Results 1 to 12 of 12
  1.    #1  
    blogs.zdnet.com/security/?p=6210

    Don't think Palm can in good faith keep selling phones with this vulnerability.
  2. #2  
    My understanding was the exploit was on an earlier version of WebOS. Version 1.4 is very, very different. Not sure the exploits even exist anymore.

    The browser now scores 93 or so on the ACID test, so my guess is many of the updates made their way into the OS.
    KA1
    Visor Deluxe->Visor Prism/Digital Link->Treo 650->Treo 700p->Pre->GSM Unlocked Pre 2 (wifi only)->FrankenPre + Touchpad 32 ->+ Touchpad 4G ATT + ATT Pre3 + 64 White Touchpad... bliss.
  3. #3  
    Yea... This issue was already fixed before the story came out.
  4. dbh123's Avatar
    Posts
    65 Posts
    Global Posts
    68 Global Posts
    #4  
    Here's what I don't get. Either they knew the issues had been fixed and reported it without noting that so sites like Zdnet (who you hope would know the current WebOS version) would fall for it.

    Or they genuinely thought that the bugs were live and irresponsibly disclosed the vulnerability and example attack code for anybody to see.

    No Webos version, no mention of responsible disclosure to Palm? Sounds like publicity hounds that knew they were sitting on old research but wanted the free publicity anyway.

    I almost wish the holes really were still there - I'd love to see these clowns sued back into the stone age...
  5. #5  
    Quote Originally Posted by dbh123 View Post
    Here's what I don't get. Either they knew the issues had been fixed and reported it without noting that so sites like Zdnet (who you hope would know the current WebOS version) would fall for it.

    Or they genuinely thought that the bugs were live and irresponsibly disclosed the vulnerability and example attack code for anybody to see.

    No Webos version, no mention of responsible disclosure to Palm? Sounds like publicity hounds that knew they were sitting on old research but wanted the free publicity anyway.

    I almost wish the holes really were still there - I'd love to see these clowns sued back into the stone age...
    The vulnerability was fixed in version 1.4

    These guys responsibly disclosed the vulnerability to Palm and gave them time to deploy the patch before they released any details. The security firm also explicitly says in their video that 1.4 is unaffected. So this is just shoddy reporting, as usual.
  6. #6  
    I'd like to point out that the iphone and other mobile devices were vulnerable to a SMS exploit as well. So, it's not like Palm is the only company this happened to
  7. Honis's Avatar
    Posts
    508 Posts
    Global Posts
    511 Global Posts
    #7  
    Telephone game reporting at it's best. By tomorrow the story will be Palm Touches Toes for Security Pleasure Exploit.

    (I know everyone remembers the telephone game from kindergarten. Sit in a circle, whisper something to the person next to you and see what it turns into by the time it gets back around to you, if it even makes it that far.)

    For the more popular blog sites that get it second hand I call it Parrot Reporting. Repeating tidbits from the original story as if they did any further research on it.
    Tom's (all news stories, they have original hardware reviews though)
    Gizmodo (stopped visiting after 2 visits)
    Engadget (less often than others and more discrete when they do)

    I can understand specialty blogs parroting news stories, like Precentral and all the other smart phone, mac, windows, etc specialty blog sites, but if you're being paid as a reporter do some original reporting, at least once a week...
    I'm a man, but I can change, if I have to, I guess.
    Device history: *free feature Phone*x3 -> LG Rumor -> Palm Pre -> HTC Arrive (3days) -> Samsung Nexus S 4G (28 days) -> Samsung Galaxy S II Sprint Epic 4G Touch -> Palm Pre -> Pre 3
  8. #8  
    *** everyone is posting about this today
  9. #9  
    Kicking Palm seems to be really fun lately...(IMHO) I was under the impression that this security company was TRYING to point out the fact that an OS based on web technologies would have security problems associated with web technologies, but they just came off as jerks (esp with the sausage and the dorky video)
  10. #10  
    Go to those shoddy reporting sites (ZDnet's blog for example ) and post an appropriately snarky response. I see some already did <g>
  11. dan000's Avatar
    Posts
    81 Posts
    Global Posts
    84 Global Posts
    #11  
    yes, aye no how ez it wil b 2 fix. jus updat ur fon. its fixd.
  12. #12  
    it's not fully fixed in 1.4 at all, they only said that so as not to get palm into to much trouble, the issue is still there, I've used it on my friend more than once.

Posting Permissions