Quote:
Originally Posted by Cinisajoy
Ok, now I understand your questions.
As per getting an answer to them, well I know if I was the dev guy, I certainly wouldn't answer them publicly because I don't know who else is reading this.
I probably wouldn't answer privately because I don't know if you are just curious or if you have a specific reason for wanting to know.
Yes: I am suspicious by nature.
|
in reply to both you and knc1:
personally i donn't see the issue with sharing details with amazon.
1- you guys waited like 40 days (15 wouldve been fine by me for a billion dollar company but whatever i didnt make the exploit) so that you could report the exploit. ususally exploits are reported with a technical description and if they're good reports even a working program and also a suggestion on how to fix it.
so im not too sure the developer would be against exposing technical aid
2- the amazon dev team does not need any explanation on the exploit i imagine they have their best security engineers looking at the code and reversing it if necessary (binary is not really the case though..). pretty sure they stopped looking at this exploit and thread a long time ago
3- ive no issue with the dev team. an exploit is an exploit and making exploits does not mean trying to undermine the future of a product (the opposiite to me, actually). sometimes it does some other times it doesn't. since the code is not obfuscated and you guys did report it, in this case it doesn't.
having said that, those who want to jailbreak the device are not going to want amazon to fix the exploit.
my primary interest is in exploitation, not modding (though i do want to install some modded apps aftwerwards, i guess i might make like an rss or reddit app or something) and i believe it should be amazon's discretion to allow users to install 3rd party apps. clearly vulnerabilities are not the right way to enrich a platform..
you could say im mostly interested in a small hacking project, which i might follow up with a modding project to easy my life on the kindle (i want to underline and scribble pdfs, browse rss and reddit and maybe play some lichess. seems pretty doable to me since the calc app is pure python+pygtk)
3.5- im not too sure the amazon dev team is too focused on the security of their platform seeing as injections and shell scripting is pretty simple. of course so far nobody's proven there is a working remote exploit (=no obvious user interaction like ";fc-cache") so that doesn't really undermine the security of the platform under real circumstances i guess, so amazon shouldn't take too much of an interest...anyway if they were so interested in all this i imagine these exploits would be on a whole another level (not saying the exploit is bad it's clearly good, it's just not dirtycow type of stuff)