| Author |
Blooover - The Bluetooth Hoover! |
Nitro Fan
Joined: Jun 11, 2003
Posts: > 500
From: London
PM |
@ mikLSP
Hi I agree if it does not actually exist yet then the risk is currently at best minimal, but you wouldn’t suggest people go and try to make a dirty bomb just to prove it is possible would you?
I take your point about proof, but I view things rather along the lines of, if the principal behind the objective is malicious why go as far as finding the proof? the act itself is already proven to be wrong.
I understand the penalty for conspiracy to rob is often higher than for those committed of the crime! Whether “bluesnarfing” is possible or not is not the issue, I am against the act of “snarfing” in principal and those who seek to conspire to provide a mechanism to facilitate such activity are in my opinion wrong, to me it is a simple matter of right and wrong.
I have owned the ... T68i T610, P800, P900, P910, P990, W950, P1, W960 But SE have now totally lost the plot. | |
|
Nitro Fan
Joined: Jun 11, 2003
Posts: > 500
From: London
PM |
@Jim
Hi Jim cheer up  I am @'ing all my replys now!
I have owned the ... T68i T610, P800, P900, P910, P990, W950, P1, W960 But SE have now totally lost the plot. |
MikLSP
Joined: Sep 21, 2003
Posts: > 500
From: se-nse.com
PM |
The point of proving this was for them to demonstrate the security flaw to manufacturers & so they can improve their products against it.
BUT as far as I can see this app proves nothing as I have not seen it 'work' & so it seems there IS NO threat/issue. Hence I posted here to see if anyone else can shed light on this.
|
Nitro Fan
Joined: Jun 11, 2003
Posts: > 500
From: London
PM |
Do any ESATO moderators / members know anyone on the site who works for one or more of the manufacturers?
If so, it seems to me a far more logical way of exposing a Bluetooth / Symbian threat / flaw to them, would be to send them a copy of the application to try in their labs or to get their development teams to evaluate? This would accomplish three things:
1. Alert them to the concept of “bluesnarfing” (If it actually exists! and they are not already aware of it!) and enable them to run some tests to evaluate the practicality of achieving a “Bluesnarf”
2. Enable them to evaluate what areas of their technology the “sad little hackers” are trying to exploit and so put a control in place or release an update to prevent attack (If indeed there is a real threat)
3. Make them aware of http://trifinite.org/ and let them deal with them in an appropriate manner.
I am not convinced getting ESATO members to try and make the application work is the best way to achieve the stated goal of making the manufacturers aware of a perceived threat.
I have owned the ... T68i T610, P800, P900, P910, P990, W950, P1, W960 But SE have now totally lost the plot. |
dave_uk
Joined: Mar 06, 2003
Posts: > 500
From: London, UK
PM |
@Nitro Fan
Have you actually looked at the software that you are condemning?
Admittedly, it is very easy for developers to mask the true intentions of their applications through legitimate sounding potential uses, but there is one key factor that I feel you are missing in what could be regarded as using this topic to express your general, wider, and not necessarily directly relevant hatred for hackers (though nobody would dispute the damage they cause!):
The field in this application that would allow a user to make chargeable calls/send chargeable messages from another person's phone without their knowledge, are not able to be edited, and are fixed with a phone number that is a dead line (and therefore will not connect to) and a number that appears to be a Spanish mobile but is also dead. This is rather a strange security measure to affix in an application designed to do damage, wouldn't you say, and may suggest that when the developers say that it is intended to be used to identify vulnerability with the users' consent, I would think this supports their arguments. That, aside from the point that Mik makes repeatedly that the software doesn't actually work, makes it far more educational in alerting people to the potential damage such software could do if it did work, and far less a direct threat to anyone's privacy or civil rights. I wouldn't hang, draw and quarter the authors of www.trifinite.org just yet.
Just looking at this from the point of view of logic....
|
batesie
Joined: Feb 13, 2004
Posts: > 500
From: London, UK
PM |
dave, any symbian/java programmer could easily adjust the locked fields in this program to call premium rate lines.
the fact is that Mobile phone manufacturers are stumped on what to do with the millions of mobiles with this security flaw.
[addsig] |
MikLSP
Joined: Sep 21, 2003
Posts: > 500
From: se-nse.com
PM |
@ Nitro Fan
I know no-one who works for a phone manufaoturer & much less has labs for testing!
Esato is an open community where we can discuss what we want so I see no problem in posting this here! And if the manufacturers were informed do u think they'd come here to tell us about it.......NO they wouldn't. The whole basis of a Forum is that we share information, whatever its context.
Also u constantly express your hatred for hackers etc & make several offensive remarks! If u are trying to include me in this hacker group I suggest u stop right there!!!
@ batesie
Perhaps someone could make such alterations BUT the app doesn't seem to work at all so it is irrelevant what phone number u can input.
To say there are supposedly millions of phones with the security flaw why do we have no evidence to show them?
