Received: by 10.68.189.197 with SMTP id gk5mr2670502pbc.1.1331139582568;
Wed, 07 Mar 2012 08:59:42 -0800 (PST)
Path: h9ni50319pbe.0!nntp.google.com!news2.google.com!news1.google.com!Xl.tags.giganews.com!border1.nntp.dca.giganews.com!nntp.giganews.com!local2.nntp.dca.giganews.com!nntp.mozilla.org!news.mozilla.org.POSTED!not-for-mail
NNTP-Posting-Date: Wed, 07 Mar 2012 10:59:42 -0600
Return-Path: <ma1l1i...@yahoo.co.uk>
X-Original-To: dev-secur...@lists.mozilla.org
Delivered-To: dev-secur...@lists.mozilla.org
X-Virus-Scanned: amavisd-new at mozilla.org
Authentication-Results: notorious.mozilla.org (amavisd-new); dkim=pass
header...@yahoo.co.uk
Received-SPF: none (yahoo.co.uk: No applicable sender policy available)
receiver=notorious.mozilla.org; identity=mailfrom;
envelope-from="ma1l1i...@yahoo.co.uk";
helo=nm8-vm0.bullet.mail.ukl.yahoo.com; client-ip=217.146.183.238
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=yahoo.co.uk; s=s1024;
t=1331139570; bh=cM3gbCwVugvwYC6pazBezdiTM+BRDZCk+qf0y6sfRP0=;
h=X-Yahoo-Newman-Id:Message-ID:X-Yahoo-Newman-Property:X-YMail-OSG:X-Yahoo-SMTP:Received:Date:From:To:Subject:In-Reply-To:References:X-Mailer:Mime-Version:Content-Type:Content-Transfer-Encoding;
b=FmGS0WrLv6oCqZAgM3wcbbNUU3POYS3eOYOmniinkLcERyrXw+EEybtQ8/kPuGTWV7ZZLVrqx7hXSB36ENWMh/LMaLQ9pMFjE4LhKG6xA5ReOf1xeeSjIwKSQ+EVjXBiAs/b6Q/hlsvoQlIe+TwTvReGmFvJRNEGq2eeTw7tT3s=
X-Yahoo-Newman-Id: 629255.9495...@smtp135.mail.ukl.yahoo.com
X-Yahoo-Newman-Property: ymail-3
X-YMail-OSG: _QptikoVM1nzSU69rfCOdlw.gKZv1vT0u9lU7LtkNX6869r
ci0FPMQgnYStbdEHKdxU8h6QrklFvcyb4hD59hwPhyjSptkXrf3Gg.uzApC0
cArQa7U.UGwqy2uboOJ54UWFBTBBvfE.sT_X4TCRlOdO2_kthn_rWTzJcjnf
m2WSj.2u_ye8kDLtnQOQhkhKjpGD1tAvGQyJ2MoJnn6qDJntfVqtjvcWdXNM
fVHhigME9ZoMnSJ97s4oXbPS0ZwYtSPsP.MeAq5W82jT0sLiZq0ii8G2R.qZ
KVa7.Z4duhoHLH3QY3sY1fxx4xfsGsrZfoSQJhqXxrUdDRhVFJtUSEwDAE.C
kV9fHgAcFD_Ga.8GmtCpCmcu6RE5D1guJoCi39BSGnfVhRVla_lL3JxFo_k4 -
X-Yahoo-SMTP: UxXxlhuswBC4wbdewolpwSmT1iJVzQ--
Date: Wed, 7 Mar 2012 16:52:05 +0000
From: Kevin Chadwick <ma1l1i...@yahoo.co.uk>
To: dev-secur...@lists.mozilla.org
Subject: Re: [b2g] Permissions model thoughts
In-Reply-To: <CA+yvPmdee8K4G=qQj2kj7bScZTZ-Xu9GCKuTTR=thwtu2qu...@mail.gmail.com>
References: <4F529EC8.7060...@mozilla.com>
<9B816263-B7D5-43B4-9897-F918F56A5...@mozilla.com>
<4F5525DB.4010...@mozilla.com>
<CAJE5ia9ge0WHL+-you12F3vAgn-Qx8ngF_mZzX39mqxD_FA...@mail.gmail.com>
<CADKQpGTw_Lj=1vkPp-AGrbxzuTYg9pm3YhvXpu=9uL_rm2_...@mail.gmail.com>
<4F563D18.7070...@mozilla.com>
<CA+yvPmdee8K4G=qQj2kj7bScZTZ-Xu9GCKuTTR=thwtu2qu...@mail.gmail.com>
X-Mailer: KeVs Mailer
Mime-Version: 1.0
X-BeenThere: dev-secur...@lists.mozilla.org
X-Mailman-Version: 2.1.14
Precedence: list
List-Id: Security of Mozilla products <dev-security.lists.mozilla.org>
List-Unsubscribe: <https://lists.mozilla.org/options/dev-security>,
<mailto:dev-security-requ...@lists.mozilla.org?subject=unsubscribe>
