If they were responsible, they would have notified Apple rather than releasing it into the wild. Since Apple has apparently fixed it in the beta of 4.1, Apple is apparently aware of it, anyway.
That would achieve the goal of making the system safer without releasing the exploit into the wild.
There is absolutely no justification for releasing malware or other exploits into the wild. NONE.
This isn't Malware. This was a KNOWN exploit that they used for a "harmless" activity (Jailbreaking) instead of a malicious one.
You can't use their jailbreaking website to hack phones maliciously, you need to develop your OWN code that is malicious and embed it in a website. Aka, Even if they NEVER released the jailbreak, people could STILL release viruses. This wasn't a "release into the wild" it was a single use of an exploit that is already in the wild and currently it's the ONLY way iphone users have to close this exploit.
This isn't a virus, or Malware, it's Jailbreak code. nothing more. In case you missed it, I'll say it again, the exploit (what you're complaining about) is ALREADY IN THE WILD.
Hackers most defiantly. I doubt they wrote viruses or spammed people.
A lot of todays big computer programmers got their start hacking systems. hacking does not always mean malicious intent.
Woz and Jobs were phreakers (hackers of the telephone system). Woz built a "blue box" which could be used to trick the phone network into connecting long distance phone calls for free without the phone company's consent. He reportedly used it to prank call the Vatican, imitating Henry Kissinger asking to speak to the Pope.
Except that we have waiting many weeks -- and STILL no Safari security updates have been release for iOS 3.1.3, but they were already released in iOS 4.x!
Quote:
Originally Posted by Xian Zhu Xuande
How about you wait more than a few days to throw a tantrum?
But the vulnerability, according to those who claim to know, is the same vulnerability that Apple had already fixed in their Mac OS X version of Safari. Apple went pubic in advertising the existence of the vulnerability at the same time they announced the fix for Mac OS X.
So the world knew that there was a theoretical vulnerability. BFD. Every system has a theoretical vulnerability.
Your guys released the actual code and showed the world how to take advantage of that vulnerability.
You really don't see the difference?
Quote:
Originally Posted by lfmorrison
The only documented instance of an implementation that uses this exploit on an iPhone in the wild is not malware. The end-user of the iPhone gets out of the exploit exactly what they set out to obtain -- a jailbroken device. Therefore, by definition, it is not malware.
If somebody else comes along and uses the same exploit to deliver something that the end-user did not intend to obtain, then the full force of the law should be brought down upon them once caught.
That is a silly distinction. So I build a nuclear warhead and use it for closing the BP oil leak (which some would argue is a good thing). I then publish the details of how to build a nuclear warhead.
You think that's perfectly OK simply because I didn't do anything evil with it?
Amazing.
Quote:
Originally Posted by lfmorrison
Apple should close this vulnerability as soon as possible, to protect all users from the "somebody else" portion of this scenario. In doing so, Apple will also be shutting down this particular method for intentional jailbreaking undertaken with informed consent. That is an unfortunate (from my perspective) side-effect, but it's totally justified when weighed against the possible damage that "somebody else" could do with it.
No one has ever said that Apple shouldn't fix the bug. EVERY SINGLE POSTER agrees that Apple should fix the bug.
It's just hard to see how you can use that agreement as justification for releasing exploit code to the wild.
Woz and Jobs were phreakers (hackers of the telephone system). Woz built a "blue box" which could be used to trick the phone network into connecting long distance phone calls for free without the phone company's consent. He reportedly used it to prank call the Vatican, imitating Henry Kissinger asking to speak to the Pope.
I wonder how many Apple fans are aware that the company's origins were in illegal tech?
That was back in the days when Steve Jobs was taking LSD weekly, another detail that doesn't find its way into the popular press these days....
I think the previous poster has been quite mild in his request; hackers and their ilk should be flogged publicly and having the video posted on the internet
You do understand, of course, that that would mean there would have been no Apple Computer....
That was back in the days when Steve Jobs was taking LSD weekly, another detail that doesn't find its way into the popular press these days....
Because the popular press likes to rehash ancient and well worn history constantly? Why don?t you let the journalists worry about the new news and let the historians focus on the relevant history.
So the world knew that there was a theoretical vulnerability. BFD. Every system has a theoretical vulnerability.
Your guys released the actual code and showed the world how to take advantage of that vulnerability.
They're not "my guys". I have never been involved in any research into the low-level coding involved in the jailbreaking process. My iPod touch has never been jailbroken, and I do not have any immediate plans to do so. But I support the ability for others to do it to their devices.
