Twitter Admits 'Harvesting' Users' Contacts

giffgore

Free Member
Jan 31, 2012
346
79
We have plenty to show the bad apps they spot - because they're rejected from the App store. You can hear the reasons why from news stories. They range from poor functionality, to using external payment API's, to poor graphics, and much more... They reject a hell of alot of apps - and in some cases, have been accused of ripping off developers by basically stealing their app and releasing it themselves. (iAd)

Also, look at the mistakes in general, across the company and all it's products. If they can review iTunes apps that well, why do so many issues persist in the proper Apple OS's and Applications?

The perks for working for Apple ain't that great compared to Microsoft, or Google, or plenty of other large companies.

Yes, but if someone's malware app got rejected, they'd hardly complain publicly online: "Apple rejected my trojan, they're evil!" isn't a common complaint. We simply don't know how much malware Apple has not allowed onto the App Store.

What are all these issues in Apple OS and applications? There are a few bugs, mostly dealing with compability with third party hardware in OS X, but there's no major issues Apple hasn't addressed. When they do crop up (which they do occasionally, of course - Apple isn't perfect), Apple fixes them quite quickly.

Yes, I know these apps exist for Android, but the chances are not many people will install it, and so I believe it should be included in the OS. Also, this application is unavailable. Not sure why, just says so on the download page.

Technically, I think the firewall does come with the OS in Android's case. I know that DroidWall uses the Linux firewall built into the kernel, for example. But yes, it should have a proper UI and be an actual "feature" by default, I agree.

I just did some searching and apparently it's down because the company's in the process of being bought by Twitter.

Well, I've been in business for over 10 years now, and I can only dream of people going on-line and telling others and a snowball effect starts off from one person. It happens, but not often, you need something that really grips the audience.

Even in advertising, you only get a 1% response rate - that's 1 person in every 100 is bothered enough to act on a targeted message, so I doubt someone mentioning it on a forum or elsewhere will have that much impact at all.

Do you really think there aren't packs of forum posters, bloggers, and news outlets who wouldn't jump on a "there's big evil scary viruses in the App Store!!!" story? I would be very surprised if someone discovered an app sending off personal data and didn't get any response from it. Such a story would probably make the front page of Engadget and Gizmodo within the day, with BBC News and others following.

Noticed, yes it will be noticed, but acted on - that's a whole different ball game.

Again, malware in the official App Store would grab attention from everyone - forum users to news outlets. It wouldn't get noticed then not get reported.
 
Upvote 0

Subbynet

Free Member
Aug 1, 2005
6,000
1,101
45
Luton
Yes, but if someone's malware app got rejected, they'd hardly complain publicly online: "Apple rejected my trojan, they're evil!" isn't a common complaint. We simply don't know how much malware Apple has not allowed onto the App Store.

Well, that wasn't the point... If they spot Malware, of course Apple will reject it, and someone I doubt the creator of said app is going to go public about it. :rolleyes:

Apple like to control their image, and don't even like to admit such problems can exist. It would ruin their reputation in a heart beat.

What are all these issues in Apple OS and applications? There are a few bugs, mostly dealing with compability with third party hardware in OS X, but there's no major issues Apple hasn't addressed. When they do crop up (which they do occasionally, of course - Apple isn't perfect), Apple fixes them quite quickly.

Just go read the Apple forums for example. I think you'll find your statement is quite wrong. Hundreds of posts about issues with Apple products. (And not third party software or hardware - although you'll find more issues about that too)

Yes Apple fixes them, like all vendors will do, but the point was about quality of programmers checking iTunes Apps. If these bugs can slip through the net, then so can others in the vetting procedure.

Technically, I think the firewall does come with the OS in Android's case. I know that DroidWall uses the Linux firewall built into the kernel, for example. But yes, it should have a proper UI and be an actual "feature" by default, I agree.

The main OS has IPTables built-in - it's hardly "user friend" on a phone, and really, you don't have any access to it, but the code is there as Android uses much Linux code. But like I said earlier about iOS, to enable a Firewall, you must disable the Sandbox. You can take one or the other, but you can't have both with the way things are right now. So you have to choose which means more to you.

Hence Droidwall requires uses to Root their devices.

Do you really think there aren't packs of forum posters, bloggers, and news outlets who wouldn't jump on a "there's big evil scary viruses in the App Store!!!" story? I would be very surprised if someone discovered an app sending off personal data and didn't get any response from it. Such a story would probably make the front page of Engadget and Gizmodo within the day, with BBC News and others following.

Yes, I do.. Larger news organisations, like Engadget, or the BBC, won't touch the story until it's verified because they'll be sued into oblivion by Apple if their wrong.

Plus, others on forums do exist, of course, but like I say, it takes quite an effort to spread a message further than to a limited group of like-minded people who understand the problem.

It isn't as easy to "Get a message out there" as you think. Your here on this forum, so I suppose you are in business, or wish to start a business, and no doubt, you'll find out what I mean in due course. It takes a lot of perseverance.
 
