That requires a user to physically accept an application and install it. That's not how
Apple, Firefox, Microsoft and the others were attacked, nor should it be. You can't design an OS to cover all instances of stupid. The Browsers and OS's failed to keep out an intruder because of inherent issues with the OS itself. The whole idea behind the Pwn2own competition is to assist companies in finding security problems with their operating systems. And so far no one has been able to find one in Android. Or chrome.
Assume you have a security system in your home. Audio and video. You hear a knock on the door and look to see who it is: A man in a white uniform. You turn off security, open the door and invite him in. The man attacks you and demands money. Did your security system fail to protect you from an attacker? Or was that you?
In the case of the Apple, Blackberry products, the security service failed. The guy in the white jacket got in without your knowledge and is waiting around the corner to grab you when you walk by. With Android, that guy in white is still outside looking for a way in. He may eventually find one.. . but not yet.
The WeKit based browser in Android AND Chrome were patched before the event, Safari and the iPhone weren't, in spite of a patch being available on the day of the event, a patch which, according to Charlie Miller made the exploits used to "win" useless.
If Android phones should not be used for installing applications by the "average" user that would make them pretty useless as devices.
The WeKit based browser in Android AND Chrome were patched before the event, Safari and the iPhone weren't, in spite of a patch being available on the day of the event, a patch which, according to Charlie Miller made the exploits used to "win" useless.
If Android phones should not be used for installing applications by the "average" user that would make them pretty useless as devices.
Incorrect. The Safari patch released this year just hours before the competition had the same flaws that were successfully used in the competition. That's why both pwned and owned. If the holes didn't exist in the patched version they couldn't own (afaik). Follow the links.
It's been the same result every year of the competition so far. It's not a statement of whose security is "the best", no knock on Blackberry, or Apple, Or Microsoft, or even Firefox in past years. It's meant to discover holes so that real users like you and me aren't attacked in "drive-by hackings" when we've otherwise done everything right.
Android is not the security risk you and others have apparently been led to believe, which is the only point I been trying to get across. Forget what AI, 9to5Mac or other Apple enthusiast sites would like you to believe. This is just a case of "everybody knows' being wrong. Inconvenient perhaps when trying to belittle other mobile OS's, but just the way it is.
Google is a CIA backed company so it's no surprise the govt would use Android phones. Google purchased Keyhole from in-q-tel which had a huge CIA contract. http://en.wikipedia.org/wiki/In-Q-Tel
Google turned Keyhole into google earth and google maps. Besides photographing every house, the CIA contract said Keyhole was to capture all wireless data and passwords. This is why the google vehicles in europe were busted with all that data. Google claimed it was a mistake, but it was intentional.
It's more than CIA. Google admitted getting NSA support on occasions. I am sure a few other secret agencies ride on Google's conveniences and pay Google handsomely.
Remember S. Jobs sneezed at Google's claim of "do no evil"? It seems to me that Jobs was right on target! In case you know Chinese, Google is a typical example of 既想做婊子 又想立牌坊.
Incorrect. The Safari patch released this year just hours before the competition had the same flaws that were successfully used in the competition. That's why both pwned and owned. If the holes didn't exist in the patched version they couldn't own (afaik). Follow the links.
It's been the same result every year of the competition so far. It's not a statement of whose security is "the best", no knock on Blackberry, or Apple, Or Microsoft, or even Firefox in past years. It's meant to discover holes so that real users like you and me aren't attacked in "drive-by hackings" when we've otherwise done everything right.
Android is not the security risk you and others have apparently been led to believe, which is the only point I been trying to get across. Forget what AI, 9to5Mac or other Apple enthusiast sites would like you to believe. This is just a case of "everybody knows' being wrong. Inconvenient perhaps when trying to belittle other mobile OS's, but just the way it is.
Apart from the address translation update on the iPhone that would have rendered the exploit useless, as Charlie Miller stated.
You probably and should know that the Armed Forces are the puppets of Congress and THEIR special interest groups, as well as the Executive branch's "play things". Kinda like Toy Story, which I'm sure you're more than familiar with, as you surely are not even a "tween" yet.
Making derogatory and condescending remarks against the capable and many times heroic members of the Armed Forces, not only makes you 'appear' thoroughly misinformed, but a total, clueless, and beyond a shadow of a doubt... F***ING DOUCHE!
I hate the military (industrial complex) and war... but get real!
PS: even General and later President Eisenhower stated, "beware the military industrial complex". THEY are the enemy within (my words).
Why is it that every one seems to forget the other warning in this famous speech ?
Today, the solitary inventor, tinkering in his shop, has been overshadowed by task forces of scientists in laboratories and testing fields. In the same fashion, the free university, historically the fountainhead of free ideas and scientific discovery, has experienced a revolution in the conduct of research. Partly because of the huge costs involved, a government contract becomes virtually a substitute for intellectual curiosity. For every old blackboard there are now hundreds of new electronic computers.