I would equally support the responsibility of law enforcement to exact harsh justice upon any people who might attempt to use this particular exploit for malicious intent. Fortunately, so far that hasn't happened.
Quote:
That is a silly distinction. So I build a nuclear warhead and use it for closing the BP oil leak (which some would argue is a good thing). I then publish the details of how to build a nuclear warhead.
You think that's perfectly OK simply because I didn't do anything evil with it?
Amazing.
Your comparison is not apt, because the degree of damage that can be done with this exploit is nowhere near the degree of damage that could be done with a rogue nuclear warhead.
That's especially true given the fact that there are documented steps you can take TODAY (if you're willing to jailbreak) or at the very least VERY SOON (if you're willing to temporarily abstain from browsing the Web on your iPhone until Apple releases a proper fix) that can shield you from being affected by this exploit.
There are no such measures you can take to shield yourself from being affected by a rogue nuclear warhead.
Quote:
No one has ever said that Apple shouldn't fix the bug. EVERY SINGLE POSTER agrees that Apple should fix the bug.
It's just hard to see how you can use that agreement as justification for releasing exploit code to the wild.
I don't consider my agreement that Apple should close the bug to be a form of justification for having released the exploit code in the wild. In my mind, the two concepts are distinct from each other.
Because the popular press likes to rehash ancient and well worn history constantly? Why don?t you let the journalists worry about the new news and let the historians focus on the relevant history.
After attempting to conceal a nearly fatal illness like liver cancer from Apple shareholders not that long ago, some might find a history of serious liver-clogging drug abuse relevant.
The Steve has disliked jailbreaking for quite some time now and you can bet he's planning to come down on this one with a mid-release update to kill it due to the security threat (and the PR threat).
The hole got plugged - not to stop jailbreakers but to plug the security hole.
If Apple wanted to stop jailbreaking, they could easily implement one of many schemes that would require physical modification of the iPhone in order to jailbreak. They haven't because while annoyed, they don't seem overly concerned about jailbreakers.
Quote:
I think Apple understands that going overboard to lock something down doesn't really keep the hackers out, but when you take it to a point, you do start to hurt legitimate users.
I think Apple understands it's not worth the expense or bad press to lock out jailbreakers.
Whether they lock out jailbreakers or not, I don't see an effect either way on "legitimate users" - all it does is tick of the enthusiasts, much like the restrictions on the DirecTV Tivo kept me from switching to DirecTV - even though I would have liked to.
Comments
That's not even close to being true.
If they were responsible, they would have notified Apple rather than releasing it into the wild. Since Apple has apparently fixed it in the beta of 4.1, Apple is apparently aware of it, anyway.
That would achieve the goal of making the system safer without releasing the exploit into the wild.
There is absolutely no justification for releasing malware or other exploits into the wild. NONE.
This isn't Malware. This was a KNOWN exploit that they used for a "harmless" activity (Jailbreaking) instead of a malicious one.
You can't use their jailbreaking website to hack phones maliciously, you need to develop your OWN code that is malicious and embed it in a website. Aka, Even if they NEVER released the jailbreak, people could STILL release viruses. This wasn't a "release into the wild" it was a single use of an exploit that is already in the wild and currently it's the ONLY way iphone users have to close this exploit.
This isn't a virus, or Malware, it's Jailbreak code. nothing more. In case you missed it, I'll say it again, the exploit (what you're complaining about) is ALREADY IN THE WILD.
Hackers most defiantly. I doubt they wrote viruses or spammed people.
A lot of todays big computer programmers got their start hacking systems. hacking does not always mean malicious intent.
Woz and Jobs were phreakers (hackers of the telephone system). Woz built a "blue box" which could be used to trick the phone network into connecting long distance phone calls for free without the phone company's consent. He reportedly used it to prank call the Vatican, imitating Henry Kissinger asking to speak to the Pope.
How about you wait more than a few days to throw a tantrum?
But the vulnerability, according to those who claim to know, is the same vulnerability that Apple had already fixed in their Mac OS X version of Safari. Apple went pubic in advertising the existence of the vulnerability at the same time they announced the fix for Mac OS X.
So the world knew that there was a theoretical vulnerability. BFD. Every system has a theoretical vulnerability.
Your guys released the actual code and showed the world how to take advantage of that vulnerability.
You really don't see the difference?
The only documented instance of an implementation that uses this exploit on an iPhone in the wild is not malware. The end-user of the iPhone gets out of the exploit exactly what they set out to obtain -- a jailbroken device. Therefore, by definition, it is not malware.
