krypted.com

Tiny Deathstars of Foulness

Recently I’ve read a lot of things about the attacks against Sony. I’ve read that they’re nothing more than extortion attempts by hackers that probably live in their parents basements (based on the fact that the initial demands didn’t mention North Korea at all). I’ve read they were orchestrated by China by people who felt North Korea was being picked on and couldn’t stand up for themselves. I’ve read highly unconvincing reports from the FBI that they were orchestrated by North Korea. No one really knows. I can send traffic to servers from anywhere in the world. Anyone can anonymize their web traffic as easily as using a ToR plug-in with Firefox. I’ve also spoken to friends at Sony that told me that they’re concerned about the future viability of Sony due to the business impacts of these attacks. I’ve also spoken with people at other studios freaking out about not wanting to “be the next Sony.” But in all of it, there’s something kicking in the back of my head. You see, if someone tried to blackmail me, I’d go to the press (or government) and allow the public to judge me for whatever it is, not cave to demands that are only likely to recur. Not giving into extortion demands is the right thing to do. If someone threatened the safety of people to go to a movie, I’d pull it as well, so that’s the right thing to do as well. There have been enough shootings in theaters and while financially potentially devastating it’s not worth the loss of a single human life to show The Interview in theaters. Of course, now that the attackers have backed off their stance, The Interview will be shown in hundreds of theaters. And it will likely be viewed online by millions of people over the next few days. And if this was carried out by North Korea, they couldn’t visit all of our homes to pull it (although the awful remake of Red Dawn by MGM might indicate differently). I believe that the good, American thing to do is show our support to Sony for all the brain candy they’ve given us in the past. More than that, our support for doing what’s right. And what’s more capitalistic of us than spending $6 on a movie (other than spending more)? What’s better for Sony than to make a little money? In America, we tend to root for underdogs. We love Rocky (which btw cost less than a million to make and brought in a breathtaking $225M – 1:225 ROI there). We wanted Rudy to score a touchdown for the Irish (TriStar – part of Sony). We practiced our kicks like the Karate Kid (Columbia Pictures – part of Sony). We watched Jerry Maguire (TriStar – part of Sony again) even though we couldn’t stand Tom Cruise and rooted for the guy who risked it all to do the right thing (Money, baby). We threw up in our mouth a little when we watched Dodgeball (Fox but a fun movie anyways). We adore Gandhi (Columbia – again part of Sony) because it won an Oscar and taught us the story of one of the greatest men of all time. We loved Charlie Sheen when he was Winning in Major League (Mirage). And we loved Kick-Ass (Lions Gate), one of the unlikeliest heros of all. Sony made Bond great again. Sony brought us Spiderman to the big screen. Sony told us about The Social Network (and were still allowed to have Facebook accounts. Sony gave us Eat Pray Love. Sony killed zombies awesome sauce in Zombieland. Sony gave us Superbad. Sony taught us a history lesson with The King’s Speech. Sony brought The Da Vinci Code to the big screen. Sony made a great movie in the Lords of Dogtown. Sony brought us Hell Boy, Adaptation (as a writer, a movie I love), Ali, Black Hawk Down and countless other movies. Some great, some not. That’s the game. Now, we have a chance to do a very small part by helping Sony escape financial ruin. And yes, they make more movies that suck than are awesome. Because that’s what all studios do. And yes, the film industry seems like a bunch of rich people being silly sometimes. But there are real people that work there. Normal people. With boys and girls and installations at burning man. Some of the best people I know. And they do great work. And sometimes the studio makes brilliant movies. And whether this was spearheaded (yes, bad pun on spear phishing) by a dictator with a bad fade, the remaining communist hardliners in China, another studio or something else, it’s up to the market to dictate the outcome. That’s capitalism. ‘Merica PS – It’s hilarious.