_________________
Bought from Esato Market? Leave feedback:
The A-Z Of Trusted Sellers
The £199 Sale! PSP and many more
[ This Message was edited by: MikLSP on 2005-01-07 11:24 ] |
Nitro Fan
Joined: Jun 11, 2003
Posts: > 500
From: London
PM |
@dave_uk
Happy New Year, you are quite right in identifying my absolute hatred for hackers, it stems from seeing a good friends business ruined by the actions of one of these creeps! So I hope that clears that up (having said that there are many very talented developers who do good work exposing security flaws and reporting them directly to the source code owners, I have used them myself! So I am not anti developer!)
Condemning the software? certainly if it is actually malicious in it¡¦s intent whether it works or not is another issue, What I am condemning is the act of ¡§Bluesnarfing¡¨ something some seem less keen to do.
As for the Trifinite developers if they truly wanted to prove a concept from a security point of view, why did they not send their results directly to the manufacturers rather than post their Cebit findings to a technician¡¦s page like Slashdot? (They may well have done but unless I missed it they don¡¦t seem to make any mention of the fact)
I know Mike keeps saying it does not work but that was only discovered by trying to make it work! In his own words he tried attacking 5 devices! But I do now truly believe he was trying to make a point in his own way and I respect that.However according to Batesie it can be made to work so who knows what they developed it for.
I think your ¡§logic¡¨ and my ¡§logic¡¨ are a little out of sync ƒº but I am sure we both want the same thing, safe secure mobile devices without the threat of attack or intrusion from any quarter
I have owned the ... T68i T610, P800, P900, P910, P990, W950, P1, W960 But SE have now totally lost the plot. |
MikLSP
Joined: Sep 21, 2003
Posts: > 500
From: se-nse.com
PM |
Quote:
|
On 2005-01-07 12:48:38, Nitro Fan wrote:
I know Mike keeps saying it does not work but that was only discovered by trying to make it work! In his own words he tried attacking 5 devices!
|
|
My logic is & always will be that if someone tells me something is possible I will try for myself before I take their word for it.
Also u don't know who's devices I 'attacked'.........my own perhaps! 
BTW, u should be able to stop your P9 creaking by tightening the screws in the back of the casing. U can use the mini screwdriver supplied.
Mine used to creak but now is solid
|
Nitro Fan
Joined: Jun 11, 2003
Posts: > 500
From: London
PM |
@mikeLSP
I agree with what you say we can express what ever we want here, Just as I am doing! You are correct I do have an extreme dislike of “malicious hackers” my reasons are given in another post, I did make it clear in my post that in my view your intentions were good and if you have 5 BT devices you’re a lucky fella 
I have made no allegation towards you as to you being a hacker read my posts I made specific reference to your intentions below
“Hi no I do not believe ignorance is bliss but i really felt the tone of the post was leaning towards promoting this craze if i have misinterpreted what was being said then of course I apologise with out reservation” I assure you again I am not referring to you.
Thanks for the tip on the screws I will give it a go
I have owned the ... T68i T610, P800, P900, P910, P990, W950, P1, W960 But SE have now totally lost the plot. |
dave_uk
Joined: Mar 06, 2003
Posts: > 500
From: London, UK
PM |
@Nitro
Take your point, very diplomatically put  , but I believe, though I may have misread, that the stated intention of the software was to allow individual users with older devices (in whom the manufacturers have long-since lost interest, as any P800 owner will tell you!) to test the vulnerability of their own devices.
I totally agree that there may well be other more constructive ways of achieving this but my point was merely that I feel it is wrong to tar them with the same brush as computer hackers, as there is a quite plausible, legitimate use for their software, and nobody here at least has found anyway to negatively exploit it, though I fully accept that the possibility exists (frankly I am not technical enough to know either way, so will take it under advisement from batesie).
On your last point, indeed we are certainly in agreement on that score! I certainly wouldn't like it to happen to me. I would be wary of allowing it to cloud one's judgment on all potentially destructive software though. Possibilities for exploitation of this stuff exists everywhere, especially as the hackers of which we speak are unfortunately generally quite good at what they do (guess they should monitor computer club a bit more closely in our schools!), but focus the anger in the right direction, which is the people that are constantly looking for nasty ways to exploit programs that are often written with no intention of harming anybody.
Happy New Year to you too!
|
zoro25
Joined: Nov 07, 2004
Posts: 17
PM |
doesn't work on S700i - gives invalid application.
Z |
Relick
Joined: Nov 18, 2004
Posts: 43
From: Blackpool U.K.
PM |
no it does not work!
Though more worrying is the fact it is possible to do!
Well done Mike for having the balls to test it for the rest of us.
So COOL, it's not even funny! |
rrojas260
Joined: Dec 13, 2003
Posts: > 500
From: Valencia, Venezuela
PM, WWW
|
Doesnt work with my P900, starts 1 sec and then exits
|
amfne033
Joined: Oct 10, 2004
Posts: 102
From: London M-F Durham City S-S
PM, WWW
|
make sure your bluetooth is turned on when you start the app. that worked for me
PRO BLAIR | |
|
Access the forum with a mobile phone via esato.mobi
|
Posted: 2005-01-06 22:13
/ Nokia = 
