Slashdot Mirror
Twitter To Open Source Android Security Tech
itwbennett writes "Following last month's acquisition of Whisper Systems, Twitter is open sourcing 'some' of the company's Android security products. First up: TextSecure, a text messaging client that encrypts messages. Souce code is on GitHub now. 'Offering the technology to the community so soon after the acquisition could indicate that Twitter made the acquisition primarily for the developer talent,' writes IDG News Service's Nancy Gohring."
Offering the technology to the community so soon after the acquisition could indicate that Twitter made the acquisition primarily for the developer talent.
So, apparently whispersystems has to do with that Moxie Marlinspike character, who strikes me as someone who might have some open souring as a requisite for the acquisition?
Some of my favourite people are from th US; Vonnegut, Chomsky, Bill Hicks.
This makes a lot of sense. Twitter is and has always been a facilitator of open communication, particularly from censoring governments. This is just an extension of that.
I have always kept an eye on Whisper Systems and specifically TextSecure (and WhisperCore) but they never became really "usable". I would (and I think many people) love to be able to securely text message (or via iMessage or Facebook) knowing it's safely encrypted but still highly usable (similar to Pidgin + OTR).
Will they try to use this for corporate evil? Maybe. But at the same token WhisperSystems never had enough power/traction to develop what they really wanted and we (the people) needed.
Got to love how it's been "not available" on their website for months now. Sounds like a very cool idea...
While yes, TextSecure is similar in nature to PGP, it isn't the tech, so much as the interface, that makes it a great app. While I can agree with some of your objections to what Web 2.0 heralds as new and I believe there are legitimate questions about the wisdom of the direction we are going with technology, I think your rant may be misplaced here. TextSecure is a local Android SMS client that smoothly integrates key exchange and secure messaging with SMS so that the user doesn't have to concern themselves as much with the "complicated" details. You simply choose a contact, request a key exchange, verify a code it gives you via some other channel to make sure there is no man in the middle and the keys are then stored with the contact for future verified, secure communication without having to do anything more than send text messages like you normally would (though through the TextSecure app).
What we should take from "Web 2.0" is the attention to what kinds of interfaces and interactions users gravitate towards and this is where TextSecure seems to shine the most. What we might be wiser not to take from Web 2.0 is some of the more questionable technical "innovation" that seems to be moving backward in capability to what we had in the past in the name of supporting the new UI. Examples from my perspective at least are the pushes towards things like Metro and trying to do entire desktop replacement application development in HTML5. Sure the idea of a pure touch friendly UI sounds good to marketing, but the fact is there is a lot that can't be effectively done with it. You might cover the needs of half the population even, but you are greatly limiting the development of the fringe of technology which has always been what pushes us forward.
Recently there seems to be this idea that the goal should be to get everyone, from the biggest technophiles to granny in a nursing home should embrace new tech, but too often the way that seems to be accomplished is the lazy approach of making a limited product that doesn't really push the envelope or encourage further growth. For the longest time tech has started in the hands of those who understand how to push it forward and then propagated down to the masses after going through a lot of refinement and filtering to find the best stuff. Now things just get thrown out to mass market and that filtering and direction is lost. Effectively control of the direction of technology is getting handed to marketing instead of technologists. That's a great way to make money, but a horrible way to move technological progression forward.
Similarly, HTML5 being used for desktop apps is a nice goal to try to have apps that can be used anywhere and not require install, but the fact is that the tools really aren't there to do it efficiently yet and it's really a wasteful process when you consider the extra development effort required for many projects combined with the extra energy required to run the necessarily inefficient code (just the lack of a good ability to push notification from server to client is a huge issue, let alone the security concerns and the performance of java script in general). On the other hand you do save having to produce hardware for the home, but that hardware and more is just having to go in data centers instead (though it is more fully utilized in a data center.)
AJ Henderson
The truly funny part is Web 2.0 is back to classic Client/Server programming, utilizing an HTML engine as the client. I believe that existed since the 60s with dumb terminals, but certainly no later than the early 80s with the current modern thick client/server model (think X11 and the like)
Regarding the open sourcing of the encryption code, generally self-written encryption routines are inadequate at best. If you're not leveraging one of the well vetted encryption libraries, odds are that your solution is weak and will only stand up to cursory inspection. Otherwise, you're using PGP, RSA, Blowfish, etc, and your code is merely a light wrapper around those libraries. (No, I did not review the code)
As for chat clients and the like connecting to each other with encryption, this has been around and open sourced a long time, one implementation is Off-the-Record. And of course there's the PGP solution that has been around since the early 90s.
The cesspool just got a check and balance.
Here's to hoping for a MeeGo port...
And good job, Twitter. Somehow you're becoming far more sympathetic than that 'other' big social network player...
Stop kidding yourselves, nothing resembling this existed back then. There's much more done on the server and much more done on the client, and it's not even the same requirements.
assuming an application of complexity C, if you have three tiers, you have to divide that complexity into 3 parts. since the invention of the Application Server, much of the complexity lived in the middle tier.
by eliminating the middle tier, you have only the client and server to perform all the work, which means that the original poster is correct, even if the amount of work getting done in 2012 has increased 1,000s-fold over the 1960s.
Practically EVERY WEEK, & for YEARS now? Yes - You see a NEW "security bug" turning up on ANDROID, a Linux variant!
[Citation Needed]
Yes, I know... Don't feed the trolls and all of that...
- Toast
CarrierIQ is not an android problem.
http://mobile.slashdot.org/story/11/12/02/1637249/researchers-find-big-leaks-in-pre-installed-android-apps
http://www.theregister.co.uk/2011/11/30/google_android_security_bug/
http://www.securityweek.com/new-android-trojan-masquerades-google-library-taps-device-administration-api
http://www.theregister.co.uk/2011/11/14/android_anti_virus/
http://www.theregister.co.uk/2011/10/06/trend_discovers_more_android_malware/
http://news.slashdot.org/story/11/10/06/0118231/android-malware-using-blog-as-cc-server
http://it.slashdot.org/story/11/10/03/1427242/htc-android-backdoor-leaks-private-user-data
http://www.theregister.co.uk/2011/09/20/google_android_vulnerability_patching/
* Since the 1st batch wasn't enough, there's 8 more... plenty more where that came from too!
APK
P.S.=> Would you like more? I have many, Many, MANY more... apk
Carrier IQ Software Compromises Android Device Data Privacy:
http://www.eweek.com/c/a/Security/Carrier-IQ-Software-Compromises-Android-Device-Data-Privacy-801615/
* Care to explain that article title & content then?
(CarrierIQ runs on ANDROID, a Linux variant, & thus is a problem for it, no questions asked!)
APK
P.S.=> This is a classic that needs you requoted verbatim vs. the above evidence from reputable sources to the contrary:
"CarrierIQ is not an android problem." - by mSparks43 (757109) on Thursday December 22, @04:14PM (#38464720) Homepage"
Nuff said, because does CarrierIQ run on Linux? Absolutely, on ANDROID a linux variant, thus CarrierIQ IS A LINUX/ANDROID PROBLEM, & no "spin" b.s. can counter for that fact - See above, explain THAT then...
... apk
Geez... See what you've done, Toast...
apk, I can see you have a hard-on about Gnu/Linux, Android, and anything resembling Open Source.
What I don't see is some balance between your obvious obsession, and Microsoft products that also have had 15+ years of security issues, the latest being the HTML tag that crashes Win7 64 bit.
Damn, now I'm feeding the trolls.....
Apparently you haven't played with X11 at all if you think we're doing more now than in the 80s.
I distinctly recall using SGI machines to run PATRAN modeling software that was backed by a Cray YMP-16. If you think a little Web 2.0 app comes anywhere near the intricacy of visualizing stress results on a 300K 3D element model, you need to revisit what existed back in the late 80s. It might just shock you back into the future. (and no, it wasn't real time either, you submitted commands and went to get a cup of pretty much whatever was furthest away)
The cesspool just got a check and balance.
After hearing yrs. of /. penguins & "Linux = secure, Windows != secure" & the data on android that keeps coming in my posts isn't weakening my case.
* I merely state facts when asked for them... plenty more where that came from too! Here are 8 more (making my total @ this point 25 already in my posts here now up to this one):
http://nakedsecurity.sophos.com/2011/09/16/spyeye-targeting-android-users-zeus-strategy/?utm_source=Non-campaign&utm_medium=eNews-newsletter&utm_campaign=eNews-NL-20110912
http://www.networkworld.com/community/blog/android-traveling-texts
http://www.theregister.co.uk/2011/09/15/android_malware_skyrockets/
http://www.wired.com/gadgetlab/2011/08/android-malware-explodes-ios-remains-safe/
http://www.theregister.co.uk/2011/02/17/android_trojan_click_fraud_scam/
http://www.theregister.co.uk/2011/02/07/difference_between_smartphones_and_superphones/
http://www.theregister.co.uk/2011/06/01/android_trojan_rash/
http://blogs.computerworld.com/17355/zombies_and_angry_birds_attack_mobile_phone_malware
---
* Continuing the trend via continuous data in each of my replies to "naysayer trolls" (especially the AC ones), in proofs of ANDROID security issues over time... 25++ & counting thusfar!
APK
P.S.=> I have 25++ recent issues regarding ANDROID (a Linux variant) security problems as of THIS post... Would you like more?
... apk
The truly funny part is Web 2.0 is back to classic Client/Server programming, utilizing an HTML engine as the client. I believe that existed since the 60s with dumb terminals, but certainly no later than the early 80s with the current modern thick client/server model (think X11 and the like)
It seems like you're talking about HTML5 (Creating websites with application-like user experience with combinations of the latest HTML, CSS and JS features) though you refer to it as Web 2.0.
Web 2.0 has nothing to do with user interface (though certain UI elements, such as types of glossy buttons, are often referred to as "Web 2.0 style" because they got popular in blogs, etc.). Web 2.0 refers to the change in how people view the internet and how the content is produced. Web 2.0 refers to the change from passive users (who just visit corporation.com to look up information) to active users (who produce the content themselves. e.g., blogs, youtube, Slashdot community, etc.).
I know there are too many buzzwords these days, but these are the ones that everyone should know. Web 2.0 has been pretty well established for years and I think that it well describes very important change in how we view the web. HTML5 is more of a buzzword (as it doesn't actually refer to any new technology, it seems like a newer version of "DHTML") but it's quite widely used and the meaning is pretty consistent, too. :)
U know u made strong points if you got modded down n all troll replies.
QUESTION: Does CarrierIQ run on smartphones w/ ANDROID?
* A simple YES or NO answer's all that's required...
APK
P.S.=> IF the answer's YES (and, it is)? Then it is indeed AN ANDROID PROBLEM - & NO amt. of "spin"'s going to get around that little fact, period!
... apk
Please - Explain away this (it's proof of ANDROID phones bearing CarrierIQ):
---
Carrier IQ Software Compromises Android Device Data Privacy:
http://www.eweek.com/c/a/Security/Carrier-IQ-Software-Compromises-Android-Device-Data-Privacy-801615/
---
* Care to explain that article title & content then?
(CarrierIQ runs on ANDROID, a Linux variant, & thus is a problem for it, no questions asked!)
APK
P.S.=> Also - I never mentioned "your phone" specifically, so I don't know WHY you'd bring it up...
Heck, for all anyone KNOWS? YOU may have toyed with it to remove CarrierIQ, using say, the ADB (Android Debugging Bridge) & pulled CarrierIQ from it somehow that way!
See - I note that tool, because it's HANDY for installing custom HOSTS files onto ANDROID phones (for added "layered-security"/"defense-in-depth" vs. known malicious sites/servers/hosts-domains, as well as speed for blocking out adbanners)... apk
Funny that article shows it's on ANDROID phones thus, it's an ANDROID (& other smartphones') problem (& thus, a Linux problem too, because ANDROID'S A LINUX). I don't see it running on my Windows PC here, for instance...
APK
P.S.=> And to "continue the trend"? Here's MORE Android security issues (8 at a time only: /. won't let me post more links than that):
http://blogs.computerworld.com/18659/cyberthugs_love_smartphones_and_leaky_sneaky_mobile_malware
http://technolog.msnbc.msn.com/_news/2011/04/15/6475834-skype-android-app-can-expose-your-personal-information
http://blogs.computerworld.com/17785/sensory_malware_android_app_listens_then_steals_credit_card_data
http://it.slashdot.org/story/11/07/11/1620222/New-SMS-Trojan-Found-In-Android-Markets
http://hothardware.com/News/Malware-For-Android-Users-Increases-In-Frequency-And-Sophistication/
http://www.theregister.co.uk/2011/08/11/android_marketplace_malware/
http://blogs.computerworld.com/18755/killer_android_app_allows_the_clueless_to_hack_pwn_like_a_pen_tester
http://blogs.computerworld.com/17899/hacked_android_app_racks_up_huge_texting_charges
Would you like MORE? I have PLENTY of them...
... apk
There's 33++ other ANDROID security issues I posted you avoid like the plague & we KNOW why, lol!
