reply to discussion
Page 1 of 2 12 LastLast
Results 1 to 15 of 16
  1. #1
    iPhone News
    Guest
    2.0.2 gives almost full access to the iPhone even while under password
    protection...

    Steps to Reproduce flaw...

    Set iPhone to use passcode lock, have contacts marked as Favorites with
    links, phone numbers, addresses, etc in address book entry.

    Tap "Emergency Call" keypad from passcode entry screen.

    Double-tap home button.

    Tap blue arrow next to contact's name. You now have full access to
    applications such as Safari, complete Contacts list, SMS, Maps, "full"
    Phone access, and Mail by accessing various entries on the Favorite's
    page, i.e. tapping their home page brings up a full, unrestricted Safari.



    See More: NEWS: Major security flaw in iPhone update 2.0.2




  2. #2
    Larry
    Guest

    Re: NEWS: Major security flaw in iPhone update 2.0.2

    iPhone News <[email protected]> wrote in news:invalid-
    [email protected]:

    > 2.0.2 gives almost full access to the iPhone even while under password
    > protection...
    >
    > Steps to Reproduce flaw...
    >
    > Set iPhone to use passcode lock, have contacts marked as Favorites with
    > links, phone numbers, addresses, etc in address book entry.
    >
    > Tap "Emergency Call" keypad from passcode entry screen.
    >
    > Double-tap home button.
    >
    > Tap blue arrow next to contact's name. You now have full access to
    > applications such as Safari, complete Contacts list, SMS, Maps, "full"
    > Phone access, and Mail by accessing various entries on the Favorite's
    > page, i.e. tapping their home page brings up a full, unrestricted Safari.


    I'm shocked!




  3. #3
    Mike Hofman
    Guest

    Re: NEWS: Major security flaw in iPhone update 2.0.2

    iPhone News <[email protected]> wrote:

    > 2.0.2 gives almost full access to the iPhone even while under password
    > protection...
    >
    > Steps to Reproduce flaw...
    >
    > Set iPhone to use passcode lock, have contacts marked as Favorites with
    > links, phone numbers, addresses, etc in address book entry.
    >
    > Tap "Emergency Call" keypad from passcode entry screen.
    >
    > Double-tap home button.
    >
    > Tap blue arrow next to contact's name. You now have full access to
    > applications such as Safari, complete Contacts list, SMS, Maps, "full"
    > Phone access, and Mail by accessing various entries on the Favorite's
    > page, i.e. tapping their home page brings up a full, unrestricted Safari.


    not much of a flaw since nobody even uses passcode lock, but even if
    someone did, nobody is going to know about this bug. it's a minor issue
    at best.



  4. #4
    Robert Haar
    Guest

    Re: NEWS: Major security flaw in iPhone update 2.0.2

    On 8/27/08 6:54 PMAug 27, "iPhone News" <[email protected]> wrote:

    > 2.0.2 gives almost full access to the iPhone even while under password
    > protection...
    >
    > Steps to Reproduce flaw...
    >
    > Set iPhone to use passcode lock, have contacts marked as Favorites with
    > links, phone numbers, addresses, etc in address book entry.
    >
    > Tap "Emergency Call" keypad from passcode entry screen.
    >
    > Double-tap home button.
    >
    > Tap blue arrow next to contact's name. You now have full access to
    > applications such as Safari, complete Contacts list, SMS, Maps, "full"
    > Phone access, and Mail by accessing various entries on the Favorite's
    > page, i.e. tapping their home page brings up a full, unrestricted Safari.


    You left out a critical piece. For this to work, the iPhone settings must
    have the double click of HOME set to Phone Favorites.




  5. #5
    Kevin Weaver
    Guest

    Re: NEWS: Major security flaw in iPhone update 2.0.2


    "Mike Hofman" <[email protected]> wrote in message
    news:[email protected]
    > iPhone News <[email protected]> wrote:
    >
    >> 2.0.2 gives almost full access to the iPhone even while under password
    >> protection...
    >>
    >> Steps to Reproduce flaw...
    >>
    >> Set iPhone to use passcode lock, have contacts marked as Favorites with
    >> links, phone numbers, addresses, etc in address book entry.
    >>
    >> Tap "Emergency Call" keypad from passcode entry screen.
    >>
    >> Double-tap home button.
    >>
    >> Tap blue arrow next to contact's name. You now have full access to
    >> applications such as Safari, complete Contacts list, SMS, Maps, "full"
    >> Phone access, and Mail by accessing various entries on the Favorite's
    >> page, i.e. tapping their home page brings up a full, unrestricted Safari.

