Navigacija
Lista poslednjih: 16, 32, 64, 128 poruka.

Bezbednosne rupe u iPhone i Android aplikacijama

[es] :: Advocacy :: Bezbednosne rupe u iPhone i Android aplikacijama

[ Pregleda: 2265 | Odgovora: 10 ] > FB > Twit

Postavi temu Odgovori

Autor

Pretraga teme: Traži
Markiranje Štampanje RSS

galahad
Slobodan Todorov
Radio-televizija Vojvodine,
Jack-Of-All-IT-Trades, Web redakcija
Novi Sad

Član broj: 20613
Poruke: 146
*.dynamic.isp.telekom.rs.

Jabber: galahad@elitesecurity.org
ICQ: 52020296
Sajt: www.todorowww.net


+4 Profil

icon Bezbednosne rupe u iPhone i Android aplikacijama28.07.2010. u 22:47 - pre 166 meseci
Evo još malo rupica u aplikacijama za telefone, ovog puta i u iPhone i u Android varijanti, pa ko voli nek' izvoli

http://www.sfgate.com/cgi-bin/...ncial/f121220D57.DTL&tsp=1

Citat:

The code had been written by the third parties and inserted into the applications by the developers, usually for a specific purpose, such as allowing the applications to run ads. But the code winds up forcing the application to collect more data on users than even the developers may realize, Lookout executives said.

"We found that not only users, but developers as well, don't know what's happening in their apps, even in their own apps, which is fascinating," said John Hering, CEO of the San Francisco-based Lookout.


Ovo baš lepo legne kao dodatak na onu temu o premium-rate telefonskim brojevima koje iPhone aplikacije zovu. Taman pomisliš čuo si sve, kad ono
- SKRati link - JaZaKraljevo.rs -

"I have never let my schooling interfere with my education." - Mark Twain
 
Odgovor na temu

Ivan Dimkovic

Administrator
Član broj: 13
Poruke: 16683
*.dip.t-dialin.net.



+7169 Profil

icon Re: Bezbednosne rupe u iPhone i Android aplikacijama28.07.2010. u 22:52 - pre 166 meseci
Err...

Ja bih ipak bio malo skeptican...

- Lookout, inc - firma koja valja programe za zastitu za mobilne telefone....

- Firma je iz San Franciska, i o njoj pise novina iz San Franciska.... nije da sam paranoican, ali IT ekipa iz SF-a je poznata po "ruka ruku mije" kampanjama

- Kazu da su "skenirali 300000 aplikacija"... sta, kupili su i sve paid-for aplikacije i testirali? Wow.. zvuci kao ogroman trud i solidan trosak... taman toliko ogroman da se treba zapitati DA LI SU stvarno to uradili

Meni ovo lici na jos jedan klasicni PR-spin anti-virusnih kompanija...

Naravno da postoje aplikacije koje su stetne, ali ne treba blanko verovati stvarima koje pisu AV/security kompanije jer ne treba zaboraviti da je njihov primarni razlog pisanja ovoga cist biznis, i da lako moze biti da su "istrazivanja" frizirana do daske.

DigiCortex (ex. SpikeFun) - Cortical Neural Network Simulator:
http://www.digicortex.net/node/1 Videos: http://www.digicortex.net/node/17 Gallery: http://www.digicortex.net/node/25
PowerMonkey - Redyce CPU Power Waste and gain performance! - https://github.com/psyq321/PowerMonkey
 
Odgovor na temu

galahad
Slobodan Todorov
Radio-televizija Vojvodine,
Jack-Of-All-IT-Trades, Web redakcija
Novi Sad

Član broj: 20613
Poruke: 146
*.dynamic.isp.telekom.rs.

Jabber: galahad@elitesecurity.org
ICQ: 52020296
Sajt: www.todorowww.net


+4 Profil

icon Re: Bezbednosne rupe u iPhone i Android aplikacijama28.07.2010. u 23:03 - pre 166 meseci
I ja sam skeptičan, al' reko da podelim sa ljudima

I ja obožavam te varijante kad jedna firma, testira 800.000.000.000™ aplikacija, i sve su kao rupičaste, pa još ni developeri ne znaju kako im rade aplikacije... yeah, right...

Inače, za ovu vest sam saznao preko EFF, takođe SF based organizacije. Priznajem, nisam znao ovo za SF IT scenu, malo ću više rezerve koristiti pri prijemu informacija koje dolazi iz SF
- SKRati link - JaZaKraljevo.rs -

"I have never let my schooling interfere with my education." - Mark Twain
 
Odgovor na temu

madamov
Milan Adamov
vlasnik
Adamov Konsultacije d.o.o.
Beograd, Srbija

SuperModerator
Član broj: 21939
Poruke: 4413
*.dynamic.sbb.rs.

Sajt: www.adamov.rs


+138 Profil

icon Re: Bezbednosne rupe u iPhone i Android aplikacijama29.07.2010. u 13:22 - pre 166 meseci
http://gizmodo.com/5599435/ove...ised-thanks-to-a-malicious-app

Citat:
Does "Jackeey Wallpaper" sound familiar to you? If you downloaded one of their Android apps, then there's a good chance your privacy was compromised. According to telecoms security company Lookout, the app was sending users' info to a Chinese website.