In fact? Here's some more, "continuing the trend", 8 at a time (since /. won't let me post more than that in a single thread):
---
http://news.cnet.com/8301-27080_3-20087265-245/android-users-twice-as-likely-to-see-malware-than-six-months-ago/
http://mobile.slashdot.org/story/11/08/01/2242233/Android-Trojan-Records-Phone-Calls
http://www.theregister.co.uk/2011/08/12/defcon_handsets/
http://mobile.slashdot.org/story/11/07/24/1715232/Android-Password-Data-Stored-In-Plain-Text
http://nakedsecurity.sophos.com/2011/07/09/android-malware-spies-sms-messages-zeus-family/
http://www.theregister.co.uk/2011/06/01/android_trojan_rash/
http://mobile.slashdot.org/story/10/12/21/1849243/The-Smartphone-That-Spies-and-Other-Surprises
http://it.slashdot.org/story/11/05/17/1538226/Swiped-Tokens-Expose-Android-Devices-To-Data-Theft
---
* Once again, for the 4th o4 5th time now: Would you like more? I have PLENTY MORE where that came from!
APK
P.S.=> CarrierIQ running on ANDROID (a Linux variant) is indeed a problem for it, no matter what kind of "spin" you attempt to put on things I post - no questions asked, & it's only a SMALL FRACTION of the exploits "exploding" on the Linux variant called ANDROID!
So - do I "hate Linux or Android"? No, far from it - they're just operating systems after all!
(They both do the job & are pretty ok (I used both here over time))
HOWEVER, what I do dislike?
Well... the "std. 'FUD' b.s." I heard here on /. for YEARS (coming up on a decade now) of:
"Linux = secure, Windows != secure"
That has been disproven by security issues popping up on Linux (since it can no longer hide via "security-by-obscurity") OR ANDROID (a widely used Linux variant on smartphones, that TRULY illustrates that Linux was indeed, hiding behind lack of usage & thus, not a good target with enough users for justifying an "ROI" on time spent creating exploits for it... this is no longer the case on smartphones @ least))...
... apk
"Simple fact is, Linux is as secure as you make it, but you cannot make windows secure." - by mSparks43 (757109) on Monday December 26, @01:32PM (#38495636) Homepage
Per my subject-line above, I practically "wrote the book" on it -> http://www.bing.com/search?q=%22HOW+TO+SECURE+Windows+2000%2FXP%22&go=&qs=ns&form=QBLH
To "immunize" a Windows system, I effectively use the principles in "layered security" possibles!
http://www.bing.com/search?q=%22HOW+TO+SECURE+Windows+2000%2FXP%22&go=&form=QBRE
I.E./E.G.-> I have done so since 1997-1998 with the most viewed, highly rated guide online for Windows security there really is which came from the fact I also created the 1st guide for securing Windows, highly rated @ NEOWIN (as far back as 1998-2001) here:
http://www.neowin.net/news/apk-a-to-z-internet-speedup--security-text
& from as far back as 1997 -> http://web.archive.org/web/20020205091023/www.ntcompatible.com/article1.shtml which Neowin above picked up on & rated very highly.
That has evolved more currently, into the MOST viewed & highly rated one there is for years now since 2008 online in the 1st URL link above...
Which has well over 500,000++ views online (actually MORE, but 1 site with 75,000 views of it went offline/out-of-business) & it's been made either:
---
1.) An Essential Guide
2.) 5-5 star rated
3.) A "sticky-pinned" thread
4.) Most viewed in the category it's in (usually security)
5.) Got me PAID by winning a contest @ PCPitStop (quite unexpectedly - I was only posting it for the good of all, & yes, "the Lord works in mysterious ways", it even got me PAID -> http://techtalk.pcpitstop.com/2007/09/04/pc-pitstop-winners/ (see January 2008))
---
Across 15-20 or so sites I posted it on back in 2008... & here is the IMPORTANT part, in some sample testimonials to the "layered security" methodology efficacy:
---
SOME QUOTED TESTIMONIALS TO THE EFFECTIVENESS OF SAID LAYERED SECURITY GUIDE I AUTHORED:
http://www.xtremepccentral.com/forums/showthread.php?s=672ebdf47af75a0c5b0d9e7278be305f&t=28430&page=2
"I recently, months ago when you finally got this guide done, had authorization to try this on simple work station for kids. My client, who paid me an ungodly amount of money to do this, has been PROBLEM FREE FOR MONTHS! I haven't even had a follow up call which is unusual." - THRONKA, user of my guide @ XTremePcCentral
AND
"APK, thanks for such a great guide. This would, and should, be an inspiration to such security measures. Also, the pc that has "tweaks": IS STILL GOING! NO PROBLEMS!" - THRONKA, user of my guide @ XTremePcCentral
AND
http://www.xtremepccentral.com/forums/showthread.php?s=672ebdf47af75a0c5b0d9e7278be305f&t=28430&page=3
"Its 2009 - still trouble free! I was told last week by a co worker who does active directory administration, and he said I was doing overkill. I told him yes, but I just eliminated the half life in windows that you usually get. He said good point. So from 2008 till 2009. No speed decreases, its been to a lan party, moved around
"Simply isn't true" - by mSparks43 (757109) on Tuesday December 27, @03:53AM (#38500830) Homepage
Sure it is that nearly NOBODY uses Linux (on PC's & Desktops especially vs. Windows) - see here:
http://www.netmarketshare.com/operating-system-market-share.aspx?qprid=8&qpcustomd=0
---
"The minimum ones are:
DHCP Client
DNS Client
Plug & Play
Remote Procedure Call (RPC)
So you still had to rely on Linux to protect you from the Blaster worm then?" - by mSparks43 (757109) on Tuesday December 27, @03:53AM (#38500830) Homepage
What gave you THAT idea? That looks like a quote of mine from an old post about how to get down to a minimum share of services (analogs to *NIX daemons) in Windows (you can do without DNS client too by the by using custom HOSTS for example) where I was talking about how to get down to a MINIMUM SET OF SERVICES in Windows.
---
"Windows just isn't built for security" - by mSparks43 (757109) on Tuesday December 27, @03:53AM (#38500830) Homepage
From the vulnerabilities I posted on Linux? I'd have to say the same... ANDROID doesn't do it any favors on THAT account either, plus? Well... I've been doing securing of Windows via custom security-hardening it for decades now & posted that much to you, with user feedback on YEARS of no longer "going down/crashing" OR being "bug infested"... so, you're wrong man!
It's not SHIPPED AS SECURE AS POSSIBLE, but, then again, even SeLinux bearing distros included? Neither is Linux... or MacOS X (even Apple has guides on how to secure it better than by default from the oem Apple) -> http://www.apple.com/support/security/guides/ ...
---
"I'm still waiting for you to post a security flaw on android that doesn't require the "user" to install malicious software" - by mSparks43 (757109) on Tuesday December 27, @03:53AM (#38500830) Homepage
I did even better in posting ones regarding FLAWS IN THE ANDROID OS LINUX BASED KERNEL:
http://linux.slashdot.org/story/10/11/02/2238205/Serious-Security-Bugs-Found-In-Android-Kernel
AND ones where they can install without user interaction:
http://mobile.slashdot.org/story/10/11/14/0115255/Android-Holes-Allow-Secret-Installation-of-Apps
APK
P.S.=> I still do NOT "get" HOW you can say I relied on Linux in the quote where you put up a quote from myself on minimum services you can get down to in Windows (where DNS client's not really even needed or recommended with larger custom HOSTS files)... that's NOT myself "relying on using Linux" as you stated & I quoted above!
... apk
"But anyone who cares about security uses linux - and by default anyone who uses the services of those companies uses and relies on linux." - by mSparks43 (757109) on Tuesday December 27, @03:33PM (#38506592) Homepage
Oh, really? Ok, per my subject-line:
---
London Stock Exchange Web Site Served Malicious Ads:
http://www.securityweek.com/london-stock-exchange-web-site-serving-malware
And, yes - they run Linux to do it -> http://uptime.netcraft.com/up/graph?site=www.londonstockexchange.com
(So much for "caring for security" because they didn't do a good job... hell, Linux ALSO FELL FLAT ON ITS FACE ONLY MINUTES INTO THE JOB RUNNING LSE THE 1st DAY ON THE JOB:
LINUX WENT DOWN 2x in LESS THAN 1 YEAR @ London Stock Exchange:2011 -> http://linux.slashdot.org/comments.pl?sid=1999478&cid=35231358
Whereas, by way of comparison, the Accenture developed system that used Windows Server 2003 before it ran for 7++ yrs. before being replaced!)
---
AND OF COURSE, this much VERY CURRENTLY THIS YEAR IN 2011:
---
KERNEL.ORG COMPROMISED:
http://linux.slashdot.org/story/11/08/31/2321232/Kernelorg-Compromised
---
Linux.com pwned in fresh round of cyber break-ins:
http://www.theregister.co.uk/2011/09/12/more_linux_sites_down/
---
Mysql.com Hacked, Made To Serve Malware:
http://it.slashdot.org/story/11/09/26/2218238/mysqlcom-hacked-made-to-serve-malware
---
Linux's showing in CA's breached recently too? Ok:
http://uptime.netcraft.com/up/graph?site=StartCom.com
http://uptime.netcraft.com/up/graph?site=GlobalSign.com
http://uptime.netcraft.com/up/graph?site=Comodo.com
http://uptime.netcraft.com/up/graph?site=DigiCert.com
http://uptime.netcraft.com/up/graph?site=www.gemnet.nl
The list of CA Servers BREACHED that RUN LINUX (StartCom, GlobalSign, DigiCert, Comodo, GemNet)... per these articles verifying that:
http://itproafrica.com/technology/security/cas-hacked/
&
http://threatpost.com/en_us/blogs/site-dutch-ca-gemnet-offline-after-web-server-attack-120811
---
Toss ANDROID (yes, a Linux since it uses a Linux kernel) in also, since it's being "shredded" on the mobile phone security-front rampantly for years now?
You get the picture...
* TOP THAT ALL OFF W/ DUQU ROOTKIT/BOTNET BEING SERVED FROM LINUX SERVERS, PER THIS ARTICLE (very recent):
http://it.slashdot.org/story/11/11/30/1610228/duqu-attackers-managed-to-wipe-cc-servers
APK
P.S.=> Continuing the trend on ANDROID malware as well as I have been doing? Up to 56++ evidences now by this point with these 8 new ones to list:
http://mobi
"Now that's a real ROFL!!!" - by mSparks43 (757109) on Wednesday December 28, @05:28AM (#38513254) Homepage
Facts are facts: Like here, I posted them earlier with backing proofs & documentations from reputable sources, & I do so again here now below... simple. No laughs, just facts!
Case-in-Point (to something I posted you said I did not):
I did post a kernel level error security issue problem that's ANDROID has here -> http://linux.slashdot.org/story/10/11/02/2238205/Serious-Security-Bugs-Found-In-Android-Kernel so, so much for your stating I did not. So yes, as you can see (or anyone else reading)? That's happened to ANDROID (& thus Linux too, since ANDROID's a Linux variant itself). I am up to 50++ security issues on ANDROID I posted (and can double it easily if you wish with more) also, & if those security issues, and they are? Then, clearly, they are occurring on ANDROID & are a problem there, no questions asked.
---
"You're the one who brought up Windows & desktop PC's, and hosts files, but still with no real explanation of wtf they have to do with Android" - by mSparks43 (757109) on Wednesday December 28, @05:28AM (#38513254) Homepage
You can use HOSTS files for ANDROID for better speed, security, anonymity to a degree, & even bypass of restrictions online...
(ANDROID, again, is a Linux & has a BSD based IP stack - most all OS do nowadays).
Custom HOSTS files data for use are free & so is HOSTS itself (you have one already). Custom HOSTS file also unquestionably can yield faster websurfing, faster access to sites, safer surfing, & to an extent, more "anonymous" surfing (vs. DNS request logs) & bypass of restrictions (DNSBL).
They're simple to install there using ADB (Android Debugging Bridge) as follows, in not too "broad" of strokes:
Load ADB
Tether your smartphone to your PC
logon with appropriate rights (read/write @ very least)
Use the push command to transfer over your existing hosts file on ANDROID with new custom HOSTS file imported from your PC.
* Done... 4 steps, only a few minutes time, if that.
---
"Going back to what I said earlier "Linux is as secure as you make it" - by mSparks43 (757109) on Wednesday December 28, @05:28AM (#38513254) Homepage
Same with Windows (or MacOS X too): You can "security-harden" them, & especially via "layered-security"/"defense-in-depth" procedures. An hour of time for decades of safer, faster, & better uptime.
---
"i.e. sure there are problems" - by mSparks43 (757109) on Wednesday December 28, @05:28AM (#38513254) Homepage
I list many below. Did you even KNOW that SeLinux (which gives MAC capabilities to Linux for security) is a COPY/IMITATION of Windows NT-based OS since 1992 & the ACL concept? It is... a copy, but a needed one. Windows NT-based OS have been "Orange Book" certified as C2 level secure. Linux has not been since 1992.
More on that shortly, with security detail from documented respectable sources.
---
"but nothing that has been seriously exploited that hadn't already been fixed." - by mSparks43 (757109) on Wednesday December 28, @05:28AM (#38513254) Homepage
WTF? If the Linux sourcecode repository isn't serious, & the 5 CA's that secure SSL for online banking/ecommerce/shopping & such aren't serious, then I don't KNOW what is. Both were breached this year 2011, running Linux....
Also, beg to differ:
Linux's still got issues -> http://web.nvd.nist.gov/view/vuln/search-results?query=Linux+kernel&search_type=all
LSE served exploits from LSE's London Stock Exchange website & the LSE running on Linux going down 1st minutes on job @ LSE, & then again too a 2nd time.
* You may not LIKE it, but facts, are facts - They did have problems in security & stability running Linux @ LSE, period/no questions asked.