Upvote 0

giffgore

Free Member
Jan 31, 2012
346
79
Well, that wasn't the point... If they spot Malware, of course Apple will reject it, and someone I doubt the creator of said app is going to go public about it. :rolleyes:

Apple like to control their image, and don't even like to admit such problems can exist. It would ruin their reputation in a heart beat.

That's my exact point. So, we do not know how much malware Apple's app vetting staff have caught, therefore we cannot comment on their effectiveness.

Just go read the Apple forums for example. I think you'll find your statement is quite wrong. Hundreds of posts about issues with Apple products. (And not third party software or hardware - although you'll find more issues about that too)

Yes Apple fixes them, like all vendors will do, but the point was about quality of programmers checking iTunes Apps. If these bugs can slip through the net, then so can others in the vetting procedure.
Generally most problems on the Apple forums are caused by incompatibility with third party hardware or software - either that or early versions of Apple software which still need to be patched.

But of course Apple stuff will still have bugs in it. If Linux still has bugs after the source code has been checked over by millions of people, of course software developed by a single company will have its problems. Same goes for any other software.

The main OS has IPTables built-in - it's hardly "user friend" on a phone, and really, you don't have any access to it, but the code is there as Android uses much Linux code. But like I said earlier about iOS, to enable a Firewall, you must disable the Sandbox. You can take one or the other, but you can't have both with the way things are right now. So you have to choose which means more to you.

Hence Droidwall requires uses to Root their devices.
Agreed already - firewalls should be built into mobile OS's.

Yes, I do.. Larger news organisations, like Engadget, or the BBC, won't touch the story until it's verified because they'll be sued into oblivion by Apple if their wrong.
Happens all the time - news organistion sniffs out a big story online but can't confirm it, so they use weasel words like: "We have noticed unconfirmed reports spreading online that Apple's application store has let a possible malware app slip through. More details will be available as they become clear." That way they're simply stating that the reports exist, not that they're factual.

Plus, others on forums do exist, of course, but like I say, it takes quite an effort to spread a message further than to a limited group of like-minded people who understand the problem.

It isn't as easy to "Get a message out there" as you think. Your here on this forum, so I suppose you are in business, or wish to start a business, and no doubt, you'll find out what I mean in due course. It takes a lot of perseverance.
Advertising a business and knowing something of interest are two different concepts. Getting people to buy things from me is clearly a lot harder than getting people to find out something I'm telling them for free.

I once made a YouTube video about a "new iPhone". It was actually of my old iPod touch with a phone app stuck on it. I got 20,000 views within a month. My channel was basically unknown and had 5 subscribers tops.

Again, if you have information people want, you can get it out there online easily. It's not the same as trying to sell people a product.
 
Last edited:
Upvote 0

Subbynet

Free Member
Aug 1, 2005
6,000
1,101
45
Luton
That's my exact point. So, we do not know how much malware Apple's app vetting staff have caught, therefore we cannot comment on their effectiveness.

Well, the point was the quality of the people checking it - which you said they hire good people. And I retorted with evidence for bugs in their own code - so we could surmise from this, that the vetting procedure isn't failsafe. Ultimately, Charlie Miller managed to do it - and we only know because he went to the press. Others wouldn't, and we know Apple wouldn't tell us. but we should assume others passed the vetting procedure.

http://www.bbc.co.uk/news/technology-15635408

The end point of this is as far as I'm concerned is - people should be aware and responsible for their own security, and not to rely on Apple.

Generally most problems on the Apple forums are caused by incompatibility with third party hardware or software - either that or early versions of Apple software which still need to be patched.

But of course Apple stuff will still have bugs in it. If Linux still has bugs after the source code has been checked over by millions of people, of course software developed by a single company will have its problems. Same goes for any other software.

Yes, there can always be issues with third party software/hardware, but that migates the point, that ultimately we can find issues with regards to Apple's coding and procedures.

Also, I have to say, there isn't "millions" of people checking the Linux source code. If you look at the Kernel commits, much is still done by Linus Torvalds himself. There is probably a core team of around 10-20 people.

Happens all the time - news organistion sniffs out a big story online but can't confirm it, so they use weasel words like: "We have noticed unconfirmed reports spreading online that Apple's application store has let a possible malware app slip through. More details will be available as they become clear." That way they're simply stating that the reports exist, not that they're factual.

Where? Show me one of the organisations like you said which has anything like this. I've done the searches for you :) ... There is no negative speculation pieces about Apple. I'll grant you some websites will say stuff, but that's normally because they have no money to lose if sued anyway. :redface:

(ps. By Negative Speculation I mean it could result in tarnishing the brand, and not something that isn't here nor there... stock prices are speculated, new devices are speculated, these don't matter as much, but anything that could result in a law suit is avoided)

http://www.bbc.co.uk/search/news/?q=apple malware

http://engadget.search.aol.com/search?q=apple+malware&invocationType=wl-gadget

http://www.tomshardware.com/search.php?s=apple+malware

And the Apple forums - just for comparison of topics. (Mainly to show just how much Malware is discussed on those forums)

https://discussions.apple.com/searc...inerType=&container=&spotlight=true&q=malware

Advertising a business and knowing something of interest are two different concepts. Getting people to buy things from me is clearly a lot harder than getting people to find out something I'm telling them for free.

