iPhone / iOS Thread

Spectre

The Deported
Joined
Feb 1, 2007
Messages
36,871
Location
Dallas, Texas
Car(s)
00 4Runner | 02 919 | 87 XJ6 | 86 CB700SC
iPhone / iOS Thread

But that means one would have to shop at Home Depot. :lol:


OK I guess one could use cash....

They replaced all their hacked terminals with VeriFone ones, finally. But why wouldn't you use cash at Hack Depot? :p

Which is much better than shopping in lowes.

Lowes > Home Depot. :p
 

NecroJoe

Stool Chef
Joined
Apr 12, 2005
Messages
20,681
Location
San Francisco area, CA, USA
Car(s)
2015 Mazda 3 S GT, 2015 VW e-Golf
If you're lady, perhaps (wide aisles, pretty signage, bright inviting lighting)...can never find what I need in Lowe's. :p
 

Spectre

The Deported
Joined
Feb 1, 2007
Messages
36,871
Location
Dallas, Texas
Car(s)
00 4Runner | 02 919 | 87 XJ6 | 86 CB700SC
If you're lady, perhaps (wide aisles, pretty signage, bright inviting lighting)...can never find what I need in Lowe's. :p

Home Depot is the firm that decided in the early 2000s that 'nothing is metric' and they removed all the metric fasteners from the hardware isle. It took them half a decade to realize they screwed up.

Lowes has better selection, more knowledgeable drones and better prices. Plus they weren't the idiots that ordered card terminals that run on Windows.

If you want to give money to stupid people who think metric is a passing fad and don't understand what viruses or malware are or why that's a security risk on a credit card terminal, go right ahead. :p

Don't forget why Home Depot is called the Do It Yourself store - you can't find a clerk to help you locate an item most of the time and on the rare occasion that you do, they just shrug, say they have no idea where to find it, go Do It Yourself. :mrgreen:
 
Last edited:

93Flareside

Döner Kebab enthusiast
DONOR
Joined
Jul 20, 2009
Messages
20,844
Location
Hot Dog with Everything
Car(s)
'03 Audi Allroad

Xaromir

Active Member
Joined
Oct 15, 2008
Messages
283
Location
Germany
In other news, I used Apple Pay for the first time tonight at McDonald's and holy fucking shit is it awesome! I hope more places start adding NFC support soon!
So, does that mean that, that annoying friend who keeps stealing my phone when I'm drunk, to text my GF that it's over, can also reward himself with burgers on my expense? I totally need that in my life and I'm looking forward to trust Apple with it all.

Well, Apple's being a bit shit again. I was planing on replacing my slowly dying 1st gen iPod Touch with a 6th gen, but apparently they can't be arsed to be in time for the holidays.
 

Perc

Very Odd Looking Vehicular Object
Joined
Mar 31, 2008
Messages
5,889
Location
Finland
Car(s)
Passat Alltrack B8
So, does that mean that, that annoying friend who keeps stealing my phone when I'm drunk, to text my GF that it's over, can also reward himself with burgers on my expense? I totally need that in my life and I'm looking forward to trust Apple with it all.
He can't do either of those things unless he steals one of your fingers as well. Or your PIN.

You can obviously choose to not protect your lock screen, but as far as I know Apple Pay requires a fingerprint or a PIN. The last remaining reason to not password protect your phone was that it required too much effort, but with Touch ID that reason is no longer valid. If someone can steal your phone and drunk text your GF, you only have yourself to blame. :)

And for the record, your annoying friend can steal your wallet as well and pay for anything up to 25 euros using your contactless debit/credit card without even knowing your PIN. So if anything, Apple Pay is more secure than what you already have.
 
Last edited:

Eye-Q

Forum Addict
Joined
Feb 17, 2007
Messages
5,775
Location
Hamburg, Autobahnland
Car(s)
None anymore...
So, does that mean that, that annoying friend who keeps stealing my phone when I'm drunk, to text my GF that it's over
Activate the PIN to unlock the phone, prevents those things from happening and is generally advisable as well...

can also reward himself with burgers on my expense? I totally need that in my life and I'm looking forward to trust Apple with it all.
You don't need to use any of these functions if you don't want them. :dunno: I deactivated Siri, GPS and various other functions when I got my work iPhone. Another advantage of deactivating those things is that you can extend the battery life - sometimes when I don't use the phone that much I can even manage to not charge it from Friday in the afternoon until Monday morning when I'm at work again.
 

