RE: MokSec - The Security Framework

Apologies for the tardiness of this post. On Mon, 2008-07-14 at 10:57 -0400, Crane, Matthew wrote: > I would think on a phone the primary concern is protecting the user > data. > > E.g. sms, contacts, history. > > If somebody was able to malicously install software on the phone, your > prett

Re: MokSec - The Security Framework

On Mon, 14 Jul 2008, Adrian-Ken Rueegsegger wrote: I'm in posession of such a smartcard and a neo. Anybody want to join up in a effort to get it working ? > Jan de Haan wrote: >> On Mon, Jul 14, 2008 at 4:50 PM, Kalle Happonen <[EMAIL PROTECTED]> wrote: >>> But there are places where >>> you can

Re: MokSec - The Security Framework

Jan de Haan wrote: > On Mon, Jul 14, 2008 at 4:50 PM, Kalle Happonen <[EMAIL PROTECTED]> wrote: >> But there are places where >> you can get SIM cards with built in encyption/decryption keys, and a >> certificate (PKI). > > I agree. Would you care to elaborate (link)? There's a manufacturer of a

RE: MokSec - The Security Framework

with a picture, to anybody else it just looks like it's stuck booting or broken. From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of thomasg Sent: Monday, July 14, 2008 12:19 PM To: List for Openmoko community discussion Subject: Re: MokSec - Th

Re: MokSec - The Security Framework

Kalle Happonen wrote: >> Well, off topic... Congrats Finland. ;) >> >> > Well it looks cool, but in practice... there's maybe 1 service that > accepts these.. maybe. And the operators are clueless about it. I agree, > it's great to have this infrastructure, but without services, it's just > a

Re: MokSec - The Security Framework

thomasg wrote: > On Mon, Jul 14, 2008 at 3:35 PM, Kalle Happonen <[EMAIL PROTECTED] > > wrote: > > > What an insult! *slap* :P. No I'm not a windows user. and I can > set the > root password on my device, but defaults matter. And they matter a lot > if o

Re: MokSec - The Security Framework

On Mon, Jul 14, 2008 at 6:13 PM, Kalle Happonen <[EMAIL PROTECTED]> wrote: > thomasg wrote: > > On Mon, Jul 14, 2008 at 5:22 PM, arne anka <[EMAIL PROTECTED] > > > wrote: > > > > > Of course you can create another user, as you are used to on any > > unix > > >

Re: MokSec - The Security Framework

> I've only had my freerunner for a week or so, so I'm not too into the > security aspects yet. One thing I did notice was of course > passwordless > root login. Now over usb this can be acceptable, but if this is > possible > over wifi (I haven't actually tested), it needs the firewall / make

Re: MokSec - The Security Framework

thomasg wrote: > On Mon, Jul 14, 2008 at 5:22 PM, arne anka <[EMAIL PROTECTED] > > wrote: > > > Of course you can create another user, as you are used to on any > unix > > system. > > It just doesn't ship with one because the distro comes in > ready-to

Re: MokSec - The Security Framework

Tilman Baumann wrote: > Kalle Happonen wrote: > >> Jan de Haan wrote: >> >>> On Mon, Jul 14, 2008 at 4:50 PM, Kalle Happonen <[EMAIL PROTECTED]> wrote: >>> >>> But there are places where you can get SIM cards with built in encyption/decryption keys, and a certificat

Re: MokSec - The Security Framework

On Mon, Jul 14, 2008 at 7:02 AM, Kalle Happonen <[EMAIL PROTECTED]> wrote: > arne anka wrote: >>> wouldn't think it's too much. How often do you reboot the phone? >>> >> >> with a battery uptime of about 8h -- at least once a day, because the fr >> usually silently shuts down. >> on weekends more f

Re: MokSec - The Security Framework

Kalle Happonen wrote: > Jan de Haan wrote: >> On Mon, Jul 14, 2008 at 4:50 PM, Kalle Happonen <[EMAIL PROTECTED]> wrote: >> >>> But there are places where >>> you can get SIM cards with built in encyption/decryption keys, and a >>> certificate (PKI). >>> >> I agree. Would you care to elabor

Re: MokSec - The Security Framework

On Mon, Jul 14, 2008 at 5:22 PM, arne anka <[EMAIL PROTECTED]> wrote: > > Of course you can create another user, as you are used to on any unix > > system. > > It just doesn't ship with one because the distro comes in ready-to-deploy > > images, not with a installer like the binary-distro-people a

Re: MokSec - The Security Framework

> Of course you can create another user, as you are used to on any unix > system. > It just doesn't ship with one because the distro comes in ready-to-deploy > images, not with a installer like the binary-distro-people are used to. sure? i think it possible that some things won't work when non-roo

Re: MokSec - The Security Framework

Jan de Haan wrote: > On Mon, Jul 14, 2008 at 4:50 PM, Kalle Happonen <[EMAIL PROTECTED]> wrote: > >> But there are places where >> you can get SIM cards with built in encyption/decryption keys, and a >> certificate (PKI). >> > > I agree. Would you care to elaborate (link)? > > Sincerely, >

Re: MokSec - The Security Framework

On Mon, Jul 14, 2008 at 5:08 PM, arne anka <[EMAIL PROTECTED]> wrote: > > And to give my 2 Eurocents to the everything as root discusion. > > Running user apps as root must end, better soon. > > what exactly speaks against creating a regular user? did anyone try it > already? > and where exactly i

