Tweet
پس از انتشار جیلبرک Pangu عده ای از کاربران اکانتهای پی پل, credit card , حسابهای بانکی, فیسبوک و ..... hack شد که همه اونها این اتفاقات رو بی ارتباط با همزمانی با جیلبرک کردن ندونستند. حدس و گمانها بر اینکه کار خود Pangu یا PP25 باشه بالا رفته بود که Saurik یا همون دولپر Cydia توی Reddit پست گذاشت و شدیدا هشدار داد که از ورژن چینی Pangu و برنامه PP25 استفاده نکنند و شک و شبه این موارد رو حتی متوجه دولت چین کرد که امکان داره در این ماجراها دست داشته باشه و گفت هرچه هم خوشبین باشیم آخرش اون سرورها در چین قرار دارند و خطرناک هستند.
همچنین Saurik یکی از ضعفهای PP25 رو ساین کردن بروی سرور دونست که دلیلش هم راحتی کار هستش و اشاره کرد به همین دلیل سخت بروی Impactor کار کرده که همه پروسه لوکال باشه تا اینکه با سرور ارتباط برقرار کنه!
Saurik همچنین گفت که بسیار به تیم Pangu اعتماد داره ولی عقیده داره که ورژن چینی نرم افزار دستکاری شده و در عوض خیلی قاطع اعلام کرد که به ورژن انگلیسی Pangu اعتماد کامل داره.
توصیه: پس در نتیجه به شدت توصیه میشه از سرویس 25PP و کلا هر مرجع صدور سرتیفیکیت که روی سرورهای چینی هست جهت گرفتن سرتیفیکت ۱ ساله استفاده نکنید.
بهترین روش استفاده از ورژن انگلیسی Pangu و همچنین Cydia impactor هستش.
سورس: https://goo.gl/obMgdK
لینک گزارش کاربران در مورد hack شدن اکانتهاشون: https://goo.gl/2HUWr3
همچنین Saurik یکی از ضعفهای PP25 رو ساین کردن بروی سرور دونست که دلیلش هم راحتی کار هستش و اشاره کرد به همین دلیل سخت بروی Impactor کار کرده که همه پروسه لوکال باشه تا اینکه با سرور ارتباط برقرار کنه!
Saurik همچنین گفت که بسیار به تیم Pangu اعتماد داره ولی عقیده داره که ورژن چینی نرم افزار دستکاری شده و در عوض خیلی قاطع اعلام کرد که به ورژن انگلیسی Pangu اعتماد کامل داره.
I don't particularly like the concept of installing the 25PP tool (edit: this sentence used to say "trust", but I think that was confusing), as Chinese companies tend to have software that is pretty intrusive and even "combative" against competitor's software, and in general I am concerned about the way people do signature stuff (as it is just so much easier to do the signing on a server...) which is why I worked so hard to make Impactor be able to do all the signing and communication locally. That said, 25PP's profit model would probably benefit from local signature work, so I can see them having the existing expertise and taking the time to do that "correctly". (And a lot of my concerns about this sort of software are from threats that would manifest as something more diabolical than "they stole a small of money from my PayPal account", and even might end up coming from the Chinese government and not some specific company.)
I will also say I trust Pangu a lot... but I don't know if the Chinese version of their app was only touched by them. I bet the English one was their work only, though you are downloading it from 25PP, which opens some issues: do you trust the employees at 25PP with control over their servers? I would say that it would be dumb to do quickly be trying to attack people rather than racking up more credentials before anyone becomes suspicious. You have to remember that there are millions of people who jailbreak. And Pangu specifically listed this subreddit on their website as a place to talk to people about their issues, so we are going to be seeing tons of people. Do we really have evidence that this is an issue with the jailbreak process as opposed to a string of random attacks that are being noticed here because we are all being extremely suspicious this week?
If anything, I bet there was just some website, maybe it was even one we all use more often than other people (like reddit! ;P) which was hacked in some way, and people were sharing passwords between there and PayPal, and that hack just happens to have happened at about the same time the jailbreak came out.
I will also say I trust Pangu a lot... but I don't know if the Chinese version of their app was only touched by them. I bet the English one was their work only, though you are downloading it from 25PP, which opens some issues: do you trust the employees at 25PP with control over their servers? I would say that it would be dumb to do quickly be trying to attack people rather than racking up more credentials before anyone becomes suspicious. You have to remember that there are millions of people who jailbreak. And Pangu specifically listed this subreddit on their website as a place to talk to people about their issues, so we are going to be seeing tons of people. Do we really have evidence that this is an issue with the jailbreak process as opposed to a string of random attacks that are being noticed here because we are all being extremely suspicious this week?
If anything, I bet there was just some website, maybe it was even one we all use more often than other people (like reddit! ;P) which was hacked in some way, and people were sharing passwords between there and PayPal, and that hack just happens to have happened at about the same time the jailbreak came out.
توصیه: پس در نتیجه به شدت توصیه میشه از سرویس 25PP و کلا هر مرجع صدور سرتیفیکیت که روی سرورهای چینی هست جهت گرفتن سرتیفیکت ۱ ساله استفاده نکنید.
بهترین روش استفاده از ورژن انگلیسی Pangu و همچنین Cydia impactor هستش.
سورس: https://goo.gl/obMgdK
لینک گزارش کاربران در مورد hack شدن اکانتهاشون: https://goo.gl/2HUWr3