Nokians: Nokia Cell Phone User Forum
 
Go Back   Nokians: Nokia Cell Phone User Forum > Usenet Discussion Forums > AT&T Usenet Discussions
Reload this Page http://iphone-services.apple.com/clbl/unauthorizedApps
Homepage Register FAQ Members List Calendar Search Today's Posts Mark Forums Read


AT&T Usenet Discussions News Server Discussions on AT&T

Reply
 
LinkBack Thread Tools Display Modes
  #1 (permalink)  
Old August 8th, 2008, 02:29 PM
Mark Crispin
Guest
  
Posts: n/a
Default http://iphone-services.apple.com/clbl/unauthorizedApps
I wonder how long it will be before some hacker figures out how to use
this mechanism for a malicious attack on iToys running the 2.x software.

I hope that the iToy actually verifies that the page is signed by Apple's
Verisign-issued certificate, as opposed to any CA-issued certificate (or
worse, some self-signed certificate). If not, the task is trivial.

The iToy does not offer user control over certificates, although Mail.app
does prompt (once) in the event of a self-signed certificate for IMAP or
POP3 connections. Safari, however, does NOT seem to report certificate
issues.

There seem to be some good hacking opportunities here.

-- Mark --

http://panda.com/mrc
Democracy is two wolves and a sheep deciding what to eat for lunch.
Liberty is a well-armed sheep contesting the vote.
Digg this Post!Add Post to del.icio.usBookmark Post in TechnoratiFurl this Post!Spurl this Post!Reddit! Wong this Post!
Reply With Quote
  #2 (permalink)  
Old August 8th, 2008, 02:41 PM
News
Guest
  
Posts: n/a
Default http://iphone-services.apple.com/clbl/unauthorizedApps


Mark Crispin wrote:

> I wonder how long it will be before some hacker figures out how to use
> this mechanism for a malicious attack on iToys running the 2.x software.
>
> I hope that the iToy actually verifies that the page is signed by
> Apple's Verisign-issued certificate, as opposed to any CA-issued
> certificate (or worse, some self-signed certificate). If not, the task
> is trivial.
>
> The iToy does not offer user control over certificates, although
> Mail.app does prompt (once) in the event of a self-signed certificate
> for IMAP or POP3 connections. Safari, however, does NOT seem to report
> certificate issues.
>
> There seem to be some good hacking opportunities here.
>
> -- Mark --


Wunder-, I mean, blunder-bar!
Digg this Post!Add Post to del.icio.usBookmark Post in TechnoratiFurl this Post!Spurl this Post!Reddit! Wong this Post!
Reply With Quote
  #3 (permalink)  
Old August 9th, 2008, 01:48 AM
Larry
Guest
  
Posts: n/a
Default http://iphone-services.apple.com/clbl/unauthorizedApps
Mark Crispin <mrc@Panda.COM> wrote in
news:alpine.OSX.1.10.0808080914150.10599@pangtzu.p anda.com:

> I hope that the iToy actually verifies that the page is signed by
> Apple's Verisign-issued certificate, as opposed to any CA-issued
> certificate (or worse, some self-signed certificate). If not, the
> task is trivial.
>
>

As utterly arrogant as Apple is, I doubt it.

Digg this Post!Add Post to del.icio.usBookmark Post in TechnoratiFurl this Post!Spurl this Post!Reddit! Wong this Post!
Reply With Quote
  #4 (permalink)  
Old August 10th, 2008, 12:06 AM
Larry
Guest
  
Posts: n/a
Default http://iphone-services.apple.com/clbl/unauthorizedApps
Mark Crispin <mrc@Panda.COM> wrote in
news:alpine.OSX.1.10.0808080914150.10599@pangtzu.p anda.com:

> -- Mark --
>
>

Mark, are you at NYU?

Just curious.

Digg this Post!Add Post to del.icio.usBookmark Post in TechnoratiFurl this Post!Spurl this Post!Reddit! Wong this Post!
Reply With Quote
Reply

« IBM now coming to the iPhone with iNotes | Yo, Vic! »

Currently Active Users Viewing This Thread: 1 (0 members and 1 guests)
 

(View-All Members who have read this thread : 1
reza1217
Thread Tools
Display Modes
Linear Mode Linear Mode

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts
BB code is On
Smilies are Off
[IMG] code is Off
HTML code is Off
Trackbacks are On
Pingbacks are On
Refbacks are On

Similar Threads
Thread Thread Starter Forum Replies Last Post
http://support.apple.com/kb/TS1702 Larry AT&T Usenet Discussions 0 July 29th, 2008 01:25 PM
http://www.apple.com/iphone/ Ron AT&T Usenet Discussions 3 June 9th, 2008 06:36 PM
For Sale:apple Iphone 16gb,apple Iphone 8gb,nokia N96,nokia N95 8gb,sidekick At Cheap gloryminimarket GSM Usenet Discussions 0 March 2nd, 2008 03:30 AM
FS: Apple iphone 16 Gb "$250/Apple Ipod Touch 32 Gb:$200 kanny Nokia Usenet Discussions 0 February 27th, 2008 11:39 AM
Sell Brand New Nokia N95 8gb/apple Iphones/sony Ps3/apple Iphone 8gb mohammed02 GSM Usenet Discussions 0 February 26th, 2008 10:27 PM



Current poll
The new design of the forum is..

Excellent: 100.00%

Good: 0%

Average: 0%

Could be better: 0%

Bad: 0%
Voters: 1. You may not vote on this poll

Forum Stats
Topics: 12124
Posts: 61599
Users: 981
Active Members: 511
We welcome our newest user: sharkbaitbil
Most users ever online was 90, October 13th, 2008 at 02:44 PM.
New users:
Today
- sharkbaitbil
Today
- ellainema
Yesterday
- israel75
November 30th, 2008
- gadgeteeer
November 29th, 2008
- cellscells

Today's Birthdays
No one has birthday today.


All times are GMT -4. The time now is 09:39 AM.

Contact Us - Nokians: Home of all Nokia Users Worldwide - Top

Powered by vBulletin® Version 3.7.2
Copyright ©2000 - 2008, Jelsoft Enterprises Ltd.
Search Engine Friendly URLs by vBSEO 3.2.0
copyright © Nokians.netAd Management by RedTyger