There’s hacks to bypass the lock screen on Android all together (giving full access) and it’s get minimal tech media attention. Happens on Apple and it's a feature new article on every tech media site with the usual Apple bashing hyperbole. That's not to say we as users should excuse Apple and I'm hoping that Ive and company are hard at work to refreshen a rather stale OS to include better security features.
What fascinates me about stuff like this is how it is discovered. Some ODC type with too much time on their hands sitting around randomly pushing buttons? You tell me how somebody figures this out.
And then there's the ethical question of whether to notify Apple and give them some time to fix it before going public. This can actually hurt users. Did this happen in this case? I suspect a lot of these reports are more about 'gotcha' moments and nerd chest thumping than reporting security flaws, more about embarrassing Apple than doing the right thing. Now Apple will be scrambling to issue a patch. Do we really want a hurry up job because somebody went public instead of notifying Apple first? Rushed code patches are a recipe for trouble in my opinion. I'm not suggesting stuff like this be kept quiet or letting Apple sit on it for months without doing something but give them some amount of time to fix it before going public.
Prove that he did not notify Apple.
Then lets talk.
Also, this isnt the first time Apple had this issue raised before. According to your logic, now that Apple had months since the last release, shouldn't they now have been fixed?
This latest video clearly shows that they certainly havent listened or at least bothered to check it.
This latest video clearly shows that they certainly havent listened or at least bothered to check it.
It doesn't clearly show anything. This might not be exactly the same flaw as 4.1, you can't prove they were told ahead of this video being posted, the phone could be jailbroken etc.
unless you have a recording to post of Sir Jony or such telling his peeps not to bother checking or this flaw or saying yeah he got a report so what, you can no more prove they were old etc than others can prove they were not
What fascinates me about stuff like this is how it is discovered. Some ODC type with too much time on their hands sitting around randomly pushing buttons? You tell me how somebody figures this out.
Someone who has disassembled (reverse engineered) parts of iOS, noticed the potential for the bypass, and was able to reproduce it? I was pretty amazed when I saw what people were capable of discovering via reverse engineering prior to Apple opening iOS up for app development (SDK).
... unless you have a recording to post of Sir Jony or such telling his peeps not to bother checking or this flaw or saying yeah he got a report so what ...
As humorous as this scenario is, Ive has nothing to do with this, nor should he.
He's a designer. He knows almost zero about software and nothing about security. To say he should have oversight on a matter like this is like saying an ice-cream salesman should be in charge of an automobile dealership.
Wow, they can see my photos, modify my contacts (um, they have my phone modifying my contacts is the least of my concerns), and, OH NOs, listen to my voicemail. Do I need to repeat they have your phone? Is this an issue? Of course, but I'm sure it will get fixed before the great "contact modification" craze spreads to far.
As humorous as this scenario is, Ive has nothing to do with this, nor should he.
He's a designer. He knows almost zero about software and nothing about security. To say he should have oversight on a matter like this is like saying an ice-cream salesman should be in charge of an automobile dealership.
1. I said Sir Jony or such. Try reading the whole thing next time, especially if you are going to post a rebuttal attempting to make me look stupid.
2. Just because he's a designer doesn't equal him knowing little about software or security.
OK, so Apple made a mistake here. Serious, not serious, whatever. What I want to know is what is AppleInsiders excuse for publishing it? Why?
You think you can disseminate the information yet not be like the bad people who do it for bad reasons? You're different, of course, it's your duty to pass on info found. It's part of your journalistic integrity to pass on anything impartially and without judgement. Can't go covering it up can we? Oh no, so let's just pass it on, add to the availability of the information yet hold our head up high a wonderful sense of self rightousnes from doing our job so well.
Interesting that this phone couldn't get a cellular signal (shows searching) and only had a network connection. It then comes up with different languages. Is this how the emergency call works? He also was at 27% battery. What's the icon next to the 27%? It's not the bluetooth icon. What's that double up arrow type thing at the bottom next to the home button?
The thing next to the battery level is the "orientation lock" icon...meaning the phone won't change orientation when you rotate it sideways the way it normally would. I have no idea what you're talking about regarding "double up arrow" next to the home button...unless you're referring to the double ^ thingys at the bottom of the video...those are part of youtube viewer not part of the video.
1. I said Sir Jony or such. Try reading the whole thing next time, especially if you are going to post a rebuttal attempting to make me look stupid.
2. Just because he's a designer doesn't equal him knowing little about software or security.
You are soooo touchy lately, when you used to be one of the pleasanter people on the forum.
