CNBC: Security Experts 'Shocked' by Palm's WebOS Vulnerabilities

antonio3 · 04/16/2010, 01:52 PM

News Headlines

i guess the openness is not good after all.. ?

Or we have a bunch of insiders letting this story loose to drop the stock a little they will pick it up and watch their money double or triple in near future.. who knows. There are reasons stories like this are let loose...

dave75 · 04/16/2010, 02:02 PM

Oh boy. Whether this is true or not, it's really bad. Really not the responsible thing to do to go to the media with this instead of Palm though. They're not helping to solve the problem, they're driving the stock price down.

antonio3 · 04/16/2010, 02:03 PM

Article on CNBC just posted.... don't mean to double post also posted in the Palm General Chat.. but this seems kinda important news

News Headlines

antonio3 · 04/16/2010, 02:06 PM

Quote:

Originally Posted by dave75

Oh boy. Whether this is true or not, it's really bad. Really not the responsible thing to do to go to the media with this instead of Palm though. They're not helping to solve the problem, they're driving the stock price down.

The stock market is a small small world.. it only takes one person to bring a price down... help out their own portfolio buy it cheap.. watch them be bought out and double their money on Palm's Intellectual Property (IP) Value

Dieter Bohn · 04/16/2010, 02:07 PM

threads merged. Please don't post dupe threads

grappler · 04/16/2010, 02:10 PM

we need Rod W. or Jason R. to comment on this ASAP.

antonio3 · 04/16/2010, 02:12 PM

Quote:

Originally Posted by Dieter Bohn

threads merged. Please don't post dupe threads

Thanks!

solarus · 04/16/2010, 02:18 PM

Help me out here, seriously...the security expert himself say the problems identified have been fixed by Palm but that the methodology in which he hacked the OS will be available for all to try and use to find other security gaps. Couldn't the same be said of pretty much any OS?

antonio3 · 04/16/2010, 02:20 PM

Quote:

Originally Posted by solarus

Help me out here, seriously...the security expert himself say the problems identified have been fixed by Palm but that the methodology in which he hacked the OS will be available for all to try and use to find other security gaps. Couldn't the same be said of pretty much any OS?

He prob found the Internalz group... lol

knobbysideup · 04/16/2010, 02:38 PM

Somewhat related:

One thing that I wish palm would do that would: 1) increase security, and 2) make development of some tools a lot easier is to have luna apps run as a nonprivileged user. That way, you could trust the system itself and allow developers to access backend shell and OS functions without having to write a service, which in turn must be properly audited and secured, and run as root.

That we are running everything on this phone as root at this stage of the game is kinda lame, palm.

fernandez21 · 03:00 PM

sorry, but that article seems like bs, probably just set up to bring the price down for a potential buyer.some pionts about the article:

"The crown jewel in its family of assets, its WebOS operating system, is fraught with security vulnerabilities" - funny how this articles comes out right after the other article that said thanks to webos palm is really worth 10-14 a share, ( Notable Calls: Palm (NASDAQ:PALM): See takeout value around $10-14/sh - RBC Capital )and here they are specifically point out a new problem for why its worth less.

"There is a problem with the architecture," says Higbee, who says the original security issues discovered have been addressed and resolved by Palm"There is a problem with the architecture," says Higbee, who says the original security issues discovered have been addressed and resolved by Palm" - so if the issue had been resolved, why is it still a problem? also by accusing palm of rushing webos and painting it a an incoplete insecure os with architect problems that needs to be rewritten, they again are trying to hurt the percieved value of palms most valuable asset.

"Higbee tells me he was "shocked" when he discovered how easily it was to hack Palm's WebOS", "I was shocked," says Rajendra Umadas", "It was definitely very shocking." - They sure like to use the "shocked" adjective.

"What he had discovered was that merely by sending a single, SMS text to a WebOS handset, he could essentially take over the entire device." - funny that this is a reason to be "shocked", did they forget that someone was able to do this with all other mobile phone oses? Apple iPhone: SMS exploit allows attacker to control phone

"Kaufman Bros. estimates that Palm invested about $600 million into developing its Linux-based software. One of WebOS's top selling points was its instant ability to offer so-called multi-tasking, something Apple's iPhone [AAPL 246.91 -2.01 (-0.81%) ] only recently began to offer." - again, by giving the amount palm invested in webos, its telling potential buyers if all they want is webos, 600 million is what it is worth at most. they also again belittle webos by using the adjective "so-called", like it wasn't a true feature or something.

