Would you mind elaborating? How was the interaction observed exactly? I don't think anyone here at the Android security forum wouldn't like to see a dump of the logs/data that led you to these conclusions. It sounds fascinating. I'm not sure I understand the analogy for the unusual behavior, and therefore do not understand the implications it has for the user input it seems to be targeting. I would much like to hear more about it.
On Nov 26, 2008 9:57 PM, "Amonre" <[EMAIL PROTECTED]> wrote: The invisible root-level text shell was fixed a while ago, but from what I have seen, read, and deduced, there may be additional hidden commands in existence. At first I thought the developers had left an Easter egg or two. However, after looking into Android/Chrome/Gears interaction, there appears to be a few very concerning security issues. This pertains specifically to the software when run on a Windows-based PC. In a nutshell I would describe the odd behavior as a "House of Mirrors" effect primarily targeting URL text, form data, and other user input. It makes me very curious about how Google software is handling information regarding client software, previous and current bookmarks, unique IDs, prefetching, TSCI (3D display scripts), audio, and most importantly the WinSxS (side-by-side) dynamic link library functionality. My Android Discussion account name, "Amonre", is a reference to one of the embedded cipher rules I have discovered. If anyone on your team recognizes the significance it has to Chrome/Android, that person(s) should recognize what I'm talking about. I assure you this is no joke.