    >
    > not much of a flaw since nobody even uses passcode lock, but even if
    > someone did, nobody is going to know about this bug. it's a minor issue
    > at best.


    Not much of a problem ? True fanboi. No one is going to know about this bug
    ? You find a iPhone and do a Google on how to unlock passcode, your going to
    find this and others.




  6. #6
    Larry
    Guest

    Re: NEWS: Major security flaw in iPhone update 2.0.2

    "Kevin Weaver" <[email protected]> wrote in
    news:[email protected]:

    > Not much of a problem ? True fanboi. No one is going to know about
    > this bug ? You find a iPhone and do a Google on how to unlock
    > passcode, your going to find this and others.
    >


    I'm sure glad Micro$oft doesn't have these poo poo fanbois trying to
    deflect everyone pointing out flaws. XP would have been DOOMED!




  7. #7
    Mike Hofman
    Guest

    Re: NEWS: Major security flaw in iPhone update 2.0.2

    In article <[email protected]>,
    "Kevin Weaver" <[email protected]> wrote:

    > > not much of a flaw since nobody even uses passcode lock, but even if
    > > someone did, nobody is going to know about this bug. it's a minor issue
    > > at best.

    >
    > Not much of a problem ? True fanboi. No one is going to know about this bug
    > ? You find a iPhone and do a Google on how to unlock passcode, your going to
    > find this and others.


    no fanboy, just a realist. why you don't want to look at facts is your
    problem, not mine.

    fact is, far less than 1% use a passcode on their iphone, even fewer
    have their home button set to "favorites", then a fraction of those even
    lose their iphone in the first place, then couple that with anyone that
    has even heard of this bug in the criminal world and you have far less
    than 5 people that this could affect.



  8. #8
    Kevin Weaver
    Guest

    Re: NEWS: Major security flaw in iPhone update 2.0.2


    "Mike Hofman" <[email protected]> wrote in message
    news:[email protected]
    > In article <[email protected]>,
    > "Kevin Weaver" <[email protected]> wrote:
    >
    >> > not much of a flaw since nobody even uses passcode lock, but even if
    >> > someone did, nobody is going to know about this bug. it's a minor issue
    >> > at best.

    >>
    >> Not much of a problem ? True fanboi. No one is going to know about this
    >> bug
    >> ? You find a iPhone and do a Google on how to unlock passcode, your going
    >> to
    >> find this and others.

    >
    > no fanboy, just a realist. why you don't want to look at facts is your
    > problem, not mine.
    >
    > fact is, far less than 1% use a passcode on their iphone, even fewer
    > have their home button set to "favorites", then a fraction of those even
    > lose their iphone in the first place, then couple that with anyone that
    > has even heard of this bug in the criminal world and you have far less
    > than 5 people that this could affect.


    Where did you get this *Less then 1% figure* from ? Link ?




  9. #9
    DevilsPGD
    Guest

    Re: NEWS: Major security flaw in iPhone update 2.0.2

    In message <C4DB6480.426ABA%[email protected]> Robert Haar
    <[email protected]> wrote:

    >You left out a critical piece. For this to work, the iPhone settings must
    >have the double click of HOME set to Phone Favorites.


    While true, this is the default, and the vast majority of users never
    touch Settings.



  10. #10
    Carl
    Guest

    Re: NEWS: Major security flaw in iPhone update 2.0.2

    Kevin Weaver wrote:
    > "Mike Hofman" <[email protected]> wrote in message
    > news:[email protected]
    >> In article <[email protected]>,
    >> "Kevin Weaver" <[email protected]> wrote:
    >>
    >>>> not much of a flaw since nobody even uses passcode lock, but even
    >>>> if someone did, nobody is going to know about this bug. it's a
    >>>> minor issue at best.
    >>>
    >>> Not much of a problem ? True fanboi. No one is going to know about
    >>> this bug
    >>> ? You find a iPhone and do a Google on how to unlock passcode, your
    >>> going to
    >>> find this and others.