I tried to be nice actually, apparently it didn't come across.
I will try to stop talking to you at all since the last five times I have you've taken it as some kind of colossal personal insult when it clearly wasn't intended as such, but the truth is I don't always look at *who* it is posting and don't actually keep track of everyone's personality/name etc.
"Ironically, a nearly identical vulnerability reared its ugly head back in October of 2010 "
Coincidentally, maybe, but Ironically???
Cant see the irony here....
Love it when guys find these little bug things out... I always have to think... what made him do those actions in exactly that order to discover the bug? Do these people sit all day just trying random combinations of actions or is there a "method".
I was wondering the same thing. What I find even stronger is that these virus fixing software companies usely have a fix for a virus out as soon as the virus becomes known. How can they find the virus snd have a "fix" for it shortly thereafter? Are there employees at these virus software companies writing the virus and the patch for them at the same time?
I was wondering the same thing. What I find even stronger is that these virus fixing software companies usely have a fix for a virus out as soon as the virus becomes known. How can they find the virus snd have a "fix" for it shortly thereafter? Are there employees at these virus software companies writing the virus and the patch for them at the same time?
You are correct....a lot of these security (virus companines) employ people that do nothing but proactivley look for software vulnerabilities. Then they have fixes sorted out for various threats. They also will inform the software maker of the vulnerabilites in advance but they don't always take heed.
Geezuz....do people actually get PAID to sit around all day and try these weird key sequences on their phones? I guess I'm glad they have phones..imagine what they'd discover if they only had themselves to play with!
Geezuz....do people actually get PAID to sit around all day and try these weird key sequences on their phones? I guess I'm glad they have phones..imagine what they'd discover if they only had themselves to play with!
I'm going to guess they just tried the same key sequence that worked in 2011. Someone probably tries it again with every new update. A bit surprised someone with authority at Apple didn't (if they didn't).
Comments
There’s hacks to bypass the lock screen on Android all together (giving full access) and it’s get minimal tech media attention. Happens on Apple and it's a feature new article on every tech media site with the usual Apple bashing hyperbole. That's not to say we as users should excuse Apple and I'm hoping that Ive and company are hard at work to refreshen a rather stale OS to include better security features.
I'm not able to duplicate this on 6.1.1 beta 1 on model A1429.
What you mean is:
Ironically, lots of people use 'ironically' incorrectly.
Quote:
Originally Posted by lkrupp
What fascinates me about stuff like this is how it is discovered. Some ODC type with too much time on their hands sitting around randomly pushing buttons? You tell me how somebody figures this out.
And then there's the ethical question of whether to notify Apple and give them some time to fix it before going public. This can actually hurt users. Did this happen in this case? I suspect a lot of these reports are more about 'gotcha' moments and nerd chest thumping than reporting security flaws, more about embarrassing Apple than doing the right thing. Now Apple will be scrambling to issue a patch. Do we really want a hurry up job because somebody went public instead of notifying Apple first? Rushed code patches are a recipe for trouble in my opinion. I'm not suggesting stuff like this be kept quiet or letting Apple sit on it for months without doing something but give them some amount of time to fix it before going public.
Prove that he did not notify Apple.
Then lets talk.
Also, this isnt the first time Apple had this issue raised before. According to your logic, now that Apple had months since the last release, shouldn't they now have been fixed?
This latest video clearly shows that they certainly havent listened or at least bothered to check it.
Quote:
Originally Posted by Galbi
This latest video clearly shows that they certainly havent listened or at least bothered to check it.
It doesn't clearly show anything. This might not be exactly the same flaw as 4.1, you can't prove they were told ahead of this video being posted, the phone could be jailbroken etc.
unless you have a recording to post of Sir Jony or such telling his peeps not to bother checking or this flaw or saying yeah he got a report so what, you can no more prove they were old etc than others can prove they were not
Quote:
Originally Posted by lkrupp
What fascinates me about stuff like this is how it is discovered. Some ODC type with too much time on their hands sitting around randomly pushing buttons? You tell me how somebody figures this out.
Someone who has disassembled (reverse engineered) parts of iOS, noticed the potential for the bypass, and was able to reproduce it? I was pretty amazed when I saw what people were capable of discovering via reverse engineering prior to Apple opening iOS up for app development (SDK).
Quote:
Originally Posted by charlituna
... unless you have a recording to post of Sir Jony or such telling his peeps not to bother checking or this flaw or saying yeah he got a report so what ...
