The second point is a copyright issue that doesn't just apply to emulators -
although it is easier to capture screens - but also handsets as there is
nothing to stop someone taking a photo of the handset i-mode screen. If
anyone is concerned about the possibility of copyright and lacks the legal
resources to pursue infringement, they should not put content on Web.
I agree the may be situations where you only want actual i-mode phones to
access a site. Although i-MIMIC does send the P209is user agent, it does not
attempt to mimic a DoCoMo gateway address or user ID. Unofficial sites can
prevent non-i-mode devices by detecting the former, official sites can do
the same by detecting the latter.
I disagree with the first points implication that emulators (or iCab)
somehow make it easier to compromise a servers security as the full URL
including query strings is also available from i-mode phone sub menus.
Sending confidential information via a URL query string is just bad security
design and for everyone's Saturday enlightenment is one of my favourite
quotes on the subject:
"If I take a letter, lock it in a safe, hide the safe somewhere in New York,
then tell you to read the letter, that's not security. That's obscurity. On
the other hand, if I take a letter and lock it in a safe, and then give you
the safe along with the design specifications of the safe and a hundred
identical safes with their combinations so that you and the world's best
safecrackers can study the locking mechanism - and you still can't open the
safe and read the letter - that's security"
Bruce Schneier, "Applied Cryptography", Wiley, 1996
Kyle
X-9 DESIGN LAB
http://www.X-9.com
-----Original Message-----
Hm. Sometimes I wonder how far can you go...Imagine a
company developes something FOR a mobile phone and has
to fight with the following scenarios:
1) Some people write 'fake' headers to request the content
outside of mobile phones.
2) Some people make screengrabs of content and publish them
without a basic knowledge of copyright.
<CUT FOR BREVITY>
Juergen
[ Did you check the archives? http://www.appelsiini.net/keitai-l/ ]
Received on Sat Mar 17 08:34:43 2001