|
iPhone + XSS = All your cell networks are belong to Acidus by Acidus at 1:13 pm EDT, Jun 12, 2007 |
In his speech, Jobs announced that the iPhone will be able to run Web 2.0 applications that look just like the iPhone's built-in apps but are created by third-party developers. As the iPhone will have a full-fledged version of Apple's Safari Web browser, developers can build their applications with Ajax and other Web technologies.
Ok, I'm not sure what this means exactly (and granted this is 2 steps removed from the source). Its a browser with a JavaScript interpreter. Of course it can run Ajax apps. I wonder if this referes to Adobe's Apollo apps which can run external of a browser. "I'm underwhelmed," said Avi Greengart, an analyst with industry research firm Current Analysis. Many developers, he said, "were expecting to be able to write apps and run them in a browser anyway."
Yeah, nothing new here. He pointed out that, although Jobs said that the Web 2.0 apps will run in a sandbox, they still will be able to reach beyond the sandbox to access key functions, such as phone calls
... ... SWEET! Now Samy can let you know he is your new hero by calling you. On your Phone. Thousands of times a second. From JavaScript. This makes John Terrill's curse "I'm going to XSS your FACE!" that much closer to reality. |
|
RE: iPhone + XSS = All your cell networks are belong to Acidus by k at 2:36 pm EDT, Jun 12, 2007 |
Acidus wrote: Ok, I'm not sure what this means exactly (and granted this is 2 steps removed from the source). Its a browser with a JavaScript interpreter. Of course it can run Ajax apps. I wonder if this referes to Adobe's Apollo apps which can run external of a browser. No, i don't think so. It's kind of a cop out for apple, and, truthfully, I'm surprised. Apple's initial nonsense answer to "Will 3rd party devs be allowed?" talked about them not wanting to overload the cell data networks. This announcement belies that statement since now ALL 3rd party software REQUIRES network activity. Want to write a game? Network based. A todo list? Network based. Don't get me wrong, I see a lot of value in this paradigm, and most apps can benefit (e.g. see your todo list anywhere), but at the same time, I think it's silly to not have any avenue for entirely local apps. And I do worry about security, with either paradigm. I have no doubt that Acidus (and therefore 10 or 20 other people who are far less scrupulous) will find a way to pwn people's iPhones within about 45 seconds. This is going to be Apple's biggest problem with the iPhone, i think.
|
|
There is a redundant post from Dagmar not displayed in this view.
|
|