Week 27: F.U.D. of the Week

  • Avatar

    Posted: 07 July 2011 12:05 AM #16

    @Mav “Not to give undue credit to FUDsters, but a PDF security flaw ain?t FUD if it?s for real.”

    It is FUD because the story doesn’t say:

    “A tool that lets people remotely jailbreak their iPhones could be modified to attack iPhones and iPads with malicious PDFs and appears to have prompted Germany’s government to issue a security warning to consumers.”

    They make it sound like every iPhone has the vulnerability.  Remotely jailbreak an iPhone!

    Signature

    “Works of art, in my opinion, are the only objects in the material universe to possess internal order, and that is why, though I don’t believe that only art matters, I do believe in Art for Art’s sake.” E. M. Forster

         
  • Avatar

    Posted: 07 July 2011 12:10 AM #17

    You’re right about the first paragraph of the CNet article Link here, but it also says near the bottom:

    “The Jailbreakme.com exploit downloads a payload to jailbreak the phone, but it could be changed to deliver a malicious payload,” said Charlie Miller, a principal research consultant at Accuvant and an Apple security expert. “This is the first exploit that can defeat Apple’s ASLR (Address Space Layout Randomization),” a security technique that can block certain types of attacks.

    The German agency urged iOS device users to avoid opening PDF files of unknown origin, either in e-mail attachments or on Web sites. The agency did not respond to calls and e-mails from CNET today. According to a statement on its Web site (translated in Google Translate), the agency said “no attacks have been observed.” In its statement, the agency also said that “possible attack scenarios for cybercriminals include the reading of confidential information (passwords, online banking data, calendars, e-mail content, text or contact information), access to built-in cameras, the interception of telephone conversations, and the GPS localization of the user.”

    Miller suggested that people with jailbroken devices install the PDF Patcher 2 patch to close the hole. And until Apple issues its fix, the only protection for non-jailbroken devices is to jailbreak them and then install the PDF Patcher 2 software.

    So a statement is being made that all iPhones are vulnerable.

    Again, not giving any FUDsters undue credit.  I just looked into this supposed security flaw deal a little more and this is what I found.

    Signature

    The Summer of AAPL is here.  Enjoy it (responsibly) while it lasts.
    AFB Night Owl Team™
    Thanks, Steve.

         
  • Avatar

    Posted: 07 July 2011 12:28 AM #18

    Mav, the key to that was “Miller suggested”.

    Signature

    Adversity does not just build character, it reveals it.

         
  • Avatar

    Posted: 07 July 2011 12:31 AM #19

    *shrug*  Hey, even if an avowed Apple-hater posted this, I’d still be a little careful - Charlie Miller’s got street cred, like him or not (I’d prefer he not squirrel away vulnerabilities so he can win prizes at the Pwn2Own competitions).

    Signature

    The Summer of AAPL is here.  Enjoy it (responsibly) while it lasts.
    AFB Night Owl Team™
    Thanks, Steve.

         
  • Avatar

    Posted: 07 July 2011 12:39 AM #20

    Mav - 07 July 2011 03:31 AM

    *shrug*  Hey, even if an avowed Apple-hater posted this, I’d still be a little careful - Charlie Miller’s got street cred, like him or not (I’d prefer he not squirrel away vulnerabilities so he can win prizes at the Pwn2Own competitions).

    I would prefer that he didn’t give people ideas. That he would tell Apple and then shut up about it.

    Signature

    “Works of art, in my opinion, are the only objects in the material universe to possess internal order, and that is why, though I don’t believe that only art matters, I do believe in Art for Art’s sake.” E. M. Forster

         
  • Avatar

    Posted: 07 July 2011 12:54 AM #21

    harry, that would require a person to have integrity and character. Miller does not impress me.

    Signature

    Adversity does not just build character, it reveals it.

         
  • Avatar

    Posted: 07 July 2011 01:06 AM #22

    mbeauch - 07 July 2011 03:54 AM

    harry, that would require a person to have integrity and character. Miller does not impress me.

    Glad that I am not only one who feels that way. He may be brilliant, but I don’t trust anyone who talks about that sort of thing. “I know of this house that has a broken door lock. If the owner doesn’t fix it in a few days then I will tell every crack addict in town how to get in.”

    Signature

    “Works of art, in my opinion, are the only objects in the material universe to possess internal order, and that is why, though I don’t believe that only art matters, I do believe in Art for Art’s sake.” E. M. Forster

         
  • Avatar

    Posted: 07 July 2011 01:23 AM #23

    mbeauch - 07 July 2011 03:54 AM

    Miller does not impress me.

    That makes three of us.  Miller’s got talent, but with an apparent mix of “mercenaryism.”  Is there such a thing as a “white hat” hacker?  They all have shades of gray to me.

    Signature

    The Summer of AAPL is here.  Enjoy it (responsibly) while it lasts.
    AFB Night Owl Team™
    Thanks, Steve.