December 26th, 2014

Posted In: Business, Mac Security, personal

Tags: , , , , , ,

Slowly but surely information about what I left 318 to do has been leaking out. And I wouldn’t say leaking. More like being broadcast to the world. I’ve worked on a few little things here and there at JAMF Software since my arrival. But my core duty is to shepherd the development and strategy behind a new Mobile Device Management tool called Bushel. A little more about Bushel is available here, and I’ll likely post more about it here when the time is right: http://tech.mn/news/2014/11/04/jamf-software-bushel-apple-device-management/ And to access the Bushel site: http://www.bushel.com And some of the writing that are now finding their way onto the Bushel blog: http://blog.bushel.com
bushel-wordmark-dark@2x

November 18th, 2014

Posted In: Bushel

Tags: , , , , , ,

One of my favorite tools for penetration testing is Nessus from Tenable Network Security. Nessus 5 is the latest release in the family of vulnerability scanners that is probably amongst the most prolific. Nessus 5 does discovery, configuration auditing, profiling, looks at patch management and performs vulnerability analysis on a variety of platforms. Nessus can also run on a Linux, Windows or Mac OS X and can be used to scan and keep track of vulnerabilities for practically any platform, including Mac OS X. To install Nessus, go to the Nessus site and click on the Download button, around the middle of the page. Agree to the download agreement and then choose the version that is right for you (Mac OS X in this case).
Download Nessus for Mac OS X

Download Nessus for Mac OS X

The software will then download and need to be installed. Once downloaded, open the Nessus dmg and extract it. Inside will be the Nessus 5 package installer.
The Nessus Installer pkg

The Nessus Installer pkg

Open the installer and click through the defaults to perform a basic installation.
Installing Nessus

Installing Nessus

Once done, you’ll have the Nessus Server Manager and Nessus Client.url in a Nessus folder in the Applications directory.
The Nessus Applications

The Nessus Applications

Open the Nessus Server Manager and authenticate as an administrator when prompted. When you downloaded the software you would have been prompted for registration. Provide that information in the registration field. Then click on Update plugins to make sure all of the Nessus plugins are running the latest version. Finally, click on Manager Users… to create your users.
Nessus Server Configuration

Nessus Server Configuration

At the list of Nessus users, click on the plus sign and create a new user, likely making the user an admin (I see few vulnerability scanning stations that have non-administrative users, which would just be for viewing reports and the such). Click Save to create the user and then close at the List of users screen.
Create Nessus Users

Create Nessus Users

If the Nessus server isn’t started, click on Start Nessus Server. Then click on the Nessus Client.url file back where the Nessus Server manager was accessed. At the Nessus login screen, provide the username and password for the Nessus server that was previously created.
Authenticate to Nessus

Authenticate to Nessus

Once authenticated, you will be placed in the Scans screen. Before we configure any scans, we’re first going to create a Policy (which defines how a scan operates for the most part). To do so, click on Policies and then click on the Add button. There are four policy tabs (aligned on the left sidebar). In the General pane, you will configure the name for the Policy, “Mac Servers” in this example. Then we’re going to check the boxes in the Scan section for Designate Hosts by their DNS Name, Log Scan Details to Server, Stop Host Scan on Disconnect and Avoid Sequential Scans. Then check the boxes in the Port Scanners section for TCP, SYN, SNMP, Netstat SSH and Ping Host. Leave the Port Scan Range set to default and the Performance options at their default values as well. These are useful when you’re done tinkerating to get better performance out of the system, but we’re not really there just yet.
Nessus' General Policy Settings

Nessus' General Policy Settings

Click on the Next button to define any credentials you’ll use during scans. Initially, I’d leave this blank, although you can provide SMB information for up to 4 accounts to see what kind of access users have. You can also define Kerberos, SSH and various cleartext credentials as well. We’re going to skip that for now and click Next to define the Plugins.
Giving Nessus Credentials To Your Boxen

Giving Nessus Credentials To Your Boxen

At the Plugins screen, we’re initially going to leave all of the plugins on. The reason for this is that many of the Lion Server services are similar to those of the various Unix and Linux variants and we can scan SMB with the Windows plugins. These can’t hurt, they might just waste a little time though. Clicking on a Family and then a plugin will show you what each does. Clicking on the green light for each will disable it.
Choosing Nessus Plugins

Choosing Nessus Plugins

Click on Preferences and define any preferences that you need. Amongst the plugin preferences I usually enable network printer scanning, CGI scanning, Enable experimental scripts, set my Report verbosity to Verbose, provide any certificates needed and then hit Submit to create the new Policy.
Defining Nessus Options