"Intrepidus' Higbee questions whether apps creators will continue to develop for WebOS because of the added steps they'll need to take to protect their programs from security issues other platforms have already addressed." - in the paragraph before he mentioned how apps make a platform appealing, and then follows with this, again to bring down the precieved value of web os.

while some of the points brought up in the article may seem valid, the tone and connitation was clearly ment to bring down the percieved value of webos and in turn the value of palm.

TreoRock · 04/16/2010, 02:58 PM

Quote:

Originally Posted by antonio3

The stock market is a small small world.. it only takes one person to bring a price down... help out their own portfolio buy it cheap.. watch them be bought out and double their money on Palm's Intellectual Property (IP) Value

+1 Some people really want to see Palm dead and now that people are aware that WebOS is the best mobile OS and that is one of the main reasons why it has a good value, some people are trying to make WebOS look like junk. So I would not give too much attention to this.

antonio3 · 04/16/2010, 03:00 PM

I agree.. being that today Goldman 'nut' Sacks is in BIG trouble for "playing" the mortgage meltdown and profiting big time.. Again the Actuall Stock Market is a VERY small group of people making big bucks.. it's like a Frat House you should see these tool bags in North Jersey.. They laugh all the way to the bank.

o0otoxic · 04/16/2010, 03:29 PM

This is old news and most smartphone had/have this problem apple just patched this problem not that long ago

Arcticus · 04/16/2010, 03:34 PM

One of the areas Syntactix consults in is security. Now I promise you iPhone and Android have their fair share of security issues. One thing I will point out though that gives WebOs an advantage over the others is the ability to patch the OS over the air and do it fast if need be. iPhone and Android don't have the ease of that luxury. I can also personally attest that every security flaw we have submitted to Palm has been met with a personal response both acknowledging the issue and on how and when it is being addressed. I can not say the same for the other platforms.

mscemt · 04/16/2010, 04:04 PM

Is there a way to mitigate some of the threat? Such as turing developer mode off or the browser pop up blocker patch. Perhaps tweaking cookie management or other settings.

Just curious on what the community thinks.

modeerf · 04/16/2010, 04:16 PM

Quote:

Originally Posted by mscemt

Is there a way to mitigate some of the threat? Such as turing developer mode off or the browser pop up blocker patch. Perhaps tweaking cookie management or other settings.

Just curious on what the community thinks.

Mitigate what threat? There is no threat. If you read the article it says that all the security holes have been patched.

6tr6tr · 04/16/2010, 04:27 PM

Was the SMS vulnerability patched? Can anyone point me to real evidence of this?

thornev · 04/16/2010, 04:32 PM

Quote:

Originally Posted by 6tr6tr

Was the SMS vulnerability patched? Can anyone point me to real evidence of this?

I would bet money that this vulnerability wouldn't have been publicly reported until it was reported to and fixed by Palm (or whoever fixes WebOS). thorne

stockh · 04/16/2010, 05:04 PM

Very suspicious considering Palm is actively searching to sell the company.

I can't help but think this is a attack to devalue the company mainly webOS.
When you start reading nonsense like "shocked" you know this is nothing but fluff.

All security issues have been addressed with every update.

BTW, just to keep things balanced RBC Capital Markets just valued the company at $14 per share!

04/16/2010, 01:52 PM	#1 (permalink)
antonio3 Member Join Date: Aug 2005 Posts: 832 Likes Received: 0 Thanks: 29 Thanked 99 Times in 65 Posts	CNBC: Security Experts 'Shocked' by Palm's WebOS Vulnerabilities News Headlines i guess the openness is not good after all.. ? Or we have a bunch of insiders letting this story loose to drop the stock a little they will pick it up and watch their money double or triple in near future.. who knows. There are reasons stories like this are let loose...
	Liked by

