Hack allows free access to in-app iOS purchases [u]

13

Comments

  • Reply 41 of 69
    doorman.doorman. Posts: 159member

    Quote:

    Originally Posted by genovelle View Post


    Theft is a crime. Period.   I'm sure you were saying pedophilia, but as moral values continue to degrade, our society will return to the days of pedophilia being legal like it was is Greece.  It was not until Christianity became the official religion there that the practice was stopped.  



    Couple of years ago in the news there was other information about some 'god-people'. 


    Don't put that religion did something good. Religion blinds. Are you blind?

  • Reply 42 of 69
    nicolbolasnicolbolas Posts: 254member


    Old news....

  • Reply 43 of 69
    richlrichl Posts: 2,213member


    It's better that one Russian guy tells the world about this exploit than thousands of people in China use it secretly.


     


    He's done the right thing and now Apple will fix it. It's a win for developers.

  • Reply 44 of 69
    beltsbearbeltsbear Posts: 315member

    Quote:

    Originally Posted by Tallest Skil View Post





    Could get all ISPs to block all P2P.


    A waste of time. 


    1) ISP's block p2p


    2) p2p changes protocol, to a possibly 100% encrypted format


    3) p2p functions as normal


    4) now ISP's can not do traffic shaping on p2p traffic

  • Reply 45 of 69
    damn_its_hotdamn_its_hot Posts: 1,213member
    doorman. wrote: »
    Couple of years ago in the news there was other information about some 'god-people'. 
    Don't put that religion did something good. Religion blinds. Are you blind?

    This is not a discussion about religion. Boy do you seem to have some knee jerk 'run scared' attitude about religion. The quote said the change happened around the time of christianity -- this does not directly imply that christians or any religion stopped pedophillia. Possibly just a backlash against a society that had gone off the deep end in more than one way. Conservatism is not necessarily ushered in by the religious but by those who find these and other actions morally reprehensible.

    I think maybe you are the one that is blind -- don't be a hater, just rely on a higher moral standard and you get to the same place.
  • Reply 46 of 69
    charlitunacharlituna Posts: 7,217member
    cgj wrote: »
    . Not downloading a movie that's already grossing hundreds of millions of dollars (or software from a multibillion company, like Apple, Microsoft or Adobe).

    That is exactly the scummy attitude that keeps p2p alive. Not everything is Michael Bays latest explosion porn. In fact most of what is up isn't.

    Maybe stopping P2P won't cure cancer or stop global warming but it isn't something to brush under the rug as 'not hurting anyone' etc. perhaps your morals would be different if it was your work out there.

    Just as Apple has different departments that do different things, so does the world. And perhaps instead of just brushing this off so you don't have to feel guilty about how you are doing it, you could apply that mind of yours to coming up with solutions.
  • Reply 47 of 69
    charlitunacharlituna Posts: 7,217member
    hellacool wrote: »
    Really?  Put someone in jail for life for stealing a song?  Wow.  Michael Jackson's killer only got 5 years but the person who down loads his music should get life???

    Let's put away the indignation and go review the context. I never said those that 'steal' via p2p should be put in jail. I said that would be the only way to completely stop it. Big difference.
  • Reply 48 of 69
    charlitunacharlituna Posts: 7,217member
    povilas wrote: »
    I very much understand you, but come on man the example that lad used in the video are pretty fucked up ones. 19.99 for some kind of points? That’s extortion.

    Then don't play the game.

    It's not like your life depends on you playing it. I was playing Smurfs Village for a while until it got to a point of being unplayable unless I spent cash. I stopped, deleted it, etc. My life is fine without it.
  • Reply 49 of 69
    charlitunacharlituna Posts: 7,217member
    mausz wrote: »
    Post count 36, and still no one is blaming Apple for allowing this loophole in their in-app purchase process.

    What exactly is the loophole Apple needs to fix.

    Allowing customers to change their DNS settings? Okay that's gone. No reason for folks needing to change them anyway right.

    Allowing customers to side load security certificates? Gone, who needs that anyway right. From now on, you have to submit them to Apple who will thoroughly vet every one of them before putting them on an official server, etc.

    Andso on. Since you are do smart tell us what is wrong and what they should do about it.

    While we are at it, perhaps we should demand that Apple drops the whole IAP system, it's bunk anyway. And not just from games, from everything. Apple just does it to make more money and they are worth billions,the greedy bastards.
  • Reply 50 of 69


    This is probably better not marvelous all over every The apple company fansite.



