The hits keep on coming. Affects everyone on 2.3.3 and below.
http://gizmodo.com/5802617/androids-account-info-leakage-epidemic
http://gizmodo.com/5802617/androids-account-info-leakage-epidemic
![[H]ard|Forum](/styles/hardforum/xenforo/logo_dark.png){kind=logo}
Massive Android Data Vulnerability
- Thread starter kre62
- Start date
D
Deleted whining member 223597
Guest
Odd says its down.
SamuraiInBlack
Supreme [H]ardness
- Joined
- Oct 10, 2003
- Messages
- 5,771
I don't care what phone, laptop, or other mobile device you have, or how secure it is. I don't care if the thing was forged by Thor's hammer.
You hop on an unsecured/public network, you're at risk, some way, some how, and yes, you can get your stuff infected or breached. It's not rocket science.
A little common sense and good habits goes a lot farther than relying on technology to do the thinking for you.
You hop on an unsecured/public network, you're at risk, some way, some how, and yes, you can get your stuff infected or breached. It's not rocket science.
A little common sense and good habits goes a lot farther than relying on technology to do the thinking for you.
D
Deleted whining member 223597
Guest
But his Iphone can keep him safe on a public, unsecured network right? 
But his Iphone can keep him safe on a public, unsecured network right?
Of course it can. Its magical.
Vermillion
Supreme [H]ardness
- Joined
- Apr 5, 2007
- Messages
- 4,416
But his Iphone can keep him safe on a public, unsecured network right?
This ^^^
Yes, it's a bad bug, but it's not nearly as bad as people want you to believe. Hell it's fixed in three different ways:
1. Apps themselves shouldn't be using the HTTP versions of Twitter, Facebook, or other sites like that. They have HTTPS versions for a reason. App devs just simply need to enforce HTTPS instead of HTTP.
2. Root and upgrade to 2.3.4. Motorola users (excluding OG Droid) need not apply.
3. Do not connect to an open network. Connecting to an open network is a dumbass idea in the first place. However, if for some reason (no idea what that reason could possibly be) you HAVE to use an open network don't do anything that requires sensitive data to be transmitted.
NickJames
Supreme [H]ardness
- Joined
- Apr 28, 2009
- Messages
- 6,698
Woopty doo, the same thing applies and has to laptops. I remember a couple of months ago people were freaking out how some guy easily setup a firefox addon to sniff for peoples authentication cookies over public networks when they logged into sites. This is honestly no different.
Vermillion
Supreme [H]ardness
- Joined
- Apr 5, 2007
- Messages
- 4,416
Firesheep FTW!
This ^^^
Yes, it's a bad bug, but it's not nearly as bad as people want you to believe. Hell it's fixed in three different ways:
1. Apps themselves shouldn't be using the HTTP versions of Twitter, Facebook, or other sites like that. They have HTTPS versions for a reason. App devs just simply need to enforce HTTPS instead of HTTP.
2. Root and upgrade to 2.3.4. Motorola users (excluding OG Droid) need not apply.
3. Do not connect to an open network. Connecting to an open network is a dumbass idea in the first place. However, if for some reason (no idea what that reason could possibly be) you HAVE to use an open network don't do anything that requires sensitive data to be transmitted.
What apps themselves should or should not do isn't a fix for the user.
Most people have no clue what rooting is or how to do it. That isn't a fix for them. It might not even be a good fix for them as a lot of ROMs have issues with certain features and it requires a bit of research, time, and knowledge to do it right which most people don't have.
You really cannot think of a reason to connect to an open network? I mean, that doesn't even require much thought. One example is traveling overseas where that generally your only option for data. Another is for speed - wifi can often be much faster than wireless speeds in most areas.
Vermillion
Supreme [H]ardness
- Joined
- Apr 5, 2007
- Messages
- 4,416
Those devs should value my privacy as much as I do (their privacy policies normally claim as such). It's not hard to use HTTPS versus HTTP. So if my only security issue is a Twitter app that isn't using HTTPS I should lay all the blame on Android? I think not. Two layers of security are better then one.
If I'm overseas I'm definitely NOT connecting to any insecure network. I trust those less then I trust the ones here in the US. I'll buy a global phone and get a local SIM before I do that. Plus if I'm overseas on vacation I could care less about being connected to my e-mail or downloading anything. If I'm overseas for business, well work will be providing everything I need to securely connect.
3G speeds I found quite adequate. I'm on 4G now which is actually faster then most WiFi.
I agree that rooting isn't for everybody, but bottom line it is an option for people who at least know about it. The people who don't know about rooting don't know about this Android flaw either because they just don't care. They care more about who got kicked off DWTS last night.
Neurofreeze
2[H]4U
- Joined
- Jan 11, 2002
- Messages
- 2,523
I love internet journalism. They don't even bother to proofread anymore. First statement implies 2.3.3 is not vulnerable, second implies that it is vulnerable.
LOCO LAPTOP
[H]F Junkie
- Joined
- May 4, 2006
- Messages
- 12,629
Who needs wifi
HTC Thunderbolt user running on 4G LTE.
HTC Thunderbolt user running on 4G LTE.
Gorankar
[H]F Junkie
- Joined
- Jul 19, 2000
- Messages
- 11,107
Who needs wifi
HTC Thunderbolt user running on 4G LTE.
I am jealous.
Meh, I don't have any personal use whatsoever for twitter or facebook, I don't connect to wifi networks that are strange to me, and my rooted Craptivate has auto sync disabled.