If somebody else comes along and uses the same exploit to deliver something that the end-user did not intend to obtain, then the full force of the law should be brought down upon them once caught.
That is a silly distinction. So I build a nuclear warhead and use it for closing the BP oil leak (which some would argue is a good thing). I then publish the details of how to build a nuclear warhead.
You think that's perfectly OK simply because I didn't do anything evil with it?
Amazing.
Apple should close this vulnerability as soon as possible, to protect all users from the "somebody else" portion of this scenario. In doing so, Apple will also be shutting down this particular method for intentional jailbreaking undertaken with informed consent. That is an unfortunate (from my perspective) side-effect, but it's totally justified when weighed against the possible damage that "somebody else" could do with it.
No one has ever said that Apple shouldn't fix the bug. EVERY SINGLE POSTER agrees that Apple should fix the bug.
It's just hard to see how you can use that agreement as justification for releasing exploit code to the wild.
Woz and Jobs were phreakers (hackers of the telephone system). Woz built a "blue box" which could be used to trick the phone network into connecting long distance phone calls for free without the phone company's consent. He reportedly used it to prank call the Vatican, imitating Henry Kissinger asking to speak to the Pope.
I wonder how many Apple fans are aware that the company's origins were in illegal tech?
That was back in the days when Steve Jobs was taking LSD weekly, another detail that doesn't find its way into the popular press these days....
I think the previous poster has been quite mild in his request; hackers and their ilk should be flogged publicly and having the video posted on the internet
You do understand, of course, that that would mean there would have been no Apple Computer....
That was back in the days when Steve Jobs was taking LSD weekly, another detail that doesn't find its way into the popular press these days....
Because the popular press likes to rehash ancient and well worn history constantly?
So the world knew that there was a theoretical vulnerability. BFD. Every system has a theoretical vulnerability.
Your guys released the actual code and showed the world how to take advantage of that vulnerability.
They're not "my guys". I have never been involved in any research into the low-level coding involved in the jailbreaking process. My iPod touch has never been jailbroken, and I do not have any immediate plans to do so. But I support the ability for others to do it to their devices.
I would equally support the responsibility of law enforcement to exact harsh justice upon any people who might attempt to use this particular exploit for malicious intent. Fortunately, so far that hasn't happened.
That is a silly distinction. So I build a nuclear warhead and use it for closing the BP oil leak (which some would argue is a good thing). I then publish the details of how to build a nuclear warhead.
You think that's perfectly OK simply because I didn't do anything evil with it?
Amazing.
Your comparison is not apt, because the degree of damage that can be done with this exploit is nowhere near the degree of damage that could be done with a rogue nuclear warhead.
That's especially true given the fact that there are documented steps you can take TODAY (if you're willing to jailbreak) or at the very least VERY SOON (if you're willing to temporarily abstain from browsing the Web on your iPhone until Apple releases a proper fix) that can shield you from being affected by this exploit.
There are no such measures you can take to shield yourself from being affected by a rogue nuclear warhead.
No one has ever said that Apple shouldn't fix the bug. EVERY SINGLE POSTER agrees that Apple should fix the bug.
It's just hard to see how you can use that agreement as justification for releasing exploit code to the wild.
I don't consider my agreement that Apple should close the bug to be a form of justification for having released the exploit code in the wild. In my mind, the two concepts are distinct from each other.
Because the popular press likes to rehash ancient and well worn history constantly?
After attempting to conceal a nearly fatal illness like liver cancer from Apple shareholders not that long ago, some might find a history of serious liver-clogging drug abuse relevant.
The Steve has disliked jailbreaking for quite some time now and you can bet he's planning to come down on this one with a mid-release update to kill it due to the security threat (and the PR threat).
The hole got plugged - not to stop jailbreakers but to plug the security hole.
If Apple wanted to stop jailbreaking, they could easily implement one of many schemes that would require physical modification of the iPhone in order to jailbreak. They haven't because while annoyed, they don't seem overly concerned about jailbreakers.
I think Apple understands that going overboard to lock something down doesn't really keep the hackers out, but when you take it to a point, you do start to hurt legitimate users.
I think Apple understands it's not worth the expense or bad press to lock out jailbreakers.
Whether they lock out jailbreakers or not, I don't see an effect either way on "legitimate users" - all it does is tick of the enthusiasts, much like the restrictions on the DirecTV Tivo kept me from switching to DirecTV - even though I would have liked to.