03-21-11 01:16 PM
95 1234
tools
  1. CranBerry413's Avatar
    So now the devices are incapable? What?

    And your second part of the posts was directed at me, but I think you meant to direct it at someone else.
    Incapable of defending themselves from being removed. Not incapable as Operating Systems, but the facet of keeping themselves as the primary OS on a device. Apple & Google do not want their products circumvented in this was.

    As for the 2nd part, that was for another post. I didn't reply to it specifically.

    None of my posts are meant as Malicious attacks.

    Posted from my CrackBerry at wapforums.crackberry.com
    03-16-11 03:23 PM
  2. avt123's Avatar
    Incapable of defending themselves from being removed. Not incapable as Operating Systems, but the facet of keeping themselves as the primary OS on a device. Apple & Google do not want their products circumvented in this was.

    As for the 2nd part, that was for another post. I didn't reply to it specifically.

    None of my posts are meant as Malicious attacks.

    Posted from my CrackBerry at wapforums.crackberry.com
    But the fact remains. Being rooted or being jailbroken does not make you any less safe then remaining stock. It is the user who makes it less safe by enabling certain permissions.

    I have had my Android devices rooted since day one. I have not had any problems and as far as I know, I have not been attacked. All of my iPhone except for the one I have now were all jailbroken as well, and I never had any problems.

    Also, the OS are still the same. A jailbroken iOS device is still running iOS. It just has certain access and a new app store. A rooted Android device is still running the same Android version you were running before it was rooted. You now just have access to system files and some other useful things.
    Last edited by avt123; 03-16-11 at 03:41 PM.
    03-16-11 03:38 PM
  3. CranBerry413's Avatar
    Understandable. However, you cannot take a Jailbroken Apple phone to Apple. They will send you away, and that can't be for just no reason.

    I'm all for manipulating an OS. Tearing it down, Smacking it around. (Heck, I use Linux on my Laptop, booted from a Jumdrive.) But the idea that I can dismiss certain barriers in the code is a Hack. Pure & Simple.

    Posted from my CrackBerry at wapforums.crackberry.com
    03-16-11 04:28 PM
  4. avt123's Avatar
    Understandable. However, you cannot take a Jailbroken Apple phone to Apple. They will send you away, and that can't be for just no reason.
    Yea because you voided their warrantee. Apple like their things locked down. If you open up their own software, they do not like that. And by open up, I mean add more features that they did not implement, and have access to an app store they do not approve of people they make no money off of it.

    I'm all for manipulating an OS. Tearing it down, Smacking it around. (Heck, I use Linux on my Laptop, booted from a Jumdrive.) But the idea that I can dismiss certain barriers in the code is a Hack. Pure & Simple.

    Posted from my CrackBerry at wapforums.crackberry.com
    Not saying it's not a hack. But there is a difference between a user applied hack, and a maliciously applied hack. Both have different intentions.
    03-16-11 04:34 PM
  5. belfastdispatcher's Avatar
    But the fact remains. Being rooted or being jailbroken does not make you any less safe then remaining stock. It is the user who makes it less safe by enabling certain permissions.

    I have had my Android devices rooted since day one. I have not had any problems and as far as I know, I have not been attacked. All of my iPhone except for the one I have now were all jailbroken as well, and I never had any problems.

    Also, the OS are still the same. A jailbroken iOS device is still running iOS. It just has certain access and a new app store. A rooted Android device is still running the same Android version you were running before it was rooted. You now just have access to system files and some other useful things.
    Actually I believe Android has been successfully(to some extent) installed on Iphone.

    Posted from my CrackBerry at wapforums.crackberry.com
    03-16-11 04:35 PM
  6. avt123's Avatar
    Actually I believe Android has been successfully(to some extent) installed on Iphone.

    Posted from my CrackBerry at wapforums.crackberry.com
    What does that have to do with anything I just said?

    You are talking about porting an OS to different hardware, I was talking about rooting.

    Even when you port Android to the iPhone, it is still Android. It is still built from source. It is just running on different hardware. Android has been ported to many different types of hardware. The OS is still the same. Rooted or not (when rooted the user just has more control).
    03-16-11 04:38 PM
  7. CranBerry413's Avatar
    Yea because you voided their warrantee. Apple like their things locked down. If you open up their own software, they do not like that. And by open up, I mean add more features that they did not implement, and have access to an app store they do not approve of people they make no money off of it.



    Not saying it's not a hack. But there is a difference between a user applied hack, and a maliciously applied hack. Both have different intentions.
    And the intentions are a major point. But, the point in question is whether the Operating Systems can be. To that point, people are doing this simple (Non-Malicious I might add) hack all the time.

    But that is My Point. This happens regularly, and is considered to be standard for many End Users. Even if this is a relatively safe, non-attacking form of Hacking, it's still Hacking. The company produced this device (Google/Apple, whoever) is always going to feel as they are attacked, wronged, and stolen from.