List-Post: <mailto:dev-secur...@lists.mozilla.org>
List-Help: <mailto:dev-security-requ...@lists.mozilla.org?subject=help>
List-Subscribe: <https://lists.mozilla.org/listinfo/dev-security>,
<mailto:dev-security-requ...@lists.mozilla.org?subject=subscribe>
Approved: dev-secur...@lists.mozilla.org
Newsgroups: mozilla.dev.security
Message-ID: <mailman.13240.1331139581.31724.dev-secur...@lists.mozilla.org>
Lines: 32
X-Usenet-Provider: http://www.giganews.com
NNTP-Posting-Host: 63.245.208.166
X-AuthenticatedUsername: NoAuthUser
X-Trace: sv3-taBaOFvpJsT9rUVZRDI1UxdRRtYjeTR4RocbvNxGy4IZuEF3RGT9qBAz7kU7SiKA77o07RPLOzfLQaA!eE0EZ1OvhDNsCO0StvKI409SnxriazbZ5oIyYGi4LG8dzLmeqm4UVU92w4dU39vtOIU5Q9pDsS69!Cha41ht2GyoZFaBCf7tGCzP1mJWQE3XPVrIB
X-Complaints-To: ab...@mozilla.org
X-DMCA-Complaints-To: ab...@mozilla.org
X-Abuse-and-DMCA-Info: Please be sure to forward a copy of ALL headers
X-Abuse-and-DMCA-Info: Otherwise we will be unable to process your complaint properly
X-Postfilter: 1.3.40
X-Original-Bytes: 5459
Content-Type: text/plain; charset=US-ASCII
Content-Transfer-Encoding: 7bit
On Tue, 6 Mar 2012 18:28:15 -0800
Adrienne Porter Felt wrote:
> For example, there is relatively little risk attached to
> letting an app turn your Bluetooth on or off.
How about a local app introduced via qr code phishing switching
it on and then a stack exploit by a local attacker or attackers device
getting root. What about bluetooth malware and the bugs in the
bluetooth stack. Bluetooth is an operating system feature that
unfortunately nautilus from the Gnome desktop depends on being
installed, when it shouldn't. Google may want the browser to be the OS
but >70% of the population never will, it's a foolish strategy for any
device that does more than web browsing (which is a useful device) even
with sandboxes and everything else they can dream up. Many security
specialist have said the modern web browser is already too much of a
bloated umbrella and they are right.
I've heard of an android app just ensuring all radio is off in case the
person is in an area banning all wireless comms, it may also form part
of a companies security policy.
I'm glad there are the permissions in Android especially if they were
more fine grained mainly to determine a non hacking apps intentions but
really the permission model in Android is more of a false sense of
security than a security feature, which is worse than no security
for those who don't realise it can be bypassed similar to apples store
where they tell people they audit apps.
If the web ever comes to us instead of us going to the web it will need
policing as seriously as email. Who knows maybe plain text web will
come along. (Joking, of course)
Message from discussion Permissions model thoughts
| Create a group - Google Groups - Google Home - Terms of Service - Privacy Policy |
| ©2013 Google |