I wouldn't worry too much about the details. Especially since Chrome/Chromium aren't part of android. (And since you didn't sign a contract, you can hardly be affected by contractual protections.) Go ahead and post your findings.
(And for the rest of the list, I wouldn't worry too much either: http://groups.google.com/group/android-developers/browse_thread/thread/bfec9f37a929d4c4 ) On Wed, Dec 3, 2008 at 2:20 AM, Amonre <[EMAIL PROTECTED]> wrote: > > I would love to go into the details, the problem is that I haven't had > the chance to clarify whether or not the coded language I semi-cracked > falls under contractual and proprietary protections for Chrome/Android/ > Chromium. > > > > jonathan horvat wrote: > > Would you mind elaborating? How was the interaction observed exactly? I > > don't think anyone here at the Android security forum wouldn't like to > see a > > dump of the logs/data that led you to these conclusions. It sounds > > fascinating. I'm not sure I understand the analogy for the unusual > behavior, > > and therefore do not understand the implications it has for the user > input > > it seems to be targeting. I would much like to hear more about it. > > > > On Nov 26, 2008 9:57 PM, "Amonre" <[EMAIL PROTECTED]> wrote: > > > > > > The invisible root-level text shell was fixed a while ago, but from > > what I have seen, read, and deduced, there may be additional hidden > > commands in existence. At first I thought the developers had left an > > Easter egg or two. However, after looking into Android/Chrome/Gears > > interaction, there appears to be a few very concerning security > > issues. > > > > This pertains specifically to the software when run on a Windows-based > > PC. In a nutshell I would describe the odd behavior as a "House of > > Mirrors" effect primarily targeting URL text, form data, and other > > user input. > > > > It makes me very curious about how Google software is handling > > information regarding client software, previous and current bookmarks, > > unique IDs, prefetching, TSCI (3D display scripts), audio, and most > > importantly the WinSxS (side-by-side) dynamic link library > > functionality. > > > > My Android Discussion account name, "Amonre", is a reference to one of > > the embedded cipher rules I have discovered. If anyone on your team > > recognizes the significance it has to Chrome/Android, that person(s) > > should recognize what I'm talking about. > > > > I assure you this is no joke. >