Far from it, both require the recipient to - put it bluntly - give a toss. Most people don't care, just like many of your friends probably don't care for computers, or for the football team you support, or for the food you like. Yet, we choose our friends based on things like this, so imagine getting complete strangers to listen to you.

You shouldn't conflate Advertising with Sales, they're two different things. I know about the iPhone due to advertising, but I didn't buy one due to features and price.

I once made a YouTube video about a "new iPhone". It was actually of my old iPod touch with a phone app stuck on it. I got 20,000 views within a month. My channel was basically unknown and had 5 subscribers tops.

Youtube :rolleyes::D... full of kids that click anything. I have a video on that site of my dog walking down the garden, a completely stupid video - over 10,000 hits. I have another of a ride at Alton Towers - 35,000 hits. Yet, only 1 comment was left... 45,000 hits between both video's, yet only 1 person cared enough to leave any sort of comment at all.

I personally pull feeds from Youtube using Miro, so they count as "Views", yet for much stuff I just flick through to the next video that interests me.
 
Last edited:
Upvote 0

giffgore

Free Member
Jan 31, 2012
346
79
Well, the point was the quality of the people checking it - which you said they hire good people. And I retorted with evidence for bugs in their own code - so we could surmise from this, that the vetting procedure isn't failsafe. Ultimately, Charlie Miller managed to do it - and we only know because he went to the press. Others wouldn't, and we know Apple wouldn't tell us. but we should assume others passed the vetting procedure.

http://www.bbc.co.uk/news/technology-15635408

Again, I cannot accept that other malware apps have passed the vetting procedure because I've not seen evidence of this.

The end point of this is as far as I'm concerned is - people should be aware and responsible for their own security, and not to rely on Apple.

Couldn't agree more with that.

Yes, there can always be issues with third party software/hardware, but that migates the point, that ultimately we can find issues with regards to Apple's coding and procedures.

Also, I have to say, there isn't "millions" of people checking the Linux source code. If you look at the Kernel commits, much is still done by Linus Torvalds himself. There is probably a core team of around 10-20 people.

Yes, everything has bugs, but Apple has no more than any other company.

By Linux I mean GNU/Linux, not just the kernel. So if you look at a big distro like Debian, lots of people download the source, and those people report bugs with it all the time.

Where? Show me one of the organisations like you said which has anything like this. I've done the searches for you :) ... There is no negative speculation pieces about Apple. I'll grant you some websites will say stuff, but that's normally because they have no money to lose if sued anyway. :redface:

(ps. By Negative Speculation I mean it could result in tarnishing the brand, and not something that isn't here nor there... stock prices are speculated, new devices are speculated, these don't matter as much, but anything that could result in a law suit is avoided)

http://www.bbc.co.uk/search/news/?q=apple malware

http://engadget.search.aol.com/search?q=apple+malware&invocationType=wl-gadget

http://www.tomshardware.com/search.php?s=apple+malware

And the Apple forums - just for comparison of topics. (Mainly to show just how much Malware is discussed on those forums)

https://discussions.apple.com/searc...inerType=&container=&spotlight=true&q=malware

I'm not claiming anyone's speculated that Apple has malware, I'm saying that if such a claim were to surface from the internet because someone spotted something iffy in an app, and if a news corporation was worried about lying, they'd use weasel words like I demonstrated. Have you ever read the Daily Mail? ;)

Far from it, both require the recipient to - put it bluntly - give a toss. Most people don't care, just like many of your friends probably don't care for computers, or for the football team you support, or for the food you like. Yet, we choose our friends based on things like this, so imagine getting complete strangers to listen to you.

You shouldn't conflate Advertising with Sales, they're two different things. I know about the iPhone due to advertising, but I didn't buy one due to features and price.

Again, I think a lot of people online would care if a real piece of malware was caught in the App Store. I'm not trying to tell everyone what my favourite song is, I'm talking about an actual story here. It's something interesting for a lot of people online.

Youtube :rolleyes::D... full of kids that click anything. I have a video on that site of my dog walking down the garden, a completely stupid video - over 10,000 hits. I have another of a ride at Alton Towers - 35,000 hits. Yet, only 1 comment was left... 45,000 hits between both video's, yet only 1 person cared enough to leave any sort of comment at all.

My video got lots of comments, most saying either "dis is fake!!11!" or "how did u get dat????!?!?!?" :rolleyes:

But yes, YouTube is full of idiots. My point was simply that things can spread fast even from previously unknown sources.
 
Upvote 0

Subbynet

Free Member
Aug 1, 2005
6,000
1,101
45
Luton
Again, I cannot accept that other malware apps have passed the vetting procedure because I've not seen evidence of this.

But you'll never get that proof, because if it does pass you may never find out what it does. Miller's app was on the App Store for 2 months, yet not a mention until he himself told the press. Unless someone outright says we done it, how will you ever know? You certainly can't trust Apple to tell you.