Xaromir

Active Member
Joined
Oct 15, 2008
Messages
283
Location
Germany
And for the record, your annoying friend can steal your wallet as well and pay for anything up to 25 euros using your contactless debit/credit card without even knowing your PIN. So if anything, Apple Pay is more secure than what you already have.

No he can't. I "deactivated" that feature on my card, and that's pretty final.

Also:
http://www.ccc.de/en/updates/2013/ccc-breaks-apple-touchid
And as you should know there are other ways to get around it.

I don't really own a Smartphone, but point is: I don't think companies like Apple should get involved in things like that.
 
Last edited:

Xaromir

Active Member
Joined
Oct 15, 2008
Messages
283
Location
Germany
Fingerprints are inherently unsafe technology and they still use it. This is something that will never go away, this vulnerability will always exist. If someone wants to harm you, they will take the time to take a fingeprint (or add their own finger if you should leave it unlocked). Otherwise there are always some bugs that allow you to bypass the pin and the fingerprint, but I am not sure what works and what has been solved.

Point remains: It's unsafe, Apple doesn't care and you shouldn't use it for your own sake.

You will also find that in most grocery stores you will not be able to shoulder surf your way to a card's pin. (Though I haven't said other methods of payments are flawless.)
 
Last edited:

prizrak

Forum Addict
Joined
Apr 2, 2007
Messages
21,601
Location
No, sleep, till, BROOKLYN
Car(s)
11 Xterra Pro-4x, 12 'stang GT
Fingerprints are inherently unsafe technology and they still use it. This is something that will never go away, this vulnerability will always exist. If someone wants to harm you, they will take the time to take a fingeprint (or add their own finger if you should leave it unlocked). Otherwise there are always some bugs that allow you to bypass the pin and the fingerprint, but I am not sure what works and what has been solved.

Point remains: It's unsafe, Apple doesn't care and you shouldn't use it for your own sake.

You will also find that in most grocery stores you will not be able to shoulder surf your way to a card's pin. (Though I haven't said other methods of payments are flawless.)
No offense but this is a load of BS. Obtaining someone's fingerprint requires way more effort than is realistically worth.

Additionally there is a very low return on investment as it were when trying to steal data off of a single phone. Most you get is a few cards that belong to a single person, which you can't even access outside of Apple Pay to begin with, which of course requires a finger print verification every time. Of course once you did get the person's phone it can be easily wiped remotely from any internet connected device (so anything outside of a toaster these days really). Now add the fact that when you make a payment with AP it doesn't actually send your card's info to the reader but a one time use token that is only useable by the issuing bank, which prevents the problem that Target and Home Depot had. It also renders the ability to clone a card (happened to my wife) completely pointless as all you get is the token that is already invalid.

Additionally your card info is actually kept on the phone using a unique encryption that even the NSA can't break (they publicly stated as much and are very unhappy about it).

So please tell me how Apple doesn't care and how it is completely unsafe compared to your oh-so secure bank card.

All of the above is moot though because no one is making you activate AP at all, you would need an issuing bank that supports AP in the first place and you would need to go into your settings, add the card information and then have to go through a step to authorize the card (s). In my case I had to call the bank for one of the cards and the other had to send me a verification code before I could use it.
 

Spectre

The Deported
Joined
Feb 1, 2007
Messages
36,871
Location
Dallas, Texas
Car(s)
00 4Runner | 02 919 | 87 XJ6 | 86 CB700SC
If you need somebody to help you find stuff, you shouldn't be there. I avoid asking people for help in stores because it turns into a 30 minute issue that usually takes mere minutes.

So, tell me where the potassium permanganate is in your local hardware store? Or powdered aluminum? Both are commonly stocked by home improvement centers but I'd bet you don't know where they are without assistance. Also, stores don't all carry these items in the same place.

Even if you left the customer service aspect aside, do you *really* think it's a great idea to reward idiots who didn't think metric fasteners were something people would want and used unsecured Windows computers as credit card terminals with your business? Do you really think such stupidity should be rewarded?
 
Last edited:

Xaromir

Active Member
Joined
Oct 15, 2008
Messages
283
Location
Germany
The fact that you say that I hail cards as "oh-so secure" shows that you either didn't read my post and think in black and white patterns. I never said they are perfect, they are less vulnerable. Contactless payment is a really bad idea to begin with and the reason why there is a hole in my card - let's just clear that up. Gaining access to your phone may not be as expensive or difficult as you imagine. Fingerprints are the key you duplicate and leave behind everywhere, I'm not sure why people aren't more concerned about this.
 