APK
P.S.=> Fact: LSE had security AND STABILITY problems running Linux, right off the bat outta the starting gate ("plop", right on their noses, lol)... no questions asked!
... apk
Great security & stability there @ LSE running Linux, eh? NOT! Current information on that note I posted from this year (year end 2011) shows it's as vulnerable as any OS out there... & on the server front, where it's SUPPOSED to have "smart people" running it?? It's being breached there too mostly, lol, since nobody really uses it on desktops for the most part!
APK
P.S.=> The fact that security breaches of ALL KINDS occur on Linux & its variants is in STARK contrast to the YEARS OF FUD/LIES you heard on /. of "Linux = secure" when it's anything BUT that per those breaches happening, for whatever reasons... period!
... apk
Adding words 2 others' quotes (that they never said)? Looks that way here from you:
"->fixed before they were exploited." - by mSparks43 (757109) on Wednesday December 28, @08:56AM (#38514196) Homepage
* Ahem: Can you show me the source saying EXACTLY that, which you allegedly quoted part of & seemingly ADDED THAT ONTO YOURSELF thus, showing you are now putting words into the source's mouth they may not have uttered @ all?
APK
P.S.=>
"No you didn't, you posted a link to security issues which were:" - by mSparks43 (757109) on Wednesday December 28, @08:56AM (#38514196) Homepage
This was the title of the article I used (says it all):
Serious Security Bugs Found In Android Kernel
From a /. article TITLE, no less, lol...
... apk
"Oh, and the CA's and were breached using good old brute force attacks on ftp and sql servers." - by mSparks43 (757109) on Wednesday December 28, @09:02AM (#38514260) Homepage
Show for YEARS all the /. Penguin "FUD" of "Linux = Secure" is b.s. ... &, ANDROID does the rest!
Especially showing that once that 'security-by-obscurity' is taken away from Linux, not only does it get ABUSED ON SERVERS but, it gets MASSIVELY ABUSED on end user oriented devices like smartphones where it has a big marketshare!
(Where it's used most & allegedly staffed by "penguins that know what they're doing" & apparently DON'T, on servers too though? LMAO, please... make us laugh more!)
WORSE POSSIBLY THAN THE CA's for SSL (ecommerce/online banking/shopping etc.- et al)
Linux own sourcecode repository being breached! That's laughable... all that, in 2011! Man... lol!
APK
P.S.=> You lack the intelligence, facts, & technical wherewithall to get the best of me - accept it!
... apk
You linked
http://linux.slashdot.org/story/10/11/02/2238205/Serious-Security-Bugs-Found-In-Android-Kernel
which is a summary of
http://www.techweekeurope.co.uk/news/serious-security-bugs-found-in-android-kernel-11040
which says
Not my fault if you failed to RTFA.
"the security of Linux may not be perfect, never said it was" - by mSparks43 (757109) on Wednesday December 28, @01:32PM (#38517478) Homepage
Don't worry - after what I posted, folks KNOW Linux's security's weak! Certainly weaker than all the YEARS OF FUD B.S. spouted around here of "Linux = Secure" bs & putting down Windows!
---
"Linux has never had anything like Blaster, Zeusbot or any of the other myriad of worms that infest Windows machines on a daily basis," - by mSparks43 (757109) on Wednesday December 28, @01:32PM (#38517478) Homepage
There's only 1 Linux system running for every 95 or so that run Windows... Linux doesn't do as much because of less users on it - thus, to "hacker/cracker" types looking for "easy-meat crowds", they attack Windows on PC's &/or Servers more (because more Windows machines are out there running the world than Linux ones).
However/Again - Once Linux DOES get used more than other platforms, ala smartphones? You see it gets "hit" as much as Windows does on PC's, perhaps more!
---
"Heck, I don't see how the internet could of happened if your average server was vulnerable to the infamous ping of death and the like, which is why IIS has never stayed on webservers longer than a year or two." - by mSparks43 (757109) on Wednesday December 28, @01:32PM (#38517478) Homepage
Ping of Death wasn't "unique" to Windows - it was a network stack issue, @ the ICMP level.
APK
P.S.=> This is actually funny what I quote from you next:
"And all this is beside the point, that firstly, you haven't found a single exploited Android vulnerability" - by mSparks43 (757109) on Wednesday December 28, @01:32PM (#38517478) Homepage
Ahem: Learn to COUNT please, because in my previous posts I posted 64++ already:
Yes - Even ones in the ANDROID Linux kernel itself too, no less along with the repository for the Linux source being broken into + CA servers for SSL breached that run Linux on the Server level too!
(LMAO - Which you tried to "fudge a quote"/misquote, here http://news.slashdot.org/comments.pl?sid=2586024&cid=38515938 by adding in YOUR comments to it, & the source you quoted never stated that - LAME, low, & makes you like that way now)...
... apk
That doesn't mean a THING: Anyone who knew them could've used the hack/crack in the Linux kernel problem (& you can bank on it those guys that "discovered them" aren't the only ones using them, or that know about them!) & that's assuming everyone's running a kernel build "proof" to those holes (no guarantees there)...
APK
P.S.=> Plus, the way Linux's been breached YET AGAIN in time for the year 2011, per my subject-line above no less... & to "close out" this year, + to add to my 2011 recent partial list of security breaches on numerous Linux servers (bad ones) I posted?
Well - We have yet ANOTHER LINUX SECURITY BREACH:
http://yro.slashdot.org/story/11/12/28/1743201/data-exposed-in-stratfor-compromise-analyzed
And, what's that domain running? Yes kids, YOU GUESSED IT: Linux -> http://uptime.netcraft.com/up/graph?site=www.stratfor.com
"Happy New Year" for Linux, eh? LMAO!
... apk
"You do realise you are posting on slashdot right?" - by mSparks43 (757109) on Wednesday December 28, @04:33PM (#38519420) Homepage
The place where for YEARS penguins said "Linux = secure" & what I post shows it's ANYTHING but that? Sure, I do! You bet... lol!
---
"But every windows machine connects to at least 20 Linux machines a day, which is where your argument falls flat on its face." - by mSparks43 (757109) on Wednesday December 28, @04:33PM (#38519420) Homepage
Linux users connect to many orders of magnitude MORE systems running Windows, because Windows is MORE WIDELY USED by a HUGE MARGIN... period!
---
"->fixed before they were exploited." - by mSparks43 (757109) on Wednesday December 28, @04:33PM (#38519420) Homepage
YOU wrote that, not your source - they weren't & aren't the only guys that know how to exploit that KERNEL LEVEL SECURITY BUG IN ANDROID @ that time either (others did also). I mean, face it: Just because you publicly state you have discovered something, doesn't mean you're the first!
---
"It's true you've posted lots of links" - by mSparks43 (757109) on Wednesday December 28, @04:33PM (#38519420) Homepage
That dealt in 64++ security vulnerabilities being present &/or exploited on ANDROID (a Linux variant) - you need more, thus, my p.s. below will have them (8 more, making the total now a 72:1 ratio vs. your "opinions", lol)
APK
P.S.=> Lastly - "continuing the trend" here, posting MORE ANDROID (a Linux variant) SECURITY BLUNDERS (72 by this point):
http://www.theregister.co.uk/2011/01/29/android_data_disclosure_bug/
http://www.theregister.co.uk/2011/01/14/android_chinese_stealing/
http://www.ft.com/cms/s/2/bf3d6002-452e-11e0-80e7-00144feab49a.html#axzz1FdlXHJmB
http://mobile.slashdot.org/story/10/12/30/1856242/Android-Trojan-Found-Spreading-From-Chinese-App-Stores
http://www.ibtimes.com/articles/137143/20110421/android-phones-track-users-movements.htm
http://www.bangobang.com/2011/04/android-phones-are-no-more-protected.html
http://mobile.slashdot.org/story/11/02/23/1640252/Mobile-Spyware-Conferences-Into-Your-Calls
http://www.theregister.co.uk/2011/03/04/google_android_market_peril/
Don't worry - I have PLENTY MORE where that came from, should you need even more...
... apk
"Heck, I don't see how the internet could of happened if your average server was vulnerable to the infamous ping of death and the like, which is why IIS has never stayed on webservers longer than a year or two." - by mSparks43 (757109) on Wednesday December 28, @01:32PM (#38517478) Homepage
Ping of Death wasn't "unique" to Windows - it was a network stack issue, @ the ICMP level, not IIS, & it was NOT UNIQUE TO WINDOWS @ all...
Read that much here:
http://en.wikipedia.org/wiki/Ping_of_death
---
PERTINENT QUOTE/EXCERPT:
"This exploit has affected a wide variety of systems, including Unix, Linux, Mac, Windows, printers, and routers"
---
* You can quit "talking out your behind" now... lol!
APK
P.S.=> Just like you do about others that have things YOU haven't done or that you could produce proof of that you had:
---
1.) Degrees they earned (myself)
2.) From GOOD schools (ones you said were "shitty" & yet rate #18 on top schools, & in the northeast US where the BEST schools are no less, as well as a "best buy" TOP 10 placement too)
& you try to belittle that!
3.) You also try belittle accomplishments others have in computer sciences areas (you do not yet again)
---
HOWEVER, as-per-your-usual?
Facts from reputable sources PUT YOU AWAY, & make you evade posting proofs you've done the same yourself (evasions galore on THAT account)...
Yes, no questions asked:
YOU like to "talk out your ass", but you've never done what you put down when you talk, no doubt about it!
... apk
Show me a direct quote of myself saying ALL services to be all shutdown (just ones you determine you don't need) anywhere I actually posted them (you need some of them)...
---
"Nope, because you can't run services on windows without loosing security." - by mSparks43 (757109) on Wednesday December 28, @06:30PM (#38520754) Homepage
Sure you can: Ever heard of SFTP? Secure FTP in other words & even 3rd party tools can do it, etc./et al... I never said once to SHUT ALL SERVICES DOWN, show me where I have where I haven't been impersonated (otherwords, someplace online other than slashdot, like in searching "HOW TO SECURE Windows 2000/XP" on Google/Bing for instance).
---
"Which is why you wrote that post saying shut them all down. Remember." - by mSparks43 (757109) on Wednesday December 28, @06:30PM (#38520754) Homepage
See subject line & start of this post earlier - show me where I ever said ALL about Windows Services & shutting them ALL down... we'll be waiting on this one just to laugh at some evasion or POSSIBLE impersonation attempt - gotta be those "troll strategies" @ this point, lol!
As an aside... The only way to DO it, easily enough, and... yes, you can?
Is to go to security policies @ ALL levels (group & local) & block the services logon entities per service right off from logging on as 'service' or other possible entities, lol... Yes - it works, and windows boots, runs quick, but you can't get online (other things stop too, but that I recall vividly & immediately getting out & doing F8 restart to "Boot to Last Known Good Configuration" as the result... lol!).
* Those other things you posted... lol, little question on that - QUESTION: Were those links you just reposted that I posted earlier - were those posts about Android?
A simple YES or NO answer is all that is needed/expected...
APK
P.S.=> "Here endeth the lesson"... Oh, lol, WAIT: Tell us more about the ping of death & IIS, lol -> http://news.slashdot.org/comments.pl?sid=2586024&cid=38520590
... apk
That doesn't say to "shut off all services" - only the ones you need to (quoting me partially doesn't 'cut it' either, because right before that, from my last post no less, it says this:
" (just ones you determine you don't need) anywhere I actually posted them (you need some of them)..." - by Anonymous Coward on Wednesday December 28, @07:10PM (#38521104) FROM -> http://news.slashdot.org/comments.pl?sid=2586024&cid=38521104
AND, the question I was asking was is if the systems I listed here that were breached here (any of the links I've been posting that dealt in ANDROID security issues, that's 72 of them by this point) were running Windows... & for you to simply answer it YES or NO.
APK
YOU cannot produce a quote of myself saying "turn off EVERY SERVICE", now can you?
Even though you stated I have said that before - it's NOT true, & "putting words in my mouth" I never said! That's lame man... really lame.
---
"I need all of them, else why would they be there?" -
For anyone that requires their services, but... I have YET to meet anyone (person OR company) in nearly 2 decades now that needs EVERY service offered in Windows NT-based OS!
You need ALL of them? Again - I have YET to date in working with Windows NT-based OS since 1992 & the Windows NT 3.1 builds of that family of Operating Systems to see ANY individual (or corporate body even) need EVERY SERVICE offered in them (far more now than back then)...
Heck - Even Microsoft has changed their tune in Windows 8 to make services that are not needed (or working currently performing a task) STOP RUNNING when not in use, OR, not "autoload" @ all......
http://news.softpedia.com/news/Windows-8-Services-Loading-During-Boot-Have-to-Justify-Their-Existence-220200.shtml
PERTINENT QUOTE/EXCERPT:
"Larry Osterman, a Microsoft veteran, revealed that there are no unnecessary services loading during the Windows boot, and that even those that do load, are optimized to use as few resources as possible. Actually there are audits done every day within Windows (seriously) to ensure that no new services are added without thorough review. And every service that starts at boot has to justify its existance (I was on the team that did the service reviews back in Win7),â he stated. Every one of the services that was enabled at boot time in Win7 was required for some important scenario. And those services that are on the "autostart" list have their overhead pared down to a bare minimum. Several of the auto-start services (for example the audio endpoint builder service) whose default footprint is only a couple of hundred of kilobytes of virtual memory (and essentially no physical memory).â
---
* This gains performance, AND, stops something called "churn" (too many processes, especially uneeded ones, running take up time in the queue) in the scheduler subsystems too!