04/16/2010, 02:02 PM	#2 (permalink)
dave75 Member Join Date: Mar 2006 Posts: 801 Likes Received: 0 Thanks: 29 Thanked 78 Times in 59 Posts	Oh boy. Whether this is true or not, it's really bad. Really not the responsible thing to do to go to the media with this instead of Palm though. They're not helping to solve the problem, they're driving the stock price down.
	Liked by

04/16/2010, 02:03 PM	#3 (permalink)
antonio3 Member Join Date: Aug 2005 Posts: 832 Likes Received: 0 Thanks: 29 Thanked 99 Times in 65 Posts	CNBC: Security Experts 'Shocked' by Palm's WebOS Vulnerabilities Article on CNBC just posted.... don't mean to double post also posted in the Palm General Chat.. but this seems kinda important news News Headlines
	Liked by

04/16/2010, 02:07 PM	#5 (permalink)
Dieter Bohn Editor Emeritus Join Date: Feb 2001 Location: Sunnyvale, CA Posts: 4,872 Likes Received: 6 Thanks: 290 Thanked 1,362 Times in 360 Posts	threads merged. Please don't post dupe threads __________________ This is my next... website
	Liked by

04/16/2010, 02:10 PM	#6 (permalink)
grappler Member Join Date: Oct 2005 Posts: 780 Likes Received: 58 Thanks: 87 Thanked 162 Times in 112 Posts	we need Rod W. or Jason R. to comment on this ASAP.
	Liked by Thanked By: Meltedwire

04/16/2010, 02:18 PM	#8 (permalink)
solarus Member Join Date: Sep 2009 Location: Atlanta Posts: 554 Likes Received: 0 Thanks: 196 Thanked 199 Times in 105 Posts	Help me out here, seriously...the security expert himself say the problems identified have been fixed by Palm but that the methodology in which he hacked the OS will be available for all to try and use to find other security gaps. Couldn't the same be said of pretty much any OS?
	Liked by

04/16/2010, 02:38 PM	#10 (permalink)
knobbysideup Member Join Date: Oct 2009 Location: Central PA Posts: 839 Likes Received: 3 Thanks: 305 Thanked 108 Times in 70 Posts	Somewhat related: One thing that I wish palm would do that would: 1) increase security, and 2) make development of some tools a lot easier is to have luna apps run as a nonprivileged user. That way, you could trust the system itself and allow developers to access backend shell and OS functions without having to write a service, which in turn must be properly audited and secured, and run as root. That we are running everything on this phone as root at this stage of the game is kinda lame, palm. __________________ : (){:\|:&};:
	Liked by

04/16/2010, 02:53 PM	#11 (permalink)
fernandez21 Member Join Date: Mar 2010 Location: Tampa, FL Posts: 454 Likes Received: 8 Thanks: 39 Thanked 85 Times in 50 Posts	sorry, but that article seems like bs, probably just set up to bring the price down for a potential buyer.some pionts about the article: "The crown jewel in its family of assets, its WebOS operating system, is fraught with security vulnerabilities" - funny how this articles comes out right after the other article that said thanks to webos palm is really worth 10-14 a share, ( Notable Calls: Palm (NASDAQ:PALM): See takeout value around $10-14/sh - RBC Capital )and here they are specifically point out a new problem for why its worth less. "There is a problem with the architecture," says Higbee, who says the original security issues discovered have been addressed and resolved by Palm"There is a problem with the architecture," says Higbee, who says the original security issues discovered have been addressed and resolved by Palm" - so if the issue had been resolved, why is it still a problem? also by accusing palm of rushing webos and painting it a an incoplete insecure os with architect problems that needs to be rewritten, they again are trying to hurt the percieved value of palms most valuable asset. "Higbee tells me he was "shocked" when he discovered how easily it was to hack Palm's WebOS", "I was shocked," says Rajendra Umadas", "It was definitely very shocking." - They sure like to use the "shocked" adjective. "What he had discovered was that merely by sending a single, SMS text to a WebOS handset, he could essentially take over the entire device." - funny that this is a reason to be "shocked", did they forget that someone was able to do this with all other mobile phone oses? Apple iPhone: SMS exploit allows attacker to control phone "Kaufman Bros. estimates that Palm invested about $600 million into developing its Linux-based software. One of WebOS's top selling points was its instant ability to offer so-called multi-tasking, something Apple's iPhone [AAPL 246.91 -2.01 (-0.81%) ] only recently began to offer." - again, by giving the amount palm invested in webos, its telling potential buyers if all they want is webos, 600 million is what it is worth at most. they also again belittle webos by using the adjective "so-called", like it wasn't a true feature or something. "Intrepidus' Higbee questions whether apps creators will continue to develop for WebOS because of the added steps they'll need to take to protect their programs from security issues other platforms have already addressed." - in the paragraph before he mentioned how apps make a platform appealing, and then follows with this, again to bring down the precieved value of web os. while some of the points brought up in the article may seem valid, the tone and connitation was clearly ment to bring down the percieved value of webos and in turn the value of palm. Last edited by fernandez21; 04/16/2010 at 03:00 PM.
	Liked by

