What is Digg?Sponsored by Toyota
See what Toyota is doing about the recall. view!
toyota.digg.com - Watch as a certified Toyota mechanic executes the quick fix.
49 Comments
- getsome2k, on 02/05/2010, -7/+42I thought apple had all this control to prevent things like that
- filovirus, on 02/06/2010, -1/+27Atleast if you are on AT&T 3G, they would have a much harder time getting to your phone.
- B1665r, on 02/06/2010, -4/+26No, but it is deliciously ironic that that after all those years of having to listen to sanctimoniousness apple fans talk about how their computers have perfect invulnerable security, they have quickly become the target of choice over the last year. And that is all I expect to get from this, is a sense of schadenfreude.
- inactive, on 02/06/2010, -8/+24Apple is not out to prevent things like this, they are only out to prevent competing applications like Google Voice.
- iamcowdrunk, on 02/06/2010, -4/+14I don't know about you but almost everyone I know that has an iproduct has the mentality of 'I'll press yes to close the pop-up.' In conjunction with Apple selling the 'No viruses OS' I think that becomes a problem in these growing situations.
- salinungatha, on 02/06/2010, -1/+10Hmmm, this coming on top of the 'Pre-ordering an iPad puts consumers at risk of mockery attacks' spells trouble for Apple.
- spacem00se, on 02/06/2010, -5/+14Apple is probably more vulnerable to trojans, phishing & other misc malware due to the illusion that Apple provides that the Mac is far more secure than Windows in their ads. While viruses can be detected, most trojans, worms, etc, are often initiated by the user, who assumes OSX is secure, when it isnt. Its the user thats not secure.
- TheRedNewt, on 02/06/2010, -1/+8I don't think that's true of just Mac users. That's the vast majority of computer users.
No computer savvy person would do that, regardless of platform. - ohreilly, on 02/06/2010, -1/+7The other products aren't heavily locked down and restricted, neither do they have an army of fanboys who buy the crap that restrictions = security.
- DaviDTC, on 02/06/2010, -2/+8You called it "your phone" and if that is the case, why does Apple decided everything you can put on it and do with it?
- B1665r, on 02/06/2010, -3/+9The last bunch of alleged flaws in windows we have seen come across Digg, are more arcane and obscure than this one. One the other day, the user had to go out of their way to get their computer exploited(starting with they shut down automatic updates and were running IE6), and the one before that had something to do with running DOS programs...
All of the compromised computers I have seen over the last half decade have been exploited by Trojan horse software. The Mac platform is just as vulnerable and just as targeted by Trojan horse software as windows is now days. The vector is overwhelmingly pirated software on both platforms.
Deal with it. - EnergyFlash, on 02/06/2010, -1/+7One day I'd really like to be able to read about security issues without a bunch of consumer tech geeks laughing about what platform is affected. They should force you all to use the same technology so us like minded people can laugh at you for once :)
- pentiumii, on 02/06/2010, -1/+7do not know why you are being down ranked
it true it doesn't matter the Os u run and how secure it is
if said user download in stall the virus thinking it's an app or anything else no Os is secure at that point
including apple Linux BSD Unix and windows
on a side note 90 % of windows viruses are in stalled by user not by going to some web site
hence the same reason why iworks virus got lot mac user
cuz mac user installed it
apple cant protect it computer from user if u install a virus there nothing on a mac computer to say we detected a virus u would never know n the first place - TheRedNewt, on 02/06/2010, -0/+5God I agree. God forbid you try to point out that they're being a fanboy of one side or the other either. Apparently, there's not middle ground here.
- rockytop9808, on 02/06/2010, -1/+6Everyone I know who switched from iPod to Zune likes the Zune much better.
It's just poorly marketed. - Kugelblitze, on 02/06/2010, -0/+4It just works... even for hackers.
- Kazbaeden, on 02/06/2010, -0/+4@HotRats and MrBitch
I think he meant software wise. - jonathan102, on 02/06/2010, -7/+11There isn't a single product on the market that doesnt have any security flaw. Nothing is perfect. So if you are so damn concerned about internet security, then don't bloody use it. It's that simple.
- B1665r, on 02/06/2010, -2/+5So if you self exploit your phone, in your effort to secure your phone, it is your own damn fault?
