| ActiveMac | Anonymous | Create a User | Reviews | News | Forums | Advertise |
|
|
|
User Controls |
|
New User |
|
Login |
|
Edit/View My Profile |
|
|
|
|
|
|
|
ActiveMac |
|
Articles |
|
Forums |
|
Links |
|
News |
|
News Search |
|
Reviews |
|
|
|
|
|
|
|
News Centers |
|
Windows/Microsoft |
|
DVD |
|
ActiveHardware |
|
Xbox |
|
MaINTosh |
|
News Search |
|
|
|
|
|
|
|
ANet Chats |
|
The Lobby |
|
Special Events Room |
|
Developer's Lounge |
|
XBox Chat |
|
|
|
|
|
|
|
FAQ's |
|
Windows 98/98 SE |
|
Windows 2000 |
|
Windows Me |
|
Windows "Whistler" XP |
|
Windows CE |
|
Internet Explorer 6 |
|
Internet Explorer 5 |
|
Xbox |
|
DirectX |
|
DVD's |
|
|
|
|
|
|
|
TopTechTips |
|
Registry Tips |
|
Windows 95/98 |
|
Windows 2000 |
|
Internet Explorer 4 |
|
Internet Explorer 5 |
|
Windows NT Tips |
|
Program Tips |
|
Easter Eggs |
|
Hardware |
|
DVD |
|
|
|
|
|
|
|
Latest Reviews |
|
Applications |
|
Microsoft Windows XP Professional |
|
Norton SystemWorks 2002 |
|
|
|
Hardware |
|
Intel Personal Audio Player 3000 |
|
Microsoft Wireless IntelliMouse Explorer |
|
|
|
|
|
|
|
Site News/Info |
|
About This Site |
|
Affiliates |
|
ANet Forums |
|
Contact Us |
|
Default Home Page |
|
Link To Us |
|
Links |
|
Member Pages |
|
Site Search |
|
Awards |
|
|
|
|
|
|
|
Credits |
 |
iPhone Security Hellhole? | |
|
||
| Time: 15:12 EST/20:12 GMT | News Source: eWeek | Posted By: Andre Da Costa | ||
|
Opinion: First, the iPhone root password was broken. OK, it happens. But now it seems that all applications run on the iPhone as root. Can you say biggest security blunder of the 21st century to date? It kills me to say this, but even Microsoft wouldn't have made a blunder as big as this one. If this root problem does exist, and it sure looks like it from what I can tell, Apple has to fix it right now. It's a race between the crackers and Apple, and it looks to me like the crackers are way ahead at this point. | ||
|
Write Comment
Return to News |
Displaying 1 through 25 of 150 Last | Next |
The time now is
3:06:16 AM
ET.
Any comment problems? E-mail us |
| #1 By 7754 (206.169.247.2) at 10/2/2007 4:05:22 PM |
| Oh, but what about the UNIX underpinnings of OS X that make it secure? <rolls eyes> |
| #2 By 25030 (72.78.134.174) at 10/2/2007 5:51:54 PM |
| I got 3 letter for Apple: LOL! |
| #3 By 12071 (203.185.215.144) at 10/2/2007 8:17:52 PM |
| #1 The OS is secure.... the company who implemented the solution of running everything as root on the other hand... surely they would have learnt by now. |
| #4 By 32313 (208.131.186.18) at 10/2/2007 9:09:35 PM |
|
What people need to understand is the iPhone is running a desktop operating system. Its the actual OS X that runs on the Company's computers. In the case of the phone itself, they had to make some unfortunate concessions to give the end user a free usual phone experience. In OS X on a computer, you are sometimes asked to type in your user name and password to run an application or access a location. You can't have that type of experience on a phone, you want full control of it. Its just an unfortunate circumstance users will have to live it if they want the functionality the phone provides through the operating system. Apple just has to be agile and patch any flaws and keep ahead of the hackers. This post was edited by awandre on Tuesday, October 02, 2007 at 21:12. |
| #5 By 3653 (65.80.181.153) at 10/2/2007 9:30:32 PM |
|
"Apple just has to be agile and patch any flaws and keep ahead of the hackers. "
Great. More monthly 40+ patches, like they've done for the past year with os X? |
| #6 By 32313 (208.131.186.18) at 10/2/2007 10:49:51 PM |
|
Well, updating it won't be as severe or numerous as it is on the Desktop. They have stripped out certain functionality that would make it vulnerable and focused on core features that would be more suitable for the form factor. Apple has been considerate with the updates to the iPhone though, 1.0.2, 1.1.1 (the cat and mouse release or brick release). The way you have to look at updates too on the iPhone is its adding more functionality, richer functionality too which makes it a really enticing value compared to competitors. I think they are doing themselves a disservice though by not opening up portions of the software to developers to further expand its functionality. There have been over 60 apps created for the iPhone since its release all gone with the wind because of the 1.1.1 update. This post was edited by awandre on Tuesday, October 02, 2007 at 22:55. |
