Page 3 of 5 FirstFirst 12345 LastLast
Results 41 to 60 of 86
  1. squeff's Avatar
    Posts
    581 Posts
    Global Posts
    623 Global Posts
    #41  
    Quote Originally Posted by emoney_33 View Post
    No it was the small minority that fall for ANYTHING (e.g. nigerian scams). You can't take away a users freedom over their product. Therefore you can never protect against someone who will listen to step by step instructions with blind faith no matter what. Because if there is a way for me to do anything locally to my computer or device, then I can give you instructions to do anything. If you have blind faith in everything I tell you to do... you can NOT protect against that.
    You...........................................................................................My Point

    See how far away they are?
  2. #42  
    Quote Originally Posted by squeff View Post
    You...........................................................................................My Point

    See how far away they are?

    You mentioned nigerian scams, I responded, you leaped, I explained. I have not countered any other points you have made.

    What IS your point?
  3. squeff's Avatar
    Posts
    581 Posts
    Global Posts
    623 Global Posts
    #43  
    Quote Originally Posted by emoney_33 View Post
    What IS your point?
    Simply that, in this discussion of what's possible, we must remember that there is always a huge hole in any security system: people being fooled.

    Smart people, not just dumb people.

    By the way, I never said anything about people failling for ANYTHING or EVERYTHING.

    People have fallen prey to Nigerian scams, as well as downloading trojan horses and viruses and other malware... even though they aren't stupid. I don't think it's fair for you to assume that someone that falls for one scam (or downloads one piece of malware) is stupid or must be someone that falls for everything.

    Take a read of something written by Kevin Mitnik or Frank Abignale. You'll see that perfectly smart and in-the-know people have fallen for cons
  4. #44  
    Stop going to porn sites and downloading questionable items you get in your email. There.

    /end thread
  5. #45  
    Quote Originally Posted by squeff View Post
    Simply that, in this discussion of what's possible, we must remember that there is always a huge hole in any security system: people being fooled.
    People being fooled is a very general and useless statement in any security discussion. Sure how easily a user can be tricked and the percentage of users that might be tricked is a valid discussion. For instance if the vulnerability was as simple as double-tab pixel x,y and your Pre explodes. But you can't lump the entirety of "people being fooled" into a discussion.

    Plus there are a lot more good people on the internet that bad people. You aren't going to find any public place, forum or discussion that directs users to perform intentionally malicious actions on their PC.

    If there is a security discussion to be had, hugely vague and general discussions like some things going on here are pointless. They accomplish nothing but fear mongering.


    People have fallen prey to Nigerian scams, as well as downloading trojan horses and viruses and other malware... even though they aren't stupid. I don't think it's fair for you to assume that someone that falls for one scam (or downloads one piece of malware) is stupid or must be someone that falls for everything.
    I never assumed people who fall for one thing fall for everything. But there are no smart people that have fallen for a "give me your bank account and I'll make you rich" scam. We aren't talking about a ponzi scheme here. Unless there are sophisticated nigerian schemes that you are talking about, and I am mistaken the statement as the simple email of asking for money or bank account information.
  6. #46  
    You know what this whole thread reminds me of?

  7. #47  
    Quote Originally Posted by SirataXero View Post
    You know what this whole thread reminds me of?


    hahaha, xkcd is awesome.
  8. squeff's Avatar
    Posts
    581 Posts
    Global Posts
    623 Global Posts
    #48  
    Quote Originally Posted by emoney_33 View Post
    People being fooled is a very general and useless statement in any security discussion.
    Who told you that?

    Me, CISSP. Social engineering is a very important topic.

    And I'm not talking about being people being tricked into entering things on their Pre. I'm talking about people downloading software that contains malicious code. I believe some were questioning why ANYONE would do such a stupid thing. Well, dare I say, most anyone that's download homebrew apps is doing so, without confirming for themselves (or via a trusted source), that the app doesn't contain malicious code.
  9. #49  
    Quote Originally Posted by squeff View Post
    Who told you that?

    Me, CISSP. Social engineering is a very important topic.

    And I'm not talking about being people being tricked into entering things on their Pre. I'm talking about people downloading software that contains malicious code. I believe some were questioning why ANYONE would do such a stupid thing. Well, dare I say, most anyone that's download homebrew apps is doing so, without confirming for themselves (or via a trusted source), that the app doesn't contain malicious code.


    I said the statement "people being fooled" is useless. It's too general. You have to dig deeper than that. Because you can always find at least 1 person that can be tricked into doing anything possible. So yes people can be tricked, that's a fact of life, not just computer security. But yes, more specific dicussions about how users can get tricked is 100% useful. Anyway, it's semantics.

    There are varying levels of untrusted homebrew. The very simple public-bus-only mojo homebrew apps don't really need to be trusted. The Mojo sandbox needs to be, so any vulnerability in that department should be fixed by Palm. I don't know of any vulnerabilities there, and I'd say that portion is fairly secure. Thus standard homebrew applications that don't require any services and stay out of the com.palm private bus, can pretty much be trusted en masse.