The data infringement was revealed at the Black Hat security expo in Las Vegas yesterday, where listeners were told of how the personal details of between 1.1m - 4.6m who downloaded the app were sent to the Chinese website www.imnet.us, where browsing history, texts, voicemail passwords and SIM card details were published. And why were people downloading this app? Because it had free wallpapers—though it's not known exactly which wallpapers. Judging by the various apps Jackeey Wallpaper has created, it could've been anything from a Star Wars theme, Gundam, or even My Little Pony—or all of them.

 Certified Trainer Mojave 101 macOS Support Essentials 10.14
http://www.adamov.co.rs http://milan.adamov.rs http://www.infinitum.rs
 
Odgovor na temu

Ivan Dimkovic

Administrator
Član broj: 13
Poruke: 16683
*.dip0.t-ipconnect.de.



+7169 Profil

icon Re: Bezbednosne rupe u iPhone i Android aplikacijama29.07.2010. u 13:41 - pre 166 meseci
Dakle, skinuo si wallpaper "app" i sistem ti prilikom instalacije prijavi da ce wallpaper app da pristupi telefonskim podacima, i pita te da li zelis to da odobris....

Reklo bi se da protiv ovoga i nema bas nekog resenja ako korisnik kaze "da, moze" :)

Ah da, ima... totalni walled-garden - medjutim, ni Apple-u bas ne uspeva da eliminise sav malware ni sa Gestapo metodom...

U tom slucaju, neka hvala - ja ipak preferiram otvorenu platformu umesto laznog uverenja u nekakvu sigurnost koja ne postoji evidentno.

IT nepismeni korisnici ne treba da kupuju smartphone, inace ce pre ili kasnije uraditi nesto idiotski sa njim.
DigiCortex (ex. SpikeFun) - Cortical Neural Network Simulator:
http://www.digicortex.net/node/1 Videos: http://www.digicortex.net/node/17 Gallery: http://www.digicortex.net/node/25
PowerMonkey - Redyce CPU Power Waste and gain performance! - https://github.com/psyq321/PowerMonkey
 
Odgovor na temu

Ivan Dimkovic

Administrator
Član broj: 13
Poruke: 16683
*.dip0.t-ipconnect.de.



+7169 Profil

icon Re: Bezbednosne rupe u iPhone i Android aplikacijama29.07.2010. u 13:56 - pre 166 meseci
http://www.engadget.com/2010/0...about-sketchy-apps-you-may-ha/

Citat:

If you're an iPhone user, the only privacy notice you'll see from an app regards your current location -- as much a warning about the associated battery hit from the GPS pinging as anything. If you're an Android user, however, things are different, with a tap-through dialog showing you exactly what each app will access on your phone. But, do you read them? You should



DigiCortex (ex. SpikeFun) - Cortical Neural Network Simulator:
http://www.digicortex.net/node/1 Videos: http://www.digicortex.net/node/17 Gallery: http://www.digicortex.net/node/25
PowerMonkey - Redyce CPU Power Waste and gain performance! - https://github.com/psyq321/PowerMonkey
 
Odgovor na temu

Dejan Lozanovic
Dejan Lozanovic
Beograd

Član broj: 691
Poruke: 2325
*.dynamic.isp.telekom.rs.

Jabber: null@elitesecurity.org
Sajt: speedy-order.com


+75 Profil

icon Re: Bezbednosne rupe u iPhone i Android aplikacijama29.07.2010. u 14:50 - pre 166 meseci
http://gizmodo.com/5598375/wav...roid-fanboy-flag-on-your-chest
 
Odgovor na temu

madamov
Milan Adamov
vlasnik
Adamov Konsultacije d.o.o.
Beograd, Srbija

SuperModerator
Član broj: 21939
Poruke: 4413
*.dynamic.sbb.rs.

Sajt: www.adamov.rs


+138 Profil

icon Re: Bezbednosne rupe u iPhone i Android aplikacijama29.07.2010. u 15:22 - pre 166 meseci
Citat:
Dakle, skinuo si wallpaper "app" i sistem ti prilikom instalacije prijavi da ce wallpaper app da pristupi telefonskim podacima, i pita te da li zelis to da odobris....


Citat:
The wallpaper app asks for “phone info,” but that isn’t necessarily a clear warning.


Citat:
Wow. Just reading through the comments, I'm really suprised at the amount of venom that some Android users have towards the average guy just using his phone. I had thought the community to be one with a little more tolerance due to the system's open nature.
It seems like most of you don't want Android to spread to to the average user, and that it should just stay in the hands of the more tech-minded individuals.
If that's what your looking for then rock on. But if you really do want it to continue to compete with Apple and Windows Mobile, etc., maybe a little more "how can we/Google fix this?" and a little less "F*** em if they don't know better" would be in order?