Defining Nessus Options

Next, let’s click back on Scans in the navigation bar on the screen. As you can see here, I’ve created a few template scans, but we’re going to create a new one by clicking on the Add button.
Adding A Nessus Template

Adding A Nessus Template

Provide a name for the scan and then choose the Policy you just created. Set the Type to Run Now (since we’re just testing) and put the IP address of a target into the Scan Targets field. You can also import a large set of targets using the Brows button and a csv file or use Schedule or Template rather than Run Now in the Type field to schedule scans or create a template scan. Click Launch to kick off the first scan.
Running a Manual Test Scan

Running a Manual Test Scan

Once started, click on the Reports button in the top nav bar to see the status of the scan.
Completed Nessus Scan

Completed Nessus Scan

Once the scan is finished, click on the scan to see a list of vulnerabilities and open ports, sorted by the severity of issues. Here, double-click on the host.
Nessus Scan Results Overview

Nessus Scan Results Overview

The Report screen then shows each service and the vulnerabilities found for that service. Click on one of the vulnerabilities to see what Nessus thinks is problematic with it.
Nessus' Service List

Nessus' Service List

Now for the fun part. Each of the vulnerabilities listed will have CVEs attached.
Nessus Vulnerability Listing

Nessus Vulnerability Listing

By default, Nessus is just looking at the service banners to determine vulnerabilities. If you look up the CVE at CVE Details or PacketStorm you’ll see that it was patched a few months ago by most vendors. Now Nessus can get things wrong with Mac OS X. The issue is that Apple forks the code for many open source projects, not always updating version numbers on banners. Looking up or testing whether a vulnerability is still applicable can be tedious but would likely need to be done per service according to your internal security policies. An easy way to test these vulnerabilities is to use Metasploit, a tool I’m long overdue to write an article on. Another way is to try and run the exploit against the host. Apple does a pretty good job of addressing CVEs in their security updates, so don’t waste a lot of time trying things if Apple has already patched them. I have found a really good tool for automatically attempting to exploit via msf + nessus to be Carlos Perez’ auto exploit tool, available on github. Finally, Nessus is a great tool for scripting. One of the big differences that throws off many an experienced Nessus operator off with the version for the Mac is the location of the Nessus binaries. They are in /Library/Nessus/run/bin. In here you’ll find nasal, nessus, nessus-fetch, nessuscmd etc. The command line control here is pretty awesome. Let’s run nessuscmd to scan a net mask of hosts (192.168.210.0/24): sudo /Library/Nessus/run/bin/nessuscmd 192.168.210.0/24 There are tons of other options for nessuscmd, such as adding ssh keys, smb logins, scanner options, using a remote nessus server, etc. Or use the nessus binary to kick off scans using a nessus config file. The nessus.conf file is also stored in the /Library/Nessus/run/etc/nessus directory, worth looking into.