I think you should accept Malware being present as a default position. Treat everything from the iTunes store as if it does have Malware, and the reason for this is we do have evidence that someone can created Malware, and have it passed for inclusion in the App Store.

Yes, everything has bugs, but Apple has no more than any other company.

By Linux I mean GNU/Linux, not just the kernel. So if you look at a big distro like Debian, lots of people download the source, and those people report bugs with it all the time.

You've changed from lots of people reviewing the code, to lots of people reporting bugs. Mark my words, those are two very different things. The way Malware works isn't a bug, it's designed to operate that way. Plus, people don't report that often, which is why virtually all OS's these days generate their own reports.

Trying to assess user submitted bug reports is a right PITA.

I'm not claiming anyone's speculated that Apple has malware, I'm saying that if such a claim were to surface from the internet because someone spotted something iffy in an app, and if a news corporation was worried about lying, they'd use weasel words like I demonstrated. Have you ever read the Daily Mail? ;)

But I've just shown you that they don't. Go ahead and try it for any large company, you'll not find any "negative speculation". They'll be sued for Libel, Defamation of character, and much more. To even dare run the story would take balls of steal from the Editor because the backlash would be enormous.

It's much easier to speculate about people than it is about companies and products, because unless that person takes you to court, and can counter-prove their case, you'll be OK, plus Humans are prone to lying through their teeth. But a company can easily make claims about a product, as it's a physically designed item.

Again, I think a lot of people online would care if a real piece of malware was caught in the App Store. I'm not trying to tell everyone what my favourite song is, I'm talking about an actual story here. It's something interesting for a lot of people online.

Ok, how many other people have you discussed the Charlie Miller issue with? Or am I the first you've debated it with on-line?

Here, check the comments from that story. Not many people care that much.

http://www.zdnet.com/blog/security/apple-fixes-ios-vulnerability-exposed-by-charlie-miller/9796

http://www.v3.co.uk/v3-uk/blog-post...-miller-ios-developer-program#article_comment

(This one is really quite telling - it says : Miller is a prat. Now I know I will certainly make sure I never buy an App which he is "related" to!)

http://news.cnet.com/8301-27076_3-57320190-248/apple-boots-security-guru-who-exposed-iphone-exploit/

(101 comments - truly tiny compared to the number of iPhone users, but mostly Apple fans vs the world!)

This was a real, verified attack on the App Store carried out by a well known competition winner, and look, it still doesn't draw that much interest.

Strange, but true.

Btw - look at this one too... A search for Charlie Miller on the Apple Discussion boards barely gets a mention about this issue.

https://discussions.apple.com/searc...e=&container=&spotlight=true&q=charlie+miller
 
Upvote 0

giffgore

Free Member
Jan 31, 2012
346
79
Ignorant blog commenters don't prove anything. I actually saw something about this on Reddit recently, it said something like: "What if there are nice people on the internet, but they know not commenting at all is nicest thing to do?" :p

You do have a point about malware perhaps not being discovered for long periods of time, but I think it would happen eventually for the reasons I've stated before.

I see negative speculation all the time! Have you not seen a "Facebook causes cancer" article in your life? Those specifically mention Facebook as a company without hardly any evidence at all, yet they're reported by news outlets. And besides, if someone has evidence documented online of a firewall catching dodgy traffic from an app, the claim can be backed up.

Linux runs on user bug reports and code checking and the like. Linus himself even said "given enough eyeballs, all bugs are shallow."
 
Last edited:
Upvote 0

Subbynet

Free Member
Aug 1, 2005
6,000
1,101
45
Luton
Ignorant blog commenters don't prove anything. I actually saw something about this on Reddit recently, it said something like: "What if there are nice people on the internet, but they know not commenting at all is nicest thing to do?" :p

It proves that people generally don't give a damn... Apathy generally rules the day.

You do have a point about malware perhaps not being discovered for long periods of time, but I think it would happen eventually for the reasons I've stated before.

At some point I'm sure it will too, but by then many people might have details stolen.

I see negative speculation all the time! Have you not seen a "Facebook causes cancer" article in your life? Those specifically mention Facebook as a company without hardly any evidence at all, yet they're reported by news outlets. And besides, if someone has evidence documented online of a firewall catching dodgy traffic from an app, the claim can be backed up.

Come on, that was a Daily Mail report. At least once a week the Daily Mail is reporting that X causes Cancer.:rolleyes: It's a ludicrous claim that doesn't even merit a reply. Plus, like most Daily Mail articles, the content of the news doesn't really match the silly headline.

Not for the first time today, I have to say anyone listening to the Daily Mail needs their head examined. :rolleyes::D:p

Just for a laugh, I done a Google search on the Daily Mail. The term "causes cancer" cropped up 589 times!!

https://www.google.com/search?as_q=...=any&safe=images&tbs=&as_filetype=&as_rights=

Linux runs on user bug reports and code checking and the like. Linus himself even said "given enough eyeballs, all bugs are shallow."