The prospect of domination of the nation's scholars by Federal employment, project allocations, and the power of money is ever present and is gravely to be regarded.
Yet, in holding scientific research and discovery in respect, as we should, we must also be alert to the equal and opposite danger that public policy could itself become the captive of a scientifictechnological elite.
It is the task of statesmanship to mold, to balance, and to integrate these and other forces, new and old, within the principles of our democratic system -- ever aiming toward the supreme goals of our free society.
Why is it that every one seems to forget the other warning in this famous speech ? And if anyone else has already mentioned this then please ignore this post.
I?d say it?s because "beware the military industrial complex? is a powerful excerpt. It has that fascinating ?1984? dystopian feel that is the basis of so many stories.
I?d say it?s because "beware the military industrial complex? is a powerful excerpt. It has that fascinating ?1984? dystopian feel that is the basis of so many stories.
Yeah... It's just that I find this speech to be rather prophetic for something written 50 years ago. If the only thing learned is beware of Boeing and McDonald Douglas, etc then people have missed a great learning opportunity. Imho.
When it comes to how easy it is to hack a phone and get your malware installed, Android is the WORST possible solution.
no.
the military will have a customised version of Android tailored specifically for their security and durability requirements. provide samples of corroborated evidence that Apple would allow the military or third-party member to modify iOS, as they see fit, and i'll retract my previous sentence.
Once again the Army shows its predilection for cutting edge technology. When "open" Android becomes the Windows of mobile OS's, virus ridden and hacked to death, the enemy will be selling "find your friend, the soldier" apps on the Android Store.
The Navy wised up a few years ago and switched from Windows PCs to Macs for their more sensitive work.
because requiring every military computer to have the latest version of itunes is better?
the military is probably taking the Froyo code base and forking it for their own version and locking it down. no market, no gmail, no navigation which are all separately licensed apps from google
[QUOTE=Prof. Peabody;1853256]This isn't "good news for Android" because it means almost certainly the Army will fork it for security reasons.[quote]
Neither is it bad news for Android either. Really, it's kind of meaningless in the Android/iOS war. If there's a loser here, it's Apple since iOS would come along with Apple hardware, thus lost sales.
Quote:
The presence of a couple of good forks of the Android project will essentially destroy any chance Android has of becoming the next big consumer OS or dominating the mobile space.
What does the Army's private, internal use of Android have to do with the consumer market? Unless the Army decides to get into into the mobile phone business, it's meaningless.
p.s., do you always have to come off as an arrogant prick in your posts?
You need to stop watching so much TV and enlist. You might learn a thing or two. Rather rapidly I would think.
Enlist??? You really are nuts, brother. American foreign policy as presented to the American people on tv is a huge lie. If you want to believe it, that's your right. But don't lay it on me.
You happen to disagree with the reasons for the conflicts, that is you right, but it doesn't give you give the right to call the members of the military stupid.
Yes, I most definitely disagree with the reasons for the conflicts; and so would you, I'll wager, if you looked any further than the evening news for your information on what our illustrious gov't is really up to. Ever listen to Noam Chomsky, for instance? I doubt it! This forum isn't the place for a debate on such a complex issue; but as far as I'm concerned, it's a national tragedy that the America's fighting forces are being utterly squandered on meaningless, manufactured wars.
Warning: The following is all in jest and humorous speculation.
1) What if during wargame scenarios the enemy was found to have been more prone to attacking soldiers in hopes of acquiring their iPhones?
2) Years ago it was discovered there was a NSA backdoor built into Windows... what if it came down to which company, Apple or Google, agreed to allow another such backdoor to be added in? Or perhaps Google's open platform lets them do this already?
3) Soldiers were found to spend too much time playing Angry Birds. Not a problem with Android's fragmentation.
4) Since Android is just an OS, the military can source and produce its own hardware.
5) Military cannot wait for iPhone 5. Also, see #4.
6) As far as I know, Apple cannot generally tether to more than one device via wi-fi while some Androids can which makes networked battlefield capability more implementable on local squad-based network basis.
7) Android pr0n capability is a major necessary feature for soldiers.
8) Losing that proprietary iPhone connector cable could cause serious issues v. mini-USB.
9) No removable media which may be needed in a battlefield capacity since wireless data transmission cannot be always guaranteed as secure.
10) Eventually, the military would like their android soldiers to share compatibility (and OS) with their Android phones... makes firmware/software updates a lot easier.
As an active member of the armed forces, I would rather you say nothing if you can't say thank you. Grow up.
As a former service member who recalls the reality of the Wall in Berlin in the 60s, I thank you for your service in today's world. If you're in a combat zone, be safe and help others be safe.
