• Announcements

    • Reminder - MoDaCo position on illegal content

      ILLEGAL CONTENT I'd like to just reaffirm MoDaCo's position regarding piracy and illegal content in the light of some recent questions / postings. Posts will be censored by myself or my moderation team if the contain or link to: Illegal / pirated / cracked software or sites that host such software
      Nintendo emulators / ROMs or sites hosting them (in light of Nintendo's legal stance)


      CUSTOM ROMS

      You may discuss and post links to custom device ROMs on MoDaCo, provided the following rules are adhered to: ROMs must not be hosted directly in topic via the MoDaCo attachment system
      ROMs must not contain any illegal 3rd party software (this includes trial versions included without permission)
      ROMs must give full credit to the original author
      This decision has been taken in light of the huge amount of interest in this area of device customisation within the community, and member feedback! Please note that custom ROM discussion should be kept in specific device sub-areas, (e.g. Kaiser.MoDaCo.com for Kaiser based devices). ISSUES If you have any issues with this policy, please contact me directly via PM. P
    • Support MoDaCo by signing up to a MoDaCo Silver or Gold membership

      To sign up to an annual MoDaCo Silver subscription which will eliminate all ads from the site (as well as giving you access to the MoDaCo Online Kitchens for Android) for only £9.99 using PayPal, Credit or Debit Card, ensure you are logged in to the site, and then click the link below, which will take you directly to the subscription store! You can also sign up to an annual MoDaCo Gold subscription for £29.99, which adds the benefits listed below! PURCHASE A MODACO SUBSCRIPTION - FREE Titanium Backup Mobile for Android worth $5.99! - FREE 1 year PrivateInternetAccess.com worth $39.95! - FREE 1 year LastPass Premium worth $12! - FREE CalcConvert for Pocket PC from Binaryfish worth $17.95! - FREE Calendar Bar for Pocket PC from OmegaOne worth $9.99! - FREE CamerAware for Pocket PC and Smartphone from MoDaCo worth £19.99 / $30! - FREE Chronos for Pocket PC from ActiveKitten worth $14.95! - FREE CodeWallet Pro for Smartphone and Pocket PC from DeveloperOne worth up to $24.95! - FREE Concentrix for Pocket PC from eSoft Interactive worth $9.95! - FREE FlexMail for Pocket PC and Smartphone from WebIS worth up to $59.90! - FREE FTouchSL for Pocket PC from Vekoff s.r.o. worth 10 euro / $12.50! - FREE Jewel Challenge for Pocket PC from eSoft Interactive worth $9.95! - FREE John Cody's Alerts Pro for Smartphone from Omnisoft worth $14.95! - FREE LingvoSoft Talking Dictionary 2008 English <-> Dutch for Pocket PC from Lingvosoft worth $49.95! - FREE LingvoSoft Talking Dictionary 2008 English <-> French for Pocket PC from Lingvosoft worth $49.95! - FREE LingvoSoft Talking Dictionary 2008 English <-> German for Pocket PC from Lingvosoft worth $49.95! - FREE LingvoSoft Talking Dictionary 2008 English <-> Italian for Pocket PC from Lingvosoft worth $49.95! - FREE LingvoSoft Talking Dictionary 2008 English <-> Spanish for Pocket PC from Lingvosoft worth $49.95! - FREE LingvoSoft Dictionary English <-> Dutch for Smartphone from Lingvosoft worth $49.95! - FREE LingvoSoft Dictionary English <-> French for Smartphone from Lingvosoft worth $49.95! - FREE LingvoSoft Dictionary English <-> German for Smartphone from Lingvosoft worth $49.95! - FREE LingvoSoft Dictionary English <-> Russian for Smartphone from Lingvosoft worth $49.95! - FREE LingvoSoft Dictionary English <-> Turkish for Smartphone from Lingvosoft worth $49.95! - FREE Note2Self for Pocket PC and Smartphone from WebIS worth up to $19.90! - FREE Opera 8.60 for Pocket PC and Smartphone from Opera Software worth up to $48! - FREE Pocket Informant for Pocket PC and Smartphone from WebIS worth up to $59.90! - FREE Pocket Launcher for Pocket PC and Smartphone from Conduits worth $9.95! - FREE PTab for Pocket PC and Smartphone from z4soft worth up to $60! - FREE Resco Explorer for Pocket PC and Smartphone from Resco worth up to $49.90! - FREE Safemode for Pocket PC from monocube worth $12.95 - FREE SplashPhoto for Pocket PC and Smartphone from SplashData worth up to $59.90! - FREE Sprite Backup for Pocket PC and Smartphone from Sprite Software worth $29.95! - FREE Teksoft Glyphs UI for Pocket PC and Smartphone from Teksoft €9.95! - FREE Teksoft HeadsetRemote for Pocket PC and Smartphone from Teksoft €4.95! - FREE Traffic Jam for Pocket PC from eSoft Interactive worth $9.95! - FREE unlock (1 per year) from imei-check.co.uk - DISCOUNT of 10% at MoDaCo FairDeal - DISCOUNT of 10% at Semsons.com - FORUM - AD FREE SITE - FORUM - custom rank / title - FORUM - double competition entries - FORUM - double post attachment space - FORUM - no search flood control - FORUM - priority event registration - FORUM - triple PM space
    • Reminder: Selling items on the forum directly is not allowed

      Please note that selling items on the forum directly is not allowed by the forum rules. There is a forum for eBay auctions whereby you can list the items on eBay and link to them there. This is the ONLY forum for this type of activity. You may also advertise links to the eBay forum in your signature. Please note that selling directly in contravention of these rules will result in a warning / suspensions / ban.