NecroJoe

Stool Chef
Joined
Apr 12, 2005
Messages
20,681
Location
San Francisco area, CA, USA
Car(s)
2015 Mazda 3 S GT, 2015 VW e-Golf
So, tell me where the potassium permanganate is in your local hardware store?

If they have it, it's either by the liquid plummer-style chemicals, or in the water heater/softener accessory section. [/homeowner]

Or powdered aluminum?

Amazon or eBay. :p

I'd bet you don't know where they are without assistance. Also, stores don't all carry these items in the same place.

I would rather circle for 20 minutes than engage anyone for help in any store. Not because I'm that stubborn, I enjoy the challenge. 9/10, if I can't find something in Lowe's it's simply because they just don't sell it. The specific parts I needed for dryer hose exhaust? Had to go to HD. Specific hoses I wanted for the water heater repair? HD again. Router bits? Dremmel tips? Redwood lattice in the spacing and sizing I need? HD again. Hell, even things like hand tools. Lowe's seems to have a super limited selection...if they have what I need, it's only one ultra-low-quality version that, if I'm lucky, lasts one job (like my last rubber mallet and deadblow hammer). Their return policy sucks, too. I had to argue for about 45-50 minutes that the laser level was wrong by 1/2 over 8ft. "But...it works, see? It turns on. It's not defective."

Perhaps it regional, though, too. I'll drive past my nearest Lowe's to get to the other Lowe's. I'll NOT go to one HD to get to another, even if there's a chance I'll need to go to the "Pro" location, which is almost right next door to the other shitty HD.

In other news, I did the last iOS update today on my phone. It's since been in a state of constant re-starting, starting, re-starting and repeating for the last 2 hours or so.
 

prizrak

Forum Addict
Joined
Apr 2, 2007
Messages
21,601
Location
No, sleep, till, BROOKLYN
Car(s)
11 Xterra Pro-4x, 12 'stang GT
The fact that you say that I hail cards as "oh-so secure" shows that you either didn't read my post and think in black and white patterns. I never said they are perfect, they are less vulnerable. Contactless payment is a really bad idea to begin with and the reason why there is a hole in my card - let's just clear that up.

Contact less payments are only a tiny bit more insecure than physically reading a mag strip. When it comes to mobile payments they are actually more secure than contact less card payments for simple reason that every single transaction needs to be authorized so you can't walk by me and debit my account. Further Apple's implementation is more secure than scanning your card with a mag reader because you are never exposing the actual card number.
Gaining access to your phone may not be as expensive or difficult as you imagine. Fingerprints are the key you duplicate and leave behind everywhere, I'm not sure why people aren't more concerned about this.
.....
To gain access to my phone you have to:
a) get my fingerprint, which even if I leave everywhere doesn't make it any easier because you would have to actually know that I am the one who left that print. Think of losing your key somewhere on the street, if it doesn't have the address it doesn't really help anyone who finds it break into your apt.

b) get my phone, not something I randomly give to people to begin with.*

*and if you can physically get my phone you can get my credit/debit cards anyway.

But say you do all that now you have a device that
a) will wipe itself after 15 incorrect tries better hope that finger print scan works real well.

b) can be remote wiped at any time using a password that you don't know.

c) only has access to account(s) of one person, who will likely discover the fact that it's missing and close down his/her cards very quickly.

It is possible to remote hijack a phone ofc since it's nothing but a small computer but it would require reverse engineering Apple's encryption mechanism, which is pretty far from trivial.

Now here are the ways for me to gain access to your card:

1- find any easily exploitable merchant, Home Depot was an example but there are a ton of smallish online merchants where I could easily set up a man-in-the middle attack. Or you can use malware to capture input when someone is shopping online, way back in the day I had my card jacked by a Trojan that I had discovered just a day before on my machine.

2- install a small device that will store all cards scanned by it, very popular at 3rd party ATMs and even at some legit bank ones. My wife's card was probably cloned at Rite Aid.

3- find and unscrupulous employee at any of the national chain stores, my grandma's card info was stolen by someone who worked for Macy's. Considering that most of them make very little money and hate their jobs its hella easy.

4- get an 800 number and call people asking to verify their info to keep their cards from being shut off.

