Posted on 06/25/2010 12:17:10 PM PDT by PugetSoundSoldier
Do you have a PIN code on your iPhone? Well, while that might protect you from someone making a call or fiddling with your apps, it doesn’t prevent access to your data … as long as the person doing the snooping around is using Ubuntu “Lucid Lynx” 10.04.
Security experts Bernd Marienfeldt and Jim Herbeck discovered something really interesting when they hooked up a non-jailbroken, fully up-to-date iPhone 3GS to a PC running Lucid Lynx …
I uncovered a data protection vulnerability [9], which I could reproduce on 3 other non jail broken 3GS iPhones (MC 131B, MC132B) with different iPhone OS versions installed (3.1.3-7E18 modem firmware 05.12.01 and version 3.1.2 -7D11, modem 05.11.07) , all PIN code protected which means the vulnerability bypasses authentication for various data where people most likely rely on data protection through encryption and do not expect that authentication is not in place.
(Excerpt) Read more at zdnet.com ...
You are rude. You reference me derogatorily... and then completely mischaracterize my statement. And you don't bother to include me in your TO: field. You have no awareness of netiquette on FreeRepublic????
I merely asked for PROOF of the claim that other phones were immune to being also breeched in such a manner instead of just asserting it. I do expect proof... not just assertions. You should know that... but then You make assertions and don't provide adequate proof all the time.
He's wrong, even about theoretical and real... the transfer rate is FAR different than he claims for USB 2.0. His own LINK proves his assertion completely false.
So FOUR seconds to move 800MegaBytes??? You better tell the USB standards people you are doing magic with your USB... since that is counter to what is possible.
So, now, how long would it take you to copy 8GIGABYTES of data from that iPhone, Puget???? Six minutes, 25 seconds.
Then you learned a lie.
That is a mischaracterization of the anti-Trojan filter that is built into OSX.
It is NOT designed to prevent the invasion of a virus. You and PugetSoundSoldier spreading this disinformation is deliberate FUD. Apple does not claim it does that. Apple claims only that it will help prevent downloading Trojan Horse Applications.
The reason you aren't seeing too much hullaballoo about this is that iPhone connectivity IS a new feature of Linux. And it isn't even that new. Back in February, it was reported that It is the result of a specific project to make the iPhone accessible to Linux users.
"It happened thanks to Marcan (and the other fellows) from usbmuxd. The libgpod and GNOME integration is mainly from Bastien Nocera of GNOME and Fedora fame. usbmuxd/gtkpod/libiphone etc. are the one who deserve credits for that.
In addition, the design of the USB connectivity allows access to the PUBLIC portion of the iPhone... pictures, music, podcasts, etc., Later reports say BUT NOT, email, contact lists, notepad notes, apps, favorites, browsing history, etc. You can see the folders, but any contents in those folders is apparently invisible. There is some discussion about whether this can be gotten around or not... and some of the Linux geeks are working on it.
Apple has placed this commentary on their website about iOS4's latest iPhone security for business users:
Securing your data.Device policies, restrictions and strong encryption methods on iPhone provide a layered approach to keeping your information secure. iPhone uses AES 256-bit hardware encryption to protect all data at rest. To further secure mail messages and attachments iPhone uses Data Protection which leverages the unique device passcode to generate the encryption key. And, in the event of a lost or stolen iPhone, all data and settings can be cleared by issuing a remote wipe command from Exchange or a Mobile Device Management server.
What's amazing is that these guys who wrote this article are treating it as a "discovery" when it went around the blogosphere in February when the guys who designed announced it and a lot of Linux iPhone wanna be users were ecstatic about it and its potential for opening up iPhones and iPod touches to them.
So you’re resorted to demanding someone prove a negative.
Wow how quickly your logic has tanked.
Actually I was suggesting that you shouldn't bother, Mac users have always been small groups.
Neat trick turning what I said, to be an insult to SwordMaker.
man I’m confused. What you said can clearly be used to say swordmaker should post here.
Goose gander thing.
That's the strongest AES, but not necessarily the strongest encryption. The selection standard for AES wasn't just about security, but also ease of implementation and speed. For example, Serpent was generally considered more secure than Rijndael (what became AES), but difficulties in implementation and (IIRC) performance issues for Serpent helped lead to Rigndael winning.
That's great, and a serious battery saver. Encryption is hard on a processor, most modern desktop processors take about ten cycles to encrypt one byte. I remember the VIA chip a while back that came with hardware AES, and turning on encryption resulted in very little performance hit. The Core i5 got partial acceleration (a few of the AES encryption functions got their own instruction and hardware support), and a dual-core i5 could then blow away a faster quad-core i7 in encryption -- up to twice as fast.