    >>
    >> no fanboy, just a realist. why you don't want to look at facts is
    >> your problem, not mine.
    >>
    >> fact is, far less than 1% use a passcode on their iphone, even fewer
    >> have their home button set to "favorites", then a fraction of those
    >> even lose their iphone in the first place, then couple that with
    >> anyone that has even heard of this bug in the criminal world and you
    >> have far less than 5 people that this could affect.

    >
    > Where did you get this *Less then 1% figure* from ? Link ?
    >

    Yeah, I'm curious about that too. I passcode all of my PDA devices (I have
    3). I have sensitive information on them and would really squirm if one were
    lost.

    Of course, if you're one of those people who just use them as a toy, putting
    just a few of your friends' names and numbers on them, and an occasional
    "Meet Mom at the Mall" message on the Calendar, along with 7GB of heavy
    metal music, that would explain your perspective.

    Some people actually use them as TOOLS, keeping important passwords, bank
    account numbers, social security numbers, important business contacts,
    birthdate information on them, as well as important meeting places on that
    calendar. To NOT password protect them is pure foolhardiness. Though I
    understand that passwords can be broken, at least discourage the majority of
    people, outside of the "pros", who might 'find' your device from tampering
    with it.

    Hey, I had a non-password protected GPS stolen out of my car about a year
    ago. I had all the places I go to programmed into it, including my home
    address and place of business, besides other important destinations. Even
    that relatively inconsequential stripping of my privacy awakened me to the
    dangers of not passcoding. Needless to say, the replacememnt GPS I got
    afterwards is passcoded.





  11. #11
    Mike Hofman
    Guest

    Re: NEWS: Major security flaw in iPhone update 2.0.2

    "Kevin Weaver" <[email protected]> wrote:

    > >> Not much of a problem ? True fanboi. No one is going to know about this
    > >> bug
    > >> ? You find a iPhone and do a Google on how to unlock passcode, your going
    > >> to
    > >> find this and others.

    > >
    > > no fanboy, just a realist. why you don't want to look at facts is your
    > > problem, not mine.
    > >
    > > fact is, far less than 1% use a passcode on their iphone, even fewer
    > > have their home button set to "favorites", then a fraction of those even
    > > lose their iphone in the first place, then couple that with anyone that
    > > has even heard of this bug in the criminal world and you have far less
    > > than 5 people that this could affect.

    >
    > Where did you get this *Less then 1% figure* from ? Link ?


    it's from overall usage patterns. please learn to read.



  12. #12
    Mike Hofman
    Guest

    Re: NEWS: Major security flaw in iPhone update 2.0.2

    "Carl" <[email protected]> wrote:

    > Yeah, I'm curious about that too. I passcode all of my PDA devices (I have
    > 3). I have sensitive information on them and would really squirm if one were
    > lost.
    >
    > Of course, if you're one of those people who just use them as a toy, putting
    > just a few of your friends' names and numbers on them, and an occasional
    > "Meet Mom at the Mall" message on the Calendar, along with 7GB of heavy
    > metal music, that would explain your perspective.


    most people don't even know a passcode option exists.

    > Some people actually use them as TOOLS, keeping important passwords, bank
    > account numbers, social security numbers, important business contacts,
    > birthdate information on them, as well as important meeting places on that
    > calendar. To NOT password protect them is pure foolhardiness. Though I
    > understand that passwords can be broken, at least discourage the majority of
    > people, outside of the "pros", who might 'find' your device from tampering
    > with it.


    it's a TOOL for exactly everyone who uses it.

    > Hey, I had a non-password protected GPS stolen out of my car about a year
    > ago. I had all the places I go to programmed into it, including my home
    > address and place of business, besides other important destinations. Even
    > that relatively inconsequential stripping of my privacy awakened me to the
    > dangers of not passcoding. Needless to say, the replacememnt GPS I got
    > afterwards is passcoded.


    passcoding is a hindrance to usage, and while i doubt you use it, it
    might be good for the most paranoid in society.