Yes I know it runs on user bug reports and coding, but the main bulk of coding for any project is done by a small team. Virtually everyone is implementing Generated Bug Reports, because they're much more detailed, and correct than User Submitted Reports. As for coding, the Kernel for example only has a small team developing it, same for X.org, or Gnome. If you look at the Apache site, they even have lists of people who have made Commits to projects.

http://people.apache.org/committers-by-project.html

Remember those people may have made just 1 Commit, it doesn't mean they're always active on the project, but have a look, most projects have between 20-30 people.
 
Upvote 0

giffgore

Free Member
Jan 31, 2012
346
79
It proves that people generally don't give a damn... Apathy generally rules the day.

I would say that internet trolls who made those comments don't care, but a lot of people still do.

At some point I'm sure it will too, but by then many people might have details stolen.

True, but then we come back to our agreed point - people need to take responsibility for their own security and not rely on the OS to keep them safe.

Come on, that was a Daily Mail report. At least once a week the Daily Mail is reporting that X causes Cancer.:rolleyes: It's a ludicrous claim that doesn't even merit a reply. Plus, like most Daily Mail articles, the content of the news doesn't really match the silly headline.

Not for the first time today, I have to say anyone listening to the Daily Mail needs their head examined. :rolleyes::D:p

Just for a laugh, I done a Google search on the Daily Mail. The term "causes cancer" cropped up 589 times!!

https://www.google.com/search?as_q=...=any&safe=images&tbs=&as_filetype=&as_rights=

But that's exactly my point. The Daily Mail is full of this nonsense - it proves that big news outlets can and do run negative speculation stories, even when the things they're claiming are completely f**king insane.

Yes I know it runs on user bug reports and coding, but the main bulk of coding for any project is done by a small team. Virtually everyone is implementing Generated Bug Reports, because they're much more detailed, and correct than User Submitted Reports. As for coding, the Kernel for example only has a small team developing it, same for X.org, or Gnome. If you look at the Apache site, they even have lists of people who have made Commits to projects.

http://people.apache.org/committers-by-project.html

Remember those people may have made just 1 Commit, it doesn't mean they're always active on the project, but have a look, most projects have between 20-30 people.

I was looking at the Slackware site today and they said they had millions of people contributing code. Not sending automatic bug reports, but contributing code. The list of Debian developers looks quite f**king massive to boot.
 
Upvote 0

Subbynet

Free Member
Aug 1, 2005
6,000
1,101
45
Luton
I would say that internet trolls who made those comments don't care, but a lot of people still do.

Well, that sort of make my point too - or do you think your message will shine above the rest, and not be hi-jacked by these people just like Charlie Millers?

Trying to find those who do care, and who will take it up and push the matter further is a lot harder than you seem to think.

But that's exactly my point. The Daily Mail is full of this nonsense - it proves that big news outlets can and do run negative speculation stories, even when the things they're claiming are completely f**king insane.

It was a story so far out there it would never have any bearing on Facebook's value or share price. If it did, they'd jump all over the Daily Mail. It was a silly headline, the content of the piece had little to do with Facebook.

It's doesn't come close to negative speculation, it's just silly, and unbelievable by anyone who isn't a complete idiot. Heck today you can find them saying Jesus's grave has been found...

Show me a story with negative speculation that also rings true, because that's the point of libel. If it's so extreme it can't possibly be taken seriously, then a judge will think the same.

I was looking at the Slackware site today and they said they had millions of people contributing code. Not sending automatic bug reports, but contributing code. The list of Debian developers looks quite f**king massive to boot.

Slackware... :) Bloody hell, this is about the slowest updating OS of all Linux Distro's. They purposely do this, and try to remain the most stable OS. And tbh, it's hardly used anymore if truth be known, surpassed a long time ago by Debian and Ubuntu. Slackware's last major release was in 2009. Ubuntu updates roughly every 6 months.

On the Top 10 list from Distrowatch - Slackware comes in at #9.

http://distrowatch.com/dwres.php?resource=major

Slackware has been around for how long? 20+ Years, in all that time, the entire distribution will have had millions, but each project is much smaller, and those projects don't actually belong to Slackware, but are used across all Linux Distributions.
 
Upvote 0

giffgore

Free Member
Jan 31, 2012
346
79
Well, that sort of make my point too - or do you think your message will shine above the rest, and not be hi-jacked by these people just like Charlie Millers?

Trying to find those who do care, and who will take it up and push the matter further is a lot harder than you seem to think.

My point is the small sample of blog comments you provided is not representative of the general public.

It was a story so far out there it would never have any bearing on Facebook's value or share price. If it did, they'd jump all over the Daily Mail. It was a silly headline, the content of the piece had little to do with Facebook.

It's doesn't come close to negative speculation, it's just silly, and unbelievable by anyone who isn't a complete idiot. Heck today you can find them saying Jesus's grave has been found...

Show me a story with negative speculation that also rings true, because that's the point of libel. If it's so extreme it can't possibly be taken seriously, then a judge will think the same.

If I see one during this argument I'll link ya :p

Like I said though, if they simply report that internet rumours exist, then they're not really verifying them and with the right application of lawyers (and media outlets have a lot of those), they know they'll probably be fine.