     [URL="www.vakantiehuisdordogne.be"]vakantiehuizen dordogne[/URL]


     


     [URL="www.logbookloansnow.co.uk"]logbook loans[/URL] 

  • Reply 51 of 69

    Quote:

    Originally Posted by Marvin View Post





    Simple really:



    Make it more worthwhile to pay for it than to steal it. Unfortunately, not so simple to implement such a system in a digital era.

    With digital content, there is such a disconnect between cause and effect that the gains from honesty are as unrecognisable as the damage done by dishonesty.

    The content providers don't help matters by blocking content by region and providing it after long periods of time through exclusive/expensive distribution channels, by implementing restrictive DRM and by using measures to extort money from users via hidden charges.

    People wouldn't steal movies quite so much if new movies went straight to Blu-Ray but the movie industry has managed to persuade people that a movie going direct to video/DVD/Blu-Ray means it's a failed movie when in fact, the distribution format means nothing about the quality. It's just that the movie industry knows that controlling the distribution means they can control the profits. Once it goes to retail, their control is gone.

    The music industry has embaced DRM-free audio but no such luck with DRM-free video yet. I think this is due to music files being so small that it is hard to have a service where people can find what they want and get consistent quality so iTunes ends up being more worthwhile as it's 99c per song and you can find as much music as you like with quality control. If a movie is $10-15 and only comes on a DRM disc or download and you can't put it on a mobile device easily, paying for it is worse than stealing it.

    I think the app issue is a minor one because the App Store works in a similar way to music. Lots of inexpensive content where it's harder to steal than pay for it. If the App Store content is worth paying for, people will generally pay for it. There certainly won't be a significant volume of the 300 million+ users who go out of their way to steal the content.


     


     


     


    You raise good points.


     


    Physical media needs to be a premium product.  People should want to own the official release, due to it being better in many respects to any digital copy.


     


    And access to pay-for digital media needs to be available, at a price most normal folks consider reasonable, if they want to make it the preferred choice for the folks who prefer digital.


     


    Paid-for needs to be better than free.  Libraries did not put book stores out of business, despite being free.  I don't see why torrents should put the publishers of entertainment out of business either.  They need to provide a proper value proposition, and people will accept it.  My guess is that as of now, they could be doing better.


     


    People will pay for convenience.  They will also pay for something that they like better.  Look at bottled water.  People love it, despite the fact that a free alternative is often available.

  • Reply 52 of 69
    technotechno Posts: 737member

    Quote:

    Originally Posted by Suddenly Newton View Post



    Basically, the equivalent of "I'm mad this game costs so much, so I broke into the store and took it, and I'm going to show you how to do the same so I can teach these greedy developers a lesson."

    Yeah, or you could simply not buy it. But hey, some people think they are entitled to steal.


     


    Quote:

    Originally Posted by Tallest Skil View Post





    That's exactly the mindset.

    "I can't afford it, so I'm entitled to download it for free. This can't be illegal."


     


    Quote:

    Originally Posted by charlituna View Post





    And use your greed to steal your Apple ID and password so I can buy a ton of stuff and sell it on eBay. I'll get my cousins in America to help me by buying it to pickup in store with their name as okay to pick up for you. In and out before you know what hit you, you lazy greedy turd.


    Are we missing the point?


     


    This guy may be scum and have the worst of intentions.


     


    But, I think the more important point is that guys like this serve a valuable role in keeping Apple on it's toes and in the long run making things safer for us all. I appreciate AI and others reporting this and allowing discussion on it. That way the user who may stumble upon this hack has some info about it. Knowing that the passwords are sent in clear text is important to know. Some idiots will ignore that and try the hack. But at least they are given the opportunity to be educated and do the smart thing and avoid this scumbag's hack.

  • Reply 53 of 69
    mauszmausz Posts: 243member

    Quote:

    Originally Posted by charlituna View Post





    What exactly is the loophole Apple needs to fix.

    Allowing customers to change their DNS settings? Okay that's gone. No reason for folks needing to change them anyway right.

    Allowing customers to side load security certificates? Gone, who needs that anyway right. From now on, you have to submit them to Apple who will thoroughly vet every one of them before putting them on an official server, etc.

    Andso on. Since you are do smart tell us what is wrong and what they should do about it.

    While we are at it, perhaps we should demand that Apple drops the whole IAP system, it's bunk anyway. And not just from games, from everything. Apple just does it to make more money and they are worth billions,the greedy bastards.


     


    As I've already said in my previous response. When the api validates the in-app process with an apple server (which gets redirected using the custom dns) why does apple allow custom certificates instead of a whitelist of apple certificates...


