insanedown58 Posted May 24, 2014 Share Posted May 24, 2014 I'm planning on getting one of them sim cards that I'll use only for web browsing needs. Why not WiFi you ask? Well let's just say the WiFi in the mall/s that I go to aren't something that could make me happy OR keep me from screaming my head off when I try to use it. This wasn't my idea it was my sister's and I said hey why not since I know a guy that has this iPhone in an LTE plan and he's happy. My question I guess is, what exactly is mobile data (in this case its HSDPA+ which I'm satisfied with) capable of in terms of megabytes?I have a few options:10 MB20 MB50 MB AND....300 MBHere's what I do really: Browse news sites (like nsane.down :tehe: , neowin, and rarely The Verge), do the usual Facebook and Tweepster, and lastly, browse photos on 9Gag (its just "funny" internet memes)I guess I just need someone to really clarify to me what I should get because I wouldn't want to overspend on something I can't use completely. Lastly, I don't get the "10 MB = 500 webpages" thing because to me you're not sure how much exactly is that webpage worth data-wise so its not an accurate scale. Quote Link to comment Share on other sites More sharing options...
Dodel Posted May 24, 2014 Share Posted May 24, 2014 I'm planning on getting one of them sim cards that I'll use only for web browsing needs. Why not WiFi you ask? Well let's just say the WiFi in the mall/s that I go to aren't something that could make me happy OR keep me from screaming my head off when I try to use it. This wasn't my idea it was my sister's and I said hey why not since I know a guy that has this iPhone in an LTE plan and he's happy. My question I guess is, what exactly is mobile data (in this case its HSDPA+ which I'm satisfied with) capable of in terms of megabytes?I have a few options:10 MB20 MB50 MB AND....300 MBHere's what I do really: Browse news sites (like nsane.down :tehe: , neowin, and rarely The Verge), do the usual Facebook and Tweepster, and lastly, browse photos on 9Gag (its just "funny" internet memes)I guess I just need someone to really clarify to me what I should get because I wouldn't want to overspend on something I can't use completely. Lastly, I don't get the "10 MB = 500 webpages" thing because to me you're not sure how much exactly is that webpage worth data-wise so its not an accurate scale.Kinda of guessing here some, but I reckon about 1.5mb+ speed wise, but clearly that's dependent on your coverage / handset, local surroundings.You'd be better looking at some apps specifically designed for surfing websites, for example I use tapatalk to browse Nsane & other forums, as you can set it up to request the mobile version of a site, rather than the full which will save your data allowance. In regards to image hosts, again I'd look at an app designed for this purpose (there is a 9gag app, imgur app on the store), these again will help save your data allowance.Also, I'd look at locking down your phone, to which apps have access to your mobile data & how frequent. Quite a few apps poll say every 15 mins to get updates. When this is one or two apps, it isn't too bad, but say you have like facebook, imgur, news apps and such, the accumulated data soon eat your data. Your data allowance isn't great, hence my making these few points, I'd guess 300mb would last a few week, again a rough estimate, given usage et cetera.Finally, what are the implications if you go over your allowance ?, does it then charge you per 1mb / day (I get charged a £1.00 for the day if I go over as I'm o2 PAYG), but I'm changing my plan shortly.Sorry, kind of rushed, heading out.RegardsDodel. Quote Link to comment Share on other sites More sharing options...
insanedown58 Posted May 24, 2014 Author Share Posted May 24, 2014 Dodel, thanks for the tips I honestly appreciate it. Its prepaid and not postpaid since I don't think I want one yet. Also, I was referring to what I could do like I could browse Facebook for hours or something like that and I wanted to know how much data should I pay for in terms of my browsing behavior.I understand though since its rushed. Thanks for the hint Dodel :) Quote Link to comment Share on other sites More sharing options...
Deunan Posted May 24, 2014 Share Posted May 24, 2014 I have a 5 GB Data Plan on my phone, it allows me to do all the things I would do on a Wi-Fi connection, including updating some apps... I wouldn't use it to download big files or updating bigger apps, as they eat through your Data Plan. Yes and you can be on Facebook, Twitter, Instagram, Whatsapp, BBM all day. It's monthly so try to watch your Data Usage, try not to go over it... Quote Link to comment Share on other sites More sharing options...
khashim Posted July 8, 2014 Share Posted July 8, 2014 (edited) Any sync stuff would probably messed up your plan i think.Btw.. Are these tips you guys are posting only iphone specific? If youre on android youll probably realize how pesky and intrusive the google play services is. Better use a firewall. And probably an adblocker since most of the apps mentioned here are adsupported.You may save data with those apps but those data youve saved only gets eaten by the ads, besides who would want to see ads on the very limited screen of mobile devices.You can also disable background data so only the foreground apps would be using your connection Edited July 8, 2014 by khashim Quote Link to comment Share on other sites More sharing options...
