10-24-2015, 09:43 AM | #181 | |
Going Viral
Posts: 17,212
Karma: 18210809
Join Date: Feb 2012
Location: Central Texas
Device: No K1, PW2, KV, KOA
|
Quote:
Plus, B.D. spent months of work on it. Its his story to tell, not mine. I am just trying to do my 'helpdesk' thing here. |
|
10-24-2015, 12:29 PM | #182 |
Member
Posts: 10
Karma: 7282
Join Date: Oct 2015
Device: Paperwhite 2
|
Is there any chance that the tool released sooner than 31/10
May be it's a superfluous question |
10-24-2015, 01:00 PM | #183 |
Connoisseur
Posts: 95
Karma: 1699999
Join Date: Aug 2015
Device: Voyage
|
See, this is why I liked the idea locking the thread. Trust me, I'm an internet pro, saw the thread devolving into chaos a mile away.
Now everyone is salty for no good reason. |
10-24-2015, 11:38 PM | #184 | |
Ex-Helpdesk Junkie
Posts: 19,422
Karma: 85397180
Join Date: Nov 2012
Location: The Beaten Path, USA, Roundworld, This Side of Infinity
Device: Kindle Touch fw5.3.7 (Wifi only)
|
Quote:
... And for the record, all three parties got deleted -- I'm not playing favorites. |
|
10-25-2015, 01:48 AM | #185 |
Zealot
Posts: 106
Karma: 16
Join Date: Jul 2009
Location: Adelaide, Australia
Device: Smart Q7, and Kobo
|
I wouldn't take it that way, it's just the people who are impatient are louder that the ones who know to wait. I noticed in your first post that you stated you hoped to release before the end of October, but it looks like many others didn't notice it. Please keep us updated on the process, and I hope you can release in the near future..... Meanwhile I will go back to waiting. Oh and Thanks for all the work you have done.
|
10-25-2015, 02:26 AM | #186 |
Connoisseur
Posts: 95
Karma: 1699999
Join Date: Aug 2015
Device: Voyage
|
I don't actually care about moderating this thread. If it devolves into several hundred people insulting me I'm still releasing this. Don't have to worry about moderation -- up to you.
Want to reiterate a few things: #1 -- Tested on very few devices. This might not work on a majority of them -- we'll find out shortly. The fact that it worked on NiLuJe's device is promising, but that's all I have to go on. #2 -- First release will be difficult to use for the average user. A much easier version will probably come out shortly after depending on how busy I am. Will release a blog entry on how this all works later. (definitely after the patch) #3 -- A few people are concerned about malicious actors using this to brick devices. I wouldn't be. Assuming someone wants to spend the equivalent of tens of thousands of dollars to brick a $100 Kindle..up to them? Would patch as soon as you can though. Last edited by Branch Delay; 10-25-2015 at 02:36 AM. |
10-25-2015, 02:51 AM | #187 |
Addict
Posts: 248
Karma: 892441
Join Date: Jul 2010
Device: K2i
|
Thank you for the heads up.
Love the little cynicism in #3 as well. |
10-25-2015, 03:50 AM | #188 | |
Going Viral
Posts: 17,212
Karma: 18210809
Join Date: Feb 2012
Location: Central Texas
Device: No K1, PW2, KV, KOA
|
Quote:
Remote bricking of a device in the case of the Kindles? As B.D. writes: "why bother?". BUT
My point above being that it is not the probabilities that are the determining factor, but the possibilities. |
|
10-25-2015, 04:21 AM | #189 |
Addict
Posts: 248
Karma: 892441
Join Date: Jul 2010
Device: K2i
|
This ventures into the area of risk assessment. There might be applications that can be used to bring untethered PDA functionality to Kindles, but what percentage of users is actually using them (Kindle as a primary note taking device that cant be tethered, ...), and is it high enough for an attacker to jump on that vector.
For very targeted attempts maybe, but as a broad concern, no way. Responsible disclosure is important, if it is that open of a vector (even if it uses the webbrowser, not many people use the one on a Kindle - if the vector is a modified eBook that somehow can do code execution on its own, this would be the highest risk profile ("familiar" content loaded from unknown sources)). Also a Kindle is not a device you can secure in any way against unwanted access to non system partitions - so there isnt even a reasonable presumption of security for personal documents. The trick here is not to "imagine what is possible" but to be reasonable in the measures you take to allow for this to be fixed by the manufacturer, so the likelihood of it being exploited against user interests goes way down in addition to not being very high in the first place. If Amazon doesnt respond, the practice in most cases is to release anyway - except if the risk profile is somehow seen as "exceptionally high". That is to promote manufacturers to move on security issues at all. Because it costs money. Also, as this possibly is a first vector into understanding Amazons new proprietary file format - there even is heightened interest from a societal perspective. Last edited by notimp; 10-25-2015 at 04:33 AM. |
10-25-2015, 09:32 AM | #190 |
Going Viral
Posts: 17,212
Karma: 18210809
Join Date: Feb 2012
Location: Central Texas
Device: No K1, PW2, KV, KOA
|
All good examples of how **probabilities** are the specific domain of risk assessment.