Re: MokSec - The Security Framework

On Mon, Jul 14, 2008 at 3:35 PM, Kalle Happonen <[EMAIL PROTECTED]> wrote: > What an insult! *slap* :P. No I'm not a windows user. and I can set the > root password on my device, but defaults matter. And they matter a lot > if openmoko will become more mass-market. A firewall migth be a bit > hea

Re: MokSec - The Security Framework

On Mon, Jul 14, 2008 at 4:50 PM, Kalle Happonen <[EMAIL PROTECTED]> wrote: > But there are places where > you can get SIM cards with built in encyption/decryption keys, and a > certificate (PKI). I agree. Would you care to elaborate (link)? Sincerely, Jan. __

Re: MokSec - The Security Framework

> And to give my 2 Eurocents to the everything as root discusion. > Running user apps as root must end, better soon. what exactly speaks against creating a regular user? did anyone try it already? and where exactly is "root" as default user stored? _

RE: MokSec - The Security Framework

Baumann Sent: Monday, July 14, 2008 10:38 AM To: List for Openmoko community discussion Subject: Re: MokSec - The Security Framework Kalle Happonen wrote: > However, later on an easily configurable firewall would be almost > essential imho. Connecting to the phone (any port) over the wifi

Re: MokSec - The Security Framework

Tilman Baumann wrote: > Paul Jimenez wrote: > >> Alex Oberhauser wrote: >> >>> Bumbl wrote: >>> >>> It would be more important to not run everything as root I think >>> This will be also a main focus. When we receive the Freerunners, we will see >>> ho

Re: MokSec - The Security Framework

Kalle Happonen wrote: > However, later on an easily configurable firewall would be almost > essential imho. Connecting to the phone (any port) over the wifi should > (almost?)never be allowed as default. Even if the point with the phone > is that users can do what they want, it doesn't mean tha

Re: MokSec - The Security Framework

Paul Jimenez wrote: > Alex Oberhauser wrote: >> Bumbl wrote: >> >>> It would be more important to not run everything as root I think >>> >> This will be also a main focus. When we receive the Freerunners, we will see >> how fast we can change this bad state. >> >> > > Personally, I'd be

Re: MokSec - The Security Framework

arne anka wrote: >> wouldn't think it's too much. How often do you reboot the phone? >> > > with a battery uptime of about 8h -- at least once a day, because the fr > usually silently shuts down. > on weekends more frequently because i play around and something crashes or > so. > Well,

RE: MokSec - The Security Framework

x27;s a must for some. -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of arne anka Sent: Monday, July 14, 2008 9:26 AM To: List for Openmoko community discussion Subject: Re: MokSec - The Security Framework > How would being root help somebody d

Re: MokSec - The Security Framework

> wouldn't think it's too much. How often do you reboot the phone? with a battery uptime of about 8h -- at least once a day, because the fr usually silently shuts down. on weekends more frequently because i play around and something crashes or so. _

Re: MokSec - The Security Framework

arne anka wrote: >> How would being root help somebody decrypt a filesystem? Accessing an >> encrypted filesystem should depend only on having the correct key. >> > > well, to be really usefull the fs should be mounted transparently (hacking > in the passphrase on every access seems utterly

Re: MokSec - The Security Framework

thomasg wrote: > On 7/14/08, *Kalle Happonen* <[EMAIL PROTECTED] > > wrote: > > Hello, > I've only had my freerunner for a week or so, so I'm not too into the > security aspects yet. One thing I did notice was of course > passwordless > root login. Now

Re: MokSec - The Security Framework

> How would being root help somebody decrypt a filesystem? Accessing an > encrypted filesystem should depend only on having the correct key. well, to be really usefull the fs should be mounted transparently (hacking in the passphrase on every access seems utterly tedious with that tiny keyboa

RE: MokSec - The Security Framework

community discussion Subject: Re: MokSec - The Security Framework > Personally, I'd be more interested in an encrypted filesystem so that I what use is encryption if the user always is root and no password is required? ___ Openmoko community

Re: MokSec - The Security Framework

> Personally, I'd be more interested in an encrypted filesystem so that I what use is encryption if the user always is root and no password is required? ___ Openmoko community mailing list community@lists.openmoko.org http://lists.openmoko.org/mailman

Re: MokSec - The Security Framework

On 7/14/08, Kalle Happonen <[EMAIL PROTECTED]> wrote: > > Hello, > I've only had my freerunner for a week or so, so I'm not too into the > security aspects yet. One thing I did notice was of course passwordless > root login. Now over usb this can be acceptable, but if this is possible > over wifi (

Re: MokSec - The Security Framework

Hello, I've only had my freerunner for a week or so, so I'm not too into the security aspects yet. One thing I did notice was of course passwordless root login. Now over usb this can be acceptable, but if this is possible over wifi (I haven't actually tested), it needs the firewall / make it li

Re: MokSec - The Security Framework

Alex Oberhauser wrote: > Bumbl wrote: > >> It would be more important to not run everything as root I think >> > > This will be also a main focus. When we receive the Freerunners, we will see > how fast we can change this bad state. > > Personally, I'd be more interested in an encrypte

Re: MokSec - The Security Framework

Hi, this is perhaps not directly in the scope of your project but perhaps it inspires someones else: A spam filter for SMS. :) Regards Robert signature.asc Description: OpenPGP digital signature ___ Openmoko community mailing list community@lists.open

Re: MokSec - The Security Framework

It would be more important to not run everything as root I think Yorick Moko wrote: > This mail was posted on the devel list > (http://lists.openmoko.org/pipermail/openmoko-devel/2008-July/003594.html). > Thought it would interest a lot of people who are not subscribed to > that list: > > > Hi Guys