[LinuxUsers] Security flaw in Android
Chris Penn
cantormath at gmail.com
Sat Oct 25 17:16:41 UTC 2008
This is why I support the openmoko project.....
On Sat, Oct 25, 2008 at 11:33 AM, Peter Manis <manis at digital39.com> wrote:
> Probably, I don't know all the details of the attack. One thing he said
>
> "The risk in the Google design, according to Mr. Miller, who is a principal
> security analyst at Independent Security Evaluators in Baltimore, lies in
> the danger from within the Web browser partition in the phone. It would be
> possible, for example, for an intruder to install software that would
> capture keystrokes entered by the user when surfing to other Web sites. That
> would make it possible to steal identity information or passwords."
>
> From what I understand about the sandbox environment is that it prevents
> being able to do that... at least between windows. He certainly knows more
> about it than I do, but wonder just how dangerous this attack is, and by
> dangerous I mean are we really facing a problem or is it a "this could
> happen, but its very unlikely" type of thing. Since there are enough people
> that would have negative things to say about Google I'm leaving the
> possibility open that this is a "this could happen, but its very unlikely".
> We'll just have to see how bad the flaw is as more information comes
> available.
>
> On Sat, Oct 25, 2008 at 12:20 PM, David Kaiser <dkaiser at cdk.com> wrote:
>>
>> Wouldn't a poisoned-DNS cache also help pull this off?
>>
>>
>> Michael Gorman wrote:
>> > "the flaw could be exploited by an attacker who might trick a G1 user
>> > into visiting a booby-trapped Web site."
>> >
>> > So it still comes down to a dumb user. I can see it now, Norton for
>> > G1, prevent phishing attempts on the go *Note: phone may not properly
>> > dial out when Norton G1 is running.*
>> >
>> >
>> > Michael Gorman
>> >
>> >
>> > On Sat, Oct 25, 2008 at 9:10 AM, David Kaiser <dkaiser at cdk.com
>> > <mailto:dkaiser at cdk.com>> wrote:
>> >
>> >
>> > http://www.nytimes.com/2008/10/25/technology/internet/25phone.html?ref=technology
>> >
>> > for those of you (I know Peter is one) that have a google
>> > leash^Wphone... be aware that there is a built-in security flaw
>> > _______________________________________________
>> > LinuxUsers mailing list
>> > LinuxUsers at socallinux.org <mailto:LinuxUsers at socallinux.org>
>> > http://socallinux.org/cgi-bin/mailman/listinfo/linuxusers
>> >
>> >
>> > ------------------------------------------------------------------------
>> >
>> > _______________________________________________
>> > LinuxUsers mailing list
>> > LinuxUsers at socallinux.org
>> > http://socallinux.org/cgi-bin/mailman/listinfo/linuxusers
>> >
>> _______________________________________________
>> LinuxUsers mailing list
>> LinuxUsers at socallinux.org
>> http://socallinux.org/cgi-bin/mailman/listinfo/linuxusers
>
>
>
> --
> Peter Manis
> (678) 269-7979
>
> _______________________________________________
> LinuxUsers mailing list
> LinuxUsers at socallinux.org
> http://socallinux.org/cgi-bin/mailman/listinfo/linuxusers
>
>
--
"As we open our newspapers or watch our television screens, we seem to
be continually assaulted by the fruits of Mankind's stupidity."
-Roger Penrose
More information about the LinuxUsers
mailing list