Page 1 of 2 12 LastLast
Results 1 to 10 of 13
Discuss Trojans? at the Free Toolchain Software (Cydia App's) - Hackint0sh.org; I've heard a few people wonder about trojans on all these small repositories that have ...
  1. #1
    Professional Array

    Join Date
    Dec 2007
    Posts
    81
    Post Thanks / Like
    Downloads
    0
    Uploads
    0
    Rep Power
    11

    Default Trojans?

    I've heard a few people wonder about trojans on all these small repositories that have been popping up, but I'm also wondering about the big "trusted" ones...how do they assure themselves that software is safe? Do they build the software themselves from the source code?

    And does anyone know of a way to monitor outgoing traffic, like a firewall? (I'm guessing that since everything is root, then the programs could turn the firewall off...)
    Thanks,
    JLA



  2. #2
    Former Bender
    Guest

    Default

    That's a good question.

    I think this will be solved with the upcoming SDK from Apple.
    Maybe the softwares will get a lower level/group with a popup asking for rights when root level is needed.

    My 2 cents guess.

  3. #3
    Senior Professional Array

    Join Date
    Sep 2007
    Posts
    154
    Post Thanks / Like
    Downloads
    0
    Uploads
    0
    Rep Power
    14

    Default

    No one said doing it this way is secure, if you're paranoid you should wait until Apple does its thing in March.
    Various 'Books old and new
    8 Giggity, Giggity, Gigg-it-y.

  4. #4
    Board Hero Array

    Join Date
    Dec 2007
    Posts
    1,044
    Post Thanks / Like
    Downloads
    0
    Uploads
    0
    Rep Power
    74

    Default

    Quote Originally Posted by darngooddesign View Post
    No one said doing it this way is secure, if you're paranoid you should wait until Apple does its thing in March.
    So either you jailbreak, or you're paranoid?

    I would hope there's something inbetween. Like jailbreaking but at the same time having discussions like this one, to get a good picture of the risks involved with various hacks and applications.

    Seems that Ste Packaging (one of the community sources) is a guy named Ste who personally checks and puts together the packages and even makes sure they don't get tampered with: see http://blog.psmxy.org/2007/11/04/yes...-just-updated/
    iPhone 3GS / 3.1.2 JB (PwnageTool) / 04.26.08 carrier-locked, Carrier Logo Fixer / Cydia / 1000 posts on Hackint0sh

    Installing Cydia programs on a phone that has no internet connection: read this.

    Editing binary .plist, .strings, .nib and .xib files:
    * on your computer: Windows tool / conversion website.
    * on your iPhone: convert those files in a terminal with plutil (installed with Erica Utilities) or edit them with iFile (Cydia links).

  5. #5
    Professional Array

    Join Date
    Dec 2007
    Posts
    81
    Post Thanks / Like
    Downloads
    0
    Uploads
    0
    Rep Power
    11

    Default

    My guess is that Apple will keep the run-in-root system, and that's the reason why they are requiring 3rd party software to be signed, etc.

    I don't think it's paranoid to care...I don't require 100% certainty/security, but at the same time, I personally want more than "no security". But it's not just me I'm worried about...I'm also worried about the jail-break community as a whole. I think it's great that more and more people are uncrippling their iPhones/Touch, but this could change with just one little virus or trojan...CNN would do some story, and new iPhone owners would be extremely reluctant to uncripple their phone. I enjoy programming for the iPhone, but I don't think it will be as enjoyable if the jailbroken community shrinks and other developers move on to Android stuff.
    JLA


  6. #6
    Board Hero Array

    Join Date
    Dec 2007
    Posts
    1,044
    Post Thanks / Like
    Downloads
    0
    Uploads
    0
    Rep Power
    74

    Default

    Here's another remark, from one repository: one of the first comments in this page, by someone named poetic_folly. "we test everything before listing it."

    So it seems that testing is generally done by the repositories that are high on the Sources list.
    iPhone 3GS / 3.1.2 JB (PwnageTool) / 04.26.08 carrier-locked, Carrier Logo Fixer / Cydia / 1000 posts on Hackint0sh

    Installing Cydia programs on a phone that has no internet connection: read this.