Something more comparable to the hypothetical case we're talking about here is perhaps the iPhone 4 protoype leak from Gizmodo. They got the device and even boldly stated in their headlines: This is the next iPhone. They had no confirmation from Apple but they had one source of info - the guy who sold them the device - and they could of course inspect the device itself. They were careful to make label all their speculation about the device as such.

And more on the negative side, what about the Android texting bug? A lot of people were claiming that didn't exist, and it was very hard to replicate, in fact, but it still got reported.

If a dodgy app were to crop up, it'd be quite similar I'd imagine, especially if you consider the damage it does to a company's PR when they start suing media corporations. Usually when a news outlet releases a story which turns out to be incorrect, they simply print a correction upon discovering that fact, along with perhaps a statement from the company involved, and all is well. It's not really in the interests of companies to go suing media outlets anyway.

Slackware... :) Bloody hell, this is about the slowest updating OS of all Linux Distro's. They purposely do this, and try to remain the most stable OS. And tbh, it's hardly used anymore if truth be known, surpassed a long time ago by Debian and Ubuntu. Slackware's last major release was in 2009. Ubuntu updates roughly every 6 months.

On the Top 10 list from Distrowatch - Slackware comes in at #9.

http://distrowatch.com/dwres.php?resource=major

Slackware has been around for how long? 20+ Years, in all that time, the entire distribution will have had millions, but each project is much smaller, and those projects don't actually belong to Slackware, but are used across all Linux Distributions.

Slackware's last major release was 13.37 in 2011. And your personal opinion on the OS does not matter - the point is, as you say, it's stable, and it has a lot of people working on it. And my original point with this is that, even so, there are still bugs that crop up and need fixing, so you can't really attack software developers for having bugs unless they refuse to fix them or something :)
 
Upvote 0

Subbynet

Free Member
Aug 1, 2005
6,000
1,101
45
Luton
My point is the small sample of blog comments you provided is not representative of the general public.

Feel free to provide your own, but I did include some of the most popular sites, and I also included Apple's own forums. I feel that's a pretty fair cross section of the public.

Like I said though, if they simply report that internet rumours exist, then they're not really verifying them and with the right application of lawyers (and media outlets have a lot of those), they know they'll probably be fine.

Something more comparable to the hypothetical case we're talking about here is perhaps the iPhone 4 protoype leak from Gizmodo. They got the device and even boldly stated in their headlines: This is the next iPhone. They had no confirmation from Apple but they had one source of info - the guy who sold them the device - and they could of course inspect the device itself. They were careful to make label all their speculation about the device as such.

They were right and had proof, it was the new prototype device, and it was sold to them by an Apple employee (not just anyone!), this employee was later arrested. Apple confirmed it was a real prototype phone. Those were the facts reported. They didn't just dream it up.

Have a read on wikipedia. Apple might not have liked it, but they did confirm it.

And more on the negative side, what about the Android texting bug? A lot of people were claiming that didn't exist, and it was very hard to replicate, in fact, but it still got reported.

But it actually did happen - it was reported by thousands on the Android site, and Google later admitted it.

You can't deny the truth, no matter how bad it is.

Slackware's last major release was 13.37 in 2011. And your personal opinion on the OS does not matter - the point is, as you say, it's stable, and it has a lot of people working on it. And my original point with this is that, even so, there are still bugs that crop up and need fixing, so you can't really attack software developers for having bugs unless they refuse to fix them or something :)

No, your wrong. The version number should give you an indication of this, the version 13 (the major update), and the .37 (revision update).

13.1 was released in 2009. Since then only minor updates have taken place. (36 updates! Bringing the number to 13.37)
 
Upvote 0

giffgore

Free Member
Jan 31, 2012
346
79
Feel free to provide your own, but I did include some of the most popular sites, and I also included Apple's own forums. I feel that's a pretty fair cross section of the public.

http://www.engadget.com/2011/11/07/charlie-millers-latest-ios-hack-gets-into-the-app-store-gets-h/

The level of discussion on tech blogs shows that people did care, even if there was of course a level of trolling going on (this is the internet after all).

They were right and had proof, it was the new prototype device, and it was sold to them by an Apple employee (not just anyone!), this employee was later arrested. Apple confirmed it was a real prototype phone. Those were the facts reported. They didn't just dream it up.

Have a read on wikipedia. Apple might not have liked it, but they did confirm it.

They confirmed it after it was reported and the guy who sold the iPhone found it in a bar, he did not work for Apple.

But it actually did happen - it was reported by thousands on the Android site, and Google later admitted it.

You can't deny the truth, no matter how bad it is.

And, in my hypothetical example, someone would be able to tell others they can confirm it by downloading the firewall and the app in question, and the companies in question would therefore be forced to admit it eventually after it was reported - like the Android issue.

No, your wrong. The version number should give you an indication of this, the version 13 (the major update), and the .37 (revision update).

13.1 was released in 2009. Since then only minor updates have taken place. (36 updates! Bringing the number to 13.37)

Right you are, but that doesn't affect my main point.
 