    Posted from my CrackBerry at wapforums.crackberry.com
    03-16-11 04:46 PM
  8. belfastdispatcher's Avatar
    "A jailbroken iOS device is still running iOS"
    My point was a jailbroken iOS device can run Android too

    Posted from my CrackBerry at wapforums.crackberry.com
    03-16-11 04:56 PM
  9. avt123's Avatar
    And the intentions are a major point. But, the point in question is whether the Operating Systems can be. To that point, people are doing this simple (Non-Malicious I might add) hack all the time.

    But that is My Point. This happens regularly, and is considered to be standard for many End Users. Even if this is a relatively safe, non-attacking form of Hacking, it's still Hacking. The company produced this device (Google/Apple, whoever) is always going to feel as they are attacked, wronged, and stolen from.

    Posted from my CrackBerry at wapforums.crackberry.com
    It is only Apple who does not support jailbreaking. As far as I know, Google can care less about it. Their OS is open source. They expect people to play with it.

    Like I said, Apple likes keeping things locked down. They do not like it because they lose complete control over the device. They do not like that when you jailbreak the device, the device is really yours. You have free reign to install whatever you want. Apple only likes you to have what they want and they aprove. Stock iPhones, even though you paid for it, Apple basically still considers it their property.

    Also, the last time I saw information about iPhones jailbroken/not jailbroken, less than 10% were jailbroken. I am sure the number is higher now though.
    03-16-11 04:57 PM
  10. avt123's Avatar
    "A jailbroken iOS device is still running iOS"
    My point was a jailbroken iOS device can run Android too

    Posted from my CrackBerry at wapforums.crackberry.com
    Dual booting is a totally different story.

    And you don't need to be jailbroken to run iOS. I am pretty sure you can completely wipe the device and just run Android.

    And even with your point, my point still stands. Even if iOS is jailbroken, it is still iOS. And if the device is also running Android, Android is still Android. Rooted or not.
    03-16-11 05:02 PM
  11. howarmat's Avatar
    "A jailbroken iOS device is still running iOS"
    My point was a jailbroken iOS device can run Android too

    Posted from my CrackBerry at wapforums.crackberry.com
    ok but you dont automatically have android running just from jailbreaking the device. that involves MUCH more user action to do that
    03-16-11 05:04 PM
  12. CranBerry413's Avatar
    I'm not too sure about Google not caring. All companies want to make maintain some sort of control on their products. Even if Apple is (as I like to call them) a Totalitarian Regime, you still immigrate there when you buy their product.

    If you want to stick it to Apple, Do so. I have no issue with you giving to Apple. However, just know that you are doing so by Hacking them. Same thing with a Google phone. When you root, you're hacking them too.

    This same methodology is just not common on a BlackBerry. I am sure that it can/has been done, somewhere somehow. But the Common Man just isn't doing it.

    Posted from my CrackBerry at wapforums.crackberry.com
    03-16-11 05:11 PM
  13. _StephenBB81's Avatar
    If it has a browser, it's vulnerable to attack.
    Very true!

    But what I think the point was that the browser should be in it's own "pod" for lack of better word, so compromising the pod, will not compromise the date, IF they think security from the ground up ( which I really DON'T believe RIM is doing these days), the Hack into the Browser would not then release all contact information/images without being given access,

    BUT seeing as RIM doesn't enforce any sort of Security rulings, and HAS an "allow all" permissions access to apps I don't have faith they will make the Playbook and subsequent QNX devices as secure as they could with the micro kernel idea applied to a higher level UI
    03-16-11 05:13 PM
  14. _StephenBB81's Avatar
    I'm not too sure about Google not caring. All companies want to make maintain some sort of control on their products. Even if Apple is (as I like to call them) a Totalitarian Regime, you still immigrate there when you buy their product.

    If you want to stick it to Apple, Do so. I have no issue with you giving to Apple. However, just know that you are doing so by Hacking them. Same thing with a Google phone. When you root, you're hacking them too.

    This same methodology is just not common on a BlackBerry. I am sure that it can/has been done, somewhere somehow. But the Common Man just isn't doing it.

    Posted from my CrackBerry at wapforums.crackberry.com

    I truly believe that Google does not Care about the Rooting of their OS, it is a hobbiest OS fully, they built it as such and market it to OEM's to modify with their own parts, the Android OS is made to give simple access to root controls, but not direct access without a bit of work, kind of like a Windows Install that requires an admin password to make changes, once you know the password tinker away! don't give the password to your grandma.