     


    It seems the only security is that it should be ssl (any certificate is valid) and that's not a good idea. You always have to take a man-in-the-middle attack using for instance dns spoofing into account.

  • Reply 54 of 69
    povilas wrote: »
    I very much understand you, but come on man the example that lad used in the video are pretty fucked up ones. 19.99 for some kind of points? That’s extortion.

    No, it's the free market economy. Sellers can set whatever prices they want. If you don't think it is worth paying, then don't buy it. If the seller prices it too high, they are missing out on potential revenues. If the seller prices it too low, they aren't earning what they could, and again, losing potential revenue. Sustainable economies work this way, and prices adjust themselves so both buyers and seller win.

    Sometimes, sellers don't have enough data to make the right adjustments, so they don't know they are losing money. Pricing can be very tricky without the right data. But just because something is priced too high does not justify theft, period.
  • Reply 55 of 69
    tallest skiltallest skil Posts: 43,388member
    [quote name="Suddenly Newton" url="/t/151270/hack-allows-free-access-to-in-app-ios-purchases-u/40#post_2146974"]If you don't think it is worth paying, then don't buy it.[/QUOTE]

    This simple concept right here eludes so many people. I do not at all support the creation of a police state or the abuse of law enforcement powers and privileges, but every once in a while I really really wish officers would just take an evening and go around to every known den of piracy in a town, one by one, knock on the door, and have a ten minute conversation about the law in that regard with the morons responsible for this nonsense. Then leave them with a warning.

    If you scare them enough, they legitimately won't do it again.

    But again, that's just a fantasy of mine. I wouldn't condone doing that in reality.
  • Reply 56 of 69
    jnjnjnjnjnjn Posts: 588member
    genovelle wrote: »
    Theft is a crime. Period.   I'm sure you were saying pedophilia, but as moral values continue to degrade, our society will return to the days of pedophilia being legal like it was is Greece.  It was not until Christianity became the official religion there that the practice was stopped.  

    ... was stopped and they began burning witches and condemning scientists.

    Different cultures are hard to grasp, especially if you are ignorant.

    J.
  • Reply 57 of 69
    jnjnjnjnjnjn Posts: 588member
    So how do we change this? What needs done to get these morons back on track?

    It's not a big deal. Distribute the movie digitally (on iTunes for example) for a low price, just before it is produced on a disk ( this includes pre production runs, press samples and so on). Success will be imminent.

    J.
  • Reply 58 of 69

    Quote:

    Originally Posted by GregInPrague View Post






    In the current climate I don't know how you can.  If the society can't agree whether truth is relative or not how can you say what is right or wrong?  When elected officials are consistently getting away with obvious corruption why should a teenager feel guilty about downloading a few movies?  In my opinion piracy won't diminish until either A) Laws are put into place with real teeth (they've tried and there's been huge backlash across Europe in the last year) or B) There's a significant spiritual change in the region.



     


    Seriously, why should the teenager feel bad if corruption exist everywhere in society ? Not only with elected officials, but also with companies. Big companies like Microsoft, IBM, Google and even Apple are basically places where moral values don't exist. Of course it's not illegal, they have the power of money to change laws. Even if it's illegal, so what? The penalties are pennies for them. Google copies Oracle, Oracle copies someone else, Apple copies someone else.


     


    Why put someone for jail for piracy, but not for bigger crimes? Also, it's not only Europe. In the US and Canada, most people pirate too. Honestly, I never knew anyone who didn't do it and not only from poor people. Rich people pirate as much if not more. It would not surprise me if 90 % of people here used torrents. Who the hell can buy 10 000 songs for their ipods?


     


    Hence, since the vast majority of the population doesn't see any changes at the top, why should they change. You see politician fighting for less laws for the rich (the market will take care of it) but for more laws for the others. Doesn't make sense.


     


    If that doesn't change, well morality is relative, right?

  • Reply 59 of 69
    sr2012sr2012 Posts: 896member
    Pirates gonna pirate. Good that it is in the wild though, Apple will be quite quick to patch this.
  • Reply 60 of 69
    jragostajragosta Posts: 10,473member
    charlituna wrote: »
    Then don't play the game.
    It's not like your life depends on you playing it. I was playing Smurfs Village for a while until it got to a point of being unplayable unless I spent cash. I stopped, deleted it, etc. My life is fine without it.

    Exactly.

    I would suggest reading the reviews to see how far you can go before spending cash becomes essential. There are some very good games that you can play for a long time without spending money. Dragonvale, Plants vs Zombies, Angry Birds, etc. Before trying a new game, I have started checking reviews to see how far you can go without spending cash before downloading a new game.
Sign In or Register to comment.