Puppy Linux Discussion Forum Forum Index Puppy Linux Discussion Forum
Puppy HOME page : puppylinux.com
"THE" alternative forum : puppylinux.info
 
 FAQFAQ   SearchSearch   MemberlistMemberlist   UsergroupsUsergroups   RegisterRegister 
 ProfileProfile   Log in to check your private messagesLog in to check your private messages   Log inLog in 

The time now is Tue 02 Sep 2014, 03:22
All times are UTC - 4
 Forum index » Off-Topic Area » Security
Android vulnerable. How does Puppy Linux compare?
Post new topic   Reply to topic View previous topic :: View next topic
Page 1 of 1 [6 Posts]  
Author Message
nooby

Joined: 29 Jun 2008
Posts: 10557
Location: SwedenEurope

PostPosted: Mon 03 Oct 2011, 15:03    Post subject:  Android vulnerable. How does Puppy Linux compare?  

Android has many highly paid programmers and if that still
makes them this vulnerable then is it not logical that also
puppy linux is similar?

http://www.gizmag.com/security-htc-android-smartphones/20010/
Now Gizmag is no computer or software mag so it can be written by
somebody relying on others info and maybe misunderstanding it.

It is way too complicated for me so I share it to get your views on it.

Quote:
The reported vulnerability, which has left those who discovered it
- Justin Case, Trevor Eckhart and Artem Russakovskii from Android Police - speechless,
involves a suite of logging tools included in recent HTC modifications
to the Android operating system in EVO and Thunderbolt models that
collect a stack of information on the user's phone.
But not only do the modifications collect a swathe of information,
they also allow nefarious types to send that data to wherever on the Internet they like.

"It's like leaving your keys under the mat and expecting nobody
who finds them to unlock the door," says Russakovskii.
The list of compromised data includes but is not limited to:

* List of user accounts, including email addresses
* Last known GPS location and history of previous locations
* Phone numbers from the phone log
* SMS data, including phone numbers and encoded text
* System logs, which track everything your running apps do
* System information, including build number, bootloader version,
CPU info, running processes, list of installed apps, battery info
and status, and network info, including IP addresses.

Eckhart only released the information after contacting HTC
on September 24th and receiving no real response for five days
in the hopes that making the security vulnerability public would
prompt HTC to address the issue.
Although the team at Android Police believes HTC is looking into
the issue, there's been no statement from the company as yet.

The team also uncovered an app added by HTC called androidserver.apk
that is basically a remote access server that could allow third parties
access to the phone.

They say that, while the addition of the app "could end up being insignificant,"
it is still "very suspicious." Although the app isn't started by default,
it isn't clear what or who can trigger it.

While open source software, such as Android, has many advantages
over a closed system, such as allowing greater creativity on the part
of developers, the vulnerability the Android Police team claims to have
uncovered highlights one of the major downsides of open source
software.
While users expect problems from sources in the darker corners
of the Internet and are extra vigilant in looking out for anything
that may compromise the security of their devices, the fact this problem
comes from one of the biggest players in the Android space is a real concern.

_________________
I use Google Search on Puppy Forum
not an ideal solution though
Back to top
View user's profile Send private message 
Makoto


Joined: 03 Sep 2009
Posts: 1793
Location: Out wandering... maybe.

PostPosted: Mon 03 Oct 2011, 18:48    Post subject:  

I haven't looked into it, but I've read that the vulnerability is with HTC's code/interface, not Android. Whether or not that's true, I don't know.
_________________
[ Puppy 4.3.1 JP, Frugal install | 1GB RAM | 1.3GB swap ] * My Pidgin Builds for Puppy 4.3.1+
In memory of our beloved American Eskimo puppy (1995-2010) and black Lab puppy (1997-2011).
Back to top
View user's profile Send private message 
DPUP5520

Joined: 16 Feb 2011
Posts: 801

PostPosted: Mon 03 Oct 2011, 19:33    Post subject:  

Makoto wrote:
I haven't looked into it, but I've read that the vulnerability is with HTC's code/interface, not Android. Whether or not that's true, I don't know.


It was a modification to the Android OS made my HTC that caused the vulnerability.

_________________
PupRescue 2.5
Puppy Crypt 528
Back to top
View user's profile Send private message 
nooby

Joined: 29 Jun 2008
Posts: 10557
Location: SwedenEurope

PostPosted: Tue 04 Oct 2011, 06:53    Post subject:  

Ah yes I should have pointed out that part too Smile Sorry!

But that is exactly my point. Puppy is a rewrite of Standard ? Linux.

That would either makes Puppy very vulnerable or only vulnerable
when the criminals find it worth their time to write an exploit of that
potential vulnerability.

_________________
I use Google Search on Puppy Forum
not an ideal solution though
Back to top
View user's profile Send private message 
Pizzasgood


Joined: 04 May 2005
Posts: 6270
Location: Knoxville, TN, USA

PostPosted: Tue 04 Oct 2011, 23:47    Post subject:  

No, Puppy is not a rewrite of Linux, and no, Puppy's being weird compared to most distros does not make it "very vulnerable". Most of the weirdnesses in Puppy have no bearing on security at all.

Yes, Puppy and phones are both weird. But they are weird in different ways. Phones are weird in a network way - they have custom network code. Their software is also much less widely tested, and is often closed-source so that only people in the actual company have audited it.

Puppy is not at all weird in a network way. The network code is the same as any other Linux, whether server or desktop. The things that are weird in Puppy are the filesystem, the application choices, stuff like that.

You should be far more worried about how secure your network-related software is than Linux itself. Your browser, your browser's plugins, your chat program, any online games you play, any servers you run, etc. Those things all get far less individual attention than the OS's network code. (In particular, I would worry about Flash, as that is closed source and has a history of being a buggy piece of excrement.) And that applies equally to any distro you use - the only impact Puppy has would be that Puppy tends to have older versions of software.


Also, keep in mind that when some server, which happens to run on Linux, gets hacked into, that doesn't mean anything regarding the security of Linux. (Yes I know this thread is about a phone, not a server.) Most of the time when somebody "hacks into a server", what they actually do is exploit a bug in whatever webapps the server is running. Stuff like this forum, or a wiki, or what-have-you. Or they might somehow obtain an administrator's password (lucky guess, keylogger, surveillance, brute force, network sniffing, etc.). Failing that, they probably exploited a bug in a server program (php, apache, mysqld, sshd, etc.), which normal desktop Linuxes don't have. It is much rarer that they get in via a problem with Linux itself.

_________________
Between depriving a man of one hour from his life and depriving him of his life there exists only a difference of degree. --Muad'Dib

Back to top
View user's profile Send private message Visit poster's website 
nooby

Joined: 29 Jun 2008
Posts: 10557
Location: SwedenEurope

PostPosted: Wed 05 Oct 2011, 02:18    Post subject:  

Yes thanks, good that you reminded me of those details.
_________________
I use Google Search on Puppy Forum
not an ideal solution though
Back to top
View user's profile Send private message 
Display posts from previous:   Sort by:   
Page 1 of 1 [6 Posts]  
Post new topic   Reply to topic View previous topic :: View next topic
 Forum index » Off-Topic Area » Security
Jump to:  

You cannot post new topics in this forum
You cannot reply to topics in this forum
You cannot edit your posts in this forum
You cannot delete your posts in this forum
You cannot vote in polls in this forum
You cannot attach files in this forum
You can download files in this forum


Powered by phpBB © 2001, 2005 phpBB Group
[ Time: 0.0664s ][ Queries: 11 (0.0103s) ][ GZIP on ]