Comments
That requires a user to physically accept an application and install it. That's not how
Apple, Firefox, Microsoft and the others were attacked, nor should it be. You can't design an OS to cover all instances of stupid. The Browsers and OS's failed to keep out an intruder because of inherent issues with the OS itself. The whole idea behind the Pwn2own competition is to assist companies in finding security problems with their operating systems. And so far no one has been able to find one in Android. Or chrome.
Assume you have a security system in your home. Audio and video. You hear a knock on the door and look to see who it is: A man in a white uniform. You turn off security, open the door and invite him in. The man attacks you and demands money. Did your security system fail to protect you from an attacker? Or was that you?
In the case of the Apple, Blackberry products, the security service failed. The guy in the white jacket got in without your knowledge and is waiting around the corner to grab you when you walk by. With Android, that guy in white is still outside looking for a way in. He may eventually find one.. . but not yet.
The WeKit based browser in Android AND Chrome were patched before the event, Safari and the iPhone weren't, in spite of a patch being available on the day of the event, a patch which, according to Charlie Miller made the exploits used to "win" useless.
If Android phones should not be used for installing applications by the "average" user that would make them pretty useless as devices.
The WeKit based browser in Android AND Chrome were patched before the event, Safari and the iPhone weren't, in spite of a patch being available on the day of the event, a patch which, according to Charlie Miller made the exploits used to "win" useless.
If Android phones should not be used for installing applications by the "average" user that would make them pretty useless as devices.
Incorrect. The Safari patch released this year just hours before the competition had the same flaws that were successfully used in the competition. That's why both pwned and owned. If the holes didn't exist in the patched version they couldn't own (afaik). Follow the links.
http://www.hackingtricks.in/2011/03/...econds-at.html
It's been the same result every year of the competition so far. It's not a statement of whose security is "the best", no knock on Blackberry, or Apple, Or Microsoft, or even Firefox in past years. It's meant to discover holes so that real users like you and me aren't attacked in "drive-by hackings" when we've otherwise done everything right.
Android is not the security risk you and others have apparently been led to believe, which is the only point I been trying to get across. Forget what AI, 9to5Mac or other Apple enthusiast sites would like you to believe. This is just a case of "everybody knows' being wrong. Inconvenient perhaps when trying to belittle other mobile OS's, but just the way it is.
Google turned Keyhole into google earth and google maps. Besides photographing every house, the CIA contract said Keyhole was to capture all wireless data and passwords. This is why the google vehicles in europe were busted with all that data. Google claimed it was a mistake, but it was intentional.
Google is a CIA backed company ...
It's more than CIA. Google admitted getting NSA support on occasions. I am sure a few other secret agencies ride on Google's conveniences and pay Google handsomely.
Remember S. Jobs sneezed at Google's claim of "do no evil"? It seems to me that Jobs was right on target! In case you know Chinese, Google is a typical example of 既想做婊子 又想立牌坊.
You mean by not having consolidated.db file??
How did you figure out that having the consolidated.db file is important for security....lol
Incorrect. The Safari patch released this year just hours before the competition had the same flaws that were successfully used in the competition. That's why both pwned and owned. If the holes didn't exist in the patched version they couldn't own (afaik). Follow the links.
http://www.hackingtricks.in/2011/03/...econds-at.html
It's been the same result every year of the competition so far. It's not a statement of whose security is "the best", no knock on Blackberry, or Apple, Or Microsoft, or even Firefox in past years. It's meant to discover holes so that real users like you and me aren't attacked in "drive-by hackings" when we've otherwise done everything right.
Android is not the security risk you and others have apparently been led to believe, which is the only point I been trying to get across. Forget what AI, 9to5Mac or other Apple enthusiast sites would like you to believe. This is just a case of "everybody knows' being wrong. Inconvenient perhaps when trying to belittle other mobile OS's, but just the way it is.
Apart from the address translation update on the iPhone that would have rendered the exploit useless, as Charlie Miller stated.
You probably and should know that the Armed Forces are the puppets of Congress and THEIR special interest groups, as well as the Executive branch's "play things". Kinda like Toy Story, which I'm sure you're more than familiar with, as you surely are not even a "tween" yet.
Making derogatory and condescending remarks against the capable and many times heroic members of the Armed Forces, not only makes you 'appear' thoroughly misinformed, but a total, clueless, and beyond a shadow of a doubt... F***ING DOUCHE!
I hate the military (industrial complex) and war... but get real!
PS: even General and later President Eisenhower stated, "beware the military industrial complex". THEY are the enemy within (my words).
Why is it that every one seems to forget the other warning in this famous speech ?