You have trouble with irony. Don't you? - rnawky, on 02/06/2010, -3/+6http://www.thebestpageintheuniverse.net/c.cgi?u=ip ...
- iamcowdrunk, on 02/06/2010, -0/+2@newt: I agree and should have stated, I think it goes for most users regardless of platform. I was just making a point of Apple marketing a product as a completely secure system and how I have a problem with that. And in no way am I saying that Microsoft is any better, only the general user is probably more weary of any interactions.
@rats: I expect most people to do careless things on their computer no matter what they run so I'm not bashing apple users, only apple for marketing it like so. Not that Microsoft hasn't done the same a thousand times over. - yttrstein, on 02/07/2010, -0/+2You must be new here.
- JohnnySoftware, on 02/05/2010, -5/+7does sound bad
- JohnnySoftware, on 02/07/2010, -0/+1It probably does have control over things like that. The article does not say a hacker could get anyone to use the fake corporate profile or een see it, just that they can make one.
- JohnnySoftware, on 02/07/2010, -0/+1FTA: "Our source was able to obtain a temporary, signature-only test certificate from VeriSign with the name "Apple Computer." VeriSign issues such certificates for testing only, and are not configured for use for serious security purposes. As such, these certificates only require a verified e-mail address to obtain. Using this certificate, however, he created and signed a fake mobileconfig file that appeared to come from Apple."
That is nothing. The same company gave a hacker a real, live Microsoft digital certificate a decade ago when IE totally lacked any support for certificate revocation lists (CRLs) which are the computer/device/service/program/site cert. version of credit card cancellation lists that stores use. Basically, IE had no reason/way to _not_ trust that certificate.
The iPhone already supports CRL and certificate signing path verification. It's not some struggling 1990's web browser experiment. http://developer.apple.com/iPhone/library/document ... - mrBitch, on 02/07/2010, -0/+1RE: ".. The irony is that most people that Jailbreak don't understand that this also breaks the "code signing" feature of the iPhone, which means the iPhone is LESS secure after jailbreaking it.
Buried for fact? - bigdude69, on 02/06/2010, -1/+2NEWTON!
- mrBitch, on 02/07/2010, -0/+1@ rockytop9808, RE: " .. It's just poorly marketed."
It's not anything to do with whether Zune is good or not, it's the fact that Zune is only available to buy in North America.
The rest of the world will never see a Zune, that's what I meant by my comment. - yttrstein, on 02/06/2010, -1/+2By the way, if anyone was wondering just what is it about windows users that makes their systems so inherently insecure, you're seeing it in this thread. This is the "head in the sand" approach to security engineering, one of "if I don't believe it, it never happens".
- mrBitch, on 02/06/2010, -2/+2@ B1665r, RE: ".. So if you self exploit your phone, in your effort to secure your phone, it is your own damn fault?"
No one who jailbreaks their iPhone is doing it to "secure" their phone.
I jailbreak to be able to install software that's not sourced from the App Store.
The irony is that most people that Jailbreak don't understand that this also breaks the "code signing" feature of the iPhone, which means the iPhone is LESS secure after jailbreaking it.
I'm ok with that, since I know what I'm doing. - rockytop9808, on 02/06/2010, -2/+2I like functioning software, chief.
If anyone's the retard, it's you, because you can't handle basic freedom on your system and have to have Apple hold your little hand through the whole thing. - epicglottis, on 02/16/2010, -0/+0Apple's security attitude towards the iPhone is similar to Microsoft's back when Windows XP was new. I would argue that it's actually WORSE. To date, Apple has patched 104 vulnerabilities for the iPhone. That's just the ones they know about and had a fix for. Imagine what other vulnerabilities have been found and not disclosed to Apple! I actually did a quick comparison between the infant iPhone and Windows XP on my blog, take a look: http://binpoint.com/2010/02/iphone-harbinger-of-do ...
- alexp2ad, on 02/06/2010, -6/+6So you do still have to manually accept a random configuration file when it asks to install?
Just because a config file says it's signed doesn't mean you should accept the install at random.