As humorous as this scenario is, Ive has nothing to do with this, nor should he.
He's a designer. He knows almost zero about software and nothing about security. To say he should have oversight on a matter like this is like saying an ice-cream salesman should be in charge of an automobile dealership.
Whoopee...... like I'm afraid.
How the heck to people come up with this stuff?
I understand and agree with reporting security flaws but what purpose is served by telling the general public how to take advantage of it?
Quote:
Originally Posted by Gazoobee
As humorous as this scenario is, Ive has nothing to do with this, nor should he.
He's a designer. He knows almost zero about software and nothing about security. To say he should have oversight on a matter like this is like saying an ice-cream salesman should be in charge of an automobile dealership.
1. I said Sir Jony or such. Try reading the whole thing next time, especially if you are going to post a rebuttal attempting to make me look stupid.
2. Just because he's a designer doesn't equal him knowing little about software or security.
By the time you get all that to work, I'll be back from the washroom and at my desk wondering wtf you're trying to do with my phone.
Lmao
OK, so Apple made a mistake here. Serious, not serious, whatever. What I want to know is what is AppleInsiders excuse for publishing it? Why?
You think you can disseminate the information yet not be like the bad people who do it for bad reasons? You're different, of course, it's your duty to pass on info found. It's part of your journalistic integrity to pass on anything impartially and without judgement. Can't go covering it up can we? Oh no, so let's just pass it on, add to the availability of the information yet hold our head up high a wonderful sense of self rightousnes from doing our job so well.
Quote:
Originally Posted by rob53
Interesting that this phone couldn't get a cellular signal (shows searching) and only had a network connection. It then comes up with different languages. Is this how the emergency call works? He also was at 27% battery. What's the icon next to the 27%? It's not the bluetooth icon. What's that double up arrow type thing at the bottom next to the home button?
The thing next to the battery level is the "orientation lock" icon...meaning the phone won't change orientation when you rotate it sideways the way it normally would. I have no idea what you're talking about regarding "double up arrow" next to the home button...unless you're referring to the double ^ thingys at the bottom of the video...those are part of youtube viewer not part of the video.
Quote:
Originally Posted by charlituna
1. I said Sir Jony or such. Try reading the whole thing next time, especially if you are going to post a rebuttal attempting to make me look stupid.
2. Just because he's a designer doesn't equal him knowing little about software or security.
You are soooo touchy lately, when you used to be one of the pleasanter people on the forum.
I tried to be nice actually, apparently it didn't come across.
I will try to stop talking to you at all since the last five times I have you've taken it as some kind of colossal personal insult when it clearly wasn't intended as such, but the truth is I don't always look at *who* it is posting and don't actually keep track of everyone's personality/name etc.
Quote:
Originally Posted by seanie248
"Ironically, a nearly identical vulnerability reared its ugly head back in October of 2010 "
Coincidentally, maybe, but Ironically???
Cant see the irony here....
Love it when guys find these little bug things out... I always have to think... what made him do those actions in exactly that order to discover the bug? Do these people sit all day just trying random combinations of actions or is there a "method".
I was wondering the same thing. What I find even stronger is that these virus fixing software companies usely have a fix for a virus out as soon as the virus becomes known. How can they find the virus snd have a "fix" for it shortly thereafter? Are there employees at these virus software companies writing the virus and the patch for them at the same time?
Quote:
Originally Posted by drblank
I was wondering the same thing. What I find even stronger is that these virus fixing software companies usely have a fix for a virus out as soon as the virus becomes known. How can they find the virus snd have a "fix" for it shortly thereafter? Are there employees at these virus software companies writing the virus and the patch for them at the same time?
You are correct....a lot of these security (virus companines) employ people that do nothing but proactivley look for software vulnerabilities. Then they have fixes sorted out for various threats. They also will inform the software maker of the vulnerabilites in advance but they don't always take heed.
Geezuz....do people actually get PAID to sit around all day and try these weird key sequences on their phones? I guess I'm glad they have phones..imagine what they'd discover if they only had themselves to play with!
Quote:
Originally Posted by mactoid
Geezuz....do people actually get PAID to sit around all day and try these weird key sequences on their phones? I guess I'm glad they have phones..imagine what they'd discover if they only had themselves to play with!
I'm going to guess they just tried the same key sequence that worked in 2011. Someone probably tries it again with every new update. A bit surprised someone with authority at Apple didn't (if they didn't).