SURbit Posted February 3, 2016 Share Posted February 3, 2016 In my case mobile data is a cord-cutter to the regular cable subscriber I was. I tether from a rooted android phone for my PC and seldom do surf from it (phone). Here in the US you can get better mobile data deals with a (status) as a business, which only of resellers-MVNO requires some to supply their last 4 SSN #'s, others need a business name and last 4 buz tax #'s. Sole proprietor is a vast term / selling a few items on ebay or amazon, to full fledged store front, and any number of other occupations full, part, or freelancer status in them. Your going to spend $3. to $4. and up per GB depending on the size bucket of GB's in your plan, I fell into $0.36 a GB on a plan buying a 300GB plan at a time. Though not everybody needs a big bucket. Average is going for $10.00 a GB till you move up in the size per month you need and use. You got to be carful of this de-prioritization crap happing now a days, as it's a form of throttling but, FCC put a stop to it, so now they call it something different - still means the same effect (slower). It suppose to happen around 21-23 GB's when a tower is congested of users and you've used around this much for the month. Not the same as reduced speeds when your bucket of GB's size are used when on a so called unlimited plan that bumps you from 4G/LTE to 2G signal after your GB's used and you still have usage till your month resets. I think that getting around the de-prioritization issue would be to get two sims for two separate plans for that month if it happens to you or find a plan like I've got to where every GB they bought and then sold to me is 4G/LTE data speed. De-prioritization in simple terms of description would be like living in a town and if everybody uses the water (toilet, baths, shower, yard watering, etc...) all at the same time - it's only going to trickle out. So they say they de-prioritize some for the good of all, it's BS they should not sell as many plans or improve their towers to handle everybody on a given tower and area. This is just what it means to me here and additional information, hope to be helpful. Quote Link to comment Share on other sites More sharing options...
knowledge-Spammer Posted February 4, 2016 Share Posted February 4, 2016 what u can not do is use ebay Spoiler eBay has no plans to fix “severe” bug that allows malware distribution [Updated] Clever "JSF**K" technique allows hackers to bypass eBay block of JavaScript. by Dan Goodin (US) - Feb 3, 2016 6:35pm GMT 87 Check Point Software eBay has no plans to fix a "severe" vulnerability that allows attackers to use the company's trusted website to distribute malicious code and phishing pages, researchers from security firm Check Point Software said. The vulnerability allows attackers to bypass a key restriction that prevents user posts from hosting JavaScript code that gets executed on end-user devices. eBay has long enforced the limitation to prevent scammers from creating auction pages that execute dangerous code or content when they're viewed by unsuspecting users. Using a highly specialized coding technique known as JSFUCK, hackers can work around this safeguard. The technique allows eBay users to insert JavaScript into their posts that will call a variety of different payloads that can be tailored to the specific browser and device of the visitor. "An attacker could target eBay users by sending them a legitimate page that contains malicious code," Check Point researcher Oded Vanunu wrote in a blog post published Tuesday. "Customers can be tricked into opening the page, and the code will then be executed by the user's browser or mobile app, leading to multiple ominous scenarios that range from phishing to binary download." The post went on to say that Check Point researchers privately reported the security hole to eBay in mid-December. On January 16, eBay officials informed Check Point that they had no plans to issue a fix. The post didn't explain the reason behind eBay's decision. Update: In an e-mail sent to Ars after this post went live, eBay officials wrote: " "eBay is committed to providing a safe and secure marketplace for our millions of customers around the world. We take reported security issues very seriously, and work quickly to evaluate them within the context of our entire security infrastructure. We have not found any fraudulent activity stemming from this incident.” The e-mail added: Also, it's important to understand that we have been in touch with the researcher and have implemented various security filters based on his findings to detect this exploit. Since we allow active content on our site it's important to understand that malicious content on our marketplace is extraordinarily uncommon, which we estimate to be less than two listings per million that use active content on the eBay marketplace. eBay Platform Exposed to Severe Vulnerability As the proof-of-concept exploit in the video above demonstrates, exploits require some element of social engineering, mostly in the form of a dialog box that instructs a user to OK the installation of a malicious app. Given the lack of security awareness of many of eBay's hundreds of millions of users and the site's walled-garden environment that aims to block malicious content, it's a fair bet that a significant number of people exposed to the threat would be tricked into infecting their devices or turning over their login credentials. The vulnerability is the result of eBay's JavaScript filter failing to strip out characters that can be used to invoke executable code using the JSFUCK technique. Created by developer Martin Kleppe, JSFUCK is able to bypass a variety of intrusion prevention systems and Web application firewalls by using just different characters to execute code. As Check Point's Vanunu described: To exploit this vulnerability, all an attacker needs to do is create an online eBay store. In his store details, he posts a maliciously crafted item description. eBay prevents users from including scripts or iFrames by filtering out those HTML tags. However, by using JSF**k, the attacker is able to create a code that will load an additional JS code from his server. This allows the attacker to insert a remote controllable JavaScript that he can adjust to, for example, create multiple payloads for a different user agent. eBay performs simple verification but only strips alpha-numeric characters from inside the script tags. The JSF**k technique allows the attackers to get around this protection by using a very limited and reduced number of characters. This is what you get if you include your remote website JavaScript: This is how a simple JSF**k script looks: Enlarge This is how a successful exploitation of the vulnerability would look: Enlarge As shown, the message which appears on eBay’s website application (specifically, on the attacker’s store on the eBay site) entices the unsuspecting user into downloading a new eBay mobile application by offering a one-time discount. For example, if a user taps the `download` button, he will unknowingly download a malicious application to his mobile device. eBay's reported reluctance to patch the vulnerability is likely based on concerns that a fix will break current features or site functionality. Security has always been a series of trade-offs that balance convenience and productivity on the one hand and closing off feasible threats on the other. If the JavaScript bypass is as dangerous and easy to abuse as Check Point says, the degraded user experience may be worth it. Quote Link to comment Share on other sites More sharing options...