Wouldn't complain if this was fixed, but I'm not worried, I don't accept random installation pop ups, whoever it says they're signed by. - mds40, on 02/06/2010, -1/+1"Ars spoke with a mobile security expert who discovered the problem (who asked to remain anonymous because he did not have approval to talk about the issue)."
that doesnt sound like anonymity to me. - yttrstein, on 02/06/2010, -3/+2You can do that too. It's called an "ad hoc" install, and I have six "ad hoc" apps on my UNjailbroken iphone right now. Maybe you should RTFM.
- mrBitch, on 02/06/2010, -3/+1@ DaviDTC, RE: ".. why does Apple decided everything you can put on it and do with it? "
You really didn't know that you can put anything you want on an iPhone? You can rip your CDs and DVDs or download whatever you want.
You didn't know that? - HotRats76, on 02/06/2010, -5/+2That is what I was going to say.. Sounds more like the land of PC users, and the cause of most if not all of peoples issues.. Clicking on that spam email because yes your computer has been running slower lately. Or clicking that annoying pop up to just get rid of it..
But I think lamecowdrunk just wanted to bash apple and its users.. - JAC521, on 02/06/2010, -5/+1Thanks a lot Takei, now everybody knows!
- iNDone, on 02/06/2010, -6/+2why do i always read it as phisting???
- mrBitch, on 02/06/2010, -5/+1Zune users won't ever have that problem, since most people have never even seen a Zune, and so would not recognise one when they saw one.
- HotRats76, on 02/06/2010, -8/+4Really? Do you even know you can rip music off of CDs purchased, not from apple, and put them on an iPod. or or rip a movie or TV show, into the correct format and put it on your iPod? This locked down argument is *****!!
ALL of your game consoles are locked down, your ***** zuneHD is locked down. Your Nintendo DS and your Wii is locked down.. I suppose you only PC game so its all good in the open source hood.. - HotRats76, on 02/06/2010, -7/+2I think you will be more mocked for using your Zune in public than anyone will ever be mocked for using an iPad in public.
- juliusthecat, on 02/06/2010, -11/+6The iPhone is a piece of ***** and so is your face.
- yttrstein, on 02/06/2010, -12/+4Yes, and precisely the same flaw exists on every single personal computing device on a planet that allows you to install software and change configuration files.
Ladies and gentlemen, I'd like to introduce you to the "are you sure" modality of security engineering. It does tend to rely on the user actually reading words and understanding them, so it is by no means perfect, but whenever you try to install one of those configuration files, a warning pops up and really truly does ask you if youre sure.
And if you go ahead and break your phone anyway, you ***** deserve it. - TheRedNewt, on 02/06/2010, -12/+2@B1665r
That still doesn't make your claim true. Most of the trojans are still Windows specific in fact. Windows machines are still the most targeted. Also, saying this particular instance (on a phone, not even a computer) is typical of Mac problems is BEYOND a stretch. Many Mac security "flaws" have been just as arcane as the Windows ones. The fact remains that just by surfing the web with a Windows machine and not being smart about where you go you can pick up loads of malware. That malware very much so IS Windows specific. Perhaps you should do a little browsing around about security before lying about it.
Look, I hate Mac users claiming they have the most secure systems as much as the next guy, but that doesn't mean that they are bigger targets or even more vulnerable than Windows.
Deal with it. - B1665r, on 02/06/2010, -12/+2So... I doubt google could perfectly do voice recognition on your phone call, but I bet they can pick up enough words to add that you the file they are collecting on you. I guess we are entering a world where free phone calls will be acceptable if you don't mind stopping mid conversation to listen to a commercial announcement....
- TheRedNewt, on 02/06/2010, -13/+2I agree that people who think Apple products don't have security flaws are blind fanboys, but they've hardly become "the target of choice." Can we even name an exploit that's been widely used to attack Apple computers/devices? It seems like we're in a perpetual news cycle of "Apple Security Flaw" that is never followed by an actual exploit.
That being said, I don't doubt that Apple products are just as hackable (maybe more so), but until there's a wide enough install base for it to be worth the effort, we're not going to see the type of widespread attacks we see on Windows.
From a Windows/Linux user. - yttrstein, on 02/06/2010, -16/+4I'm sorry that you cant afford Apple hardware, B1665r, but there's no reason to be cranky about it.
- TexMexRex, on 02/06/2010, -18/+4Another Apple flaw that has yet to effect one user? Yes! More hope for Wintards everywhere.
