iPhone Firmware Update 2.02 released

Larry <[email protected]> wrote:

> > nokia isn't an american company larry, thus are not governed by the SOX
> > law. please THINK larry.
> >
> >
>
> Nokia does business in the USA, pays USA taxes on business it does in the
> USA and IS SUBJECT TO USA LAW UNDER ITS USA BUSINESS, just like every other
> international company doing business in the USA.
>
> Somebody at Yamaha Motors said Yamaha was not subject to the Magnusson-Moss
> Warranty Protection Act because they are Japanese when I returned my
> defective GP1200 Waverunner. They were wrong, also....(c;
>
> Think David....

it's not a Tax or Warranty issue Larry, it's a corporate governance
issue and the US has basically no control over how Noika is run.

And just so you know, Noika is based in Finland, not the US, so you
might want to update your brain so you can understand who the SOX law
would affect.

---

› See More: iPhone Firmware Update 2.02 released

In message <[email protected]> David Moyer
<[email protected]> wrote:

>you've list a few bugs, but no serious security issues.
>
>learn the difference.

Do you know what "arbitrary code execution" means?

DevilsPGD <[email protected]> wrote:

> >you've list a few bugs, but no serious security issues.
> >
> >learn the difference.
>
> Do you know what "arbitrary code execution" means?

yes, it means in a controlled, clean room environment with full access
to the device a potential vulnerability could exist. but when you get
back into the real world, it's easy to see there could never be an
exploit using said code. learn the difference.

DevilsPGD <[email protected]> wrote in
news:[email protected]:

> In message <[email protected]> David Moyer
> <[email protected]> wrote:
>
>>you've list a few bugs, but no serious security issues.
>>
>>learn the difference.
>
> Do you know what "arbitrary code execution" means?
>

An Apple backdoor into iPhone to trash it?.....(c;

Isn't "I Am Rich" "arbitrary code"?....(c;

David Moyer <[email protected]> wrote in news:48afe3e0$0$33226$815e3792
@news.qwest.net:

> DevilsPGD <[email protected]> wrote:
>
>> >you've list a few bugs, but no serious security issues.
>> >
>> >learn the difference.
>>
>> Do you know what "arbitrary code execution" means?
>
> yes, it means in a controlled, clean room environment with full access
> to the device a potential vulnerability could exist. but when you get
> back into the real world, it's easy to see there could never be an
> exploit using said code. learn the difference.
>

Boy, are YOU in for a shock....

http://members.aol.com/drshors/virus/virus.html

http://www.expresscomputeronline.com...security.shtml

Of course, there's the WORST "arbitrary code execution" on the iPhone:
http://www.businessweek.com/the_thre.../08/apple_to_i
phone.html

Nothing can beat your computer company being part of the problem.
Wait until the bad guys crack that little back door open....(c;

Larry wrote:
> David Moyer <[email protected]> wrote in news:48afe3e0$0$33226$815e3792
> @news.qwest.net:
>

<snip>

>> but when you get
>> back into the real world, it's easy to see there could never be an
>> exploit using said code. learn the difference.

<snip>

> Nothing can beat your computer company being part of the problem.
> Wait until the bad guys crack that little back door open....(c;

I had to use a lot of self-control to not to scream at some of the
programmers and chip designers that would be in a meeting and pipe out
with "in the real world no one will ever see this problem, there's no
need to fix it" excuse. I don't know if "David Moyer" is as naive as he
makes himself out to be or not, but _never_ believe that a known
vulnerability will not appear "in the real world" intentionally or not.

Invariably any time someone got away with the "in the real world"
rationalization, six months down the road a customer would come back to
us with "we think there's a problem with your chip, some of our units
are failing in the field."

Any issue brushed under the table with "it'll never happen "in the real
world" is certain to be a problem that indeed _will_ happen when you get
thousands of the units out on the market. It doesn't matter if it's
Apple, Microsoft, Intel, or whoever.

Remember the major vulnerability with DNS? Most vendors released patches
in early July to fix it. One vendor waited more than a month to fix it,
and was chastised in the media for their delay.