Upvote 0

Subbynet

Free Member
Aug 1, 2005
6,000
1,101
45
Luton
http://www.engadget.com/2011/11/07/charlie-millers-latest-ios-hack-gets-into-the-app-store-gets-h/

The level of discussion on tech blogs shows that people did care, even if there was of course a level of trolling going on (this is the internet after all).

Give over, there is nothing in that thread that wasn't said on the links I gave. Most of the comments have nothing to do with it. .. Apple Fans vs World again.

If you look, there is probably 50-60 people in that discussion. Hardly an outpouring of people commenting on it.

They confirmed it after it was reported and the guy who sold the iPhone found it in a bar, he did not work for Apple.

Fair enough, I may recall that part wrong, but nonetheless, once it was confirmed by Apple - job done... Yes, Gizmodo stuck their necks out and took a risk, but it paid off because it was true.

And, in my hypothetical example, someone would be able to tell others they can confirm it by downloading the firewall and the app in question, and the companies in question would therefore be forced to admit it eventually after it was reported - like the Android issue.

Yes, but like I said earlier, it's getting that message out, and tbh, there is no proof that a firewall app would tell someone, because once a device is subject to malware, you can't be sure the firewall will report correctly.

If you look at Viruses for Desktop OS's, killing the Anti-Virus and Firewall apps is something many of them do - in fact, that sometimes is in itself an indication that you've been attacked.
 
Upvote 0

giffgore

Free Member
Jan 31, 2012
346
79
Give over, there is nothing in that thread that wasn't said on the links I gave. Most of the comments have nothing to do with it. .. Apple Fans vs World again.

If you look, there is probably 50-60 people in that discussion. Hardly an outpouring of people commenting on it.

If you look really hard on the internet, you can occasionally find intelligent comments... Sometimes... Maybe... :p

Fair enough, I may recall that part wrong, but nonetheless, once it was confirmed by Apple - job done... Yes, Gizmodo stuck their necks out and took a risk, but it paid off because it was true.

Exactly. So why wouldn't they do the same with this sort of breaking story?

Yes, but like I said earlier, it's getting that message out

On MacRumours, things are often posted on the forums and subsequently posted on their main news page because they gather a lot of attention. Other tech blogs then report the stories via MR.

Now, if someone went on that forum and posted evidence of a certain app doing dodgy things, it'd gather enough attention to be picked up quite quickly.

and tbh, there is no proof that a firewall app would tell someone, because once a device is subject to malware, you can't be sure the firewall will report correctly.

If you look at Viruses for Desktop OS's, killing the Anti-Virus and Firewall apps is something many of them do - in fact, that sometimes is in itself an indication that you've been attacked.

This is actually a good point. However, on iOS, an app would need root access to disable the firewall since it's outside the sandbox. This would mean that the hypothetical malware would be required to take advantage of jailbreaking features and target Cydia apps to disable the firewall, and I really doubt that would slip into the App Store.
 
Upvote 0
Bloody frightening isn't it, someone has your phone number, arrggghhh what has technology done.

Oh wait, we used to have a thing called the phone book that listed everyone's number (and full address) and was not only delivered free to every house and business in the country but also left in hundreds of thousand of public phone boxes throughout the country.

Get a grip, it's a mobile phone number and email address, hardly identifies you or where you live.

Paranoia seems rife off late.
 
Upvote 0

giffgore

Free Member
Jan 31, 2012
346
79
Bloody frightening isn't it, someone has your phone number, arrggghhh what has technology done.

Oh wait, we used to have a thing called the phone book that listed everyone's number (and full address) and was not only delivered free to every house and business in the country but also left in hundreds of thousand of public phone boxes throughout the country.

Get a grip, it's a mobile phone number and email address, hardly identifies you or where you live.

Paranoia seems rife off late.

If you're on Facebook, an e-mail address can tell someone basically everything about you (depending on your privacy settings, of course).
 
Upvote 0

Subbynet

Free Member
Aug 1, 2005
6,000
1,101
45
Luton
If you look really hard on the internet, you can occasionally find intelligent comments... Sometimes... Maybe... :p

Well, exactly my friend I've been looking for them in your comments, very rarely do they crop up. :rolleyes::p

Exactly. So why wouldn't they do the same with this sort of breaking story?

I've explained this in quite some details in my previous replies. They would verify it first.

On MacRumours, things are often posted on the forums and subsequently posted on their main news page because they gather a lot of attention. Other tech blogs then report the stories via MR.

Most of their stories are actually news reports from other sites, much like say Slashdot. They don't make news, they debate it.

Now, if someone went on that forum and posted evidence of a certain app doing dodgy things, it'd gather enough attention to be picked up quite quickly.

You think so, but I'd say 1 in 500 might check out your claims, the rest might make a comment, but very little of them will push the issue further - but again, I've said this a few times now, were recovering old ground.

This is actually a good point. However, on iOS, an app would need root access to disable the firewall since it's outside the sandbox. This would mean that the hypothetical malware would be required to take advantage of jailbreaking features and target Cydia apps to disable the firewall, and I really doubt that would slip into the App Store.