04/16/2010, 03:00 PM	#13 (permalink)
antonio3 Member Join Date: Aug 2005 Posts: 832 Likes Received: 0 Thanks: 29 Thanked 99 Times in 65 Posts	I agree.. being that today Goldman 'nut' Sacks is in BIG trouble for "playing" the mortgage meltdown and profiting big time.. Again the Actuall Stock Market is a VERY small group of people making big bucks.. it's like a Frat House you should see these tool bags in North Jersey.. They laugh all the way to the bank.
	Liked by

04/16/2010, 03:29 PM	#14 (permalink)
o0otoxic Member Join Date: Oct 2009 Posts: 119 Likes Received: 0 Thanks: 9 Thanked 9 Times in 8 Posts	This is old news and most smartphone had/have this problem apple just patched this problem not that long ago
	Liked by

04/16/2010, 03:34 PM	#15 (permalink)
Arcticus Member Join Date: Jun 2009 Location: Melbourne, FL Posts: 798 Likes Received: 1 Thanks: 6 Thanked 303 Times in 121 Posts	One of the areas Syntactix consults in is security. Now I promise you iPhone and Android have their fair share of security issues. One thing I will point out though that gives WebOs an advantage over the others is the ability to patch the OS over the air and do it fast if need be. iPhone and Android don't have the ease of that luxury. I can also personally attest that every security flaw we have submitted to Palm has been met with a personal response both acknowledging the issue and on how and when it is being addressed. I can not say the same for the other platforms. __________________ - Arcticus Syntactix LLC Syntactix Developer Forum Applications: Pack 'n' Track, YouView, Jewels, Metrix Developer Tools, TripThat, Mobile Florist. Follow development on Twitter Please support developers by purchasing their app(s) or donating.
	Liked by Thanked by angiest, Audemars02, bliip1234, Brain_ReCall, b_hodge, fernandez21, fgcchevy, Jason Robitaille, jc-Treo, maxima2k53, Meltedwire, STBXXL

04/16/2010, 04:04 PM	#16 (permalink)
mscemt Member Join Date: Jul 2009 Posts: 72 Likes Received: 0 Thanks: 8 Thanked 6 Times in 4 Posts	Is there a way to mitigate some of the threat? Such as turing developer mode off or the browser pop up blocker patch. Perhaps tweaking cookie management or other settings. Just curious on what the community thinks.
	Liked by

04/16/2010, 04:27 PM	#18 (permalink)
6tr6tr Member Join Date: Jun 2009 Posts: 1,041 Likes Received: 9 Thanks: 26 Thanked 100 Times in 67 Posts	Was the SMS vulnerability patched? Can anyone point me to real evidence of this?
	Liked by

04/16/2010, 05:04 PM	#20 (permalink)
stockh Member Join Date: Aug 2009 Posts: 403 Likes Received: 0 Thanks: 2 Thanked 43 Times in 25 Posts	Very suspicious considering Palm is actively searching to sell the company. I can't help but think this is a attack to devalue the company mainly webOS. When you start reading nonsense like "shocked" you know this is nothing but fluff. All security issues have been addressed with every update. BTW, just to keep things balanced RBC Capital Markets just valued the company at $14 per share!
	Liked by

Thread Tools
Show Printable Version Email this Page
Display Modes
Linear Mode Switch to Hybrid Mode Switch to Threaded Mode