    Editing binary .plist, .strings, .nib and .xib files:
    * on your computer: Windows tool / conversion website.
    * on your iPhone: convert those files in a terminal with plutil (installed with Erica Utilities) or edit them with iFile (Cydia links).

  7. #7
    Respected Professional Array TwistyValhalla's Avatar

    Join Date
    Sep 2007
    Posts
    645
    Post Thanks / Like
    Downloads
    0
    Uploads
    0
    Rep Power
    41

    Default

    Installer was a nice idea. I however like to do things manually. That way I know exactly what I'm putting on my phone and where they are going. Installer is not for me.

    iPhone (OTB 1.1.1 / Currently 3.1)
    Unlock, activation, jailbreak: PwnageTool 3.1
    City Fido, Vancouver

  8. #8
    J to the T. Shaken, not Stirred Array thecompkid's Avatar

    Join Date
    Jul 2007
    Posts
    1,152
    Post Thanks / Like
    Downloads
    0
    Uploads
    0
    Rep Power
    75

    Default

    Quote Originally Posted by Godores View Post
    My guess is that Apple will keep the run-in-root system, and that's the reason why they are requiring 3rd party software to be signed, etc.

    I don't think it's paranoid to care...I don't require 100% certainty/security, but at the same time, I personally want more than "no security". But it's not just me I'm worried about...I'm also worried about the jail-break community as a whole. I think it's great that more and more people are uncrippling their iPhones/Touch, but this could change with just one little virus or trojan...CNN would do some story, and new iPhone owners would be extremely reluctant to uncripple their phone. I enjoy programming for the iPhone, but I don't think it will be as enjoyable if the jailbroken community shrinks and other developers move on to Android stuff.
    JLA
    I think that the perfect system would be popping up a warning message for unsigned applications when installing them. That way, we could risk as much as we wanted to without Apple telling us what we can and cannot do. I, for one, am very interested in seeing how Apple handles this situation, as their implementation of the SDK has the potential to make the iPhone the top smartphone on the market. Right now, it's nothing more than a niche product, but with better software, it could become business-friendly in no time.

  9. #9
    Board Hero Array

    Join Date
    Dec 2007
    Posts
    1,044
    Post Thanks / Like
    Downloads
    0
    Uploads
    0
    Rep Power
    74

    Default

    Quote Originally Posted by TwistyValhalla View Post
    Installer was a nice idea. I however like to do things manually. That way I know exactly what I'm putting on my phone and where they are going. Installer is not for me.
    How do you test the binaries before putting them on the phone? Do you decompile them?
    iPhone 3GS / 3.1.2 JB (PwnageTool) / 04.26.08 carrier-locked, Carrier Logo Fixer / Cydia / 1000 posts on Hackint0sh

    Installing Cydia programs on a phone that has no internet connection: read this.

    Editing binary .plist, .strings, .nib and .xib files:
    * on your computer: Windows tool / conversion website.
    * on your iPhone: convert those files in a terminal with plutil (installed with Erica Utilities) or edit them with iFile (Cydia links).

  10. #10
    Respected Professional Array TwistyValhalla's Avatar

    Join Date
    Sep 2007
    Posts
    645
    Post Thanks / Like
    Downloads
    0
    Uploads
    0
    Rep Power
    41

    Default

    No, I don't have time to do that. Just use trusted apps from original source.

    iPhone (OTB 1.1.1 / Currently 3.1)
    Unlock, activation, jailbreak: PwnageTool 3.1
    City Fido, Vancouver


 

 
Page 1 of 2 12 LastLast

Similar Threads

  1. Slashdot: Two Trojans For Mac OS X
    By hackint0sh in forum Latest Headlines
    Replies: 0
    Last Post: 06-25-2008, 10:10 AM

Bookmarks

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •  
Powered by vBulletin®
Copyright © 2014 vBulletin Solutions, Inc. All rights reserved.
Search Engine Friendly URLs by vBSEO
(c) 2006-2012 Hackint0sh.org
All times are GMT +2. The time now is 03:34 PM.
twitter, follow us!