 Certified Trainer Mojave 101 macOS Support Essentials 10.14
http://www.adamov.co.rs http://milan.adamov.rs http://www.infinitum.rs
 
Odgovor na temu

Ivan Dimkovic

Administrator
Član broj: 13
Poruke: 16683
*.dip0.t-ipconnect.de.



+7169 Profil

icon Re: Bezbednosne rupe u iPhone i Android aplikacijama29.07.2010. u 15:35 - pre 166 meseci
Kakav spin..

Hajde da vidimo sta stvarno pise:

http://www.sfgate.com/cgi-bin/...ncial/f121220D57.DTL&tsp=1

Dakle:

Citat:

Lookout Inc., a mobile-phone security firm, scanned nearly 300,000 free applications for Apple Inc.'s iPhone and phones built around Google Inc.'s Android software. It found that many of them secretly pull sensitive data off users' phones and ship them off to third parties without notification.


1. Firma je pronasla aplikacije koje salju privatne podatke NA OBE PLATFORME
2. Android platforma bar upozorava korisnika o tome sta ce aplikacija da radi, dok iOS daje nemusto upozorenje o BATERIJI, cak i za aplikacije koje ce zvati premium-rate brojeve BEZ DA VAS OS OBAVESTI O TOME :)

I, opet, posle svega - sta kaze madamov? Postuje komentar:

Citat:

Wow. Just reading through the comments, I'm really suprised at the amount of venom that some Android users have towards the average guy just using his phone. I


WOW! Dakle, iako Lookout tvrdi da i iPhone i Android imaju aplikacije koje se lose ponasaju, i IAKO Android daje >VISE< informacija od iPhone-a prilikom instalacije... opet je Android nesto kriv i nije za "average usera" :)

Mozda i nije, ako se smatra da platform vendor treba da laze korisnika o sigurnosti i da mu uliva lazno poverenje u platformu koja takodje ima identican problem. Dovoljno je istu samo nazvati "magical & revolutionary" i odmah je dobila seal-of-approval za ljude sa IQ-om oko 100.


DigiCortex (ex. SpikeFun) - Cortical Neural Network Simulator:
http://www.digicortex.net/node/1 Videos: http://www.digicortex.net/node/17 Gallery: http://www.digicortex.net/node/25
PowerMonkey - Redyce CPU Power Waste and gain performance! - https://github.com/psyq321/PowerMonkey
 
Odgovor na temu

Dejan Lozanovic
Dejan Lozanovic
Beograd

Član broj: 691
Poruke: 2325
*.dynamic.isp.telekom.rs.

Jabber: null@elitesecurity.org
Sajt: speedy-order.com


+75 Profil

icon Re: Bezbednosne rupe u iPhone i Android aplikacijama29.07.2010. u 16:05 - pre 166 meseci
Citat:
Ivan Dimkovic:
WOW! Dakle, iako Lookout tvrdi da i iPhone i Android imaju aplikacije koje se lose ponasaju, i IAKO Android daje >VISE< informacija od iPhone-a prilikom instalacije... opet je Android nesto kriv i nije za "average usera" :)


Pa tako ti je to sa Linuxom sve ovo vreme :), a posto se android vrti nad linux kernelom nekako je logicno zar ne :)
 
Odgovor na temu

Ivan Dimkovic

Administrator
Član broj: 13
Poruke: 16683
*.dip0.t-ipconnect.de.



+7169 Profil

icon Re: Bezbednosne rupe u iPhone i Android aplikacijama29.07.2010. u 16:25 - pre 166 meseci
Pa i nije bas :)

Za razliku od Linuxa koji je prilicna divljina sto se standarda i UI propisa tice, gde svaka distribucija ima nesto svoje te vrlo lako dodjes do nekih stvari koje samo IT-ovci razumeju, kod Androida imas jednog vendora koji se brine o UI-ju, verzijama itd... Doduse tu ne racunam one dodatke tipa Sense i sl, mada i oni generalno slede neku jednostavnu filozofiju, nisu budzerajke.

UI je prilicno ispeglan i uopste ne izlaze korisnika necemu "inzenjerskom" osim ako korisnik to izricito ne zeli.

Ono ako kupis neki tipican Android telefon i ostanes na stock ROM-u, cela stvar je prilicno "dumbed-down" za prosecnog Amera recimo...

E, sad, naravno, ako ti hoces - mozes vrlo lako da dodjes do komandne linije i kobasica - ali mislim da je upravo razlika u tome da se Google iscimao da to ne bude obavezno.

DigiCortex (ex. SpikeFun) - Cortical Neural Network Simulator:
http://www.digicortex.net/node/1 Videos: http://www.digicortex.net/node/17 Gallery: http://www.digicortex.net/node/25
PowerMonkey - Redyce CPU Power Waste and gain performance! - https://github.com/psyq321/PowerMonkey
 
Odgovor na temu

[es] :: Advocacy :: Bezbednosne rupe u iPhone i Android aplikacijama

[ Pregleda: 2265 | Odgovora: 10 ] > FB > Twit

Postavi temu Odgovori

Navigacija
Lista poslednjih: 16, 32, 64, 128 poruka.