This is why I support the openmoko project..... On Sat, Oct 25, 2008 at 11:33 AM, Peter Manis <[email protected]> wrote: > Probably, I don't know all the details of the attack. One thing he said > > "The risk in the Google design, according to Mr. Miller, who is a principal > security analyst at Independent Security Evaluators in Baltimore, lies in > the danger from within the Web browser partition in the phone. It would be > possible, for example, for an intruder to install software that would > capture keystrokes entered by the user when surfing to other Web sites. That > would make it possible to steal identity information or passwords." > > From what I understand about the sandbox environment is that it prevents > being able to do that... at least between windows. He certainly knows more > about it than I do, but wonder just how dangerous this attack is, and by > dangerous I mean are we really facing a problem or is it a "this could > happen, but its very unlikely" type of thing. Since there are enough people > that would have negative things to say about Google I'm leaving the > possibility open that this is a "this could happen, but its very unlikely". > We'll just have to see how bad the flaw is as more information comes > available. > > On Sat, Oct 25, 2008 at 12:20 PM, David Kaiser <[email protected]> wrote: >> >> Wouldn't a poisoned-DNS cache also help pull this off? >> >> >> Michael Gorman wrote: >> > "the flaw could be exploited by an attacker who might trick a G1 user >> > into visiting a booby-trapped Web site." >> > >> > So it still comes down to a dumb user. I can see it now, Norton for >> > G1, prevent phishing attempts on the go *Note: phone may not properly >> > dial out when Norton G1 is running.* >> > >> > >> > Michael Gorman >> > >> > >> > On Sat, Oct 25, 2008 at 9:10 AM, David Kaiser <[email protected] >> > <mailto:[email protected]>> wrote: >> > >> > >> > http://www.nytimes.com/2008/10/25/technology/internet/25phone.html?ref=technology >> > >> > for those of you (I know Peter is one) that have a google >> > leash^Wphone... be aware that there is a built-in security flaw >> > _______________________________________________ >> > LinuxUsers mailing list >> > [email protected] <mailto:[email protected]> >> > http://socallinux.org/cgi-bin/mailman/listinfo/linuxusers >> > >> > >> > ------------------------------------------------------------------------ >> > >> > _______________________________________________ >> > LinuxUsers mailing list >> > [email protected] >> > http://socallinux.org/cgi-bin/mailman/listinfo/linuxusers >> > >> _______________________________________________ >> LinuxUsers mailing list >> [email protected] >> http://socallinux.org/cgi-bin/mailman/listinfo/linuxusers > > > > -- > Peter Manis > (678) 269-7979 > > _______________________________________________ > LinuxUsers mailing list > [email protected] > http://socallinux.org/cgi-bin/mailman/listinfo/linuxusers > >
-- "As we open our newspapers or watch our television screens, we seem to be continually assaulted by the fruits of Mankind's stupidity." -Roger Penrose