(I've been doing it for AGES, since 1996 in fact, in "trimming down" unneeded services, & it works... In fact, most recently? While I was over @ TechPowerUp.com in fact, a pile of us were doing benchmarks around 2006-2008 (ScienceMark) & I showed them how to increase their benchmarks by up to 20% by cutting out unneeded services that run by default... it worked!)
---
* Now, as far as the links I posted? They were ANDROID related, & showed security issues in it... no questions asked, but you're AFRAID to answer that correctly... why's that? LMAO, "we know"...
APK
P.S.=> YOU didn't ANSWER THE QUESTION: Were the 72 links here about ANDROID security problems, YES or NO...? apkb
"Not sure where you're coming from now, you're twisting yourself in knots." - by mSparks43 (757109) on Thursday December 29, @05:16PM (#38531894) Homepage
Ok - Did YOU say this, or not?? See here -> http://news.slashdot.org/comments.pl?sid=2586024&cid=38520754
---
PERTINENT QUOTE:
"Nope, because you can't run services on windows without loosing security. Which is why you wrote that post saying shut them all down Remember." - by mSparks43 (757109) on Wednesday December 28, @06:30PM (#38520754) Homepage Journal FROM -> http://news.slashdot.org/comments.pl?sid=2586024&cid=38520754
No getting around what you said "frozen in quotes" after all, & they ARE your OWN words, LITERALLY stating I said to "shut them all down" on services...
( & I do NOT like getting words put into my mouth anymore than you would were I to do THAT, to you!)
---
"Presumably because you recently realised how lame disabling services is as a solution to all the security problems in those services." - by mSparks43 (757109) on Thursday December 29, @05:16PM (#38531894) Homepage
LMAO - it's FAR from "lame" & FINALLY? Microsoft's even going to put a variation of what I've been doing since around 1995 or so on Windows NT-based OS into Windows 8 (tuning for performance, & part of it's trimming off services you don't REALLY need!) - shut off services that aren't needed (they will do this in Windows 8, "automagically" without user intervention!).
MS knows it lessens CPU cycle usage, memory, & other forms of I/O (mainly in the scheduler, avoiding "process churn")... it works!
Yes - it's done MORE for performance' sake actually (saving RAM, CPU cycles, & other forms of I/O spent on services you DON'T REALLY NEED TO RUN (this varies by users' requirements), however - cutting off potentially vulnerable services can function for security also!
Ala this link even NOWADAYS on Windows 8 & services as an example of others besides myself doing it:
---
Windows 8 Services that can be disabled:
http://windows-8-theme.org/windows-8-services-that-can-be-disabled/
PERTINENT QUOTE/EXCEPT:
"Windows 8 by itself has many services that you may not need and are useless for your daily work. They slow your computer performance and are not needed."
---
"Obviously my "turn them all off" was my reference to this, not that you said to literally disable every windows service (although this is the only way to make windows secure, hence my earlier comment about windows being little more than a typewriter in the space age)." - by mSparks43 (757109) on Thursday December 29, @05:16PM (#38531894) Homepage
It's FAR from "the only way to secure Windows"... far, Far, FAR FROM IT - in fact? I suggest you take a bit of time & read this:
http://www.bing.com/search?q=%22HOW+TO+SECURE+Windows+2000%2FXP%22&go=&qs=ns&form=QBLH
Because you'd see the things you can do to secure Windows, & SO WELL, that one gets testimonials from users who have like the ones I posted that showed a fellow going years (along with his customers no less, he's a tech) WITHOUT slowing down OR being infested by malware!
---
"Which brings us back to point, please find one remote code exploit seen in the wild on a stock, up to date Android phone." - by mSparks43 (757109) on Thursday December 29, @05:16PM (#38531894) Homepage
I posted 72 links of problem
"And, afaics, not one of them pertains to a critical security flaw in Android." - by mSparks43 (757109) on Thursday December 29, @10:52PM (#38535198) Homepage
Per my subject-line, then you must be blind - because they were NOT "72 good things" happening on ANDROID!
APK
P.S.=> Are you like somekind of "zealot" about Android/Linux that can't admit it's been "taken advantage of" by hacker/cracker/malware-maker types? You've GOT to be, because the 72 links I posted are about exploits galore of malware & the like on ANDROID happening (including a kernel level security problem too that was found)...
... apk
Anyone that's not a deluded zealot's free to look @ the links I posted, & decide for themselves in these posts of mine as to whether these are "good things" going on with ANDROID (a Linux variant on smartphones) or not:
http://news.slashdot.org/comments.pl?sid=2586024&cid=38463414
http://news.slashdot.org/comments.pl?sid=2586024&cid=38488282
http://news.slashdot.org/comments.pl?sid=2586024&cid=38495050
http://news.slashdot.org/comments.pl?sid=2586024&cid=38495800
http://news.slashdot.org/comments.pl?sid=2586024&cid=38507222
http://news.slashdot.org/comments.pl?sid=2586024&cid=38519768
APK
P.S.=> For "good measure"? Here's 12 more, sending the total up to 84 now:
http://news.slashdot.org/story/11/10/06/0118231/android-malware-using-blog-as-cc-server
http://www.theregister.co.uk/2011/10/06/trend_discovers_more_android_malware/
http://www.theregister.co.uk/2011/11/14/android_anti_virus/
http://www.securityweek.com/new-android-trojan-masquerades-google-library-taps-device-administration-api
http://www.theregister.co.uk/2011/11/30/google_android_security_bug/
http://mobile.slashdot.org/story/11/12/02/1637249/researchers-find-big-leaks-in-pre-installed-android-apps
http://www.theregister.co.uk/2011/12/12/android_market_malware/
http://www.bgr.com/2011/12/14/more-than-1-million-stolen-from-android-users-in-2011-mobile-threats-to-increase-in-2012/
http://blogs.cio.com/mobile-security/16704/android-app-permissions-may-spark-false-sense-security
http://tech.slashdot.org/story/11/12/21/0058235/gaining-a-remote-shell-on-android
http://www.theregister.co.uk/2011/12/22/android_trojan_maytyr/
http://threatpost.com/en_us/blogs/fake-antivirus-scams-targeting-android-users-122911
See subject-line: You just can't admit it, can you? Nope!
(Fact is, the 84 links I posted certainly WERE NOT "GOOD THINGS" HAPPENING ON ANDROID (a Linux variant), nor were they running on Windows either...)
* Some folks just can't accept facts - folks like you!
APK
P.S.=>
"APK in EPIC FAIL" - by mSparks43 (757109) on Friday December 30, @08:53AM (#38537596) Homepage
I failed nothing, but YOU on the other hand? Please - tell us MORE about "ping of death" & IIS, won't you? See here, lol -> http://news.slashdot.org/comments.pl?sid=2586024&cid=38520590
... apk
"They were just "things"." - by mSparks43 (757109) on Friday December 30, @09:40AM (#38538050) Homepage
The 84 links on ANDROID I posted were BAD things in terms of security for ANDROID - http://news.slashdot.org/comments.pl?sid=2586024&cid=38537062
They also illustrate that once a Linux gets some marketshare (better than its 1.19% on PC desktops that is), it too, will be attacked the SAME WAY Windows has been for years!
(Simply due to being used a lot, & that's what malware makers/hacker-crackers target: A platform with MANY unsuspecting users on it, so they can steal their monies (mainly) online).
---
What was it YOU said to me? Oh, yes:
mSparks43 "EPIC FAIL" is next... lol!
"Windows = Don't care" - by mSparks43 (757109) on Friday December 30, @09:40AM (#38538050) Homepage
Oh, I truly KNOW otherwise, or you wouldn't have opened your mouth & inserted your FOOT into it as you did, here, on the "ping of death" -> http://news.slashdot.org/comments.pl?sid=2586024&cid=38520590
APK
P.S.=>
"Heck, I don't see how the internet could of happened if your average server was vulnerable to the infamous ping of death and the like, which is why IIS has never stayed on webservers longer than a year or two." - by mSparks43 (757109) on Wednesday December 28, @01:32PM (#38517478) Homepage
Ahem: Ping of Death wasn't "unique" to Windows - it was a network stack issue, @ the ICMP level, not IIS, & it was NOT UNIQUE TO WINDOWS @ all...
Read that much here:
http://en.wikipedia.org/wiki/Ping_of_death
---
PERTINENT QUOTE/EXCERPT:
"This exploit has affected a wide variety of systems, including Unix, Linux, Mac, Windows, printers, and routers"
---
* You can quit "talking out your behind" now... lol!
... apk
"In what way were they "BAD"?" - by mSparks43 (757109) on Friday December 30, @12:05PM (#38539644) Homepage
Are you serious? Folks money, & personal info., identity, & even more stolen, getting tracked like branded cattle, & that's in addition to malware issues!
* Come on - I can't believe you asked that. You're kidding, right??
See - what I don't *think* you understand, is this: For MANY years since I've been coming here, /.'s got a "clique" of "Pro-*NIX" people who for years said things along the lines of:
"Linux = Secure, Windows != Secure"
Type stuff (even though they have 1% of the marketshare & thus, users on their platform, & thus are less of a desirable target to malware makers)... That's now showing itself to be a lie because once an OS starts getting used, especially by "the unwashed masses", even a Linux like ANDROID IS on smartphones (in other words, non-computer security gurus/techs etc.)? It'll get targetted for all those "not so nice" things happening... things you oddly can't SEE as "bad", which astounds me.
APK
P.S.=>
"Seems to me, if anything, being able to install software on your phone is a fairly useful thing, but mostly its just something you would expect in this day an age." - by mSparks43 (757109) on Friday December 30, @12:05PM (#38539644) Homepage
Even when it installs without a user's permission OR IS INSTALLED to track users before they own it? That's happened on ANDROID, a Linux variant!
Yes, despite all the "Linux = Secure, Windows != Secure" b.s. that flew around here for YEARS unchecked, & it's turning up to be a pile of "FUD" lies in light of what I stated above...
... apk
"If they chose to install software that does all that, whats the problem?" - by mSparks43 (757109) on Friday December 30, @03:18PM (#38541876) Homepage
This bug in ANDROID 2.1 & below's what - users didn't INSTALL what took advantage of that bug in ANDROID to bypass "permissions" -> http://www.theregister.co.uk/2010/11/10/android_malware_attacks/ & again here too -> http://mobile.slashdot.org/story/10/11/14/0115255/android-holes-allow-secret-installation-of-apps
(The fact that stuff like that costs folks their money, personal info., privacy, & what-not along with other "woes" due to malware too, is bad!)
I also pointed out other kernel level errors that have occurred in ANDROID too -> http://linux.slashdot.org/story/10/11/02/2238205/Serious-Security-Bugs-Found-In-Android-Kernel ...
There'll be more over time, count on it.
---
"We've already established there are no known remote code vulnerabilities to let such things get on there by accident." - by mSparks43 (757109) on Friday December 30, @03:18PM (#38541876) Homepage
Have we? I established gaining a remote shell on ANDROID's been done recently too, per this link:
http://viaforensics.com/security/nopermission-android-app-remote-shell.html
In a way that bypasses permissions, and that perms system gives folks a false sense of security.
(The methods used are still present & will work up to IceCream Sandwich 4.0 on ANDROID to this day...)
If you're talking about remotely exploitable kernel bugs on the latest ANDROID? They'll show up over time if they're not present in latest builds (found yet is more like it). Give it time.
The point is not remote bugs only - it is the fact that ANDROID's turning up HIGHLY EXPLOITABLE!
That means Linux, of which ANDROID is part of that OS family, can be as well...
Despite all the "FUD" spread around here on /. that Linux = Secure etc., it was hiding for YEARS behind "security-by-obscurity" & ANDROID's the proof!
84 security problems I posted aren't lies & are widely known...
---
"Unlike any of the alternatives." - by mSparks43 (757109) on Friday December 30, @03:18PM (#38541876) Homepage
PC's are more securable than smartphones presently are.
Personally, though I think/feel smartphones are "cool" (in terms of having a puny screen I can't stand, they can do quite a bit, really a tiny PC in a way), they aren't measuring up on the security front yet... thus, I avoid their tech until it will (NOKIA user here, but not a "smartphone", just a mobile for now because of that).
APK
P.S.=> However, again: I *think* you miss my "main point" here, entirely - that's about Linux, what the "Pro-*NIX crew" around here was way, Way, WAY WRONG about, & security!
So, I am going to "Cut & Paste" it from my last reply to you once more:
For MANY years since I've been coming here, /.'s got a "clique" of "Pro-*NIX" people who for years said things along the lines of:
"Linux = Secure, Windows != Secure"
With ANDROID especially? That's now showing itself to be a lie!
(Linux users have 1% of the marketshare on PC's & that let them hide behind "security-by-obscurity" (no one targetting them because not enough users) & thus, less users on their platform = less of a desirable target to malware makers to justify effort for "ROI" on attacking Li
You're right.
Windows has never even pretended it offered these permissions, guess that makes it much more secure.
Bless.
If only windows had sandboxing (you know, like linux and Android), at least then it wouldn't matter for windowz.