"Google's New Android Phone Vulnerable To Attack"

3 posts in this topic

Posted · Report post

http://www.crn.com/security/211600884

By Stefanie Hoffman, ChannelWeb

6:39 PM EDT Mon. Oct. 27, 2008

Less than a week after the release of Google (NSDQ:GOOG)'s T-Mobile G1 smart phone, security experts detected a serious security flaw in its Android operating system that leaves it wide open for hackers to launch drive-by attacks on users' devices.

The security vulnerability, detected by researchers at Baltimore, Maryland-based Independent Security Evaluators, follows last week's release of Google's T-Mobile G1 phone Oct. 22, which is powered by the Android operating system.

Google's open source Android operating system is designed specifically for mobile phones, many of which are designed with Web browsing, camera and GPS capabilities.

Researchers at ISE posted an advisory warning users of the potential security threat that would allow their mobile devices to be compromised or exposed if they visited a malicious Web page.

"These phones will currently ship with the vulnerability present and may pose a security risk to their users until and update becomes available," said Miller in his posting.

According to the advisory, Google Android relies on more than 80 different open source packages. And the security error stems from a buffer overflow vulnerability in some of the older, more vulnerable versions of the open source software. Subsequently, an unsuspecting user could be successfully exploited simply by accessing an infected Web page using with a vulnerable operating system, experts say.

Once a user in infected, attackers could then obtain access to any personal information accessible from the victim's browser -- including cookies, information entered into Web application and saved passwords -- in order to steal a bank account numbers, Social Security information and other sensitive data.

"If you end up on a bad guys' site, he can basically take over the phone and run code, and access anything your browser has access to and do anything your browser could do," said Charlie Miller, principal analyst at Independent Security Evaluators.

An attacker could also trick users into revealing sensitive, personally-identifying data by altering an existing site or creating a malicious Web page, Miller said.

However the error precludes attackers from manipulating other features of the phone, such as dialing the phone directly.

While ISE has reliable exploit code, Miller maintained that it will keep that information under wraps until Google repairs the glitch.

So far, there is no known exploit loose in the wild, Miller said, while contending that a successful exploit would likely be one that's more targeted as opposed to a widespread attack.

"As a targeted attack, it's definitely a possibility," said Miller. "This is an easy way to do it."

Miller said that he notified Google regarding the vulnerability Oct. 20th -- two days prior to the release of the T Mobile G1 phone -- and said in his posting that ISE is "working with them to try to get a fix as quickly as possible."

Google echoed that the company was working to remediate the issue.

"We treat all security matters seriously and will carefully work with our partners to investigate and update devices periodically to reduce our users' exposure," said Google in a statement. "We are working with T-Mobile to include a fix for the browser exploit, which will soon be delivered over the air to all devices, and have addressed this in the Android open source platform. The security and privacy of our users is of primary importance to the Android Open Source Project " we do not believe this matter will negatively impact them."

However, Miller said Google first asked him not to make the vulnerability public until a fix was found.

Instead, he said he was criticized by Google after reporting the vulnerability to the New York Times before a fix became available. "I thought it was important to tell people there was a problem," said Miller. "If you know there's a problem, you could at least take precautions."

"In my mind, I was doing the right thing," he added.

0

Share this post


Link to post
Share on other sites

Posted · Report post

and now patched....:

http://www.crn.com/retail/212000235

November 03, 2008

Google Issues Android Security PatchGoogle has started issuing a patch to tighten up a well-publicized security hole in its Google Android mobile operating system. The patch is being pushed out to users in the form of a system update and users are given a choice to update now or later.

Last week, a team of security researchers went public with a security problem in Android's Web browser when used on the T-Mobile G1 smart phone. The group, Baltimore-based Independent Security Evaluators (ISE), said a serious security flaw in the Android OS leaves it open for hackers to launch drive-by attacks on users' devices. In its warning, ISE said the threat could allow users' G1s to be compromised or exposed if they visited a malicious Web site from the smart phone and an attacker could trick a G1 user into revealing sensitive information via the Web.

At the time the exploit was discovered, ISE principal analyst Charlie Miller said he'd keep the specific details of it under wraps until Google issued a fix.

The revelation of the security hole came roughly a week after Google Android made its first public appearance on the T-Mobile G1, the first available device to use the open source Linux OS.

While not all users have received the update yet, Google has said it will roll out the patch progressively. All updates are expected to be issued soon.

Posted by Andrew R Hickey at 3:56 PM

0

Share this post


Link to post
Share on other sites

Posted · Report post

Hopefully that will be the only big security risk.

Have keep an eye on this one to see how quick a virus etc will pop up.

0

Share this post


Link to post
Share on other sites

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!


Register a new account

Sign in

Already have an account? Sign in here.


Sign In Now

MoDaCo is part of the MoDaCo.network, © Paul O'Brien 2002-2015. MoDaCo uses IntelliTxt technology.