FAT32 SHAMER posted:But enough about android never. android will forever be a source of security fuckery. or at least as long as the devices ship loaded with auto-updating un-deletable bloatware with permissions like this: quote:Peel Smart Remote TV Guide apparently after the most recent rounds of updates it uses the "draw over other apps" permission to cause full screen popup ads systemwide and send notifications even if people disable notifications. additionally it uses that permission combined with the "prevent the device from sleeping" and "power device on and off" permissions to effectively replace the device lockscreen with its own.
|
|
# ? Jul 7, 2017 15:18 |
|
|
# ? May 15, 2024 03:19 |
|
peel smart remote, more like peel outta the shop that tries to sell you an android if you're remotely smart
|
# ? Jul 7, 2017 15:21 |
|
ate all the Oreos posted:i thought maybe he had started because we're all smart attractive people? There's a surprisingly large number of goons who work at Google so maybe he does, just incognito.
|
# ? Jul 7, 2017 15:23 |
|
that's less of an android problem and more of a vendor problem though imo. not that android is good or anything, but it's like making GBS threads all over windows just because lenovo installed superfish on your pc. vvv: google is about to get slapped with another big EU fine in fact, because they don't allow 3rd parties to pre-install not-google search. i get the reasons, but from a security view it's hosed. of course the correct thing would be to fix google, but that's never going to happen, so secfuck it is Truga fucked around with this message at 15:31 on Jul 7, 2017 |
# ? Jul 7, 2017 15:23 |
|
Truga posted:that's less of an android problem and more of a vendor problem though imo. I was gonna say microsoft could probably stop that poo poo if they actually tried at all but thinking about it they'd probably get an antitrust lawsuit lol
|
# ? Jul 7, 2017 15:26 |
|
ate all the Oreos posted:I was gonna say microsoft could probably stop that poo poo if they actually tried at all but thinking about it they'd probably get an antitrust lawsuit lol Google literally has a (completely different) EU antitrust investigation going on right now because they tried to tell manufacturers and telcos they couldn't ship Android phones with 10 GB of crapware and security holes.
|
# ? Jul 7, 2017 15:30 |
|
it's pronounced null-day
|
# ? Jul 7, 2017 15:32 |
|
tavis-chan....
|
# ? Jul 7, 2017 15:34 |
|
https://www.youtube.com/watch?v=wdWgvJRHA0s this is a good (and funny) talk on pentesting, also covers pentesters and "0day"
|
# ? Jul 7, 2017 15:44 |
mrmcd posted:Google literally has a (completely different) EU antitrust investigation going on right now because they tried to tell manufacturers and telcos they couldn't ship Android phones with 10 GB of crapware and security holes. idk, there's probably enough wiggle room for them to set up some sort of quarantine for all preinstalled apps until they are actually launched by the user. they would just have to include their own apps in it too.
|
|
# ? Jul 7, 2017 15:58 |
|
mrmcd posted:Google literally has a (completely different) EU antitrust investigation going on right now because they tried to tell manufacturers and telcos they couldn't ship Android phones with 10 GB of crapware and security holes. telling computer manufacturers what they could and could not install on their computers was one of things Microsoft got hit with in the US antitrust suit. The antitrust concern is that google is using android to advance their advertising business and disallowing others from doing the same. google should probably come up with some sort of certification for crapware free like microsoft's "signature edition" laptops.
|
# ? Jul 7, 2017 16:04 |
|
RISCy Business posted:https://www.youtube.com/watch?v=wdWgvJRHA0s Hilarious... ill think of this when i look at my big rear end paycheck for hacking your poo poo..if you guys did your jobs our industry would have to get bent. Until then ill pop shells, laugh at losers like you, and make more and more money!
|
# ? Jul 7, 2017 16:13 |
|
Maybe they should ship not garbage nexus phones as loss leaders and force every other vendor to compete. the free market bitches
|
# ? Jul 7, 2017 16:13 |
|
Shifty Pony posted:idk, there's probably enough wiggle room for them to set up some sort of quarantine for all preinstalled apps until they are actually launched by the user. they would just have to include their own apps in it too. Several years ago, a feature was added to Android so that garbage preload apps could be uninstalled. Apps that are required for phone functionality (Dialer, Settings, etc) could have a flag set that would mark them as "critical" and thus not allowed to be uninstalled. Guess how long it took for the garbage to be marked "critical" as well?