After following any/all of these now I have a nice large DB of many different accounts that I can use at my discretion, I can sell them to someone or use them myself, I can also use them at any time as none of the victims are missing their physical methods of payment, I just have their info.

P.S. Payment experts have lauded Apple Pay for making payments more secure than a traditional cards but hey what do they know?

P.P.S. Consider that there are literally millions of iTunes users all with credit/debit cards on file, yet there has never been a case of large scale financial info leak from them (something they would be legally required to disclose). I think it's safe to say that they understand how to secure your payment info.
 

Xaromir

Active Member
Joined
Oct 15, 2008
Messages
283
Location
Germany
What's with your war against cards? If I see you use your phone, all I have to do is wait for you to pay and get up, then I can swipe the glass and steal your phone. It's not very complicated and probably a lot easier for me as if you just would have trusted only in your pin. If you shouldn't notice the loss of your phone, figure out what to do and do it within ~ 30 to 60 minutes, odds are you never see it again. Also those nude celeb photos that got posted all over the internet didn't come out of thin air, they came from Apple's iCloud. Also this from earlier in 2014:
http://www.theblaze.com/stories/201...reach-should-scare-you-more-than-targets-did/

As far as I can see you aren't really interested in the whole thing, you just want to win an Internet argument and I don't think I want to play along and provide you with one any longer. If you enjoy to imagine Apple and their devices to be some god-like flawless entity, then that's fine by me, keep on doing what you do.
 
Last edited:

prizrak

Forum Addict
Joined
Apr 2, 2007
Messages
21,601
Location
No, sleep, till, BROOKLYN
Car(s)
11 Xterra Pro-4x, 12 'stang GT
What's with your war against cards? If I see you use your phone, all I have to do is wait for you to pay and get up, then I can swipe the glass and steal your phone.
I got nothing against cards at all I have a problem with ignorance, and everything you sad so far shows that you are quite ignorant of the technology behind AP. Stealing my phone is about as simple as stealing my wallet (contains my cards) so again how is the fingerprint on the phone any less secure than a physical card? Not sure how it is in Germany but stateside all that is required is a signature and no minimum wage slave is going to give a damn to make sure its legit.

Also what glass are you swiping? I don't generally have to touch any glass when I shop in a store and a public place will have thousands of fingerprints. Also you would have to watch me like a hawk to see which specific finger I have set.
If you shouldn't notice the loss of your phone, figure out what to do and do it within ~ 30 to 60 minutes, odds are you never see it again.
That's a whole lot of ifs there buddy, also have you ever seen how often people use their phones? One will know a phone is missing in under 10 minutes and again under the most ideal circumstances you have one person's information.

Also those nude celeb photos that got posted all over the internet didn't come out of thin air, they came from Apple's iCloud.
Yep from guessing passwords not from swiping fingerprints... Not going to deny that not having a lock out for too many tries was a bad design choice however even with access to iCloud you can't actually get the card info.

Yes there was a bug, it was patched. Bugs happen I never said they don't.

As far as I can see you aren't really interested in the whole thing, you just want to win an Internet argument and I don't think I want to play along and provide you with one any longer.
Then you are blind and you have yet to address how it makes any sense to target a single person's account(s) vs a massive database.
If you enjoy to imagine Apple and their devices to be some god-like flawless entity, then that's fine by me, keep on doing what you do.
When did I say that? I am saying AP is more secure than a straight up magnetic card due to tokenized transaction. I'm also saying that fingerprint ID on your phone is no less secure than having physical plastic cards, if you think it's easy to steal a phone then it logically follows that it is also easy to steal a card. That being the case what's easier getting my fingerprint and my phone or just my card (s)?
 

Perc

Very Odd Looking Vehicular Object
Joined
Mar 31, 2008
Messages
5,889
Location
Finland
Car(s)
Passat Alltrack B8
I can't wait for NFC payments (card or phone) to become more mainstream.

I had Thai for lunch today. Was behind some lady about my age that had troubles getting the reader to recognize her card. During the process she kept babbling on in Finnish to the nice lady behind the counter that very obviously only speaks very little English, but I digress. After about two minutes of cleaning the chip, trying again, digging around for cash etc and a big line forming behind us she finally got the machine to read her card.

Then my turn. The thai lady punched in the amount, I held my card against the screen on the reader, *beep* done. Took maybe 3 seconds all in all.
 
Last edited:
Top