You're "off" on both areas once more (ACL = Win vs. MAC = SeLinux for example):
"Windows has never even pretended it offered these permissions, guess that makes it much more secure." - by mSparks43 (757109) on Friday December 30, @04:18PM (#38542460) Homepage
Windows had ACL (access control lists) level permissions @ both machine, user, & group levels before Linux did (iirc, as far back as 1992) & has always been certified C2 "orange book" level secure (no OS I know of's every gotten an A, @ least afaik). For instance, the NTFS filesystem & Registry itself employ this. User/Group policies take care of the rest (@ the local system level OR domain level - this is where Windows excels, in "volume mgt." of LARGE LAN/WAN setups in fact, ease of use is good for it there).
Linux's MAC (mandatory access control) via SeLinux only came AFTER many years of Linux without it, & certainly after Windows NT-based OS had them...
* In other words, Linux didn't come that way in the original Linux & caught up to Windows a decade later (not for a decade++ in fact, & the NSA "bolted it on" around 2003-2004 iirc!
(THUS, what you speak of? It's a security-feature copied from Windows NT-based OS, but a needed imitation)).
---
"If only windows had sandboxing (you know, like linux and Android), at least then it wouldn't matter for windowz." -
It does though: Ever heard of "SandBoxie"? You can sandbox ANY app with it... that's 3rd party & free too!
Also, it has UAC "virtualization", isolating registry writes/reads to a SINGLE account, rather than system-wide (done via taskmgr.exe by default in the Processes tab & right click on process name).
Windows lastly has hypervisor tech via "Hyper V", where you can VIRTUALIZE an entire machine/OS &, baked into it also.
APK
P.S.=>
"You're right." - by mSparks43 (757109) on Friday December 30, @04:18PM (#38542460) Homepage
Usually am... thank you!
... apk
Hyper V (full sandbox of entire OS/machine) comes "baked in" natively & so does UAC Virtualization (registry virtualization) + SandBoxie can be used (driver-driven virtualization) for sandboxing aps, & is a freeware as I stated also...
* Any of them can be used for "sandboxing" apps, despite your stating Windows can't do it...
APK
P.S.=>
"lol. Clutch at straws much?" - by mSparks43 (757109) on Friday December 30, @11:02PM (#38545624) Homepage
Don't have to - You proved you're incorrect about some ideas you have about Windows & that because of that, your preconceived notions are wrong about it... apk
"My main day to day machine is a fedora installation, been on fedora since 2004, and has never been compromised. My laptop is a win7 machine, and has had to be reset to factory settings 3 times since I got it a couple of years ago, after it got some nasty infection that I could find no trace of to remove (found via networking logs @ the gateway), despite generally doing nothing on it but reading a few word documents and browsing the net." - by mSparks43 (757109) on Saturday December 31, @01:35AM (#38546296) Homepage
This is indicative of you not knowing what the cause of your hassle was... because there's not a virus/trojan/spyware/malware-in-general OR rootkit I can't remove completely from a Windows machine... & fairly easily.
It's also indicative of the fact you're a "penguin" mainly who is biased but you don't know what you're doing on Windows because of your use patterns & "talking out your behind" earlier on sandboxing in Windows too... & being wrong on YOUR PART about it!
---
"And, btw, I know everything about windows I need to know." - by mSparks43 (757109) on Saturday December 31, @01:35AM (#38546296) Homepage
I'd have to say no, personally... that also tells me, along with your misconceptions about Windows & sandboxing apps earlier here http://news.slashdot.org/comments.pl?sid=2586024&cid=38542962 , that you don't know as much as you think... & the paragraph above tells me you don't know that much about how to "security-harden" Windows...
---
"Tells me all I need to know about windows security.." - by mSparks43 (757109) on Saturday December 31, @01:35AM (#38546296) Homepage
Tells me you don't know that much about it, if you couldn't figure out how to get rid of an infestation (or that you got one in the 1st place)...
APK
P.S.=> You fail to understand apparently that ANDROID is the 1st truly WIDELY USED Linux, moreso by "typical non-tech users" than any other Linux distro is in essence (albeit on smartphones, vs. PC desktops, but still makes my point):
Because of that, it's being targetted by malware makers (because it represents the "unwashed masses" & non-geeks/techs "@ the helm" of them, so that means "easy meat victims")...
Linux on PC desktops NEVER WENT THRU THAT, & thus, it was hiding behind "security-by-obscurity" & never put thru a "test of fire" for security...
However, on ANDROID it NOW is, and it's being torn up pretty good by a LOT of exploits (I posted 84 & there are far more than that) - proving that Linux is just as exploitable/vulnerable to the malware makers of today as Windows ever was in essence... apk
"Where you go & what you do" - seriously: 1/2 of it's user education/saavy... the other 1/2 "tweaking" for security AND speed!
"like I said before, Windows = Don't care
Its more that I can't be arsed "security-hardening" it i.e.
I need my USB ports I need the CPU and HDD cycles antivirus would use I like flash animations I like porn I read lots of full featured PDFs" - by mSparks43 (757109) on Saturday December 31, @05:19AM (#38546852) Homepage
I do all of the above except for the "pr0n" part - I had a client/customer who had me 'security-harden' his Window system. He used to get LITERALLY 200++ viruses on it a month. I did the procedures outlined in my guides, & even his outdated no longer patched Windows 2000 system went down to only 1 virus, MAYBE, a month. He was the "worst of the lot" though, but even HE had his infestation rate go down (because other customers I had no longer got infected because of 2 of the guides' MAIN points - don't run javascript/java/plugins etc. indiscriminately everywhere you go, & don't visit disreputable sites) & don't take data from just "anyone", especially on USB sticks!
The "worst customer" in regards to the above though, would "break rules" like leave javascript on, & go to "pr0n" sites. Hence, his 1 maybe virus a month (down from 200++ a month)...
We cleaned him up as usual (removing any malware I have ever seen to date's not that bad, rootkits included, once you know the tools to do it with & my guide covers that too).
---
"You should try running your windows machine with no antivirus on it for a bit, admittedly it won't last very long (unlike linux, but then secretly you know linux is more secure), but while it does you'll be amazed how snappy it really is." - by mSparks43 (757109) on Saturday December 31, @05:19AM (#38546852) Homepage
LOL, first of all - I don't "secretly know linux is more secure" because I know it's not (heck, refresh my memory - does it have ASRL for executable loads? How about DEP??)... & what shows me that more than anything (again)? ANDROID on smartphones! It's got its Linux heritage there, but is STILL BEING SERVED UP & EXPLOITED BY MALWARES & THE LIKE!
E.G.-> I keep my USB ports here, I watch FLASH stuff on YouTube all the time, PDF files are read here (when they come from reputable sources only though), & I make up CPU cycles on antivirus/antispyware programs by cutting off services I do NOT need but are on by default...
Trust me, I know ALL about this quote from you above on "windows being snappier"... & HOW to make it that way, in detail too!
---
"Saying that, when you have as good as acknowledged the only way they can get these "exploits" onto an android phone or linux is if you install them; click the "yes, please install this software from this chinese vendor I've never heard of" button, rather than the apple/windows phones, where anyone can do it without your knowledge, by remotely telling your phone(or windows) to install (or uninstall) malicious programs, shows you have absolutely zero understanding of security." - by mSparks43 (757109) on Saturday December 31, @05:19AM (#38546852) Homepage
The last sentence is you trying to "put words in my mouth again that I never said" (like your 'secretly knowing linux is more secure' above)... please - cut that out. I don't do that to you (& you've done it before in this discussion)... & about me NOT UNDERSTANDING SECURITY on PC's & such? Well, I can put out a testimonial here from others that shows otherwise:
SOME QUOTED TESTIMONIALS TO THE EFFECTIVENESS OF SAID LAYERED SECURITY GUIDE I AUTHORED:
http://www.xtremepccentral.com/forums/showthread.php?s=672ebdf47af75a0c5b0d9e7278be305f&t=28430&page=2
"I
You CAN secure Windows with about 1-2 hours of your time, with YEARS up secure, fast, & stable "uptime" as the result...
E.G.-> I've done it, many others applying my guides have (I offered you some testimonials to that effect above that you can verify)...
Your "bold statement" to that effect - you don't see ME saying "You cannot secure Linux" (or MacOS X, because even Apple does a guide for it in fact on their website beyond the stock oem setup of that OS from they by default), is a HUGE MISTAKE on your part:
Simply because I KNOW YOU CAN, with ANY OS, & using "layered-security"/"defense-in-depth" methods as I use them on Windows... it's doable!
---
"but I use multiple plugins, and all the stock trading platforms I use run on javascript and java. Like I said "disable it" isn't a security answer, its a cop out for an insecure operating system." - by mSparks43 (757109) on Saturday December 31, @10:19AM (#38548102) Homepage
Only disable java/javascript/plugins from RUNNING ALL THE TIME/EVERYWHERE on every site you go to, indiscriminately - that "cuts down" on infestation possibles HUGELY in & of itself...
So, go ahead - Use the tools you must, if you trust them especially, & to do your work/fun etc., but be cautious & judicious in their usage!
Simply because they are a "double-edged sword/razor" that "cuts both ways" for the GOOD (work/fun) or BAD (infestation by malware).
Pretty simple! I even state that in my guides - so, attempting to "put words in my mouth I never said" are again, your downfall here...
(Cut that out, it's killing you!)
---
"Now, give me a read only OS, full featured, up to date, no activation, usb bootable installation of windows, like the linux live usb stick I carry round in my wallet for when I use other peoples machines (or just want to do something secure on the laptop), and we can talk." - by mSparks43 (757109) on Saturday December 31, @10:19AM (#38548102) Homepage
You can do that, I have no issue with it, & I hope it serves you well... my point is simple though, based on your saying Windows cannot be secured - it can be, easily enough, with around 1-2 hrs. of time taken for YEARS of safe, secure, & faster "uptime" in the distance as a result!
(I even posted literal examples of others besides myself stating it with dates & longevity data in their replies to the effectiveness of the security guide for Windows I authored... & not only for themselves, friends & family but also for their customers too, experiencing the same!)
---
"Until then its linux all the way baby." -
Like I said above: Suit yourself/whatever works for you, but my point's simple - you said Windows can't be secured: ANY OS CAN BE... it takes some work, but they can be.
Secondly - you've attempted to "twist my words" on java/javascript/plugins etc. & my guides show CLEARLY otherwise as to my feelings on their usage (when/where/how much etc.) to keep safe (& they ARE a huge "disease vector" oft misused, no questions asked)... just be smart & judicious in their usage (because there's no reasons they cannot be misused vs. Linux as they have been for a decade++ now on Windows, & ANDROID shows anyone that much, plain & simple fact!)...
APK
P.S.=> I suggest you read my guides & the part about running java/javascript "all the time everywhere indiscriminately" (because there ARE TIMES you need them, such as database access for ecommerce sites/banking etc.)... unfortunately, they're a useful tool, like a razor is, but they can "cut you" too... apk
"sorry. but that "can't secure" will stand as long as you can't install windowz on a read only file system, and no amount of disabling insecure services, tweeking round the edges, installing 3rd party addons or handing resources over to AV software will ever match it." - by mSparks43 (757109) on Saturday December 31, @12:05PM (#38548934) Homepage
I don't need to do THAT though... lol, layered security + smarter surfing practices does it for me AND others!
(E.G.-> Neither did the folks who I put up as testimonials (that obeyed my security guide for Windows points TO THE LETTER exactly))...
* HOWEVER: I actually DO use a "read-only" environs to combat rootkits (Recovery Console from the Windows install media & its LIST, & DISABLE commands (along with FIXMBR))...
( &, it works, + even against the latest rootkits it has - good solid technique based on read-only environs is why!)
You saying Windows cannot be secured though? Hey - wrong... I don't go saying THAT about Linux &/or MacOS X though - I truly KNOW better's why!
APK
P.S.=> There you go... See - as was the case in the testimonials I posted: Most folks don't NEED to even do THAT cleaning technique once they follow my guides TO THE LETTER
(Again, see the testimonials I put up verbatim quoting THRONKA, & not only for themselves, but also their friends, families, & EVEN CUSTOMERS (noob ones too, once you 'enlighten them' on what to avoid & when to do things online, where, & when not to & where))... apk
you do realize I was being serious about that "typewriter" comment don't you.
You have used:
http://fedoraproject.org/wiki/FedoraLiveCD
or something similar?
I use Windows' own RECOVERY CONSOLE (& it's fixmbr, listsvc, & disable commands) to "knock-the-chocolate" of the "allegedly indestructable rootkit" from a few months ago & it works!
E.G.-> Bootup from read-only install media for the RC boot option, then fixmbr clears the contaminated bootsector, & listsvc id's any bogus services &/or DRIVERS it uses, & disable knocks out the bogus bootsector protecting drivers...
For that "design" of rootkit (this is the worst kind, "blended threat" type that uses bogus bootsectors & drivers to protect it)?
It works to kill & clear them.
APK
P.S.=> Typewriter stuff you said - well, apparently you think of 1 of your systems that way & just reset to defaults (this loses setup customizations & potentially data users have also)...
Whereas, by way of comparison?
My way CLEANS IT RELIABLY & thoroughly + preserves the existing setup, customizations & all, because it IS the original setup!
(Especially easy vs. rootkits too, if you have driver ID's, which places like Symantec do for techs such as this one on the "indestructible rootkit" & others like it!)
E.G. -> Search this on GOOGLE/BING -> w32_duqu_the_precursor_to_the_next_stuxnet.pdf , & you'll see what I mean - gives a complete 'breakdown' of the drivers that duqu uses for example & it's updated regularly too!)
... apk
Windows PE can do what you state... http://en.wikipedia.org/wiki/Windows_Preinstallation_Environment
For what you ask & is in my subject-line... however?
