Active Topics
-
Maemo repository (12)
to Community by teroyk - 3 hrs, 45 mins ago -
Error after installing Leste on sdcard (18)
to Maemo 7 / Leste by Maemish - 1 day, 13 hrs ago -
Maemo 20th Anniversary (4)
to Brainstorm by teroyk - 3 days, 8 hrs ago -
Nokia Booklet 3G (RX-75) Drivers (64)
to Alternatives by teroyk - 3 days, 8 hrs ago -
Porting apps to Leste (46)
to Maemo 7 / Leste by teroyk - 5 days, 11 hrs ago - more...
|
2010-07-10
, 17:02
|
|
Posts: 489 |
Thanked: 404 times |
Joined on Dec 2009
|
#2
|
The most important thing is that it doesn't happen to Maemo.org repositories, expecially Extras.
Luckily our QA Extras-Testing testers are better than Ovi's.
Luckily our QA Extras-Testing testers are better than Ovi's.
 |
|
2010-07-10
, 22:13
|
|
Posts: 4,708 |
Thanked: 4,649 times |
Joined on Oct 2007
@ Bulgaria
|
#3
|
Well, nothing can be bought from Extras, I don't see many attackers going that way.
Ovi though can be more attractive to them...
Ovi though can be more attractive to them...
__________________
Technically, there are three determinate states the cat could be in: Alive, Dead, and Bloody Furious.
Technically, there are three determinate states the cat could be in: Alive, Dead, and Bloody Furious.
 |
|
2010-07-11
, 05:39
|
|
Posts: 4,384 |
Thanked: 5,524 times |
Joined on Jul 2007
@ ˙ǝɹǝɥʍou
|
#4
|
I'm still not clear on that iTunes attack vector...
It's not likely that the online store itself is compromised, otherwise the attacker would probably choose a different method to sieve the money.
It's not likely that the online store itself is compromised, otherwise the attacker would probably choose a different method to sieve the money.
__________________
Class .. : Power User
Humor .. : [#####-----] | Alignment: Pragmatist
Patience : [###-------] | Weapon(s): Galaxy Note + BB Bold Touch 9900
Agro ... : [###-------] | Relic(s) : iPhone 4S, Atrix, Milestone, N900, N800, N95, HTC G1, Treos, Zauri, BB 9000, BB 9700, etc
Class .. : Power User
Humor .. : [#####-----] | Alignment: Pragmatist
Patience : [###-------] | Weapon(s): Galaxy Note + BB Bold Touch 9900
Agro ... : [###-------] | Relic(s) : iPhone 4S, Atrix, Milestone, N900, N800, N95, HTC G1, Treos, Zauri, BB 9000, BB 9700, etc
Follow the MeeGo Coding Competition!
|
|
2010-07-11
, 20:18
|
|
Guest |
Posts: n/a |
Thanked: 0 times |
Joined on
|
#5
|
The store wasn't directly compromised. Consider the free books a trojan horse in the truest sense. You get the book, it gathers your info, reports it out - that's dumbed WAY down, but you get the gist.
Apparently there's a local store of your password, et al that's being exploited. But... could something like that happen in the Ovi Store?
Apparently there's a local store of your password, et al that's being exploited. But... could something like that happen in the Ovi Store?
|
|
2010-07-11
, 20:24
|
|
Posts: 4,708 |
Thanked: 4,649 times |
Joined on Oct 2007
@ Bulgaria
|
#6
|
Ovi store unlike iTunes works through MicroB which encrypts the saved passwords (EDIT: maybe just better). However, a keylogger can help in this case...
Last edited by Bundyo; 2010-07-12 at 05:56.
__________________
Technically, there are three determinate states the cat could be in: Alive, Dead, and Bloody Furious.
Technically, there are three determinate states the cat could be in: Alive, Dead, and Bloody Furious.
Last edited by Bundyo; 2010-07-12 at 05:56.
|
|
2010-07-12
, 02:46
|
|
Posts: 4,384 |
Thanked: 5,524 times |
Joined on Jul 2007
@ ˙ǝɹǝɥʍou
|
#8
|
Isn't it more likely that they use some social engineering trick to harvest the passwords?
