when they use their devices in a way that is not intended and find certain features broken, the information in this article implies that *ALL* iPhones that have been jailbroken have the tendency to break the security layers of the handset, and break PNS.
Actually, the article says "Destroying the application security layer of the iPhone does not itself automatically break PNS, but results in the system having no legitimate certificates to use in performing push notifications."
So no, there is no 'implication' that jailbreaking the iPhone breaks PNS automatically, and instead the opposite is true.
Also, jailbreaking = breaking application-signing security. Without that, there is no effective security on the phone. So yes, jailbreaking does "has the tendency to break the security layers," as that is its explicit purpose. You have to break the security system to install your own or third party, non-security signed code. That's what jailbreaking means.
The only affected iPhones that are experiencing these problems are those that were not officially activated through iTunes on Apple's servers. This basically means that "legitimate" customers, anyone who has an active iPhone service plan on an approved network, will be able to generate the proper certificates for their device and activate Push Notification. iPhones that were activated OUTSIDE iTunes, "illegitimate" users, did not generate the proper certificates on Apple's server for their device, and thus cannot utilize Push Notification.
If you think this is an important distinction, I can add clarification to the article. The reality is that this issue is being reported almost everywhere else as being a security problem Apple is responsible for. This article is indicating that the issue is related to improperly copied security certificates, rather than those generated as part of a 'normal' activation.
Apple could better solve this issue by allowing "hacktivated" devices the chance to register on their servers regardless of whether or not they have an active iPhone plan. I happened to test whether or not my old iPhone 3G (legitimately activated) would receive notifications if the SIM card were removed, and it DOES effortlessly, similar to an iPod Touch. So the capability is there, and the phone behavior is there.
Yes, it requires generating the appropriate certificates, and the installation of a SIM card forces the iPhone to tie activation of push to activation of service. Expecting Apple to develop unique technology to enable push activation separately from service activation is part of the reason why it is not in the interests of the company to support "unanticipated uses." At the same time, Apple has several reasons to support "alternative activation," one being the desire to get grey market phones into China.
I have explained, perhaps you have missed it.
You need a fake certificate only to activate an iPhone in a carrier in which it can't be activated.
If you jailbreak a legally activated iPhone you actually are using your original certificate created when you activated it through iTunes
Dude, just asking for clarification you know?
Prince specifically states:
Destroying the application security layer of the iPhone does not itself automatically break PNS, but results in the system having no legitimate certificates to use in performing push notifications. Essentially, the user's credentials for signing into Apple's PNS messaging servers, which are generated by the device itself in normal conditions, are broken along with the application security layer.
Which I take to mean that the apps installed (AIM etc.) have no legitimate security certificates. This makes sense to me given that the majority of apps on jailbroken phones are illegal apps (not obtained through the app store or by paying for them), so they most likely don't have the right certificates.
So, you are saying that in this situation notifications will still work if the iPhone is not "hacktivated"? Or are you in agreement with this but standing on the hopeful idea that jailbroken phones *aren't* full of stolen apps most of the time?
Dude, just asking for clarification you know?
Prince specifically states:
Destroying the application security layer of the iPhone does not itself automatically break PNS, but results in the system having no legitimate certificates to use in performing push notifications.
Which I take to mean that the apps installed (AIM etc.) have no legitimate security certificates. This makes sense to me given that the majority of apps on jailbroken phones are illegal apps (not obtained through the app store or by paying for them), so they most likely don't have the right certificates.
So, you are saying that in this situation notifications will still work if the iPhone is not "hacktivated"? Or are you in agreement with this but standing on the hopeful idea that jailbroken phones *aren't* full of stolen apps most of the time?
Ups, I have missed that part, " but results in the system having no legitimate certificates to use in performing push notifications".
This it's factually wrong, jailbreaking an iPhone to run unsigned code doesn't eliminate legitimate certificates, they're there to use with Apple servers. If you only jailbreak the phone you can't use it. It must be activated through iTunes and then you will have legitimate certificates or you have to hacktivate it outside iTunes and is the latets which will have the PNS problems, not the former.
So, if you jailbreak the iPhone and the you use iTunes to activate it, PNS will work as intended.
Ah, I have jailbroken my iPhone and I don't have any pirated application, I just jailbroken it to use SBSettings.
PS. And yes, anyone who blames Apple for that problem it's wrong or is malicious, it's not Apple fault. If you fake your MAC address and try to jion a network with this address you will have problems, but it's not fault of the device maker, it's youtr fault for faking it.
However, it is not yet clear exactly what causes the issue,
All speculation aside...
Please present what you think is factually wrong in this article.
Any links to articles blaming Apple for this issue? You can usually tell when Dan has his kool-aid hat on when he sites stories or sources attacking Apple and then doesn't provide any links.
I've seen this story published in a variety of places, including the original story at Crunchgear http://www.crunchgear.com/2009/07/21...locked-phones/ and have yet to see anyone suggest this is Apple's fault.
This article is biased.
Jailbreaking is not the issue here, it's what people do with it. Simply jailbreaking the phone is not a guarantee to break the PNS.
I believe that there's a certain level of uncertainty in jailbreaking the phone (i.e. not knowing which software modifications were done) but that should not translate to: do not jailbreak otherwise you will break PNS.
Funny how that all of the reports surrounding the PNS relate to the AIM application, but not the various Twitter apps that support push, Beejive, or any of the others?
How's this? Instead of blaming Apple or people who have jailbroken their phones, I blame AOL.
biased? how so.. it says "Destroying the application security layer of the iPhone does not itself automatically break PNS, but (when combined with an "unofficial activation" required to use it with unofficial service providers) results in the system having no legitimate certificates to use in performing push notifications. Essentially, if the phone is not properly activated as intended through iTunes, the user's credentials for signing into Apple's PNS messaging servers (which are generated by the device itself in normal conditions) are broken along with the application security layer."
biased? how so.. it says "Destroying the application security layer of the iPhone does not itself automatically break PNS, but (when combined with an "unofficial activation" required to use it with unofficial service providers) results in the system having no legitimate certificates to use in performing push notifications. Essentially, if the phone is not properly activated as intended through iTunes, the user's credentials for signing into Apple's PNS messaging servers (which are generated by the device itself in normal conditions) are broken along with the application security layer."
The article have been corrected and now it's not biased.
Thanks Prince for modifying it, best regards
The article have been corrected and now it's not biased.
There's no update on the article itself, however. There should be an indication that the title was changed -- there is not. It was just changed.
Edit: For the record, I believe it was originally titled "Hackers open up iPhone to push messaging exploit, blame Apple"
As a pedestrian consumer who does not hack, jailbreak, etc., should I care? Yawn.
Actually, you should. Any messages you send to someone who has used this "pushfix" hack will possibly be sent to random people - whether you are JB or not. In fact, the person mentioned in the article was sending a message from his mac in iChat to a hackitvated phone, not from it.
That being said, "pushfix" was only ever an alpha release. Once I heard of all the issues (well before this story) I steered clear (I'm on a hacktivated 2G iPhone). I'm sure the dev-team will find a better solution in the future.
Advertising available services on your local network when you TURN ON SHARING is not a privacy issue.
and it's very easy to change the computer's name in Sharing preferences. even for dummies. it's the first box at the top of that page.
now the darn user short name, that's a whole other thing. no way to change it as far as i know. why? but it only shows up on lists of users.