Comments on Vulnerable Minds: iPhone sounds alot like iPwn

Per Alex's comment.. I'm taking it then that some ...

2007-06-14T13:59:00.000-05:00

Per Alex's comment.. I'm taking it then that some Javascript capabilities are disabled on the iphone. I guess that helps. In that case, maybe the more blatant/obvious issue may be things not working properly, rather than XSS.

Personally, I'd rather things breaking than someone scripting their way through my minutes... cuz Cingular doesn't really offer all that many, affordably. =P (Then again, neither does anybody else.)

I think you're post is amusing because the Apple s...

2007-06-14T11:10:00.000-05:00

I think you're post is amusing because the Apple standard "We don't get hacked or viruses" is now going to be "Our computers are fine, but good thing you've got AT&T roll-over minutes, because your phone just got jacked!"

Or a great slogan from your neighborhood Hacker:
I just figured out that "Ana" in your phone book that you call 100 times a day is you girlfriend. Since I can gain access to your, well everything, I'm texting her that you've dumped her for a boy.

I was at the WWDC session that detailed the extra ...

2007-06-13T20:49:00.000-05:00

I was at the WWDC session that detailed the extra features available to web developers on iPhone. I feel like I can pretty confidently say that they won't be security risks, as there's practically nothing there.

The majority of the session was on markup, layout, and stylesheet techniques to ensure that existing pages look good on the iPhone. If anything, the steps they've taken w/r/t JavaScript should limit anything that negatively effects user experience.

The iPhone isn't going to be a security bed of roses, but it seems like the potential for attacks beyond the existing set of web application risks isn't going to be too terrible. Just a hunch.