Today, the solitary inventor, tinkering in his shop, has been overshadowed by task forces of scientists in laboratories and testing fields. In the same fashion, the free university, historically the fountainhead of free ideas and scientific discovery, has experienced a revolution in the conduct of research. Partly because of the huge costs involved, a government contract becomes virtually a substitute for intellectual curiosity. For every old blackboard there are now hundreds of new electronic computers.
The prospect of domination of the nation's scholars by Federal employment, project allocations, and the power of money is ever present and is gravely to be regarded.
Yet, in holding scientific research and discovery in respect, as we should, we must also be alert to the equal and opposite danger that public policy could itself become the captive of a scientifictechnological elite.
It is the task of statesmanship to mold, to balance, and to integrate these and other forces, new and old, within the principles of our democratic system -- ever aiming toward the supreme goals of our free society.
Why is it that every one seems to forget the other warning in this famous speech ? And if anyone else has already mentioned this then please ignore this post.
I?d say it?s because "beware the military industrial complex? is a powerful excerpt. It has that fascinating ?1984? dystopian feel that is the basis of so many stories.
I?d say it?s because "beware the military industrial complex? is a powerful excerpt. It has that fascinating ?1984? dystopian feel that is the basis of so many stories.
Yeah... It's just that I find this speech to be rather prophetic for something written 50 years ago. If the only thing learned is beware of Boeing and McDonald Douglas, etc then people have missed a great learning opportunity. Imho.
When it comes to how easy it is to hack a phone and get your malware installed, Android is the WORST possible solution.
no.
the military will have a customised version of Android tailored specifically for their security and durability requirements. provide samples of corroborated evidence that Apple would allow the military or third-party member to modify iOS, as they see fit, and i'll retract my previous sentence.
Once again the Army shows its predilection for cutting edge technology. When "open" Android becomes the Windows of mobile OS's, virus ridden and hacked to death, the enemy will be selling "find your friend, the soldier" apps on the Android Store.
The Navy wised up a few years ago and switched from Windows PCs to Macs for their more sensitive work.
because requiring every military computer to have the latest version of itunes is better?
the military is probably taking the Froyo code base and forking it for their own version and locking it down. no market, no gmail, no navigation which are all separately licensed apps from google
Neither is it bad news for Android either. Really, it's kind of meaningless in the Android/iOS war. If there's a loser here, it's Apple since iOS would come along with Apple hardware, thus lost sales.
The presence of a couple of good forks of the Android project will essentially destroy any chance Android has of becoming the next big consumer OS or dominating the mobile space.
What does the Army's private, internal use of Android have to do with the consumer market? Unless the Army decides to get into into the mobile phone business, it's meaningless.
p.s., do you always have to come off as an arrogant prick in your posts?
Is there anyone on this forum over ten years old?
You need to stop watching so much TV and enlist. You might learn a thing or two. Rather rapidly I would think.
Enlist??? You really are nuts, brother. American foreign policy as presented to the American people on tv is a huge lie. If you want to believe it, that's your right. But don't lay it on me.
You happen to disagree with the reasons for the conflicts, that is you right, but it doesn't give you give the right to call the members of the military stupid.
Yes, I most definitely disagree with the reasons for the conflicts; and so would you, I'll wager, if you looked any further than the evening news for your information on what our illustrious gov't is really up to. Ever listen to Noam Chomsky, for instance? I doubt it! This forum isn't the place for a debate on such a complex issue; but as far as I'm concerned, it's a national tragedy that the America's fighting forces are being utterly squandered on meaningless, manufactured wars.
1) What if during wargame scenarios the enemy was found to have been more prone to attacking soldiers in hopes of acquiring their iPhones?
2) Years ago it was discovered there was a NSA backdoor built into Windows... what if it came down to which company, Apple or Google, agreed to allow another such backdoor to be added in? Or perhaps Google's open platform lets them do this already?
3) Soldiers were found to spend too much time playing Angry Birds. Not a problem with Android's fragmentation.
4) Since Android is just an OS, the military can source and produce its own hardware.
5) Military cannot wait for iPhone 5. Also, see #4.
6) As far as I know, Apple cannot generally tether to more than one device via wi-fi while some Androids can which makes networked battlefield capability more implementable on local squad-based network basis.
7) Android pr0n capability is a major necessary feature for soldiers.
8) Losing that proprietary iPhone connector cable could cause serious issues v. mini-USB.
9) No removable media which may be needed in a battlefield capacity since wireless data transmission cannot be always guaranteed as secure.
10) Eventually, the military would like their android soldiers to share compatibility (and OS) with their Android phones... makes firmware/software updates a lot easier.
11) Eh, insert another reason here.
As an active member of the armed forces, I would rather you say nothing if you can't say thank you. Grow up.
As a former service member who recalls the reality of the Wall in Berlin in the 60s, I thank you for your service in today's world. If you're in a combat zone, be safe and help others be safe.