The official iPhone thread
- Status
OP
gxsaurav
You gave been GXified
infra_red_dude said:
Nah, I like some of there hardware, but don't find there software worth while of use.
Just take the example of iPhone itself, very capable hardware but pathetic software backend. Just look at the UI, it is the only thing which looks so cool
faraaz
Evil Genius
@arya: I don't think iMav meant anything by it. You're just jumping the gun there a bit...
And I fully agree with Gaurav, Mac has some awesome hardware but sh!tty software. In fact, I'm sorely tempted to go out and buy a Macbook Pro, then just put Windows and Linux on it because I love the looks and the configurations available.
But I'm not going to do that, because Mac is totally overpriced...another thing I hate about them.
And I fully agree with Gaurav, Mac has some awesome hardware but sh!tty software. In fact, I'm sorely tempted to go out and buy a Macbook Pro, then just put Windows and Linux on it because I love the looks and the configurations available.
But I'm not going to do that, because Mac is totally overpriced...another thing I hate about them.
aryayush
Aspiring Novelist
Yeah, totally explains why people buy Macs just to run Mac OS X. Go to any Apple forum and ask them what is the one thing Apple can do to completely jeopardise Mac sales.faraaz said:
The answer: license Mac OS X. As good and well designed as the hardware is, they will hardly be able to sell any at the current margins if Mac OS X is not exclusive to it. Mac OS X is more important to Apple than iPods are. It is the single most important product in their entire lineup.
OP
gxsaurav
You gave been GXified
aryayush said:
Lolz.....iPod saved Apple from going bankrupt.
This kind of philosophy itself explains how pathetic Mac OS X backend is & how less features it provides. An example is the license to use MAPI in Apple Mail. They can do it but they won't.
They don't even have there own kernel
iTunes is a rip of SoundJam
Aqua, based on X.org
They rely on Microsoft for things & still say MS sux, you can just look at the jealousy Apple has from Microsoft
infra_red_dude
Wire muncher!
even i think so! coz the tag line apple used (or even uses) is: "from the makers of the ipod!" and NOT "from the makers of the mac"!!!!gx_saurav said:
darwin is their own kernel. its not a total rip off. its a fork of the bsd kernel.gx_saurav said:
soundjam was kinda taken over and developed as itunes. not a rip off.gx_saurav said:
no, it is not. not at all!gx_saurav said:
no sir, gnome is the big bro....gx_saurav said:
OP
gxsaurav
You gave been GXified
infra_red_dude said:
Still, not originally made by Apple. Thats the point.
Oh...k
I thought since it is using a UNIX derivative kernel they all must be running some sort of X.org or Xserver. I guess Aqua itself is Xserverinfra said:
Lolz....even the so called gr8 UI of Mac is not Apple's own
infra_red_dude
Wire muncher!
no, what i meant was that gnome existed before aqua.gx_saurav said:Lolz....even the so called gr8 UI of Mac is not Apple's own
24online
ॐ
Re:Bug Lets Hackers Take Over iPhone
Bug Lets Hackers Take Over iPhone
Researchers at Independent Security Evaluators claim they've developed a proof-of-concept exploit for a bug, and they'll give the details about it at BlackHat.
A team of security researchers say they have discovered a security flaw in Apple's iPhone that would allow an attacker to take nearly complete control over a target device. The group, which works for consulting and assessment firm Independent Security Evaluators (ISE), is withholding technical details until August 2 in order to give Apple time to fix the problem. They do claim, however, to have successfully exploited the vulnerability, and have posted a video of an attack on their website.
The vulnerability--known as a buffer overflow--lies in the Safari web browser built into the iPhone, said team member Charlie Miller.
By directing the browser to a web page containing malicious code, Miller says that his team has forced an iPhone to connect to a server and personal information contained on the device, including previous SMS text messages, contact information, call history, and voice mail data. By modifying the malicious code, an attacker could also have forced the phone to call out, send text messages, or record audio.
The ISE team noted several techniques an attacker could use to trick a user into accessing a malicious web site, including links embedded in email or online forum posts.
A more subtle attacker could set up a wireless router disguised as a free public access point, and then inject the malicious code into any page an iPhone user attempts to access.
The video on the team's website shows just such an attack on a device attempting to access the New York Times website. As the iPhone can be configured to connect to wireless networks without asking the user, this could present a particularly effective attack.
Though browser vulnerabilities are not uncommon, Miller believes that this one is particularly bad because of weaknesses in the underlying security architecture of the iPhone. Apple's approach, he says, appears to have focused on limiting the applications on the device and restricting how it can be accessed, rather than handling those applications in a secure fashion. Most significantly, iPhone appears to run applications with full administrative rights, giving a successful attacker those same privileges.
"Unfortunately," the ISE team concluded in their paper, "once an iPhone application is breached by an attacker, very little prevents an attacker from obtaining complete control over the system."