The DCIM folder, right down to the name, follows the standard for digital cameras. This allows image downloading just like any other digital camera, into iPhoto or Lightbox or Picasa or whatever software you use. I don't know if those specifications allow for encryption or access control (password or PIN); I have never run across a password-protected digital camera.
There are apps, including free ones, that create a hidden and encrypted image library. Some of them even include the camera functionality, so you can shoot straight into the hidden library, and several are free. So image security is available if it's a concern.
And have YOU published a retraction of your generalized claim to everyone on this thread about how EASY it would be to steal the data on an iPhone in 20 seconds? NO. You haven't... you have allowed dayglored to make to correction for you, effectively on page 27Z of the thread. Where most of those who saw your hyperbolic claim of copying the data from an iPhone in 20 seconds WILL NEVER SEE THE CORRECTION... which YOU DIDN'T MAKE CLEAR!
Quite frankly, NO ONE reads through hundreds of posts to see if someone else has corrected blatantly wrong posts such as yours. I corrected it not for you but for the other readers... posting the correct information. I've gotten used to YOU posting mis-information. I am just cleaning up after you.
Had you PINGED me to this thread, as most people do for Apple threads as a courtesy so that I can ping the list, I would not have come to it late... and that would not have happened... I would have been involved in a more timely manner. But, you did not... preferring to keep me in the dark about it's existence.
I never made that claim, you dolt!
And I did NOT address that demand for proof to you, Puget. I asked for-q-clinton for proof of his assertion. I only explained that it to you when YOU criticized me for asking for it. How does that me me a dolt? You again seem to have a reading comprehension problem.
Puget, I never called you a "GD EVIL LIAR." I have called you "vile" and a "liar." I stand by those because I have developed those as an opinion based on your actions in another thread and the untruthefullness of many of your statements and your unwillingness to admit that they are when presented with their untruthfullness. I have never called you evil... or damned you.
You do change my words, putting in quotation marks things I have never written or said, "straw man" points to knock down—having been a championship level debater, as a practice in a debate, I will tell you it will get you disqualified. I find that reprehensible—but that probably is just ignorance of proper etiquette and behavior; it's not evil.
You want to know why the stereotype of the "Mac Fanboi" exists, Swordmaker? Because of people just like you. You're the cause, fanboi.
I am invariably polite and fair to people who tell the truth... but if you stretch the truth and distort the information and provide mis-information you will not find me accepting of your offerings... I will call you on it. First I will point out your error... If you continue to post it, then I will know that you are doing it deliberately and you have labeled yourself as a disruptor... with no interest in the truth. I have no patience for people like that. You have proven yours self many times over. Your refusal to make a distinction between an iPhone that has been jailbroken and a factory standard iPhone is proof enough.
Now go back to your Jobs worship. I'm sure kneeling in front of him is a normal position for you!
You, like most of your ilk, do what you have done in this post to me... you have resorted to ad hominem attacks. You are irrational in your hatred of Apple and Apple products.
there you go parsing words again. Let's just stick with the industry terms ok. I know EVERYONE refers to AV softare and it means anything from anti-trojan, anti-malware, anti-virus, anti-you don't want this on your computer software as Anti-Virus.
Some are more robust than others. Some only detect and block spyware otheres may block malware and others can scan the system to detect issues and use hueristics to determine if it's malicious.
So we agree that OS X has software to block trojans. All you are doing is arguing over the industry accepted name of such software. Sure it may be a crappy and limited version of anti-virus software but that's what it is.
Says the man who just got through calling me a vile liar, and has consistently done so...
Read the thread, who started out the crap here? Wasn't me, Swordmaker, but one of your fellow Macolytes.
Buh bye, Swordmaker!
Swordmaker => thanks again for maintaining this ping list and for putting up with those who would abuse it.
No, I was asking for YOUR evidence of your claim. If you can prove your assertion, fine. You were the one who was making the extraordinary claim... without evidence.
My point was exactly that. You made an assertion Ex CVathedra sans evidence... no logic in that at all... I called you on it.
All I did was request proof. If you can provide it, wonderful. I'll examine it. You haven't bothered... so I doubt it exists. Therefore, I suspect you pulled the "fact" out of some nether orifice.
Disclaimer: Opinions posted on Free Republic are those of the individual posters and do not necessarily represent the opinion of Free Republic or its management. All materials posted herein are protected by copyright law and the exemption for fair use of copyrighted works.