NEWS: iPhone becomes phisherman's friend

While it may to true, I think "proprietary" OS devices like Palm/WinMo/iPhones PDAs are generally MORE secure than laptop/desktop PCs because they are essentially immune from virii, trojans, keyloggers, etc. targeted at Wintel boxes.

I know when curiousity leads me to investigate a scam site I do it from my WinMo phone knowing that whatever they intend to throw at me isn't likely to even run on my device, and in the off chance it were to target WinMo, my phone can't execute it without my permission.

I'm far more comfortable withany exploit that requires my stupidity to assist it, than, say, something embedded in a macro that might attempt to execute silently.

While interesting, it still requires user-interaction, which should be easily defeated by education and "safe computing" practices.

I love how every two-bit consulting and/or marketing firm is chafing at the bit to "report" iPhone information and get their name out there!

The iPhone seems no less "secure" than any other smartphone that can execute a system command (like dialing the phone!) from a clickable link. Did "Fortify Software" issue these press releases for Blackberries, Treos and iPaq phones as well?

The Register seems to enjoy "reporting" any anti-iPhone news they can find. What iPhone-shaped bug crawled up their hindquarters?

It is alleged that Todd Allcock claimed:

Well, duh... if it's targeted at a Wintel box, it won't work on any other device. The quoted article is specifying things targeted directly to the iPhone.

The Reg rarely, in my experience, fawns over new equipment. The only times I recall them doing so was when the item in question was truly nothing more than a technotoy, with no pretensions of actual productive use. Remember, their motto is "Biting the hand that feeds IT".

While the virus thing is true it has little to do with phishing designed to gather personal info (for those who might fall for that kind of thing).

designed to

Fair enough, but my (badly made!) point was that the iPhone is no more vulnerable to that type of user stupidity than a Treo or a Blackberry. Why is it "news" that stupid people can do stupid things on an iPhone? If you really think that the Bank of America needs you enter all of your personal info to "confrom suspicious activitys on your accounds" when you don't even bank there in the first place, you're perhaps not ready for an iPhone, or ANY phone except maybe a Firefly!

I just think a lot of consulting firms are getting their names out there for their "revelations" about the iPhone.

I'm waiting for something like "Medical technology consultion firm Meditech Group released their findings today that despite the hype surrounding the iPhone launch, the iPhone has not shown any ability to cure cancer. Officials at Apple and AT&T have not returned our request for a statement..."

_Theoretically_ targeted at an iPhone, plus the usual phishing crap we all get.

Fair enough.

True- it just seems there are enough legit nits to pick with the iPhone that you don't need to, well, "phish" for more! ;-)

On Tue, 17 Jul 2007 12:16:17 -0600, Todd Allcock wrote in :

It's not a "proprietary" OS -- it's a well-understood UNIX-workalike. (See below.)

There is no such security with _any_ network device. That's the whole point of security exploits.

This is only a simple example. "Where there's smoke there's fire." Much more dangerous are the unknown and invisible exploits.

Again, much more dangerous are the unknown and invisible exploits. That such simple exploits exist should give you pause, not comfort.

I'd say it's more a matter of protecting users. This wouldn't be happening if Apple had subjected the iPhone to 3r4d-party scrutiny in advance. Thus we get it after the fact.

Based on what, your guess?

Why not check that out yourself? ;)

Check out how many patches have been rushed out by Apple to deal with Mac OS exploits, and then check out what the OS in the iPhone is based on. ;)

On Tue, 17 Jul 2007 15:14:54 -0600, Todd Allcock wrote in :

Because Apple professes to be way better than the other guys. That kind of hubris inevitably attracts rebuttal.

Or living on the planet? There are lots of people who shouldn't have to know that. The problem is that we've created a system for geeks and near-geeks, not the "rest of us", for which we IT people should hang our heads in shame. No special training is needed to use a microwave oven or VCR, and a cell phone shouldn't be any different.

They are actually looking out for the "rest of us".

No offense, but wild exaggeration doesn't make your case any more compelling.

oh, John. You keep walking right into things as if you can't see them.

I can't imagine you didn't see this one. This tells me that you are just plain retarded.

(To the lurkers: John professes to be way better/more knowledgeable than anyone else. That kind of hubris inevitably attracts rebuttal, which John is incapable of taking.)

BUSTED!

On Tue, 17 Jul 2007 20:11:46 -0400, "Elmo P. Shagnasty" wrote in :

Not even a nice try. You really are lame. Hopefully you'll grow up in time, and stop making yourself look so childish and foolish.

It is alleged that Todd Allcock claimed:

Maybe because it seems that for the first time, it's easier to do something stupid on an Apple product than a Windows product?

Perhaps, or perhaps it's a lookalike of a well-understood UNIX-workalike.

None of us here really knows what it's running- given the horsepower vs. the relative snappiness of the device, I assume it's no more running "OSX" than my WinMo phone is running Vista.

True- yet if they're "unknown" we don't know if they exist or not. Fortify is a third-party security software company warning us that a phone that can't run third party apps is insecure. Hmmm... Perhaps they have it 100% right, but the cynic in me thinks it's a bit like the National Cattlemens' Association warning me of the health risks involved in eating chicken...

Phishing isn't really an exploit as much as it's a confidence game for the 21st century.

Perhaps. But it smacks of self-serving to me.

Yes. An edumicated guess based on the fact the thing abhors 3rd-party software, disallows the saving of e-mail attachments on the device itself, and lacks java or flash support, minimizing the chance of any executables sneaking on the device. Even the Weblets or whatever they call them seem pretty anemic so far.

Actually I tried- their press releases didn't turn up anything nor did a Google search in the amount of time I was willing to give it (very little.)

...or looks like. Windows Mobile has been around for over ten years, is "based on" a very exploitable OS that's been patched more times than your great-grandmother's quilt, and yet hasn't had a single exploit launched against it other than a single proof-of-concept virus that required the user to actually run the install file . Forgive me for thinking the iPhone is probably relatively safe for the time-being.

I believe it's a bit more than the WinMob Vs. full Windows scenario. The iPhone's OS footprint is around 700 MB. Seems to be about 5-10x more space than a WinMob device.

Fair enough. That would make sense given the power of some of the included apps like Safari. I suspect, however, OSX takes up more than 700MB of space on a Mac- my point was despite the name "OSX" on the iPhone OS, it isn't the full equivalent of the desktop version.

No, its a proprietary OS. It is not open source. It may be based on OpenBSD, but it is a proprietary product.

Either you're implying that OSX is immune from exploits, or you're implying that Apple fix them quickly. Either comment is incorrect and misleading.

Yes, though OSX (only one version) is not as bloaty as Vista (whichever of the many different versions they offer), it still takes up some space.

Even better is that there still are no real viruses for Mac (you hear rumors, but they never seem to transpire). I shudder to think the grief I'd have with a PC open to the Internet.

The only bad thing is that with the popularity of the Mac OS in the iPhone, there will be the kids trying to destroy it. Hopefully they can keep their testosterone-fueled acts directed at Microsoft.

On Wed, 18 Jul 2007 23:55:25 +0100, Mark McIntyre wrote in :

Strawman, I implied neither.

Strawman yourself, and disingenuous to boot. Tell us what the heck you were trrying to imply then, instead of making glib non-informative remarks.

On Fri, 20 Jul 2007 18:40:36 +0100, Mark McIntyre wrote in :

My post was quite clear. Suggest you read it with more care and less attitude. ;)