| #7 By 7754 (75.72.156.204) at 10/2/2007 11:55:47 PM |
| #3: the (sarcastic) point is that it has never been about the OS underneath. If the UNIX world ran all their apps as root as has been the case in the Windows world for most folks, it too would have suffered the same security problems. And if Microsoft (before Vista) had forced developers to write their apps for non-admin users a long time ago, Windows would not have a bad security record. So to the folks that say "Windows is inherently insecure..." **enough already.** There is nothing inherently insecure about Windows. |
| #8 By 12071 (124.168.145.250) at 10/3/2007 4:31:23 AM |
|
#7 But that's just it... the philosophy/design decision (or whatever you want to call it) of *nix has always been "never run as root". Always run as a normal user and only elevate your role in those circumstances when it is absolutely required and then go back to your original role. That is what most people mean when they say whether one OS is inherently insecure or not. Microsoft took the easy approach of effectively running everything as root so that there wouldn't be any permissioning problems - that philosophy/design decision is what made Windows inherently insecure. With Vista they've gone the *nix root of running as a standard user and then bugging the crap out of you as often as possible (that might be an exaggeration but I do wonder if that Accept dialog box comes up every time just to be sure as oppose to every single time it's absolutely required).
Anyways, hopefully Apple can resolve this issue - I'm sure there must be a workaround of some sort - with minimal disruption to the end user (if any at all) to ensure that they're not constantly running as root. |
| #9 By 7754 (206.169.247.2) at 10/3/2007 10:36:10 AM |
|
#8: but that misunderstands what the word "inherent" means. Usually I would never be one to break out a "dictionary" response (it is seldom done except to be condescending), but I think you'll see what I mean:
in·her·ent: existing in someone or something as a permanent and inseparable element, quality, or attribute. Running as admin/root is not an "inseparable" design decision in Windows. Windows can most definitely run as non-admin--and many people have run it that way. It's just that it hasn't been the default (until Vista). And it isn't new to Vista, it's just the default. Also, UAC raises the bar from sudo. Some see it as annoying, but there's no question it's a more secure approach. In practice, unless you're constantly doing admin-level tasks constantly opening and closing admin tools, it's not going to be bothersome. Our users have never seen a UAC dialog, unless they attempted to install software--but they're already used to that, because it was the same thing in XP. In fact, in some ways, it is a great improvement over XP, because if you are running as a standard user, there are more places in the UI that provide a way to elevate. A simple example: say you want to delete or replace a file in Program Files. As a standard user in XP, you'd probably go to cmd.exe and runas (either from within cmd or via the right-click approach) admin, enter the admin credentials, and delete/replace the file. In Vista, it will provide an elevation prompt/credentials dialog--much faster. Agreed about Apple, though... they absolutely need to fix this. Imagine what a DDOS attack could look like on the public phone network. Say goodbye to 911. |
| #10 By 32132 (142.32.208.232) at 10/3/2007 11:24:51 AM |
|
"Microsoft took the easy approach of effectively running everything as root so that there wouldn't be any permissioning problems"
For Home users. Business users in a Domain were different. Thats why the "big lie" of "inherently insecure" is stupid and dishonest. When I worked at a University it was the RedHat boxes that were root kitted all the time and serving up warez. Not Windows PC's connected to a domain. |
|
Write Comment
Return to News |
Displaying 1 through 25 of 150 Last | Next |
The time now is
3:06:16 AM
ET.
Any comment problems? E-mail us |