    The real trust issue with homebrew comes down to services/plugins. It is up to the community to police that so that only safe services get into the trusted feeds. And though you may not see everything out in the open, there are always discussions going on internally regarding these things.
  10. #50  
    Everyone needs to relax and have some faith in the software engineers and devs out there. Do you really believe Palm hasn't thought of this before releasing their products or any product manufacturer involved in high tech devices..

    Any OS is hackable, one more than the next. If you are so paranoid and worried that some consortium of hackers are after you contacts, please get over yourselves.

    Technology is not perfect and will always have flaws and loopholes. If this keeps you form sleeping at night, leave technology alone and move off the grid.

    This thread is junk!!!
    Last edited by berdinkerdickle; 09/11/2009 at 03:02 PM. Reason: Politically incorrect :)
  11. #51  
    Quote Originally Posted by SirataXero View Post
    You know what this whole thread reminds me of?

    Last edited by BBossman1; 11/17/2009 at 07:59 PM.
  12. #52  
    Quote Originally Posted by T3CK View Post
    But the browser executes JSJSJS ($injection$ $actions$ $etc$.)?

    As I said, we nickel and dime details that are not even explored... I'm just discussing friendly with you guys about the possibility to wakeup in one morning and instead of an update to get a nice e-bomb. That was the idea of this thread, not how to prove that I could hack into your phone.
    I wouldn't mind free e bombs
  13. #53  
    Quote Originally Posted by Kasracer View Post
    Erm, what? So, you would have to somehow capture someone's IP address who is currently using a Pre and and not only did they open up their firewall for the USB port (ala developer mode) but they somehow modified it so it's open for WAN
    as well.

    Has anyone even done that yet on a Pre? You're pretty paranoid...
    well here's the thing it would not be hard to figure out most, if not all of the ip addresses that are under sprint's ownership and then do a scan of that entire range for palm pre phones. I would not be surprised to find a handful of people that would still have developer mode enabled on their phones.

    This is a very niche device which is why even if there is a blatant security hole, it won't be discovered and exploited as fast as a security hole in a standard Linux/Win/OS X/etc... machine.
  14. #54  
    Quote Originally Posted by victorkruger View Post
    well here's the thing it would not be hard to figure out most, if not all of the ip addresses that are under sprint's ownership and then do a scan of that entire range for palm pre phones. I would not be surprised to find a handful of people that would still have developer mode enabled on their phones.

    This is a very niche device which is why even if there is a blatant security hole, it won't be discovered and exploited as fast as a security hole in a standard Linux/Win/OS X/etc... machine.

    Developer mode enables commands to be issued over USB. Without the Pre plugged in or without access to the PC it's plugged into, what does developer mode expose?
  15. #55  
    Quote Originally Posted by Kasracer View Post
    ...
    Stop being paranoid.
    And look up the meaning of "virus" as it applies to devices...
  16. edbtzy's Avatar
    Posts
    189 Posts
    Global Posts
    229 Global Posts
    #56  
    whos doing hardcore web-browsing on their pre?
  17. Sovvy's Avatar
    Posts
    62 Posts
    Global Posts
    70 Global Posts
    #57  
    Lemme list my views on the subject, as well as choose my purse and delay my bedtime.

    Windows has thousands of virus' because there are more of them than the macs.

    If anything, the iphone is going to get ripped a new one first because there are more of them than the pre. There is more android phones than WebOS at the moment. So I wouldn't worry too much.

    But yes, there is always a guy wanting to hack into something and mess your day up.

    tl:dr - Statistically, iphone > pre when it comes to virus.
  18. #58  
    Quote Originally Posted by Kasracer View Post
    Not possible.

    First off, those sites are 99.99% of the time using Windows vulnerabilities and / or Windows binaries. No way they could even run.

    Secondly, the Web Browser is sandboxed (just like everything else). You cannot connect to the Mojo framework from within a web page.

    Thirdly, even webOS applications are sandboxed. You can't just execute framework commands from them. You also cannot execute scripts to root your phone from them.

    Rooting takes place when your Firewall is partially disabled (i.e. developer mode) and you run a script via SSH on your phone.

    Stop being paranoid.
    Not everybody knows all the technical details like some of us do. I think it was a VERY legitimate question for him or anybody to ask. Why'd u have to jump down his throat like he's some kinda *****?
  19. Sovvy's Avatar
    Posts
    62 Posts
    Global Posts
    70 Global Posts
    #59  
    @dbd: He wasn't, I think he was being blunt answering the guys question. After I read his post Ifelt better about virus' killing my phone.
  20. #60  
    Quote Originally Posted by Sovvy View Post
    @dbd: He wasn't, I think he was being blunt answering the guys question. After I read his post Ifelt better about virus' killing my phone.
    Ok. I just felt the need to say something about that.
Page 3 of 5 FirstFirst 12345 LastLast

Posting Permissions