    I believe if a device can be remotely rooted/jailbroken by visiting a website, or if a means of sending data back to the device when connected to a wireless network can gain you access to root/jailbreak then you have grounds for saying it is extremely insecure, but if one must physically be using the device to do it or be connected via wire to do it, then it is not a real security liability
    03-16-11 05:17 PM
  15. avt123's Avatar
    I'm not too sure about Google not caring. All companies want to make maintain some sort of control on their products. Even if Apple is (as I like to call them) a Totalitarian Regime, you still immigrate there when you buy their product.

    If you want to stick it to Apple, Do so. I have no issue with you giving to Apple. However, just know that you are doing so by Hacking them. Same thing with a Google phone. When you root, you're hacking them too.

    This same methodology is just not common on a BlackBerry. I am sure that it can/has been done, somewhere somehow. But the Common Man just isn't doing it.

    Posted from my CrackBerry at wapforums.crackberry.com
    Google posts their source code online for all to see and build upon. They expect people to tamper with the software. Even HTC has been known to help people with rooted Android device (manufactured by HTC or course). Moto is one of the only manufacturers that put a locked bootloaded on their devices to try and prevent custom ROMs and other things obtained by rooting.

    Google already allows you to download outside of their official app store. Google already allows you to use other app stores that are not their own, and pay through those app stores.

    Google does however show an iron first when it comes to hack being uploaded into their app store.
    03-16-11 05:21 PM
  16. avt123's Avatar
    I truly believe that Google does not Care about the Rooting of their OS, it is a hobbiest OS fully, they built it as such and market it to OEM's to modify with their own parts, the Android OS is made to give simple access to root controls, but not direct access without a bit of work, kind of like a Windows Install that requires an admin password to make changes, once you know the password tinker away! don't give the password to your grandma.

    I believe if a device can be remotely rooted/jailbroken by visiting a website, or if a means of sending data back to the device when connected to a wireless network can gain you access to root/jailbreak then you have grounds for saying it is extremely insecure, but if one must physically be using the device to do it or be connected via wire to do it, then it is not a real security liability
    Completely agreed.

    Manufacturers already need root access to mess with stock Android and create their own skins and add their own features and so on. They then lock it back up when they release it to users.
    03-16-11 05:22 PM
  17. Thyth's Avatar
    Absence of address space layout randomization, absence of non-executable stack. No sandboxing or additional security measures. It's about what you would expect a computing platform would have in 2004.

    That there's an exploit in WebKit isn't troubling. Web rendering engines are extremely complex beasts. Despite its flaws, WebKit is still the best software of its type.

    What is extremely troubling is that RIM did not incorporate well known, well characterized, simple, and effective measures like ASLR and DEP in their mobile operating system. These measures might not stop successful exploitation of every bug, but their absence really says a lot about RIM's supposed focus on security.

    I said it last year when they bought TorchMobile: WebKit vastly increases the native-code surface area of the mobile platform and if they didn't take the implications of that seriously, exactly this would happen.

    This isn't comparable to rooting a device that you own. Rather, this is the sort of thing that corporate spies dream of -- spear phish a CEO with a link in an email, take over the device, use it as an entry-point to a corporate network and lift sensitive data, all without alerting the user.

    You can bet that good security conscious CIOs and consultants will be closely watching how RIM deals with this.
    sivan and Culex316 like this.
    03-18-11 12:11 AM
  18. belfastdispatcher's Avatar
    Absence of address space layout randomization, absence of non-executable stack. No sandboxing or additional security measures. It's about what you would expect a computing platform would have in 2004.

    That there's an exploit in WebKit isn't troubling. Web rendering engines are extremely complex beasts. Despite its flaws, WebKit is still the best software of its type.

    What is extremely troubling is that RIM did not incorporate well known, well characterized, simple, and effective measures like ASLR and DEP in their mobile operating system. These measures might not stop successful exploitation of every bug, but their absence really says a lot about RIM's supposed focus on security.

    I said it last year when they bought TorchMobile: WebKit vastly increases the native-code surface area of the mobile platform and if they didn't take the implications of that seriously, exactly this would happen.

    This isn't comparable to rooting a device that you own. Rather, this is the sort of thing that corporate spies dream of -- spear phish a CEO with a link in an email, take over the device, use it as an entry-point to a corporate network and lift sensitive data, all without alerting the user.

    You can bet that good security conscious CIOs and consultants will be closely watching how RIM deals with this.
    Could this happen even if the said CEO's blackberry has an IT policy that doesn't allow any apps to be installed on the device or at least to ask for the device password before installing anything? Just curious. I would expect even the camera on that device to be disabled.

    Posted from my CrackBerry at wapforums.crackberry.com
    03-18-11 02:44 AM
  19. MrObvious's Avatar
    Apparently you don't understand how exploits work. They run some code by crafting a vulnerability though the vulnerable application (usually buffer overflow) and then do as they please. This happens without the user's knowledge and usually can give more access to the bad guys than they should have.

