When the Linux Keyrings vulnerability landed yesterday, headlines said it would affect millions of devices, partly because it was thought to be widely present in Android as well.
El Reg wondered at this, because it's not part of the recommended Android kernel configuration, so we're going to be a little bit smug: however many 'droids are vulnerable, it's not likely to be "66 per cent".
Google's Android security lead, Adrian Ludwig, has promised a fix by March 1. That's the bad news.
The good news: We believe that the number of Android devices affected is significantly smaller than initially reported.
We believe that no Nexus devices are vulnerable to exploitation by third party applications. Further, devices with Android 5.0 and above are protected, as the Android SELinux policy prevents third party applications from reaching the affected code.
Also, many devices running Android 4.4 and earlier do not contain the vulnerable code introduced in linux kernel 3.8, as those newer kernel versions [are] not common on older Android devices.
Ludwig's not thrilled that the vulnerability landed without prior notice to the Android team, but Perception Point reckons it's now working with Google.
In an e-mail to The Register, Perception Point's Yevgeny Pats said it looks like the CONFIG_KEYS are present in most Kernel builds in Android Operating Systems even though it is not present in the 'recommended' configuration.
We are working with Google now to check as posted in the blogpost if there is a way this vulnerability can be exploited with SELinux in enforcing state.
It would seem that Google's already answered that question.
Sponsored: Building secure multi-factor authentication
Published on Jan 25, 2016
How to turn your Windows 7,8 Laptop into a WiFi Hotspot || 2016
Download Now Wifi Hotspot Software = https://www.mediafire.com/?4x24jhzsh0...
Category Entertainment License Standard YouTube License
Holic':! Espero y este pequeo vdeo acerca de unos tips bsicos te puedan ayudar, saben que les agradezco mucho por todo y los quiero cual dulce de coco n-n. Dios los cuide mucho
*Programa uxstyle "parcheador" para windows 7/8/8.1/10 sin reiniciarc':!
*Algunos temas para windows 7 muy hermosos, 100% crditos a Tutosfrance n-n!
Apple has flubbed attempts to patch flaws in OS X's anti-malware system Gatekeeper, leaving the defenses still easy to bypass.
Patrick Wardle, a former NSA staffer who now heads up research at crowdsourced security intelligence firm Synack, found a way to circumvent Gatekeeper last year. Gatekeeper is supposed to block dodgy apps from running, but it turns out it's easy for malicious programs to sidestep.
Apple patched Gatekeeper in November in response to Wardle's findings. However, subsequent work by the researcher ahead of this weekend's ShmooCon conference an "East Coast hacker convention" revealed the patch is incredibly weak. The update was easy to bypass in minutes, Wardle told El Reg.
Apple's Gatekeeper is built into OS X, and is designed to block the execution of untrusted code downloaded from the internet. Only executables digitally signed by registered developers or, with more restrictive settings, packages downloaded from the Mac App Store should be allowed to run. The technology debuted in July 2012.
Apple boasts that because of Gatekeeper, trojans and tampered downloads will not bother Mac systems. But this simply isnt true right now, according to Wardle.
Even on a fully-patched OS X 10.11.2 system, Gatekeeper is trivial to bypass, Wardle explains in a blog post. So hackers can (re)start their trojan distributions while nation states can get back to MitMing HTTP downloads from the internet.
During a presentation at the Virus Bulletin conference in Prague last October, Wardle gave the lowdown on unpatched vulnerabilities in Gatekeeper that created a means for miscreants to distribute unsigned binaries to Mac users, outfoxing Gatekeeper in the process.
Apple released a patch shortly afterwards by simply blacklisted a tool used by Wardle to bypass Gatekeeper rather than tackling the underlying problem.
Wardle has notified Apple about his latest research and a (hopefully more comprehensive) fix is likely. In the meantime, users should stick to downloading software from the Mac App Store. Apple does not respond to requests for comment from The Register.
Waddle plans to offer a personal tool that can thwart anti-Gatekeeper programs, protecting OS X users in the process, to accompany his ShmooCon talk on Sunday.
Sponsored: Go beyond APM with real-time IT operations analytics
Published on Jan 11, 2016
There are several factors your need to consider when selecting windows when remodeling or building a home! Courtney from Budget Blinds helps with these tips.
Category License Standard YouTube License
MICROSOFT BOSS Satya Nadella has admitted that its already poxy share in the mobile phone market is "unsustainable".
In an interview with Buzzfeed, Nadella defended the platform which Gartner recently measured as having just 1.7 percent of the mobile market, putting it on a rough par in popularity with remaining users of Windows Vista.
While admitting that it was "unsustainable," he pointed out that the company is more focused on the software and services people are running, rather than what they are being run on.
Quoth Nadella: "I think we do ourselves a disservice if we measure our success by just looking at whats the market share of HoloLens? Whats the market share of Xbox? Whats the market share of PCs? Whats the market share of our phones?
If you think of this more like a graph, these [devices] are all nodes. Sometimes the user will use all of these devices, sometimes theyll use only one or two of our devices and some other platforms. So be it. But we want to make sure that we are completing the experience across all of these devices.
This harks back to a recent earnings call with angry former CEO Steve Ballmer who told Microsoft shareholders, of which he remains one of the largest, that the company needs to stop mucking about with trying to perfect Windows Phone and give customers what they want, namely Android apps.
Whether or not this admission is a first step on the road to a closer unity with Android remains to be seen, but with Windows Mobile 10 continually dogged by technical problems, and the Android aspect of the Universal Apps programme having been prematurely wound up owing to more technical problems, it does seem that Nadella is stuck between a large boulder and a rusty penknife, the only problem with the metaphor being that his decision could be mostly harmless or mostly armless.
We have observed for some time that Nadella has been keen to roll out his killer apps across rival platforms. At a recent demonstration in London he referred to an iPhone 6 with Microsoft's app suite as an "iPhone 6 Plus".
The tactic now is primarily based around what we've referred to as the 'John Hurt' approach, whereby Microsoft's apps invade your phone from the inside out, but it does make you wonder how much longer he will continue to pump money into the (ex-Nokia) Lumia phone line that has already lost the company billions.
click here to continue to article
cliquez ici pour lire l'article
weiter zum Artikel
clicca qui per visualizzare l'articolo weiter zum Artikel
ir a la noticia
klik hier om door te gaan naar het artikel
Yazya devam etmek iin tklayn
Tovbb a cikkre