         
  • Posted: 07 July 2011 01:58 AM #24

    Sir Harry Flashman - 07 July 2011 03:05 AM

    @Mav “Not to give undue credit to FUDsters, but a PDF security flaw ain?t FUD if it?s for real.”

    It is FUD because the story doesn’t say:

    “A tool that lets people remotely jailbreak their iPhones could be modified to attack iPhones and iPads with malicious PDFs and appears to have prompted Germany’s government to issue a security warning to consumers.”

    They make it sound like every iPhone has the vulnerability.  Remotely jailbreak an iPhone!

    Has anyone posted the fact that 99% of all Android phones are hackable until the handset manufacturers incorporate Google’s latest security patch?  THAT is the story that Miller should be running.

         
  • Avatar

    Posted: 07 July 2011 08:30 AM #25

    Has anyone posted the fact that 99% of all Android phones are hackable until the handset manufacturers incorporate Google?s latest security patch?

    It is all about page hits. Put Apple, Mac, iPhone, or Steve Jobs in the headline and people would read an article about turbidity in vernal pools.

    Signature

    “Works of art, in my opinion, are the only objects in the material universe to possess internal order, and that is why, though I don’t believe that only art matters, I do believe in Art for Art’s sake.” E. M. Forster

         
  • Avatar

    Posted: 07 July 2011 05:55 PM #26

    Every day is the same as the last

    Apple Loses Bid To Block Amazon From Using ‘App Store’ Name

    With the implication that the trial is over when it is only a preliminary injunction. Go read the comments.

    http://www.huffingtonpost.com/2011/07/07/apple-amazon-app-store_n_892013.html

    Signature

    “Works of art, in my opinion, are the only objects in the material universe to possess internal order, and that is why, though I don’t believe that only art matters, I do believe in Art for Art’s sake.” E. M. Forster

         
  • Posted: 07 July 2011 10:46 PM #27

    Sir Harry Flashman - 07 July 2011 11:30 AM

    Has anyone posted the fact that 99% of all Android phones are hackable until the handset manufacturers incorporate Google?s latest security patch?

    It is all about page hits. Put Apple, Mac, iPhone, or Steve Jobs in the headline and people would read an article about turbidity in vernal pools.

    Don’t know about that remark, those articles can be pretty saucy on their own.  wink

    “If you go out on a rainy night to observe migrations, do be careful if you are looking at road crossing sites. Drivers will have trouble seeing “salamander people” on the road. Resist the urge to stop traffic to save amphibians. Don’t become a statistic. If you find a location with significant roadkill, work with local authorities for road closings in future years. See the link below for reporting crossing sites. Once mole salamanders and wood frogs reach their vernal pool, breeding activities commence. For spotted salamanders, this means the males lay down spermatophores from which the females pick up sperm. After a few days, the females lay egg masses attached to submerged vegetation as in these photos.”

         
  • Posted: 07 July 2011 11:25 PM #28

    Sir Harry Flashman - 07 July 2011 11:30 AM

    Has anyone posted the fact that 99% of all Android phones are hackable until the handset manufacturers incorporate Google?s latest security patch?

    It is all about page hits. Put Apple, Mac, iPhone, or Steve Jobs in the headline and people would read an article about turbidity in vernal pools.


    Steve Jobs , of Apple fame, was reported as being seen at a local coffee shop intently studying his Mac and then quickly posting this Email via his IPhone.
    “Formazin is produced in a 4000 FTU (Formazin Turbidity Unit) suspension. Reproducibility of this suspension using the same hexamethylenetetramine and hydrazine sulfate is ? 1%. (Suspensions using different brands, lots, etc. of hexamethylenetetramine and hydrazine sulfate have a ? 15% reproducibility.) The subsequent dilutions of this suspension to lower turbidity values become more unstable with greater dilution. It is recommended that diluted calibration suspensions be used immediately and properly disposed.”

    You are correct Sir Harry if I saw this first sentence I would read it to the end. grin

         
  • Avatar

    Posted: 07 July 2011 11:39 PM #29

    @Platon

    I referenced vernal pools because they are of interest to me, but probably not too many people. I live in a San Diego a few minutes from the Marine Corp Air Station which is one of the last protected areas for vernal pools. You can see quite a number of them from I-15 and CA 163 where they pass through the base. The pools are home to several endangered species, see http://www.californiachaparral.com/vernalpools.html

    I have the Creek Watch iPhone app which is used to report conditions of waterways when I am hiking, see http://creekwatch.researchlabs.ibm.com/

    Signature

    “Works of art, in my opinion, are the only objects in the material universe to possess internal order, and that is why, though I don’t believe that only art matters, I do believe in Art for Art’s sake.” E. M. Forster

         
  • Posted: 08 July 2011 01:26 AM #30

    I did a research paper on vernal pools when I was was in high school years ago and that is why I thought your analogy was well said. Something seemingly so simple that can be quite complicated and stifling when taken to the extreme. Looking back I don’t know if I was bored or overwhelmed with the subject. Anyway your point was well made and well taken, at least it was by me.