tag:blogger.com,1999:blog-37798047.post5104349613364186327..comments2024-01-16T05:48:33.523-05:00Comments on Errata Security: Apple's secret "wispr" requestDavid Maynorhttp://www.blogger.com/profile/09921229607193067441noreply@blogger.comBlogger10125tag:blogger.com,1999:blog-37798047.post-81527163907316609032013-09-20T17:51:35.799-04:002013-09-20T17:51:35.799-04:00Updated URLs for WISPr on Apple iOS 7 - http://www...Updated URLs for WISPr on Apple iOS 7 - http://www.cadinc.com/why-your-apple-ios-7-device-wont-connect-to-the-wifi-networkjjhttps://www.blogger.com/profile/02635572289241950979noreply@blogger.comtag:blogger.com,1999:blog-37798047.post-26729234309556497502013-09-20T17:50:51.818-04:002013-09-20T17:50:51.818-04:00UPDATED URLs for WISPr target with Apple iOS 7.
ht...UPDATED URLs for WISPr target with Apple iOS 7.<br />http://www.cadinc.com/why-your-apple-ios-7-device-wont-connect-to-the-wifi-networkjjhttps://www.blogger.com/profile/02635572289241950979noreply@blogger.comtag:blogger.com,1999:blog-37798047.post-43453109007271010402013-07-10T08:36:47.699-04:002013-07-10T08:36:47.699-04:00This so called feature is a problem at Wi-Fi HotSp...This so called feature is a problem at Wi-Fi HotSpots, wherein the user receives username and password via sms after registering themselves at captive portal. Once you switch the App from Safari to Messages to view your username and password the Wi-Fi gets disconnected and you again have to connect to the Wi-Fi. The Safari opened captive portal should have been retained while switching to Messages. Ravihttps://www.blogger.com/profile/17220911634682898576noreply@blogger.comtag:blogger.com,1999:blog-37798047.post-50131852032305252842012-09-19T18:14:22.801-04:002012-09-19T18:14:22.801-04:00Recently my ISP's cache server developed some ...Recently my ISP's cache server developed some issues and since then I'm not able to access www.apple.com on my net connection. This didn't pose much of an issue on my iDevices as store and other apple services continued to work fine. However, ever since iOS 6 my iDevices cannot keep connection to my WiFi active. After connecting these try to access this "wispr" url of Apple and keep failing.<br /><br />Luckily I have alternate net connection for my VoIP line. I tried switching my main router with this connection and all my iDevices work fine. But if I switch back to my regular net connection, the same problem starts occurring. This never happened to under iOS 5.x, only with iOS 6.<br /><br />So my question is, does apple/iDevices need to access this URL always or just once for saved WiFi connection?DeadDucknoreply@blogger.comtag:blogger.com,1999:blog-37798047.post-46769309105542063922012-08-01T12:25:11.240-04:002012-08-01T12:25:11.240-04:00You can see how the Mac decides which wispr URL to...You can see how the Mac decides which wispr URL to probe for by perusing /Library/Preferences/SystemConfiguration/CaptiveNetworkSupport/Settings.plistPaul Winkelernoreply@blogger.comtag:blogger.com,1999:blog-37798047.post-7376477433221712842010-09-11T10:26:21.319-04:002010-09-11T10:26:21.319-04:00@Joel: It does? How? I don't see anything i...@Joel: It does? How? I don't see anything in that request that would indicated what version it's running.Unknownhttps://www.blogger.com/profile/17804994594920239849noreply@blogger.comtag:blogger.com,1999:blog-37798047.post-31347051417872965532010-09-09T11:04:18.376-04:002010-09-09T11:04:18.376-04:00Probably also gives Apple a good handle on how man...Probably also gives Apple a good handle on how many devices of what version and what operating system version are currently out there.Joel Eslerhttps://www.blogger.com/profile/05018134738510159518noreply@blogger.comtag:blogger.com,1999:blog-37798047.post-60686995544601834822010-09-09T08:53:28.844-04:002010-09-09T08:53:28.844-04:00I've spent some time working with this recentl...I've spent some time working with this recently. don't rely on "wispr". that's configurable.Oren Mazorhttps://www.blogger.com/profile/00444092669665886581noreply@blogger.comtag:blogger.com,1999:blog-37798047.post-24003127025617917342010-09-09T08:13:32.045-04:002010-09-09T08:13:32.045-04:00> Just the fact that XML is used opens this up ...> Just the fact that XML is used opens this up to a lot of attacks. Programmers tend to use XML poorly. Depending on how they've configured the XML library, it may be possible to do something like run JavaScript within the context of the response message. Or, fuzzing responses might find a buffer overflow on the iPhone.<br /><br />Actually, just because it's XML that doesn't say anything about security. Because the request is done by the OS itself and not by Safari means that there is probably no way to run any Javascript. As for the buffer overflow, the chance of that happening isn't any greater than anywhere else in the OSAdihttps://www.blogger.com/profile/14458938644399782585noreply@blogger.comtag:blogger.com,1999:blog-37798047.post-48304755323153172432010-09-07T15:15:13.678-04:002010-09-07T15:15:13.678-04:00> You can probably configure your machine to em...> You can probably configure your machine to emulate this request, and get free WiFi that is intended for iPhones.<br /><br />I'm extremely interested in this. At one of the clients that I visit, so many people have iPhones that ATT volunteered to install an attwifi network in the building. Yet, I'm still stuck with TMobile tethering to get to my internet access since the client doesn't allow any unapproved hosts joining their network.James M. Leddyhttps://www.blogger.com/profile/02807875049913262274noreply@blogger.com