Another important component of risk assessment is mitigation assessment. If a **possibility** is easily avoided or circumvented, then it isn't very much of a risk. But mitigation depends on communications - We (this site in general) only communicates with less than 1% of the affected device owners (that is a generous estimate of our readership). Amazon has "communications" (through OTA broadcast updates) with all affected devices. So risk assessment and mitigation should best be in their hands, not ours. |
10-25-2015, 11:01 AM | #191 |
Addict
Posts: 248
Karma: 892441
Join Date: Jul 2010
Device: K2i
|
Kindles dont usually communicate with each other, they communicate with Amazon services.
So to mitigate the connected PC would become the driver of this process at which point, we could just as well talk about the security of USB sticks (which we all know is broken, and we all know it for years already and it just continues to be that way, because manufacturers dont want to sign their drivers on those cheap devices). I restrained myself from talking about the mitigation side of the issue almost on purpose, as I caught myself not having mentioned it in the posting before and then decided not to edit. Also, you are right, at this point, we are talking about probabilities and not about whatever someone can dream as a risk profile. We should look at the broader implications - but really an inner drive to protect companies interest through seeding an inkling of fear, that we all should resent the possibility of opening the "secure Kindle package", because somehow - we all could end up with broken devices, doesnt feel right. Also - this is not the platform to talk about this in all its specifics, just rest assured, that the OP can release the exploit, and responsible public disclosure is a widely recognised way of handling such affairs. Last edited by notimp; 10-25-2015 at 12:42 PM. |
10-25-2015, 01:23 PM | #192 | |
Going Viral
Posts: 17,212
Karma: 18210809
Join Date: Feb 2012
Location: Central Texas
Device: No K1, PW2, KV, KOA
|
Quote:
I suspect that the majority of our readership are not site members. Just e-book owners who want to add some feature to their device. Here we have a site that gives away add-in features. No charge, not even the requirement of registering as a member. Over the years, the readership has learned that the things distributed here by our membership "just works" (and if not, we fix it quickly). Almost too good to be true. The careful owner probably asks themselves: "Can this be for real? Can I trust these people / this site?". Having a bit of the background discussed about what has become "public buzzwords" is probably a good way to spend the time while we all wait for the end of the month. The actual technical details behind those buzzwords would probably be just boring reading to the non-technical readership here. Our readership probably only wants to see that we are taking this matter seriously and trying to handle it in an accepted, responsible manner. |
|
10-26-2015, 12:16 AM | #193 |
Banned
Posts: 13
Karma: 348455
Join Date: Oct 2015
Device: paperwhite pw2
|
|
10-26-2015, 07:40 AM | #194 |
Junior Member
Posts: 9
Karma: 10
Join Date: Oct 2013
Device: Kindle Paperwhite (2013)
|
Quick update: At the time of this post, this page does not show any new update versions as released by Amazon.
My question is this: based on the past, does Amazon have a history of silently releasing updates in the middle of the night? Do they tend to release on certain days? (Tuesdays, for example?) Would it be safe to buy a new book out of airplane mode? |
10-26-2015, 07:44 AM | #195 |
Zealot
Posts: 135
Karma: 1007000
Join Date: Sep 2013
Device: Kindle Paperwhite (7th Gen)
|
Buy the book and download it then side load. Safe as anything.
Other than that you could try the folder naming trick to try and stop any updates (its not guaranteed but a few people have said it stopped theirs updating to 5.6.5). Or if you must wifi it to your kindle then then buy it on another device and then just turn wifi on to download so its on for the shortest time. |
Tags |
jailbreak, jailbreaking |
|
Similar Threads | ||||
Thread | Thread Starter | Forum | Replies | Last Post |
KINDLE DEAL: Released: A Story of God’s Power Released in Pro Baseball ($ | gospelebooks | Deals and Resources (No Self-Promotion or Affiliate Links) | 0 | 07-14-2011 09:12 PM |
iPad iPad jailbreak released | scottjl | Apple Devices | 25 | 05-08-2010 02:20 PM |