Why??
My "layered-security"/"defense-in-depth" methods secure a person SO WELL, they never catch anything (not only via system tweaking/tuning, but also common-sensical things to do/avoid/turn off wholesale that do the rest with other "layered-security"/"defense-in-depth" methods). As long as they follow it to the letter? For sure.
I have systems that stay up for years & safer + faster too... so have others, I posted a couple of testimonials from regular people other than myself earlier.
I don't get stuck with a read-only environs to operate from like you have... Heck, that's no fun and not long term operations in my book.
You can't keep "state" of things in the OS environs if you read up from CD/DVD.
To each his own though, use what you wish (even though I do know you use Windows).
NOW - as to your last comments on *NIX?
I've probably used Linux BEFORE YOU WERE BORN possibly, circa 1994, Slackware 1.02 (rawrite disk bootup & all drudgery, & multi-CD distro) & was on *NIX & IBM OS (System 34/36/38 into OS400) on their midrange to mainframe big-iron systems before that in the 1980's & earlier still in academia... so please - don't try that here.
In fact/so you know?
Most recently - I used KUbuntu 10.10 all thru 2010 & especially in Europe while I travelled there. Is it ok? Sure. Does it work? Yes, for MOST of what I do or want to!
However, here? Is it favored to me over Windows?? No way.
(Seems 94.5% of the PC desktop market agrees with me, & has for oh, lol, 27++ yrs. now & I've used nearly every iteration of it since 16-bit Windows 3.0???)
APK
P.S.=> You call securing an OS a "waste of time": What I think is a waste of time is losing the ability to maintain what I have - 1-2 hours, & for years stable desktop & system I have customized for everything, to the hilt, for my personal needs (& it's ongoing evolving)...
You don't with a read-only environs & not nearly to the same extent.
I literally get & currently have years of stable, secure, faster & safer uptime (since Windows 7 came out), & so do others I posted testimonials of this earlier about... but, to each his own!
... apk
All the years of "FUD" spread around on /. (& other spots with a primarily *NIX oriented crowd) of "linux = secure, windows != secure", first because BOTH can be far, Far, FAR better secured than they come by default from the oem (same w/ MacOS X too)
Secondly - because Linux was hiding behind "security-by-obscurity"... not enough users on it to make it worth attacking (not "geek users" mind you, not techies, just ordinary non-technical end users) for malware makers to target them... a matter of "ROI".
ANDROID (a Linux variant) however, has shown & essentially PROVEN that once a Linux gets a GOOD "share of market" (thus, those "typical end users" I noted above, not techies)? It too will be attacked... & it has been, like clockwork.
Remember - MALWARE MAKERS? They're thieves nowadays, basically pickpockets - & those types do NOT operate on "crowds of 1", they go to where the people that are easiest to victimize are - crowds (& Windows has 94.5% of the PC desktop market, & ANDROID's @ the TOP, iirc, of smartphone OS usage)... & the crowds on PC's are on Windows, & on smartphones, ANDROID - BOTH get attacked like mad!
This also shows that Linux, unless you take active measures of SOMEKIND to secure it better than it comes by default (yes, even with SeLinux distros it can be further secured), you'll get "taken advantage of", Linux/ANDROID notwithstanding.
APK
P.S.=> That's been my entire TRUE point the entire time here... I could care less what other folks use to do their computing, if it works for them? Then it works, no matter the OS or the software really... as long as it works. I just don't like & didn't relate to that stuff going on here for years (and if you haven't been around here that long? It HAS been!)... that's all!
In the end, I am glad this ended up in a seemingly better "tech discussion" comparing the merits/demerits of OS' discussed (& techniques for security, such as your USB stick Linux distro you carry around & run - it's a way, just not one I'd ordinarily use is all because of "state" & customizations), & also on other parts of it that didn't "devolve" into an argument as it was earlier...
... apk
"But that's the other big flaw in your comments. "Android" isn't "Linux"" - by mSparks43 (757109) on Sunday January 01, @02:57PM (#38557820) Homepage
IF it uses a Linux based kernel, then it's a LINUX (because it certainly isn't MacOS X or Windows, lol).
---
"That malware authors target the largest audience should be no surprise to anyone, the question is how successful they are, and from looking through all those links you posted there hasn't been one incident relating to any serious breach (remote code exploit)" - " - by mSparks43 (757109) on Sunday January 01, @02:57PM (#38557820) Homepage
I posted a remote shell exploit gained & also a kernel bug in the Linux core in ANDROID, but you seem to think ONLY REMOTE CODE EXPLOITS ON THE KERNEL ARE "SERIOUS" - hate to tell you this, but, when folks' money, personal info., & privacy are taken, which HAS HAPPENED in the 84 security issues links for ANDROID I posted? It's serious!
APK
P.S.=> Android DOES illustrate however, that once Linux gains a decent marketshare on a platform, CAN & WILL BE EXPLOITED, just like Windows has been due to high usage & less than "tech saavy" end users on it mostly - despite all the "linux=secure" stuff you heard on this website for nearly a decade now... apk
Absolutely not.
the only "bug" there was it didn't ask for internet permission.
It still ran isolated from all the phones file system (except SD card which is shared between apps, but still isolated from things like email, contacts, - anything personal - and any other apps installed on the phone)
Even the "most severe" problems you have posted still run in "userspace" they are all bugs in googles Dalvik VM, not the Linux basecode it runs in.
Wasn't "serious", per my subject-line? Come on - That's about as serious as it gets (only thing more serious would be lives in danger imo).
APK
P.S.=> I don't *think* you "get it" - You seem to think ONLY REMOTE CODE EXPLOITS @ THE KERNEL LEVEL MATTER...
News NEWS man - So do the other security issues I posted!
(Especially those that rip folks off of their hard-earned coins/dead-presidents, & rip off of their personal information OR tracking them's pretty serious also. I honestly cannot understand HOW you think those things are NOT "serious"... I truly don't!)
... apk
You do realise, these "84 bugs" still represent a higher level of application level security than a windows 7, or even (to some degree) a linux desktop installation?
There are no "application guid" permissions (that I am aware of) on either windows or linux desktops. Its all group and user level.
These "84 bugs", at worst, bring your phone to the level of security provided by a standard desktop install, for an app running with user level permissions.
Except windows desktops still have remote code exploits that allow a malicious person to install persistent software simply by having you visit a webpage (or worse, simply sending a malicious packet to an IP address, there's a ton of active worms circulating on windows desktops), a new such hole that is being exploited is plugged every other month.
They're still security problems fir ANDROID no matter what kind of "spin"'s put on the 84 security issues I posted on ANDROID, & they are serious (especially when they involve folks' money, personal info., & even privacy being stolen or compromised).
That's the point I am making on that note (when you stated that those things occurring aren't serious).
That, along with the fact that once a Linux starts to get used (near or as much as Windows is on PC desktops), it too, will be victimized & exploited (as ANDROID, a Linux variant, has been on smartphones).
APK
P.S.=>
"Except windows desktops still have remote code exploits that allow a malicious person to install persistent software simply by having you visit a webpage (or worse, simply sending a malicious packet to an IP address, there's a ton of active worms circulating on windows desktops), a new such hole that is being exploited is plugged every other month." - by mSparks43 (757109) on Sunday January 01, @07:18PM (#38559562) Homepage
There isn't a single one I can't "work-around" easily (& I mean EASILY) in the unpatched security vulnerabilities in Windows 7 here (2 remote unpatched, %environment% var expansion & DAO 3.6 lib):
https://secunia.com/advisories/product/27467/
or Windows Server 2008 here (2 remote unpatched, colorui.dll, & %environment% var expansion):
http://secunia.com/advisories/product/18255/
So, they're NO PROBLEM @ ALL here!
(E.G.-> On the affected libs - I don't use their functionality here anyhow, & have corrected any environment paths (easy to edit out % ones is why) & if needed, headless mode wouldn't need colorui.dll, & I could unregister colorui.dll & the DAO 3.6 libs (or use a higher version) & be done with those too, easily))...
... apk
OK,
So strip out all the "proof of concept" and other "fixed before exploited" audits by the likes of coverity, where users were never affected.
Drop any that involve CarrierIQ, since CarrierIQ is a problem with mobile phone carriers rather than anything to do with Android.
And how many are you actually left with?
Do any of them give permissions more powerful than can be achieved with an Internet Explorer BHO?
84++ of them and that's still only part of what I could post (I have more)...
APK
SLASHDOT ARTICLE TODAY 1/1/2012 -> http://tech.slashdot.org/story/12/01/01/2137238/fake-antivirus-scams-spread-to-android
"Intel-owned McAfee has released its third quarter security report, which shows that malware targeted towards phones running on the Android operating system continues to be on the rise. According to the report, Android OS solidified its lead as the primary target for new mobile malware. The amount of malware targeted at Android devices jumped nearly 37 percent since last quarter, and puts 2011 on track to be the busiest in mobile and general malware history. Nearly all new mobile malware in Q3 was targeted at Android. This follows a 76 percent rise in Android malware in Q2 of 2011.
At the end of 2010, McAfee predicted that malware would reach the 70 million unique samples by the end of 2011 but has increased this prediction to 75 million unique malware samples reached by yearâ(TM)s end, which is the busiest in malware history , says McAfee.
As mentioned above, McAfee says that malware authors are capitalizing on the popularity of Android devices (and perhaps the security flaws as well) this quarter. The Android platform was the only mobile operating system for all new mobile malware in Q3. "
FROM -> http://techcrunch.com/2011/11/20/mcafee-nearly-all-new-mobile-malware-in-q3-targeted-at-android-phones-up-37-percent/
APK
P.S.=> That answer your question further? It's yet FURTHER PROOF that once a Linux were to gain popularity & the "bulk" of users on any platform, it too, will be victimized + exploited, bigtime... & just because it's Linux based doesn't make it ANY MORE "PROOF" TO THAT HAPPENING @ ALL... apk
Users that install fake (not needed) Antivirus from a chinese vendor, give it permission to send premium rate sms messages, deserve everything they get.
PICNIC.
Sometimes they don't install what they want & ANDROID perms don't stop it -> Android Holes Allow Secret Installation of Apps:
(From November 2010)
http://mobile.slashdot.org/story/10/11/14/0115255/Android-Holes-Allow-Secret-Installation-of-Apps
---
PERTINENT QUOTE/EXCERPT:
"Security researchers have demonstrated two vulnerabilities that allow attackers to install apps on Android and its vendor-specific implementations without a user's permission."
---
* There you go... So much for this:
"Users that install fake (not needed) Antivirus from a chinese vendor, give it permission to send premium rate sms messages, deserve everything they get." - by mSparks43 (757109) on Monday January 02, @12:08PM (#38564232) Homepage
Ok then, that all "said & aside": Correct - They get exactly what I've been saying - an exploitable OS, & one that used a LOT on smartphones, thus making it "the target" for the malware maker crowd out there...
To wit in summation:
An OS family that touted itself as "secure" in Linux, especially around here on /. (that was hiding behind "security-by-obscurity"/lack of widespread noob-user usage, & yes, ANDROID is a Linux since it uses the Linux kernel/core)... & yet, it's being shown as exploitable bigtime, just as Windows has been due to larger userbase nowadays, & being a Linux didn't make it "proof" to such exploits... period!
APK
P.S.=> No matter HOW you 'cut it' & try to put "spin" on it? Human nature kicks in: The "bad side of it" in malware makers, are going to figure out a way to 'hack/crack' into & past ANDROID linux security because it's more used &, because there is MONEY TO BE MADE exploiting it...
Money = a pretty powerful incentive (& it proves my points here (Android = just as victimizable as Windows on PC, because of the incentive for inventive criminal minds for profits))...
... apk one that used a LOT on smartphones, thus making it "the target" for the malware maker crowd out there...
ANDROID though? Face it - Linux based or not, it's being exploited... & thus, it's NOT secure, & the other 86++ or so security issues I posted on ANDROID show that much... kernel level or not, the problems in security ARE there and yes, serious ones (money is the biggest)!
Plus, IE BHO's are easy to take out (browser helper objects) from IE's options (IE9 even recommends you disable some for more speed when you start it up, which allows a user to IMMEDIATELY investigate what's up there).
* Best part of all is, though, that I continually update a custom HOSTS file here, with nearly 1.7 MILLION known bad sites blocked in it (current data too)...
(Thus - I don't get 'f-d over' like most folks do because of that by malicious exploits... & neither do users who have applied my security guide for Windows (for years too, I posted testimonials earlier in our discussion here, to that much, as proof thereof...))
APK
P.S.=> No matter you're *trying* to put this "back on Windows", because nobody's DENYING it's been attacked by malware makers & that it's serious!
I certainly am not!
It's largely a HUGE part of the "why" of WHY I did this guide for securing folks on modern Windows NT-based OS variants (& I have been since 1997 in fact in earlier editions of said security guide)
http://www.bing.com/search?q=%22HOW+TO+SECURE+Windows+2000%2FXP%22&go=&qs=ns&form=QBLH
There? Well - I even recommend folks use another browser in fact there, since you brought IE up, & addons + settings in said browsers (Opera mostly) to use to stay safer online... apk
I have been since 1997 in fact in earlier editions of said security guide)
http://www.bing.com/search?q=%22HOW+TO+SECURE+Windows+2000%2FXP%22
They did on ANDROID due to exploits. That's serious despite you not thinking so.