|
# ? Jul 7, 2017 16:14 |
|
i have phone hopped a bit, and i know it falls under "old man yelling at clouds" poo poo, but man the choices are not great. with iphones they removed the headphone jack to save .01mm of space (and also to sell you air budzzzzz) with androids, all of the nexus phones are great handsets until they mysteriously break a year later because there's a design flaw in the power button (n5) or just straight up refuse to boot one day (n5x). the closest manufacturer that is aosp adjacent that doesn't make dumpster fire handsets is oneplus. but hey, nokia has a new handset out guyzzzzz
|
# ? Jul 7, 2017 16:28 |
|
winphone ftw
|
# ? Jul 7, 2017 16:30 |
|
Phone posted:i have phone hopped a bit, and i know it falls under "old man yelling at clouds" poo poo, but man the choices are not great. what weird european country are you from where they call them "handsets" i've only ever heard that in relation to landline phones
|
# ? Jul 7, 2017 16:37 |
|
Shifty Pony posted:never. android will forever be a source of security fuckery. this isn't a new trick for peel remote, it's been doing this poo poo to me for months if you even look at its lock screen widget, a giant ad will be waiting for you when you unlock its chat heads widget loves to steal focus from other apps' useful buttons too, that's pretty fun
|
# ? Jul 7, 2017 16:37 |
|
i willingly own a galaxy
|
# ? Jul 7, 2017 16:38 |
|
ate all the Oreos posted:what weird european country are you from where they call them "handsets" i've only ever heard that in relation to landline phones cellular telephony endpoints to your question, the worst European country of them all: south florida
|
# ? Jul 7, 2017 16:52 |
ate all the Oreos posted:what weird european country are you from where they call them "handsets" i've only ever heard that in relation to landline phones standard english m8
|
|
# ? Jul 7, 2017 16:53 |
|
Shaggar posted:winphone ftw Yeah, I like my Winphone for most purposes, but the app support is non-existent, and IIRC Redmond is going to drop them some time soon.
|
# ? Jul 7, 2017 16:56 |
|
Shaggar posted:winphone ftw even Microsoft employees don't use windows phones they all have crazy expensive surfaces of course
|
# ? Jul 7, 2017 16:59 |
|
I genuinely liked the nokia win7 handset I had, it was a solid device that had zero app support. had wordament, though.
|
# ? Jul 7, 2017 17:07 |
|
Shifty Pony posted:Peel Smart Remote TV Guide bought a pixel specifically because i didnt want to deal with all the snooping poo poo shovelware (also because it would actually receive OTA updates more then once in its lifespan).
|
# ? Jul 7, 2017 17:30 |
Volmarias posted:Several years ago, a feature was added to Android so that garbage preload apps could be uninstalled. Apps that are required for phone functionality (Dialer, Settings, etc) could have a flag set that would mark them as "critical" and thus not allowed to be uninstalled. and if they cracked down and actually applied standards for what is critical functionality the manufacturers would simply pool the dialer and settings app with the bloat apps into a single package such that the former depend on code from the latter for operation, similarly to how MS deeply integrated IE into windows. hobbesmaster posted:The antitrust concern is that google is using android to advance their advertising business and disallowing others from doing the same. almost as though vertical integration is a Pandora's Box of anticompetitive awfulness even when you tag but with the internet onto the end.
|
|
# ? Jul 7, 2017 17:36 |
|
Subjunctive posted:does he do mobile? apseudonym? he should do mobile Some of the p0 folks do mobile things, the last iOS security bulletin thing had a lot of hilariously bad sounding bugs credited to them and they find some cool Android ones from time to time but not as much as I'd like. Tavis does what Tavis wants, he cannot be aimed. E: wildcard certs are good Subjunctive is correct as to why y'all crazy sometimes. apseudonym fucked around with this message at 17:51 on Jul 7, 2017 |
# ? Jul 7, 2017 17:48 |
|
Phone posted:cellular telephony endpoints oh yeah i remember this coming up before, i grew up like 4 hours north of you but apparently in a completely different universe
|
# ? Jul 7, 2017 17:50 |
|
I won't tell anyone that you lived in orlando
|
# ? Jul 7, 2017 17:59 |
|
Shifty Pony posted:and if they cracked down and actually applied standards for what is critical functionality the manufacturers would simply pool the dialer and settings app with the bloat apps into a single package such that the former depend on code from the latter for operation, similarly to how MS deeply integrated IE into windows. The open source nature of Android means that Google can recommend and strongly suggest, but ultimately cannot fully control what OEMs do, which is unfortunate for end users.
