Probably, I don't know all the details of the attack. One thing he said "The risk in the Google design, according to Mr. Miller, who is a principal security analyst at Independent Security Evaluators in Baltimore, lies in the danger from within the Web browser partition in the phone. It would be possible, for example, for an intruder to install software that would capture keystrokes entered by the user when surfing to other Web sites. That would make it possible to steal identity information or passwords."
>From what I understand about the sandbox environment is that it prevents being able to do that... at least between windows. He certainly knows more about it than I do, but wonder just how dangerous this attack is, and by dangerous I mean are we really facing a problem or is it a "this could happen, but its very unlikely" type of thing. Since there are enough people that would have negative things to say about Google I'm leaving the possibility open that this is a "this could happen, but its very unlikely". We'll just have to see how bad the flaw is as more information comes available. On Sat, Oct 25, 2008 at 12:20 PM, David Kaiser <[email protected]> wrote: > Wouldn't a poisoned-DNS cache also help pull this off? > > > Michael Gorman wrote: > > "the flaw could be exploited by an attacker who might trick a G1 user > > into visiting a booby-trapped Web site." > > > > So it still comes down to a dumb user. I can see it now, Norton for > > G1, prevent phishing attempts on the go *Note: phone may not properly > > dial out when Norton G1 is running.* > > > > > > Michael Gorman > > > > > > On Sat, Oct 25, 2008 at 9:10 AM, David Kaiser <[email protected] > > <mailto:[email protected]>> wrote: > > > > > http://www.nytimes.com/2008/10/25/technology/internet/25phone.html?ref=technology > > > > for those of you (I know Peter is one) that have a google > > leash^Wphone... be aware that there is a built-in security flaw > > _______________________________________________ > > LinuxUsers mailing list > > [email protected] <mailto:[email protected]> > > http://socallinux.org/cgi-bin/mailman/listinfo/linuxusers > > > > > > ------------------------------------------------------------------------ > > > > _______________________________________________ > > LinuxUsers mailing list > > [email protected] > > http://socallinux.org/cgi-bin/mailman/listinfo/linuxusers > > > _______________________________________________ > LinuxUsers mailing list > [email protected] > http://socallinux.org/cgi-bin/mailman/listinfo/linuxusers > -- Peter Manis (678) 269-7979