The ISE team released a draft whitepaper July 19 outlining the flaw. After reading the whitepaper, Paul Henry, Secure Computing's Vice President of Technology Evangelism, agreed with Miller's assessment of the iPhone's security architecture. "Apple seems to have literally abandoned a core principle of the unix operating system: the rule of least privilege."
Henry asserts, however, that the real underlying issue is inherent in the drive to put more functionality on smaller devices. "You simply don't have the processing power on something like a phone to be able to handle properly securing it," he told CRN. "Running applications as root--that's a horsepower issue with the phones themselves. They're trying to keep the CPU utilization down to acceptable levels to get that performance experience for the user."
While Miller emphasized that vulnerabilities are an inevitable part of every piece of software and every computing device, he also argued that Apple's reputation for security may have less to do with technical prowess than it's relatively small user base.
"This wasn't an easy bug to find, but it wasn't that hard either," Miller told CRN. "If people had been looking at Safari as hard as they look at Internet Explorer, this would have turned up awhile ago. Unfortunately, they may end up being victims of their own success."
Miller says that the vulnerability also exists in the Mac OS X and Windows versions of Safari, but that he was uncertain if it would be exploitable on either platform as a practical matter. While a successful attack on the Mac or Windows versions could be serious, in neither case would the attacker gain the degree of access the ISE team claims to have achieved on the iPhone.
Apple has not responded to requests for comment.
*www.informationweek.com/news/showArticle.jhtml?articleID=201200568
Bug Lets Hackers Take Over iPhone
Researchers at Independent Security Evaluators claim they've developed a proof-of-concept exploit for a bug, and they'll give the details about it at BlackHat.
A team of security researchers say they have discovered a security flaw in Apple's iPhone that would allow an attacker to take nearly complete control over a target device. The group, which works for consulting and assessment firm Independent Security Evaluators (ISE), is withholding technical details until August 2 in order to give Apple time to fix the problem. They do claim, however, to have successfully exploited the vulnerability, and have posted a video of an attack on their website.
The vulnerability--known as a buffer overflow--lies in the Safari web browser built into the iPhone, said team member Charlie Miller.
By directing the browser to a web page containing malicious code, Miller says that his team has forced an iPhone to connect to a server and personal information contained on the device, including previous SMS text messages, contact information, call history, and voice mail data. By modifying the malicious code, an attacker could also have forced the phone to call out, send text messages, or record audio.
The ISE team noted several techniques an attacker could use to trick a user into accessing a malicious web site, including links embedded in email or online forum posts.
A more subtle attacker could set up a wireless router disguised as a free public access point, and then inject the malicious code into any page an iPhone user attempts to access.
The video on the team's website shows just such an attack on a device attempting to access the New York Times website. As the iPhone can be configured to connect to wireless networks without asking the user, this could present a particularly effective attack.
Though browser vulnerabilities are not uncommon, Miller believes that this one is particularly bad because of weaknesses in the underlying security architecture of the iPhone. Apple's approach, he says, appears to have focused on limiting the applications on the device and restricting how it can be accessed, rather than handling those applications in a secure fashion. Most significantly, iPhone appears to run applications with full administrative rights, giving a successful attacker those same privileges.
"Unfortunately," the ISE team concluded in their paper, "once an iPhone application is breached by an attacker, very little prevents an attacker from obtaining complete control over the system."
The ISE team released a draft whitepaper July 19 outlining the flaw. After reading the whitepaper, Paul Henry, Secure Computing's Vice President of Technology Evangelism, agreed with Miller's assessment of the iPhone's security architecture. "Apple seems to have literally abandoned a core principle of the unix operating system: the rule of least privilege."
Henry asserts, however, that the real underlying issue is inherent in the drive to put more functionality on smaller devices. "You simply don't have the processing power on something like a phone to be able to handle properly securing it," he told CRN. "Running applications as root--that's a horsepower issue with the phones themselves. They're trying to keep the CPU utilization down to acceptable levels to get that performance experience for the user."
While Miller emphasized that vulnerabilities are an inevitable part of every piece of software and every computing device, he also argued that Apple's reputation for security may have less to do with technical prowess than it's relatively small user base.
"This wasn't an easy bug to find, but it wasn't that hard either," Miller told CRN. "If people had been looking at Safari as hard as they look at Internet Explorer, this would have turned up awhile ago. Unfortunately, they may end up being victims of their own success."
Miller says that the vulnerability also exists in the Mac OS X and Windows versions of Safari, but that he was uncertain if it would be exploitable on either platform as a practical matter. While a successful attack on the Mac or Windows versions could be serious, in neither case would the attacker gain the degree of access the ISE team claims to have achieved on the iPhone.
Apple has not responded to requests for comment.
*www.informationweek.com/news/showArticle.jhtml?articleID=201200568
- Status