|
# ? Jul 7, 2017 18:12 |
|
ate all the Oreos posted:i needed the root password to this new public-internet-facing VM someone had set up and noticed the guy had a habit of mailing passwords in emails (there were several earlier in the email chain) so i ask him to give me the password another way that's more secure than email That's not too bad if you're hosting Slack on your own servers. It would at least be a step in the right direction.
|
# ? Jul 7, 2017 18:16 |
|
I never thought about it before, but Google does a poo poo ton of data mining with all of their products. For example, when you get an email about your flight schedule and it magically appears on your calendar and at the top of your inbox app on the day of your departure. I became more aware of this poo poo when a colleague of mine got a job at Google and then promptly stopped using his Gmail account and wouldn't tell me why. Can anyone else speak to this weird privacy business when it comes to Google and datamining emails?
|
# ? Jul 7, 2017 18:23 |
|
ratbert90 posted:Hey, these are actually really neat! Do you mind also handling libressl as well? Thanks!
|
# ? Jul 7, 2017 18:23 |
|
Phone posted:I won't tell anyone that you lived in orlando not even orlando CmdrRiker posted:That's not too bad if you're hosting Slack on your own servers. It would at least be a step in the right direction. nope we use slack's hosting and we don't even pay for anything so it deletes all our messages within a week because we've used up our free quota lol
|
# ? Jul 7, 2017 18:31 |
|
Kuvo posted:bought a pixel specifically because i didnt want to deal with all the snooping poo poo shovelware (also because it would actually receive OTA updates more then once in its lifespan). pixels are good phones, brent
|
# ? Jul 7, 2017 18:32 |
|
Volmarias posted:The open source nature of Android means that Google can recommend and strongly suggest, but ultimately cannot fully control what OEMs do, which is unfortunate for end users. i wouldn't mind this so much if I could just put a stock install on the phone or whatever via a process that's not "download some skeevy poo poo from xda-forums" i'd think they could do something with the branding at least, like you can't use the Android name or call your phone a Certified Google Android(tm) Compatible Device or whatever if you don't allow users to run stock or uninstall poo poo or whatever
|
# ? Jul 7, 2017 18:37 |
|
Phone posted:I won't tell anyone that you lived in orlando speaking of horrible places... If any of you are going to defcon and want a cool hardware badge cheaper than the other parties grab this https://sunshinectf.org/floridaman/ the guy making them is legit, if you don't want it mailed he'd be fine giving it to you irl at dc
|
# ? Jul 7, 2017 18:37 |
|
ate all the Oreos posted:nope we use slack's hosting and we don't even pay for anything so it deletes all our messages within a week because we've used up our free quota lol Well, there you go. It'll eventually be deleted. Almost as good as having never put it there in the first place.
|
# ? Jul 7, 2017 18:38 |
|
cinci zoo sniper posted:if you ever say it "zero day" to a british person you'll be laughed out into the loving oblivion. do you also "zero" when dictating a phone number with 0 in it? I'm British and say zero day
|
# ? Jul 7, 2017 19:00 |
|
|
# ? May 15, 2024 03:19 |
|
CmdrRiker posted:I never thought about it before, but Google does a poo poo ton of data mining with all of their products. For example, when you get an email about your flight schedule and it magically appears on your calendar and at the top of your inbox app on the day of your departure. I became more aware of this poo poo when a colleague of mine got a job at Google and then promptly stopped using his Gmail account and wouldn't tell me why. I still use mine and I doubt that's why he switched ¯\_(ツ)_/¯.
|
# ? Jul 7, 2017 19:00 |