It was a Java vulnerability that was exploited according to the story:
Therefore, my comments had support towards my assumptions. This vulnerability can affect OS X as a potential target according this site.
Got a tip for us?
Let us know
Become a MacRumors Supporter for $50/year with no ads, ability to filter front page stories, and private forums.
Hackers Release 1 Million iOS Device UDIDs Obtained from FBI Laptop
- Thread starter MacRumors
- Start date
- Sort by reaction score
It was a Java vulnerability that was exploited according to the story:
Therefore, my comments had support towards my assumptions. This vulnerability can affect OS X as a potential target according this site.
What do you think? You're guilty in this country until proven innocent, remember?
Seriously, we live in the Corporate States of America these days where big business pretty much OWNS the government and so one shouldn't be surprised to find the government spying on its citizens for economic interests to the big corporations (advertising, demographics, etc.; census data is required by law in a country that supposedly has a privacy amendment; what a joke).
Well, I doubt it likes you in return... since we're told we are a "Christian nation", the phrase "Do unto others as you'd have them done unto you" now becomes an appropriate saying, given that phrase's origins being Old Testament and all...
P.S. Government is just buying the info from these companies. It's just business. Do you not like capitalism? Or do you just hate it when somebody freely engages in it at your expense?
Um, unless government tells private industry what to do... and it's usually private industry lobbyists that do the telling (all government does is accept their 'investment')... don't blame government for all ills when it's private industry that decides what jobs are needed and what wages they're set at, since it's wages people earn that have more say in what sorts of things, nice or otherwise, people buy...
The same ATT that gets lots of taxpayer-funded entitlement?
http://www.ctj.org/html/layoffs.htm
Also, is Big Brother "government", or the company/companies that do all the work that government merely buys from them? Maybe I missed 10 pages worth of posts, but nobody seems to mind ATT, banks, and others compiling lists... only that government gets them... seems a tad unfair and/or nearsighted...
I respect them as well.
If our government was just as bad as the middle east or China or anyone else and to be oh-so-evil as the rest, then those detracting wouldn't be here right now. It's that simple. Unless they have a deeper, causal explanation - but right now I've only read gripes about government about being a symptom rather than the core cause of all things bad...
Oh, one can also say the FBI lacks the funds to do proper defenses, since most anti-government types freely say we're broke and owe money thanks to the actions of the last 5 presidents (never mind it's Congress that votes on what gets spent, with the President signing or vetoing that Congress decides)...
Or, even in the best of times, stuff gets hacked.. even unjailbroken iPhones, thanks to PWN2OWN and other sources...
Obamas UDID? So are they tracking us or perhaps their own staff?
12million is quite alot of devices.. I'd say Obama more then likely has more then on iPad, heck lots of freaks here do lol
12million is quite alot of devices.. I'd say Obama more then likely has more then on iPad, heck lots of freaks here do lol
Well that can be bypassed. There are are two cables that can be snipped to render the devices useless and it cannot be repaired.
The info is legit and the hackers themselves didn't provide a website to check if your UDID, they just provided the text file.
Hence the iron fist silk glove joke. We all know the West is slightly better than North Korea, but then again it seems we only know what these totalitarian countries are like through Western propaganda and media. The fact of the matter is the US and the UK have come to be police states in the last 10-15 years. Time you took those blinkers off.......another sheeple that thinks he's free
If that was meant as a joke it didn't come off as one. It read as a subtile difference without much distinction kind, of like if a convicted thief could choose their final fate either by stoning or a sniper bullet between the eyes. Of course no western nation kills people for stealing. We do know what happens in countries like North Korea, China, Saudi Arabia...
And I own zero pair of blinkers, but I do think you might own a tinfoil hat.
Is it me or is nobody in this thread blaming Apple for their flawed approach to UDIDs?
Quote from the article:
Quote from the article:
The AtomicReferenceArray exploit in Java also worked on OS X.
But, this data could have easily been encrypted using a sparse bundle disk image made via Disk Utility to prevent compromise with user level access to the system.
Sure. We only have the hackers word the laptop belonged to an FBI agent. Or that they got the information from that laptop.
For all we know, the laptop was actually a seized item and they got the list off an offsite backup, acquired during the days before Apple cut off using the UDID in apps. Back in the day it would be child's play to create a little free game with some hidden harvesting in it.
How would you be able to tell if the cables have been snipped or not? Which is why the devices have to be removed, and then there's the further problem to easily check if the camera and microphone have been removed.
This isn't about a DOD employee spying and bringing in a microphone/camera/etc, this is about a DOD employee bringing in a computer that has been hacked by someone else.
So, maybe even physically removing the devices will be enough, I can't find any more recent directives from the DOD than the one I read a couple of years ago.
Ah yes, the classic scaremonger tactics, and the 'give them an inch' argument. Take something relatively minor like data monitoring and suddenly paint a bleak picture of the near future where the government closely controls all of our actions, and even goes as far as to tell us 'what to think'. Bonus points for any 1984 references...
Of course the fact that micro-managing the population is completely stupid and non-managable doesn't come into it, it helps to prove your point and so run with it!
Remember when Obama wanted to keep his Blackberry? He had to be issued the NSA version with the back door closed so foreign surveillance was not total. That was totallly phunnie.
After the buzz wore down in a year he did everything off-grid like all the other Presidents which didn't even use a computer, leaving all that to staff and trusted systems.
After the buzz wore down in a year he did everything off-grid like all the other Presidents which didn't even use a computer, leaving all that to staff and trusted systems.
The backdoor would be in BIS, not the devices themselves, and Obama's one probably uses (used?) BES anyway.
Too easy. IF they were harvesting via apps and are lying about the FBI part then it's likely a half dozen or more apps released under a handful of developer names and probably either cheap or 99 cents at most. They would be simple things like flashlight apps and only got updated when the iOS was. Especially if the update might break their harvesting
I wonder how many devices on that list are folks that used that in app purchase hack from a few weeks ago. Especially when it asked you to put in your apple ID password
Last edited:
Here's a post by Aldo Cortesi discussing what he found that you could do with just an UDID.
Among other things:
Eight days to Apple's event and this happens.
Again, the only 'proof' this came from the FBI is the hackers, who could be lying.
And we don't know that Apple gave it to them.
Well it turns out not only can't the FBI crack TrueCrypt, they can't use it either
TrueCrypt doesn't provide any protection once a user is logged in and using the system.
This is because the data is unencrypted and mounted when the user is logged in.
A remote exploit, such as the AtomicReferenceArray in Java, requires the target user to be logged in to be used against the system.
Sparse bundle disk images made via Disk Utility remain unmounted and encrypted after the user logs in unless the user manually mounts and unencrypts the data.
Last edited:
iPhone apps can run on iPads. So you can't really limit to universal, you might miss something
No, you can make a TrueCrypt image which you mount separately from the system too. As long as it wasn't mounted during the hack, it'd be pretty much impossible to steal that data.
Something tells me you didn't read the entire article and don't understand how all this works.