In message <[email protected]> David Moyer
<[email protected]> wrote:

>DevilsPGD <[email protected]> wrote:
>
>> >you've list a few bugs, but no serious security issues.
>> >
>> >learn the difference.
>>
>> Do you know what "arbitrary code execution" means?
>
>yes, it means in a controlled, clean room environment with full access
>to the device a potential vulnerability could exist. but when you get
>back into the real world, it's easy to see there could never be an
>exploit using said code. learn the difference.

Well, it's a good theory, except that the way JailBreaks have been
implemented so far is through browser based vulnerabilities, which show
that not only is it possible to execute arbitrary code, it's a well
known process.

In article <[email protected]>,
DevilsPGD <[email protected]> wrote:

> >yes, it means in a controlled, clean room environment with full access
> >to the device a potential vulnerability could exist. but when you get
> >back into the real world, it's easy to see there could never be an
> >exploit using said code. learn the difference.
>
> Well, it's a good theory, except that the way JailBreaks have been
> implemented so far is through browser based vulnerabilities, which show
> that not only is it possible to execute arbitrary code, it's a well
> known process.

yes, if you have direct access to the device you can do anything, no
news there, but doing something remotely is where an actual "security
issue" would come into play, and so far, nothing.

In article <[email protected]>,
DevilsPGD <[email protected]> wrote:
e:
>
> >DevilsPGD <[email protected]> wrote:
> >
> >> >you've list a few bugs, but no serious security issues.
> >> >
> >> >learn the difference.
> >>
> >> Do you know what "arbitrary code execution" means?
> >
> >yes, it means in a controlled, clean room environment with full access
> >to the device a potential vulnerability could exist. but when you get
> >back into the real world, it's easy to see there could never be an
> >exploit using said code. learn the difference.
>
> Well, it's a good theory, except that the way JailBreaks have been
> implemented so far is through browser based vulnerabilities, which show
> that not only is it possible to execute arbitrary code, it's a well
> known process.

duH! i once heard a story where a guy through a BRICK at a window of a
house and then BROKE IN! Can you believe it!!!!!

then he tried to throw that same BRICK at a house from Cleveland to
Phoenix, he didn't succeed. duh! OS X security works in a similar
fashion since unless you have physical access, there really is no way to
break in.

In message <[email protected]> Mike Hofman
<[email protected]> wrote:

>In article <[email protected]>,
> DevilsPGD <[email protected]> wrote:
>e:
>>
>> >DevilsPGD <[email protected]> wrote:
>> >
>> >> >you've list a few bugs, but no serious security issues.
>> >> >
>> >> >learn the difference.
>> >>
>> >> Do you know what "arbitrary code execution" means?
>> >
>> >yes, it means in a controlled, clean room environment with full access
>> >to the device a potential vulnerability could exist. but when you get
>> >back into the real world, it's easy to see there could never be an
>> >exploit using said code. learn the difference.
>>
>> Well, it's a good theory, except that the way JailBreaks have been
>> implemented so far is through browser based vulnerabilities, which show
>> that not only is it possible to execute arbitrary code, it's a well
>> known process.
>
>duH! i once heard a story where a guy through a BRICK at a window of a
>house and then BROKE IN! Can you believe it!!!!!
>
>then he tried to throw that same BRICK at a house from Cleveland to
>Phoenix, he didn't succeed. duh! OS X security works in a similar
>fashion since unless you have physical access, there really is no way to
>break in.

Do you know what "arbitrary code execution" means?

In message <[email protected]> David Moyer
<[email protected]> wrote:

>In article <[email protected]>,
> DevilsPGD <[email protected]> wrote:
>
>> >yes, it means in a controlled, clean room environment with full access
>> >to the device a potential vulnerability could exist. but when you get
>> >back into the real world, it's easy to see there could never be an
>> >exploit using said code. learn the difference.
>>
>> Well, it's a good theory, except that the way JailBreaks have been
>> implemented so far is through browser based vulnerabilities, which show
>> that not only is it possible to execute arbitrary code, it's a well
>> known process.
>
>yes, if you have direct access to the device you can do anything, no
>news there, but doing something remotely is where an actual "security
>issue" would come into play, and so far, nothing.

