Comments on: ZOMG! Ziphone Dude Crashing iPhones With Malicious Audio Code?

By: spook†

spook† — Tue, 04 Nov 2008 21:17:37 +0000

All well and good points, and I hate to beat a dead horse here, but if you read carefully, and get the whole story from elsewhere besides just here, you'll find he submitted it to Apple's security team long before the Forbe's article hit the net, or his own blog, read, straight from the article, where it mentions JULY:

"Zambrini told Forbes.com that he spotted the bug in July, and sent an e-mail to Jobs explaining what he found."

in fact, he has a history of doing so with previous issues as well over the past year or two. How exactly does 4 months after reporting it to Apple going public with it pan out to him going public first? Or is it just the fanboy stardust messing with people's perceptions of time and date?

By: iPhoneMilk

iPhoneMilk — Tue, 04 Nov 2008 14:52:14 +0000

Hey Spook- Rene is right.

I also think you're forgetting about the original problem here in the first place. THAT GUY did not report it to Apple right away, he just posted it out to the public first. THAT'S the problem.

The iPhone blog is not Posting this information out to the public what TiPb is doing is LETTING THE PUBLIC KNOW that this guy already did this. It's basically a warning.

and for people like ME? who don't read on some losers website i never even knew about this piece of information, so it's basically NEWS to me and helpful to me. Now i can keep myself on sort of an Orange alert status until i see a fix for it.

By: spook†

spook† — Tue, 04 Nov 2008 14:30:19 +0000

That Doesn't fly? Wow...feels like an episode of the Sopranos...

I'm still at a loss as to how you are faulting someone for making a security risk public, as you re-report the same story? Are you lost on the connection at all? I'm not faulting you for reporting it, but you are faulting someone else for the doing the same thing (someone who informed Apple in details, btw).

And yes, the title is misleading and a stab for attention...as much as if I was to say "TiPB supports people crashing iphones with malicious audio code"...simply because you report a problem doesn't mean you ARE the problem.

By: andr3w

andr3w — Tue, 04 Nov 2008 05:37:19 +0000

zibri is a freakin ****** with no life. Since people doesn’t donate to his website anymore he got mad. hahaha. Everything he says is a lie. This post is irrelevant.

By: ethan

ethan — Tue, 04 Nov 2008 04:07:03 +0000

I can crash the phone too! But I just launch engadget.com on the safari web browser.

By: Rene Ritchie

Rene Ritchie — Tue, 04 Nov 2008 02:03:40 +0000

Sorry, spook, but that don’t fly. Once it’s out, it’s out, and people have to be informed so they can prepare if any exploits do hit the wild. DNS cache poisoning was handled the right way (even if some experts guessed the specifics after partial disclosure, that partial disclosure only occurred after Microsoft and other major players were fully briefed and had solutions baking). This is closer to the socket-stress leak.

And the title isn’t tabloid-esque, it’s sarcastic — though maybe the humor failed as badly as the handling of the exploit?

By: Corey

Corey — Tue, 04 Nov 2008 00:42:44 +0000

Responsible? Z has not been responsible since day one with any of his stuff. it would be nice if he were however.

By: spook†

spook† — Tue, 04 Nov 2008 00:12:00 +0000

And we’re to believe somehow TiPB is taking the high road by re-reporting the story on its site and titling the post with such a “Tabloid-esque” and dramatic (and false) title that it is hard to ignore? Please, I can’t see applying a moral reporting standard to anyone if you can’t observe it yourself. I like this site, don’t get me wrong, but this article seems a bit hypocritical…how about thanking him for finding it and making it public as opposed to developing malicious code?