    Posted from my CrackBerry at wapforums.crackberry.com
    03-18-11 03:32 AM
  20. belfastdispatcher's Avatar
    Apparently you don't understand how exploits work. They run some code by crafting a vulnerability though the vulnerable application (usually buffer overflow) and then do as they please. This happens without the user's knowledge and usually can give more access to the bad guys than they should have.

    Posted from my CrackBerry at wapforums.crackberry.com
    Nope, I don't really. So what ways to prevent this are there? Just don't click on the link? Personally I keep javascrip off until I need it on as it does slow down the browser a bit.

    Posted from my CrackBerry at wapforums.crackberry.com
    03-18-11 05:51 AM
  21. JRSCCivic98's Avatar
    Sure, don't click on a link, but the scripting can be embedded into anything that would require the browser to look at (in this case). Heck, if someone wanted to, they could drop similar code into an ad running on a regular site people may visit. How do you think people get hijacked when surfing legit sites but somehow still pick up crap on their PCs. The Antivirus2009 type infections are all about ad injections and panic clicking by the user. It's very easy to mess with someone and even a higher than average user could get caught unexpectedly, especially if they leave a webpage open unattended and that page cycles ads every so often. When the new ad with injected code comes up in the rotation, the user isn't around to catch it and poof, infected system. You need to remember that if the code hasn't been deemed malicious yet, no security app will catch it. That's why malware is easier for people to catch than a virus.
    03-18-11 08:41 AM
  22. i7guy's Avatar
    Absence of address space layout randomization, absence of non-executable stack. No sandboxing or additional security measures. It's about what you would expect a computing platform would have in 2004.

    That there's an exploit in WebKit isn't troubling. Web rendering engines are extremely complex beasts. Despite its flaws, WebKit is still the best software of its type.

    What is extremely troubling is that RIM did not incorporate well known, well characterized, simple, and effective measures like ASLR and DEP in their mobile operating system. These measures might not stop successful exploitation of every bug, but their absence really says a lot about RIM's supposed focus on security.

    I said it last year when they bought TorchMobile: WebKit vastly increases the native-code surface area of the mobile platform and if they didn't take the implications of that seriously, exactly this would happen.

    This isn't comparable to rooting a device that you own. Rather, this is the sort of thing that corporate spies dream of -- spear phish a CEO with a link in an email, take over the device, use it as an entry-point to a corporate network and lift sensitive data, all without alerting the user.

    You can bet that good security conscious CIOs and consultants will be closely watching how RIM deals with this.
    1. Could you share how you know how the underpinnings of an undocumented operating system work?
    2. ASLR and DEP does not really prevent hacking on an intel platform, does it? (read: Windows and Mac OS, actually these days everthing is being hacked.)
    03-18-11 08:47 AM
  23. i7guy's Avatar
    Sure, don't click on a link, but the scripting can be embedded into anything that would require the browser to look at (in this case). Heck, if someone wanted to, they could drop similar code into an ad running on a regular site people may visit. How do you think people get hijacked when surfing legit sites but somehow still pick up crap on their PCs. The Antivirus2009 type infections are all about ad injections and panic clicking by the user. It's very easy to mess with someone and even a higher than average user could get caught unexpectedly, especially if they leave a webpage open unattended and that page cycles ads every so often. When the new ad with injected code comes up in the rotation, the user isn't around to catch it and poof, infected system. You need to remember that if the code hasn't been deemed malicious yet, no security app will catch it. That's why malware is easier for people to catch than a virus.
    On my desktop I surf in a sandboxed, snapshot, virtual linux machine. I don't worry about virus and malware. My phone, I don't worry about it period.
    03-18-11 08:49 AM
  24. JRSCCivic98's Avatar
    On my desktop I surf in a sandboxed, snapshot, virtual linux machine. I don't worry about virus and malware. My phone, I don't worry about it period.
    Pretending that you can't be infected simply because you're sandboxes doesn't make it true. You VM session would still get owned and if you don't notice it, it can still steal whatever is on the VM config anyway. Sure, you may not have anything in the VM because you might use it just for browsing, but you cannot expect a regular user to do that for normal conditional use.
    03-18-11 11:55 AM
  25. i7guy's Avatar
    Pretending that you can't be infected simply because you're sandboxes doesn't make it true. You VM session would still get owned and if you don't notice it, it can still steal whatever is on the VM config anyway. Sure, you may not have anything in the VM because you might use it just for browsing, but you cannot expect a regular user to do that for normal conditional use.
    Who's pretending? I do my surfing, then shut down the vm reverting to snapshot. If I've been infected it goes away.

    As far as "regular users" I don't know the "they" do or not. I only know what I do.
    03-18-11 12:41 PM
95 1234
LINK TO POST COPIED TO CLIPBOARD