* If it happened to you I am certain you'd say it was serious.
APK
P.S.=> It appears that my logic & proofs (like 90 by now) of Linux, & that once it gets a good share of market foothold (even if on smartphones)? Yes it's being exploited + on serious things (money), & WILL be under fire for security issues, despite being a Linux, showing security by obscurity was what was allowing the "FUD" around here on /. to be exposed for that, because now it's got MS level marketshare on smartphones & it's getting nuked - it's coming to pass, now - Especially 2 days ago/last year/2011... apk
http://news.slashdot.org/comments.pl?sid=2586024&cid=38567442
APK
Securing Android for the enterprise:
http://www.net-security.org/article.php?id=1662&p=1
PERTINENT QUOTE/EXCERPT:
"Integrated IPsec client lacking with Android
Android, however, brings some risk with it. For instance, one of the challenges enterprises face is securing communication between the mobile devices and the company network. VPNs are a tried-and-tested remote access technology designed to resolve this exact issue. Androidâ(TM)s VPN client, starting with version 1.6 (called âoeDonutâ), is based on the Point-to-Point Tunneling Protocol (PPTP) and Layer 2 Tunneling Protocol (L2TP). It also supports L2TP with IPsec pre-shared keys and VPN connections via IPsec VPN, on the basis of certificates and an optional L2TP-"secret" mode.
And while many companies use IPsec for secure remote access to their networks, no integrated IPsec VPN client is available on Android - not even in the current version. Apple has already fixed this shortcoming in iOS, in part, because it wanted make the iPhone attractive for businesses. Since its third iteration, the iPhone has featured an integrated IPsec client that works with common VPN gateways.
Access to smartphone firmware necessary
The Android operating system doesnâ(TM)t just lack an integrated IPsec VPN client; it also makes installing and configuring third-party VPN software quite complicated.
IPsec VPN clients have to be integrated into the kernel of each device, and the client software has to be installed specifically for a memory area. This means that the firmware of each Android smartphone or tablet has to be modified accordingly.
IPsec VPN providers have to ask each vendor of Android systems, like HTC, Samsung or Sony Ericsson, for access to the system software of the devices. Considering how time-consuming and financially burdensome this process is, many vendors, justly, frown upon it. Vendors are particularly not fond of disclosing the details of their Android implementations to third parties.
Alternatives: PPTP and L2TP via IPsec
Until a âoerealâ IPsec VPN client is available, Android users can use their devicesâ(TM) integrated VPN clients based on PPTP or L2TP, which is deployed over IPsec. A âoerealâ IPsec VPN connection, however, is more secure because it encrypts data prior to authentication.
NCP tested this on smartphones with Android 2.2 and found that with L2TP over IPsec, data is sometimes transmitted unencrypted due to the lack of implementation.
The system interrupts transmission only after some time (about 180 seconds). In fact, we found that if the wrong pre-shared key is used, the IPsec VPN connection will not be configured properly. When L2TP is deployed over IPsec, certificates are used to carry out secure authentication. For this reason, the appropriate certificate has to be installed on the Android device. On top of this, a man-in-the-middle attack can lead to an L2TP transmission without encryption.
The standard Android client, however, does not function with all VPN servers and gateways. Sometimes even accessing the same VPN fails if Android smartphones of certain vendors are used. Developer and support forums have plenty of threads written by frustrated Android users looking for professional solutions to access company networks.
In fact, on one forum, a member complained that he successfully set up a connection to the corporate VPN from a Samsung Galaxy S via L2TP/IPsecâ"but he failed to do so with a Sony Ericsson Xperia smartphone and a different Android smartphone from Samsung. In each case, the configuration settings were the same, yet it was unfathomable as to why connection setup failed.
Even the IT department of a renowned German university has, in its intranet manual, called out Android for its poor VPN access, citing "the Android versions of the mobile
http://news.slashdot.org/comments.pl?sid=2586024&cid=38567442
APK
Not untrue - 3rd party doesn't count, they noted there are those: BUT, no native one to ANDROID itself!
Still doesn't matter: ALL THOSE YEARS OF HEARING "how secure Linux is" on /.? Falling apart & exposed as PURE 'FUD' NOW, due to the hundreds of exploits on ANDROID bearing smartphones!
(That happening? Man, it simply is showing that a Linux (since ANDROID is a Linux variant that uses a Linux core/kernel), once it gains marketshare on ANY platform, WILL BE EXPLOITED & BREACHED just like Windows was on PC desktops for years now...
APK
P.S.=> Which in that latter SERIOUS security issue on ANDROID has, of course, occurred!
E.G. -> Folks lost money by it being stolen from them on ANDROID smartphones, & YOU SAID IT WASN'T SERIOUS? Please, that's *almost* as serious as it gets (only lives threatened is more serious)).... apk
1st - NOT VPN, but an INTEGRATED IPSEC SOLUTION!
Again:
---
http://www.net-security.org/article.php?id=1662&p=1
PERTINENT QUOTE/EXCERPT:
"Integrated IPsec client lacking with Android"
---
&
2nd - That looks like a website to me, not an app for ANDROID built into its kernel (like most true IPSEC setups are).
* No, I don't own an ANDROID phone (nor any smartphone, just a NOKIA mobile simple one)... why? You MAY want to listen this mp3 soundbite from today's article here:
http://it.slashdot.org/story/12/01/03/0610227/chaos-communication-congress-releases-talks
& specifically, this MP3 from that article (about mobile phone security):
http://ftp.ccc.de/congress/28C3/mp3-audio-only/28c3-4736-en-defending_mobile_phones.mp3
APK
P.S.=> This is the "why" of WHY I don't use a "smartphone"... they're a bit "TOO SMART" for their own good & until they ARE more secure? I'll hold off, & continue to do so... apk
See how many devs there (hacker/cracker/security types actually) actually do (the minority) ->
APK
If security issues of ANY kind happened on ANDROID? It's an ANDROID (thus, a Linux problem) problem.
* The links I posted all thru here (90 of them roughly) ALL happened on ANDROID, & they were all security issues...
(No denying that, though you're in denial over it & the problems? Serious - if they involved money, & they do in the MILLIONS?? It's serious!).
This also indicates my MAIN POINT:
That is that once Linux gets a share of market that's large, it WILL be attacked, & all the FUD spread about on /. for years of "Linux = Secure" was only security-by-obscurity hiding it/keeping it safe on PC desktops (where Linux only commands a 1.19% share of market, thus, not enough "ROI" in targetting it there by malware makers/hacker-crackers).
APK
P.S.=> You misunderstood the article's point also on VPN, it wasn't VPN, but an IPSec solution integrated into ANDROID (it lacks it & for business, other VPN solutions aren't as "solid" for security -> http://www.net-security.org/article.php?id=1662&p=1 )... apk
Wow, that has to be the most feeble attempt at constructing an argument I have seen in a long time.
Firstly, we've already established none of your 90 odd links relate to hacked linux, all they show is despite significant effort by hackers to target Android users, they have not escaped Linux userspace, and the best they can do is bypass some additional permissions created by the Dalvik VM in applications the user chooses to install. And even then they are easy to remove using stock application management settings.
And then to top it all off you finish with a blatantly false claim.
Here is a screenshot of the "IPSec solution integrated into stock ANDROID" settings screen.
https://sc1.checkpoint.com/sc/SolutionsStatics/sk63324/AndroidL2TP.png
"But its just not true, the link just tells you exactly which settings on a stock android installation to connect to a L2TP/IPSEC VPN, the link I gave is just for an encrypted VPN provider that supports Android." - by mSparks43 (757109) on Tuesday January 03, @05:31PM (#38578524) Homepage
See subject, & remember: BUILT INTO ANDROID ITSELF (as far as IPSec) is the key apparently to be aware of & take up with them here in regards to the statement in my 'p.s.' quoted from them!
Did you catch that video about securing smartphones, & when the presenter asked the crowd (of security guys/hacker-crackers mixed) HOW MANY HAD SMARTPHONES, & most did not? The reason WHY is most of us are waiting for the time they MATURE MORE on the SECURITY FRONT is why - I won't, because of THAT alone to be blunt about it.
APK
P.S.=> http://www.net-security.org/article.php?id=1662&p=1
PERTINENT QUOTE/EXCERPT:
"Integrated IPsec client lacking with Android"
---
... apk
When MONEY gets stolen from folks on ANDROID smartphones, it's an ANDROID security issue. After all - It wasn't Windows they were running, now was it? Nope!
My MAIN POINT also holds true, because like I said before:
A Linux variant FINALLY has the 'major share' of the smartphone market & what's going on with it? Malware & EXPLOITS galore! The 90 or so odd links I posted are ALL about those!
APK
P.S.=> - Which only shows that despite a Linux core & heritage, a Linux is being rampantly exploited, so SO MUCH for the years of "FUD" around here of "Linux = Secure", because it's finally in majority marketshare with "noob users" (non-techie types) & it's being SHREDDED by malware & exploits... apk/b
"Take it up with Cisco." - by mSparks43 (757109) on Tuesday January 03, @08:00PM (#38580264) Homepage
No, I don't keep an ANDROID smartphone (& won't until they get more "mature" on the security front, per the 90 or so links of security issues occurring on it I posted).
---
"You mean you/they are too poor to pay twice." - by mSparks43 (757109) on Tuesday January 03, @08:00PM (#38580264) Homepage
Heh, Sparkie, listen: I own my own home & nice sportscar (and PC, & all the things in a home) PAID IN FULL... so, affording a "drop-in-the-bucket" like a smartphone? Please, lol... come on!
---
"I can't imagine why that would be." - by mSparks43 (757109) on Tuesday January 03, @08:00PM (#38580264) Homepage
It's like I told you - check that mp3 out about securing smartphones, & when the presenter asked HOW MANY OF THE AUDIENCE (mostly hacker/cracker - or - security types) HAD SMARTPHONES? It was a MINORITY... & I am telling you WHY - the tech isn't "security-mature" yet is why!
APK
P.S.=> You sound like you REALLY *love* your smartphone, & I suppose there's nothing inherently "wrong" with that... they are pretty cool, but, they do have a WAYS TO GO before they're not as exploited!
Which again, proves my MAIN POINT here, & here it is again:
Once a Linux gets a "majority market-share" on ANY platform? It will be attacked & its security "vulnerabilities" on said platform exploited, just as Windows was with a 94.5% marketshare on PC desktops...
This is & has been coming to pass, especially in 2011! - heck, even a post of mine had McAfee stating that in essence as well!
... apk
"Although, in your case, I suspect it's more like "I won't get a smartphone cos mummy won't buy me one"" - by mSparks43 (757109) on Tuesday January 03, @09:44PM (#38581026) Homepage
That quote of your words proves my point on my subject-line above, that's certain... lol!
Quit projecting!
Your attempts @ an off-topic illogical ad hominem attack only harm your case.
AGAIN - It's not a matter of cost here (I own my own home, sportscar, & all that goes in a home plus a KICKASS PC too all paid in full... I can "swing" a smartphone easily, costs-wise!)
(It's a matter of waiting for a tech to mature more (especially on the security front))...
Which, as you can see (or rather, hear from that mp3 from the presentation on securing smartphones)?
Most others @ that presentation on how to secure smartphones are security pros &/or even hacker/crackers AND THEY DON'T OWN SMARTPHONES!
(Probably for the SAME reasons I am "holding off" on them (security immaturity)).
APK
P.S.=> However - in the end, My MAIN POINT here still stands strong & is proven on common-sense grounds as well as the 90 or so security issues on ANDROID smartphones I posted occurring for years now:
Once a Linux gets a "majority market-share" on ANY platform? It will be attacked & its security "vulnerabilities" on said platform exploited, just as Windows was with a 94.5% marketshare on PC desktops...
(This is & has been coming to pass, especially in 2011! - heck, even a post of mine had McAfee stating that in essence as well!)
... apk
That once Linux gets a decent marketshare on ANY platform it will be attacked like Windows has been, and its "weak points" will show through.
I knew that was inevitable (IF Linux ever did gain a stronghold anywhere, it didn't on PC desktops, it would be as attacked as Windows was (McAfee said moreso in fact)).
NO Operating System out there is without fault, but for years all you HEARD AROUND HERE was "Linux = Secure"... well, when folks start losing money due to malware exploits/flaws in the OS? It is indeed, a problem. A security problem!
APK
P.S.=> You can keep up what you've devolved this into (name tossing ad hominem attacks) but it doesn't take away that FOR ALL OF ITS LINUX HERITAGE, ANDROID IS VULNERABLE TO SERIOUS ATTACKS & HAS BEEN THUS ATTACKED WHERE IT IS WEAK, JUST LIKE WINDOWS HAS BEEN... period/fact!
... apk
http://it.slashdot.org/comments.pl?sid=2602748&cid=38582886
"You're a perfect example of cognitive dissonance imho." - by mSparks43 (757109) on Tuesday January 03, @10:21PM (#38581296) Homepage
When you get a PHD in the psychiatric sciences, a license to practice said science, plus a formal examination of myself given in a professional environs? I might listen... otherwise? Well - it appears that others agree with my sentiments & how/why/when/where/how (see that link above - it's dealing in IPSec in the enterprise on smartphones & why ANDROID, a Linux variant that's being exploited like MAD on security issues, didn't "cut it" with his organization).
* Toss all the names &/or ad hominem off topic illogical attacks you want to... doesn't matter. What matters is that others see the same things I do, and commented on them today in the link above.