  13. #13
    Todd Allcock
    Guest

    Re: NEWS: Major security flaw in iPhone update 2.0.2


    "Mike Hofman" <[email protected]> wrote in message
    news:[email protected]

    > passcoding is a hindrance to usage, and while i doubt you use it...


    Most people with any sense passcode a PORTABLE device that contains
    sensitive information.

    Again, without local file storage, document editors, etc., the only
    "sensitive information" stored on an iPhone might be a rip of the last
    'Panic At The Disco' CD.

    My WinMo device is password protected, and yes, password protection does
    hinder usage, but there are balances. My device autolocks 30 minutes from
    last use (yes, I realize even that presents a risk, but again, it's a
    balance- if I set it up to be more intrusive than than, I'd be less likely
    to use it!) I use a simple PIN rather than complex alphanumeric code (yes,
    again, less secure, but more secure than not using one at all, which would
    be likely if I had to enter a 12-character code at each power up!) And,
    even when locked, the phone can still answer calls, but not dial them (other
    than 911.) In addition I use a separately passcoded "wallet" app to keep
    any financial info, credit card or account numbers, etc.


    > ...it might be good for the most paranoid in society.


    And again, Mr. "just disable the camera with software" Oxford shows a
    complete lack of understanding of how the Enterprise works, (except,
    perhaps, the one Mr. Sulu drove around NBC's primetime schedule in the late
    1960s.) "Real" business phones don't give the end-user a choice- the
    password policies are sent by the server to the phone and can't be changed
    by the end-user.

    You repeatedly claim that the iPhone will bring the entire cellular industry
    to it's knees, yet you have no understanding of how that industry works or
    what customers require from it. Fortunately, Apple isn't as clueless as you
    are, and (also unlike you,) they continue to learn.

    You wait and see how quickly this "non-issue" is fixed. My bet is it's
    within 72 hours- Monday the latest. I'll also bet this became job one for
    the software team as soon as it was discovered.








  14. #14
    4phun
    Guest

    Re: NEWS: Major security flaw in iPhone update 2.0.2

    On Aug 27, 6:54*pm, iPhone News <[email protected]> wrote:
    > 2.0.2 gives almost full access to the iPhone even while under password
    > protection...
    >


    http://digg.com/apple/Apple_Working_..._Security_Flaw

    Apple Working on IPhone Update to Fix Security Flaw (Update2)

    By Connie Guglielmo
    Enlarge Image/Details

    Aug. 28 (Bloomberg) -- Apple Inc. is readying a software update for
    the iPhone, fixing a security flaw in the device that gives
    unauthorized access to contacts and e-mails.

    ``We are aware of this bug,'' Apple spokeswoman Jennifer Bowcock said
    today in an e-mailed statement. She declined to say when the update
    would be available. Customers can avoid the problem by changing their
    settings, Bowcock said.

    Apple released a faster version of the Web-surfing iPhone in July,
    selling 1 million in the first three days, as part of a plan to win
    customers away from rivals Research In Motion Ltd. and Samsung
    Electronics Co. Apple put out a software update last week to improve
    network connections after some iPhone users complained about dropped
    calls and sound quality.

    ``Apple needs to fix the software ASAP, but so far demand seems
    strong,'' said Gene Munster, an analyst with Piper Jaffray & Co. in
    Minneapolis. He recommends buying the shares, which he doesn't own.
    ``The iPhone software has been rocky, but it does not seem to be
    impacting demand.''

    The average Apple retail store is selling 94 phones a day, compared
    with 21 per day a year ago, Munster said. The original device debuted
    in June 2007.






  15. #15
    Larry
    Guest

    Re: NEWS: Major security flaw in iPhone update 2.0.2

    4phun <[email protected]> wrote in news:4862807d-81c5-4b24-b2d9-
    [email protected]:

    > as part of a plan to win
    > customers away from rivals Research In Motion Ltd. and Samsung
    > Electronics Co. Apple put out a software update last week to improve
    > network connections


    What "plan"? Did they PLAN on it trashing ATT??

    Who writes this ****, you?




  • Similar Threads







  • Quick Reply Quick Reply

    If you are already a member, please login above.