[Cialug] Android security

Josh More MoreJ at alliancetechnologies.net
Wed Jan 19 14:06:59 CST 2011 

Well, like all things, it depends on what you want.

Do you want folks to be able to read all data on your SD card and most of the data in your browser?  Keep using the stock.

Do you want to block ads everywhere and run a nicely secure system?  Root your android and install some security apps.

Do you want patches to a free open source OS that the manufacturer wants to charge extra for?  Root your android and install something like Cyanogen.

Do you want a hybrid solution that is easy to implement and reasonably secure?  If so...
  Do you mind ads?  (Dolphin)
  Do you mind slowness?  (Firefox)
  I'm not sure what the drawback is to Opera, but I'm sure there is one.  :)


There's no perfect solution out there.  However, it seems that the absolute worst solution is to keep using the stock OS and apps from vendors that refuse to release patches because the patches bring additional functionality with them.


Josh More | Senior Security Consultant - CISSP, GIAC-GSLC Gold, GIAC-GCIH
Alliance Technologies | www.AllianceTechnologies.net
400 Locust St., Suite 840 | Des Moines, IA 50309
515.245.7701 | 888.387.5670 x7701

Blog: Not The Usual Security Predictions: 2011
http://www.alliancetechnologies.net/blogs/morej

How are we doing? Let us know here:
http://www.alliancetechnologies.net/forms/alliance-technologies-feedback-survey

________________________________________
From: cialug-bounces at cialug.org [cialug-bounces at cialug.org] on behalf of Jeffrey Ollie [jeff at ocjtech.us]
Sent: Wednesday, January 19, 2011 13:09
To: Central Iowa Linux Users Group
Subject: Re: [Cialug] Android security

On Wed, Jan 19, 2011 at 12:54 PM, Josh More
<MoreJ at alliancetechnologies.net> wrote:
>  I do not recall if we were discussing at the meeting or on the IRC channel,
> so I am posting it here.
>
> There is now a metasploit module to take advantage of the Android browser
> flaw.  This would be a good time to upgrade to 2.3

Which probably isn't available to most people...

> or replace the default
> browser with Firefox

Which is extremely slow on my original Droid (at least it no longer
locks the phone up).

> or Dolphin.

Which is ad-supported (at least the HD version).

There's also Opera Mobile for Android too IIRC.

--
Jeff Ollie
_______________________________________________
Cialug mailing list
Cialug at cialug.org
http://cialug.org/mailman/listinfo/cialug

More information about the Cialug mailing list