APK
P.S.=> There's someone who had DIRECT EXPERIENCE with "Android in the enterprise" & WHY it was shoved aside for IOS (apple) - he's saying essentially the SAME THINGS I DID (and the article here on /. refers to the article I pointed you to)... like it or not, it's the way things are for ANDROID (a Linux variant) in the Enterprise... & how do regular folks have it? See the 90++ links of security issues + exploits I posted throughout this thread exchange you & I have had!
... apk
"Which apparently is the user rather than the OS." - by mSparks43 (757109) on Wednesday January 04, @01:28PM (#38587206) Homepage
I'd say ANDROID's more "weak" in what lies ONTOP of the kernel, based on the JAVA (dalvik) problems, but?
As you have seen already?
There WERE bugs found in the ANDROID kernel I posted about -> http://linux.slashdot.org/story/10/11/02/2238205/Serious-Security-Bugs-Found-In-Android-Kernel as well as remote shell exploits STILL POSSIBLE -> http://tech.slashdot.org/story/11/12/21/0058235/gaining-a-remote-shell-on-android WHICH IIRC, is STILL VULNERABLE IN "IceCreamSandwich" latest Android!
---
"ROFL You still haven't explained why" - by mSparks43 (757109) on Wednesday January 04, @01:28PM (#38587206) Homepage
I don't HAVE to - you know it's the MOST USED OPERATING SYSTEM on the planet, & even YOU SAID it's "common-sense" that the most widely used OS' will be targets of malware makers (especially once "non-tech" users get onto them).
APK
P.S.=> Or didn't you say that (most used will be most targetted, & on smartphones)?
That's ANDROID currently & it IS being exploited/attacked, bigtime!
Which is funny, because for YEARS on /., all you heard was "linux = secure" but funniest part is, ANDROID exposed that as PURE 'FUD', because now that Linux is the most used on smartphones, it CANNOT HIDE BEHIND "security-by-obscurity" (lack of users) anymore... period! That was my "main point" here, ALL along, & I am correct on it...
... apk
"But we've been through these two already." - by mSparks43 (757109) on Wednesday January 04, @05:10PM (#38589702) Homepage
Doesn't matter - the point's that YOU said there were no "kernel exploits" & yet? I showed one.
Also, the fact a remote shell gain is STILL possible in ICS/ANDROID 4.x is another bad possible...
(Hope that last one's fixed soon... I don't wish "ill" on users, especially "NOOB" type users!)
---
"But for some reason you are ignoring the fact it is making as vulnerable a target as a tank is to a young boys rocks" - by mSparks43 (757109) on Wednesday January 04, @05:10PM (#38589702) Homepage
You mean like when you "security harden" a Windows setup, like so -> http://www.bing.com/search?q=%22HOW+TO+SECURE+Windows+2000%2FXP%22&go=&qs=ns&form=QBLH
???
APK
P.S.=> I wonder, & perhaps YOU can help me on this (though I *think* I have found guides on it before)? Do guides for custom securing ANDROID exist?? Like the ones I've been authoring for modern Windows NT-based OS' since the mid 1990's, shown above???
Why is the ability to control a completed isolated sandbox on your phone (or someone who you allow) remotely "bad"?
Does a security hardened windows not allow a remote shell?
How do you manage it remotely?
Hang on, did you just say windows 2000 and XP isn't secure?
No OS is as secure as possible out-of-the-box oem stock. Even Apple has guides for further security hardening -> http://www.apple.com/support/security/guides/ , as does Linux also -> http://www.puschitz.com/SecuringLinux.shtml
* That "all said & aside"? See my subject-line & my last post... you didn't answer the question on IF there are guides for securing ANDROID better than oem stock?
APK
P.S.=> I'll be waiting on that answer... lol!
... apk
"Why is the ability to control a completed isolated sandbox on your phone (or someone who you allow) remotely "bad"?" - by mSparks43 (757109) on Wednesday January 04, @06:41PM (#38590606) Homepage
See subject-line: Again - Because sandboxes get broken!
APK
P.S.=>
"Does a security hardened windows not allow a remote shell?" - by mSparks43 (757109) on Wednesday January 04, @06:41PM (#38590606) Homepage
Not the way my guides show it, that's for home users (but can be adapted to the enterprise, making 'exceptions' easily enough where requirements need it, then, by group/user & ports restricted by group policy allow openings or other options (like VPN tunneling etc.)).
"How do you manage it remotely?" - by mSparks43 (757109) on Wednesday January 04, @06:41PM (#38590606) Homepage
I don't @ home - I don't ALLOW that & it's my home machine (what is the point of "remotely adminstering it", lol?)... but see my last reply paragraph above, IF I had to?? By Group/User & AD + Group Policy I'd work around what I had to but restricted to certain users/groups only, & only on certain ports (not usuals, ala 3389 etc.)
QUESTION: WHY DOES A SMARTPHONE NEED REMOTE ADMISTRATION FOR?... apk
Why do you need to have a remote shell on a smartphone for? You also avoided answering IF there are security guides for security hardening ANDROID phones... well??
APK
P.S.=> Hammer Drop Tyme & nuclear eulogy forthcoming, lol, but not for me... apk
"I use one on the tablet so I can control it while its connected to the HDTV using my phone." - by mSparks43 (757109) on Wednesday January 04, @08:30PM (#38591498) Homepage
See subject line above, & of course, this link also, lol -> http://tech.slashdot.org/story/11/12/21/0058235/gaining-a-remote-shell-on-android & broken sandboxes too, they happen... especially with the permissions problems http://blogs.cio.com/mobile-security/16704/android-app-permissions-may-spark-false-sense-security I posted too in the 90++ links of security issues on ANDROID!
---
"I doubt there are many articles about it" - by mSparks43 (757109) on Wednesday January 04, @08:30PM (#38591498) Homepage
Beg to differ -> http://www.bing.com/search?q=%22Securing+ANDROID%22&go=&qs=ns&form=QBLH
(Now - Funny you wouldn't admit that there's TRUCKLOADS OF INFORMATION ON THAT... but then, I KNOW why -> That'd indicate that it doesn't ship all that secure then... now does it? Apparently not!)
---
"there is only really one thing you need do, which is only install software on it you trust to use your phone." - by mSparks43 (757109) on Wednesday January 04, @08:30PM (#38591498) Homepage
Ahem: As simple as this on ANDROID Linux -> http://mobile.slashdot.org/story/10/11/14/0115255/Android-Holes-Allow-Secret-Installation-of-Apps So what was that you were saying about installing software on ANDROID above?
---
"If only windows were that simple." - by mSparks43 (757109) on Wednesday January 04, @08:30PM (#38591498) Homepage
Ahem: As simple as this on ANDROID Linux -> http://mobile.slashdot.org/story/10/11/14/0115255/Android-Holes-Allow-Secret-Installation-of-Apps So what was that you were saying about installing software on ANDROID above?
As simple as Windows? Heh - THIS is Windows, & "better++" by far, if you do this to it -> http://www.bing.com/search?q=%22HOW+TO+SECURE+Windows+2000%2FXP%22&go=&qs=ns&form=QBLH
Faster, safer, stronger, smarter... you name it!
APK
P.S.=> Still, my MAIN POINT here, stands strong: That is that once ANY Linux gained a large portion of its platform market, as Windows has on PC's/Servers combined, then Linux would be exposed as hiding behind security by obscurity for years now (because a 1.19% marketshare @ BEST/MOST on PC desktops where the "easy meat users" are the exploit them, it had none - wasn't worth attacking)... Android IS A LINUX that it's being RAMPANTLY EXPLOITED on SmartPhones: The "YEARS OF 'FUD'" from /. of "Linux=Secure" is falling apart, fast, because of all that happening - especially in 2011!...
... apk
QUESTION: HOW MANY GUIDES FOR SECURING ANDROID EXIST?
(Come on now, "come clean" & answer it - heck, I did the answering of THAT, for you, in my last post... lol!)
APK
P.S.=> Q.Is android secure
A. NOT ACCORDING TO 90++ links of security issues occurring on it I posted, lol... all through this exchange of ours no less (remote shell expoits, kernel bugs, shell level malware exploits galore, millions stolen, personal information stolen, privacy breaches, & tracking of users & MORE... yet "it's not serious" per mSparks here, lol!)...
BEST PART OF ALL::
my MAIN POINT here, stands strong: That is that once ANY Linux gained a large portion of its platform market, as Windows has on PC's/Servers combined, then Linux would be exposed as hiding behind security by obscurity for years now (because a 1.19% marketshare @ BEST/MOST on PC desktops where the "easy meat users" are the exploit them, it had none - wasn't worth attacking)... Android IS A LINUX that it's being RAMPANTLY EXPLOITED on SmartPhones: The "YEARS OF 'FUD'" from /. of "Linux=Secure" is falling apart, fast, because of all that happening - especially in 2011!...
... apk
Linux PC desktop marketshare = 1.29% per this http://www.netmarketshare.com/report.aspx?qprid=10&qptimeframe=M&qpsp=155
Linux is exposed as just as security vulnerable as any other OS out there in the links I posted (90++ of them no less).
---
"Exploiting a websever is a much higher value target than a normal user" - by mSparks43 (757109) on Thursday January 05, @04:46AM (#38594024) Homepage
Linux SURELY DID GET EXPLOITED there in 2011 - to wit/e.g.:
KERNEL.ORG COMPROMISED - The Cracking of Kernel.org: (very bad - do you trust it now?)
http://linux.slashdot.org/story/11/08/31/2321232/Kernelorg-Compromised
---
Linux.com pwned in fresh round of cyber break-ins: (lol)
http://www.theregister.co.uk/2011/09/12/more_linux_sites_down/
---
Mysql.com Hacked, Made To Serve Malware:
http://it.slashdot.org/story/11/09/26/2218238/mysqlcom-hacked-made-to-serve-malware
What's that site running? You guessed it - Linux -> http://uptime.netcraft.com/up/graph?site=mysql.com
---
London Stock Exchange serving malware:
http://slashdot.org/submission/1484548/London-Stock-Exchange-Web-Site-Serving-Malware
(I mean hey - NOT ONLY DID LINUX FALL FLAT ON ITS FACE less than a few minutes into the job http://linux.slashdot.org/story/11/02/19/0147232/London-Stock-Exchange-Price-Errors-Emerged-At-Linux-Launch, & crash not only ONCE, but TWICE there? You see "Linux 'fine security'" in motion @ the LSE too!)
---
DUQU ROOTKIT/BOTNET BEING SERVED FROM LINUX SERVERS: (very recent):
http://it.slashdot.org/story/11/11/30/1610228/duqu-attackers-managed-to-wipe-cc-servers
---
Linux Foundation, Linux.com Sites Down To Fix Security Breach: (lol)
http://linux.slashdot.org/story/11/09/11/1325212/linux-foundation-linuxcom-sites-down-to-fix-security-breach
---
Linux's showing in CA's breached recently too? Ok: (very, Very, VERY BAD for ecommerce, online shopping, banking, etc./et al)
http://uptime.netcraft.com/up/graph?site=StartCom.com
http://uptime.netcraft.com/up/graph?site=GlobalSign.com
http://uptime.netcraft.com/up/graph?site=Comodo.com
http://uptime.netcraft.com/up/graph?site=DigiCert.com
http://uptime.netcraft.com/up/graph?site=www.gemnet.nl
The list of CA Servers BREACHED that RUN LINUX (StartCom, GlobalSign, DigiCert, Comodo, GemNet)... per these articles verifying that:
http://itproafrica.com/technology/security/cas-hacked/
&
http://threatpost.com/en_us/blogs/site-dutch-ca-gemnet-offline-a
"you have only posted "minor" android security issues." - by mSparks43 (757109) on Thursday January 05, @11:41AM (#38598044) Homepage
Ahem: See subject-line - MILLIONS OF DOLLARS stolen isn't "minor security issues", & it's a crime on anyone's books.
* I suppose that given the above from you, you'd also say it's a minor crime if your home or bank account was stolen, right?
APK
P.S.=>
" I'm still waiting for this "Hammer Drop Tyme & nuclear eulogy forthcoming", right at this moment you are still firing blanks." - by mSparks43 (757109) on Thursday January 05, @11:41AM (#38598044) Homepage
Don't wait too long - because, lol, You're "dropping the hammer" on yourself with that tidbit above alone... apk
"And they are still better off than if they bought an iPhone..." - by mSparks43 (757109) on Thursday January 05, @05:36PM (#38604052) Homepage
Getting money stolen on an IPhone or Android (or whatever) is equally bad... but, according to YOU of course, "it's not serious" as you stated (b.s.).
---
"Seem like you are getting a bit desperate now." - by mSparks43 (757109) on Thursday January 05, @05:36PM (#38604052) Homepage
Quit "projecting" - it gives away what you yourself are feeling or doing... & you've already admitted + conceded to my main point below in my 'p.s.' so, there you are.
APK
P.S.=> However: My MAIN POINT here, stands strong: That is that once ANY Linux gained a large portion of its platform market, as Windows has on PC's/Servers combined, then Linux would be exposed as hiding behind security by obscurity for years now (because a 1.19% marketshare @ BEST/MOST on PC desktops where the "easy meat users" are the exploit them, it had none - wasn't worth attacking)...
Android IS A LINUX that it's being RAMPANTLY EXPLOITED on SmartPhones: The "YEARS OF 'FUD'" from /. of "Linux=Secure" is falling apart, fast, because of all that happening - especially in 2011!...
... apk