I don't think they even store iTunes password on iOS, because you're asked for the password every time you make a purchase. Well it'll 'cache' it for 5-10 minutes for convenience, but past that period then it'll reask you for the password to be resubmitted over the net for reauthentication.
Keylogger is also unlikely due to iOS' sandboxing lockdown.
I don't think they even store iTunes password on iOS, because you're asked for the password every time you make a purchase. Well it'll 'cache' it for 5-10 minutes for convenience, but past that period then it'll reask you for the password to be resubmitted over the net for reauthentication.
Keylogger is also unlikely due to iOS' sandboxing lockdown.
__________________
Class .. : Power User
Humor .. : [#####-----] | Alignment: Pragmatist
Patience : [###-------] | Weapon(s): Galaxy Note + BB Bold Touch 9900
Agro ... : [###-------] | Relic(s) : iPhone 4S, Atrix, Milestone, N900, N800, N95, HTC G1, Treos, Zauri, BB 9000, BB 9700, etc
Class .. : Power User
Humor .. : [#####-----] | Alignment: Pragmatist
Patience : [###-------] | Weapon(s): Galaxy Note + BB Bold Touch 9900
Agro ... : [###-------] | Relic(s) : iPhone 4S, Atrix, Milestone, N900, N800, N95, HTC G1, Treos, Zauri, BB 9000, BB 9700, etc
Follow the MeeGo Coding Competition!
|
|
2010-07-12
, 05:57
|
|
Posts: 4,708 |
Thanked: 4,649 times |
Joined on Oct 2007
@ Bulgaria
|
#9
|
Well, maybe its possible the actual tools are logging in automatically from the victim's iPhone? Then again if it spread so fast maybe it was published somewhere (maybe just not in our part of the internet 
).
).
__________________
Technically, there are three determinate states the cat could be in: Alive, Dead, and Bloody Furious.
Technically, there are three determinate states the cat could be in: Alive, Dead, and Bloody Furious.
|
|
2010-07-12
, 07:05
|
|
Posts: 4,384 |
Thanked: 5,524 times |
Joined on Jul 2007
@ ˙ǝɹǝɥʍou
|
#10
|
That's the thing, unless there's a huge gaping exploitable hole in the iOS, then these apps must've performed some sort of social engineering tricks to gain the users' iTunes Store passwords.
It's definitely a chink in Apple's armor, just wondering which part:
- iTunes Store itself (least likely)
- iOS sandbox (if this is the case, I'm surprised that the damage is limited to 1-2 perpetrator so far... and why there isn't an update yet to address it).
- iTunes Store' approval system (Maybe the guy hid the social engineering routing somehow ... and this sort of thing is nothing new for Apple
)
Last edited by ysss; 2010-07-12 at 07:14.
It's definitely a chink in Apple's armor, just wondering which part:
- iTunes Store itself (least likely)
- iOS sandbox (if this is the case, I'm surprised that the damage is limited to 1-2 perpetrator so far... and why there isn't an update yet to address it).
- iTunes Store' approval system (Maybe the guy hid the social engineering routing somehow ... and this sort of thing is nothing new for Apple
)
__________________
Class .. : Power User
Humor .. : [#####-----] | Alignment: Pragmatist
Patience : [###-------] | Weapon(s): Galaxy Note + BB Bold Touch 9900
Agro ... : [###-------] | Relic(s) : iPhone 4S, Atrix, Milestone, N900, N800, N95, HTC G1, Treos, Zauri, BB 9000, BB 9700, etc
Class .. : Power User
Humor .. : [#####-----] | Alignment: Pragmatist
Patience : [###-------] | Weapon(s): Galaxy Note + BB Bold Touch 9900
Agro ... : [###-------] | Relic(s) : iPhone 4S, Atrix, Milestone, N900, N800, N95, HTC G1, Treos, Zauri, BB 9000, BB 9700, etc
Follow the MeeGo Coding Competition!
Last edited by ysss; 2010-07-12 at 07:14.
More information here...
Do you think that could happen to Ovi too?