The security issue would come into play when you, the device owner,
happen to navigate to a compromised website.

At least one of the exploits was image based, so there are a number of
attack vectors, even advertising banners would do the trick. Another
option would be to add an IMG tag linking to an infected image to the
comments of a blog likely to be read by iPhones and you'd gain control
of a ton of devices.

In article <[email protected]>,
DevilsPGD <[email protected]> wrote:

> >yes, if you have direct access to the device you can do anything, no
> >news there, but doing something remotely is where an actual "security
> >issue" would come into play, and so far, nothing.
>
> The security issue would come into play when you, the device owner,
> happen to navigate to a compromised website.

but that is entirely unlikely that a user would ever visit one of those
sites. so it's simply not an issue.

> At least one of the exploits was image based, so there are a number of
> attack vectors, even advertising banners would do the trick. Another
> option would be to add an IMG tag linking to an infected image to the
> comments of a blog likely to be read by iPhones and you'd gain control
> of a ton of devices.

gain control? no, perhaps crash a few browsers on a few iphones, but
gaining control would require physical access to each and every iphone.
simply not going to happen.

you do realize the iphone is based on UNIX, not windows don't you?

In article <[email protected]>, Larry
<[email protected]> wrote:

> David Moyer <[email protected]> wrote in news:48b17117$0$89387$815e3792
> @news.qwest.net:
>
> > you do realize the iphone is based on UNIX, not windows don't you?
>
> Oh, great! Then it will run UNIX software? NOT!

it does.

nospam <[email protected]> wrote in news:240820081248533342%
[email protected]lid:

> In article <[email protected]>, Larry
> <[email protected]> wrote:
>
>> David Moyer <[email protected]> wrote in news:48b17117$0$89387$815e3792
>> @news.qwest.net:
>>
>> > you do realize the iphone is based on UNIX, not windows don't you?
>>
>> Oh, great! Then it will run UNIX software? NOT!
>
> it does.
>

Bull****. If it did, they'd never sell what's for free elsewhere. Apple
is stupid, but not THAT stupid.

Let me know when you get Abiword running on it. I wanna see the youtube
video.

http://www.abisource.com

How about Open Office? Let's run that on it, too.

http://www.openoffice.org/

Lemme know when you post the video and its Url.

Lemme know when you learn what 'porting software' means....

Tell you what, port these to iPhoney. Everyone will want it. You'll be
a hero! Business will buy it if you port it, even Apple will love you.

The source code is on both websites for you to use free.

Bull****.....

In message <[email protected]> David Moyer
<[email protected]> wrote:

>In article <[email protected]>,
> DevilsPGD <[email protected]> wrote:
>
>> >yes, if you have direct access to the device you can do anything, no
>> >news there, but doing something remotely is where an actual "security
>> >issue" would come into play, and so far, nothing.
>>
>> The security issue would come into play when you, the device owner,
>> happen to navigate to a compromised website.
>
>but that is entirely unlikely that a user would ever visit one of those
>sites. so it's simply not an issue.
>
>> At least one of the exploits was image based, so there are a number of
>> attack vectors, even advertising banners would do the trick. Another
>> option would be to add an IMG tag linking to an infected image to the
>> comments of a blog likely to be read by iPhones and you'd gain control
>> of a ton of devices.
>
>gain control? no, perhaps crash a few browsers on a few iphones, but
>gaining control would require physical access to each and every iphone.
>simply not going to happen.

Proof of concept is that every iPhone OS so far has been jail broken,
and this is done through browser based exploits.

>you do realize the iphone is based on UNIX, not windows don't you?

And? BSD actually, not UNIX, although they both have strong POSIX
roots. However, as long as the OS is capable of running arbitrary code,
and the potential exists to inject code into the device, there is a
potential issue.