It's very easy to root iOS. It doesn't need to be included as part of the App Store submission, it just needs to downloaded and run it at a set point in time. Also, you don't need to disable the firewall, because at this point, you have no reason to assume a firewall has been included. (In fact, those Phones would already be rooted)
 
Upvote 0

giffgore

Free Member
Jan 31, 2012
346
79
Well, exactly my friend I've been looking for them in your comments, very rarely do they crop up. :rolleyes::p

Right back at ya ;)

I've explained this in quite some details in my previous replies. They would verify it first.

But I've provided examples where this wasn't the case.

Most of their stories are actually news reports from other sites, much like say Slashdot. They don't make news, they debate it.

But some of it is taken from their forums, see these examples:

http://www.macrumors.com/2011/10/12/many-seeing-error-3200-trying-to-upgrade-to-ios-5/
http://www.macrumors.com/2012/02/03/uploaded-itunes-match-songs-inaccessible-for-some/
http://www.macrumors.com/2012/01/09/apple-seeds-ios-5-1-beta-3-to-developers/

You think so, but I'd say 1 in 500 might check out your claims, the rest might make a comment, but very little of them will push the issue further - but again, I've said this a few times now, were recovering old ground.

We're both basically guessing so it's a moot point really. Might as well agree to disagree here since we're going in circles.

It's very easy to root iOS. It doesn't need to be included as part of the App Store submission, it just needs to downloaded and run it at a set point in time. Also, you don't need to disable the firewall, because at this point, you have no reason to assume a firewall has been included. (In fact, those Phones would already be rooted)

If we're talking about a possible malicious iOS app, I strongly doubt it will get into the App Store if it requires use of something outside the sandbox. If the iPhone it's being installed in isn't jailbroken yet, that would mean the app would have to actually jailbreak the iPhone itself even. Again, highly unlikely.

giffgore could you please clarify one of your last comments;



Which company is being bought by Twitter?

Thanks

WhisperSystems, the company which made the secure Android framework I mentioned.
 
Upvote 0

Subbynet

Free Member
Aug 1, 2005
6,000
1,101
45
Luton
But I've provided examples where this wasn't the case.

I don't believe you have... You provided one link, with a small number of users discussing it.... I done the same.

The point was, and like I said, it's hard to push a topic like this into the mainstream - I never said you couldn't Google it and find it anywhere! :rolleyes:


They all look like honest and true pieces. Like I said, you can't do anything about it if something is true, and can be proven to be true.

Plus, the whole point was about news that can be damaging to a companies reputation. You haven't shown any news like that yet.

You told me earlier about mainstream press, not some small blog that caters for Mac users... What was it you said about my links? Hardly representative of users at large or something like that? Then you pick a Apple fanboi centric site! :rolleyes:

If we're talking about a possible malicious iOS app, I strongly doubt it will get into the App Store if it requires use of something outside the sandbox. If the iPhone it's being installed in isn't jailbroken yet, that would mean the app would have to actually jailbreak the iPhone itself even. Again, highly unlikely.

First off, it wouldn't need to download ANYTHING really, because iOS doesn't contain a Firewall, but lets assume for a second, it did, virtually all iOS apps download data - nothing strange about that, and it has absolutely nothing to do with the Sandbox. That just keeps apps from communicating with each other if no permissions exist.

In fact this is how iOS is jailbroken in the first place, it downloads a PDF file within the sandbox, runs it, and breaks out of the sandbox. As for the difficult of jailbreaking, its extremely simple. As is proven by Jailbreakme.com

Also, remember your whole point is based on "it's highly unlikely" you keep repeating that - but evidence says, it can happen... Your the one who needs to prove the case, rather than pushing ahead with conjecture.
 
Upvote 0

giffgore

Free Member
Jan 31, 2012
346
79
My point is that you can't put an app which breaks out of the sandbox into the App Store and expect it to get through, I've never said that such an app couldn't be coded.

BTW, "it downloads a PDF file within the sandbox, runs it, and breaks out of the sandbox" is incorrect for most jailbreaks - at least do some research before you make statements like that. Two jailbreaks have been browser based, i.e. Safari will download a file using an exploit and, from there, use multiple other exploits to eventually inject the jailbreak payload. One of these exploits has to be a privilege escalation exploit else you're stuck in the sandbox. Most jailbreaks, however, involve plugging your phone into the computer and directly attacking the bootloader and/or bootrom while the phone is in DFU mode, i.e. specifically set up to receive instructions from the computer outside of the actual iOS.

Now, it is of course possible that a developer could build an app which exploits holes in iOS to break out of the sandbox. It would take a lot of work (iOS has a lot of security measures, including full ASLR, these days, as does ICS BTW) but it's possible. Getting that app into the App Store, though? Hmm, I don't think so.

As for the news thing, if you're claiming you've never seen speculative news which is negative, you're lying. Here's another example (which turned out to be false) from the BBC. This story also proves how easily things of interest get passed around online.
 
Upvote 0

Latest Articles

Join UK Business Forums for free business advice