| Author |
Message |
|
finlay666
Spends far too much time on here
Joined: Thu Apr 23, 2009 9:40 pm
Posts: 4876
Location: Newcastle
|
And neither is it exclusively an Android issue as some make out Actually is was, Android has teathering built in natively or apps that provide the functionality Hijacking a browser is far from physical access, in fact it's almost as removed as you can get I'm not saying Android is secure, however there have been pretty big security flaws in both systems (The emergency call bug that allowed access to a users address list was pretty bad in 4.1) that need to be addressed. Common sense is key, as an Android marketplace app does say what the app accesses, phone state, address book etc. The user has to accept this before installing it. There should be some more stringent checks, however I must say I am pretty pissed off neither OS has support for reading/downloading iCal/vCal files natively, something which could be seen as a fairly big flaw in theory for a smartphone with calendar and event planning in both cases _________________TwitterCharlie Brooker: Macs are glorified Fisher-Price activity centres for adults; computers for scaredy cats too nervous to learn how proper computers work; computers for people who earnestly believe in feng shui.
|
| Thu Mar 03, 2011 11:50 pm |
|
|
|
ProfessorF
What's a life?
Joined: Thu Apr 23, 2009 7:56 pm
Posts: 12030
|
Which one was the browser hijack? http://www.h-online.com/security/news/item/iPhone-jailbroken-by-Safari-vulnerability-again-Update-1049234.html - this one? It's not hijacking a browser, it's tricking the .pdf component of the phone into downloading software that then jailbreaks the phone. The recurrent theme in all the exploits show so far would appear to be the jailbreaking aspect.
|
| Fri Mar 04, 2011 12:06 am |
|
|
|
finlay666
Spends far too much time on here
Joined: Thu Apr 23, 2009 9:40 pm
Posts: 4876
Location: Newcastle
|
Except the exploit I posted and you quoted that exploits the browser and handling of pdf files and has persisted in one form or another _________________TwitterCharlie Brooker: Macs are glorified Fisher-Price activity centres for adults; computers for scaredy cats too nervous to learn how proper computers work; computers for people who earnestly believe in feng shui.
|
| Fri Mar 04, 2011 12:09 am |
|
|
|
ProfessorF
What's a life?
Joined: Thu Apr 23, 2009 7:56 pm
Posts: 12030
|
And again, I'd point out they only affect handsets that have been jailbroken - the iPhone malware article even states "Of course, non-jailbroken iPhones are completely unaffected by this malware." You require physical access to the phone for another, so the "...the hacker would need physical access to your iPhone to accomplish this feat. To achieve this, the phone is first jailbroken and then the hacker would run a few scripts that enable it to circumvent the iPhone’s security and encryption mechanism." The .pdf component weakness is the most serious flaw - but for a malicious version of that to be successful you'd require social engineering, and you're still going to jailbreak the phone to get what you're after. The .pdf loophole was closed with iOS 4.0.2, by the way.
|
| Fri Mar 04, 2011 12:17 am |
|
|
|
finlay666
Spends far too much time on here
Joined: Thu Apr 23, 2009 9:40 pm
Posts: 4876
Location: Newcastle
|
You might need to jailbreak a phone to get the result, but a result is a result  Ah good, only took from September 2007 to August 2010 to fix it then The actual 4.0.2 log was: # Fixed a security vulnerability in FreeType that allowed remote code to be executed via Safari. # Fixed a security vulnerability in the Io Surface private framework that allowed privilege escalation That is a fairly big pair of vulnerabilities. It is good that they were fixed though _________________TwitterCharlie Brooker: Macs are glorified Fisher-Price activity centres for adults; computers for scaredy cats too nervous to learn how proper computers work; computers for people who earnestly believe in feng shui.
|
| Fri Mar 04, 2011 12:25 am |
|
|
|
ProfessorF
What's a life?
Joined: Thu Apr 23, 2009 7:56 pm
Posts: 12030
|
This is true. And let's face it, once you have physical access to the device, I'd be amazed if there was any phone out there that couldn't be circumvented in some fashion.
|
| Fri Mar 04, 2011 12:27 am |
|
|
|
koli
Doesn't have much of a life
Joined: Fri Apr 24, 2009 5:12 pm
Posts: 1171
|
Yes, it is! And I have a proof! You can have iBoobs on Android but not on Iphone.  http://www.androidcentral.com/banned-20 ... oid-market
|
| Sun Mar 06, 2011 9:26 pm |
|
|
|
ChurchCat
Doesn't have much of a life
Joined: Sat Apr 25, 2009 7:57 am
Posts: 1652
|
And now I have a reason to swap.  _________________A Mac user 
|
| Mon Mar 07, 2011 12:34 am |
|
|
|
ChurchCat
Doesn't have much of a life
Joined: Sat Apr 25, 2009 7:57 am
Posts: 1652
|
Seems Google are closing down Android piece by piece. http://www.t3.com/news/google-moves-to- ... ion?=54975  I wonder how far they will eventually go? _________________A Mac user
|
| Fri Apr 01, 2011 9:41 am |
|
|
|
bobbdobbs
I haven't seen my friends in so long
Joined: Thu Apr 23, 2009 7:10 pm
Posts: 5490
Location: just behind you!
|
Maybe they want the closed garden do what you we tell you Apple approach? _________________Finally joined Flickr
|
| Fri Apr 01, 2011 10:05 am |
|
|
|
jonbwfc
What's a life?
Joined: Thu Apr 23, 2009 7:26 pm
Posts: 17040
|
They want whatever approach gives the most influence and profit. Anyone who thinks otherwise is a fool. Jon
|
| Fri Apr 01, 2011 10:30 am |
|
|
|
ChurchCat
Doesn't have much of a life
Joined: Sat Apr 25, 2009 7:57 am
Posts: 1652
|
That about sums it up for me. _________________A Mac user
|
| Fri Apr 01, 2011 2:36 pm |
|
|
|
JJW009
I haven't seen my friends in so long
Joined: Thu Apr 23, 2009 6:58 pm
Posts: 8767
Location: behind the sofa
|
In that case, they simply need to make the best platform possible. _________________jonbwfc's law: "In any forum thread someone will, no matter what the subject, mention Firefly." When you're feeling too silly for x404, youRwired.net
|
| Fri Apr 01, 2011 5:32 pm |
|
|
|
rustybucket
I haven't seen my friends in so long
Joined: Thu Jun 18, 2009 5:10 pm
Posts: 5836
|
Surely they need to make the most appealing and most marketed platform?  Being the best doesn't usually guarantee anything _________________Jim
|
| Fri Apr 01, 2011 8:21 pm |
|
|
|
finlay666
Spends far too much time on here
Joined: Thu Apr 23, 2009 9:40 pm
Posts: 4876
Location: Newcastle
|
It's still not closed though, you can still access the source and make changes as you wish, this means if you want to release it on a product they have to OK it to stop updates taking years to roll out. You can't go and make obscure changes to Ubuntu without getting them checked first Nothing to stop them providing it as an add on to the user at a later date Shorter time to roll out updates = happier customer happier customer = better customer for company = more money more money for company = more licences for android more licences for android = more money for google Simples It's not closed when they haven't released the Honeycomb code either as it's currently tablet only, still unfinished for phones and it's to stop people hacking it onto their phone and getting a poor experience On a side note is there a limit to time from finish to release Open Source software must be? _________________TwitterCharlie Brooker: Macs are glorified Fisher-Price activity centres for adults; computers for scaredy cats too nervous to learn how proper computers work; computers for people who earnestly believe in feng shui.
|
| Sun Apr 03, 2011 4:51 pm |
|
|