eBay has no plans to fix “severe” bug that allows malware distribution [Updated] Clever "JSF**K" technique allows hackers to bypass eBay block of JavaScript. by Dan Goodin (US) - Feb 3, 2016 6:35pm GMT 87 Check Point Software eBay has no plans to fix a "severe" vulnerability that allows attackers to use the company's trusted website to distribute malicious code and phishing pages, researchers from security firm Check Point Software said. The vulnerability allows attackers to bypass a key restriction that prevents user posts from hosting JavaScript code that gets executed on end-user devices. eBay has long enforced the limitation to prevent scammers from creating auction pages that execute dangerous code or content when they're viewed by unsuspecting users. Using a highly specialized coding technique known as JSFUCK, hackers can work around this safeguard. The technique allows eBay users to insert JavaScript into their posts that will call a variety of different payloads that can be tailored to the specific browser and device of the visitor. "An attacker could target eBay users by sending them a legitimate page that contains malicious code," Check Point researcher Oded Vanunu wrote in a blog post published Tuesday. "Customers can be tricked into opening the page, and the code will then be executed by the user's browser or mobile app, leading to multiple ominous scenarios that range from phishing to binary download." The post went on to say that Check Point researchers privately reported the security hole to eBay in mid-December. On January 16, eBay officials informed Check Point that they had no plans to issue a fix. The post didn't explain the reason behind eBay's decision. Update: In an e-mail sent to Ars after this post went live, eBay officials wrote: " "eBay is committed to providing a safe and secure marketplace for our millions of customers around the world. We take reported security issues very seriously, and work quickly to evaluate them within the context of our entire security infrastructure. We have not found any fraudulent activity stemming from this incident.” The e-mail added: Also, it's important to understand that we have been in touch with the researcher and have implemented various security filters based on his findings to detect this exploit. Since we allow active content on our site it's important to understand that malicious content on our marketplace is extraordinarily uncommon, which we estimate to be less than two listings per million that use active content on the eBay marketplace. eBay Platform Exposed to Severe Vulnerability As the proof-of-concept exploit in the video above demonstrates, exploits require some element of social engineering, mostly in the form of a dialog box that instructs a user to OK the installation of a malicious app. Given the lack of security awareness of many of eBay's hundreds of millions of users and the site's walled-garden environment that aims to block malicious content, it's a fair bet that a significant number of people exposed to the threat would be tricked into infecting their devices or turning over their login credentials. The vulnerability is the result of eBay's JavaScript filter failing to strip out characters that can be used to invoke executable code using the JSFUCK technique. Created by developer Martin Kleppe, JSFUCK is able to bypass a variety of intrusion prevention systems and Web application firewalls by using just different characters to execute code. As Check Point's Vanunu described: To exploit this vulnerability, all an attacker needs to do is create an online eBay store. In his store details, he posts a maliciously crafted item description. eBay prevents users from including scripts or iFrames by filtering out those HTML tags. However, by using JSF**k, the attacker is able to create a code that will load an additional JS code from his server. This allows the attacker to insert a remote controllable JavaScript that he can adjust to, for example, create multiple payloads for a different user agent. eBay performs simple verification but only strips alpha-numeric characters from inside the script tags. The JSF**k technique allows the attackers to get around this protection by using a very limited and reduced number of characters. This is what you get if you include your remote website JavaScript: This is how a simple JSF**k script looks: Enlarge This is how a successful exploitation of the vulnerability would look: Enlarge As shown, the message which appears on eBay’s website application (specifically, on the attacker’s store on the eBay site) entices the unsuspecting user into downloading a new eBay mobile application by offering a one-time discount. For example, if a user taps the `download` button, he will unknowingly download a malicious application to his mobile device. eBay's reported reluctance to patch the vulnerability is likely based on concerns that a fix will break current features or site functionality. Security has always been a series of trade-offs that balance convenience and productivity on the one hand and closing off feasible threats on the other. If the JavaScript bypass is as dangerous and easy to abuse as Check Point says, the degraded user experience may be worth it.
Recommended Posts
Join the conversation
You can post now and register later. If you have an account, sign in now to post with your account.
Note: Your post will require moderator approval before it will be visible.