February 23rd, 2012

Posted In: Mac OS X, Mac OS X Server, Mac Security, Mass Deployment

Tags: , , , , , , , , , , , , , ,

Large deployments of Mac OS X based systems are becoming more and more prevalent. In some ways, this is due to one to one programs and more frequent enterprise deployments of Mac OS X. As such, people are more and more looking to manage systems. And any time you have systems being managed, those using managed systems start looking to break the management of the computers. Therefore, a new topic comes up: trying to discern when a system has broken out of the management framework. For example, how do you know when users have broken your firmware password? How do you know when they’ve circumvented your managed preferences framework to give themselves teh root? How do you know when they’ve traded access to teacher tube to some other video site with more scantily clad teachers on it? How do you know when employees have unlocked the “My IT Department Sucks” badge on Foursquare at work, even though your firewall specifically doesn’t allow access to social networking sites? Here are some tips, most of which assume there is some form of patch/policy/update management solution (e.g. Casper, Absolute Manage, FileWave, Puppet, etc) in use in the environment:
  • Create a jailed environment. If the system breaks any of the other rules then put them in the jailed environment. While in the jailed environment, revoke Internet access (e.g. set an invalid proxy, static the gateway to 127.0.0.1, kill name resolution or something like that). Also alert admins any time the system is jailed.
  • Hide your admin accounts: http://krypted.com/mac-os-x/mac-os-x-hey-wheres-my-admin-user/ and pre-Lion, possibly an entirely hidden dislocal node.
  • Check the date and time stamp of /var/db/shadow/hash daily. If the date/time stamp does not match the last time you changed the password then the system has broken the policy. In Lion, check the contents of /var/db/dslocal/nodes/Default/users and check root/your local admin, as well as your local admin password.
  • Set the firmware password: http://krypted.com/mac-os-x/those-pesky-firmware-passwords but use your patch management to set it more frequently – or check the contents of the firmware password against what it should be (such as at http://paulmakowski.blogspot.com/2009/03/apple-efi-firmware-passwords.html). You cannot “lock” or force a firmware password, but you can verify that they haven’t been changed.
  • Check pmond, if the mode of any files are not as intended then reset and alert that it was changed. You could scan other binaries, particularly in /bin, /usr/sbin, etc w/ something like tripwire: http://krypted.com/mac-os-x/basic-installation-of-tripwire
  • If Lion, enable Full Disk Encryption, which requires the recovery partition. So hack the recovery partition to remove reinstall abilities and anything else dangerous in your environment: http://krypted.com/mac-os-x/hacking-around-in-lions-recovery-mode
  • If using mcx, compare the mcxread output to that which is expected (e.g. for a user or a computer, I wouldn’t mix them given that you may get more false positives than you want)
  • Consider an old security topic: extrusion detection. Here, we look for traffic patterns that would be normal, that is, if the system were an unmanaged host. For example, if part of your management is to proxy traffic and the system is not using your proxy then that could be a problem. So look for unproxy’d traffic hitting your firewall from systems where it shouldn’t.
  • My favorite: the honeypot. Put something on the computers that looks awesome, that users just can’t help but think they just have to open. For example, a file called “Access to the Grading System” in a school or “Admin Access to Payroll System” in a company. Something almost ridiculously named. Put it somewhere that only a user with administrative access could get (like the desktop of your local admin account). When they open it, disable loginwindow.
  • Finally, take a hard line with those who break the rules. Making an example of someone is sure to end up greatly reducing those who might follow in their footsteps. In a corporate environment this can be tricky, as people have to do their jobs, but feel free to be crafty. I like the old scarlet letter approach, or caning. But given that those aren’t quite so popular any more, perhaps pop-up screens that say “HAHAHAHAHAH, we busted you – you were pwnd suckah!” every 15 minutes that flash pink and yellow so all their friends can see it isn’t a bad call. In schools, particularly in one to one environments, such would be particularly embarrassing, but we don’t want to scar them for life. Thus the significant drop in caning. You could also take the machine away for a day or two, (time to reimage it). Maybe force them to use SimpleFinder…
The balance between giving users the ability to have as open an operating environment as possible while still enforcing the basic policies that the organization has deemed are required is a struggle. Especially if all of the users have admin accounts. But we’ll address that one at a later time… For now, I’d like to hear some of the things others have done. Normally I don’t solicit commentary on my site, but I figure the site turns 8 years old in a few weeks, so why not! Oh, did I mention, there’s a prize for the most awesome comment!

December 5th, 2011

Posted In: Mac OS X, Mac OS X Server, Mac Security, Mass Deployment

Tags: , , , , , ,

For some time, Juniper has been agressively trying to win converts from Cisco. Not only in terms of sales, but also the hearts and minds of the engineers who influence purchasing decisions. Aggressively going after engineers has meant that for years, Juniper has made their certifications essentially free for those of us who were certified with Cisco. But now, they’re starting to cast their net a little wider and go after getting anyone and everyone certified for free, provided of course that you can pass the test. Juniper’s Junos is being offered for free for a limited time. If you’re interested in beefing up your security and/or networking skills, this might not be a bad certification to look at (can’t beat the price and all): http://f.netline.junipermarketing.com/juniper006e

August 28th, 2010

Posted In: Network Infrastructure

Tags: , , , , , , , , , ,

I got this press release and thought it was pretty interesting. It’s just a cut/paste, and hasn’t been edited:
BREAKING NEWS – New York City – MacPhoneHome finds another stolen computer! Late on a recent Sunday night, a Columbia University student was crossing Morningside Park returning to the Columbia University campus. He was accosted by four knife wielding thugs who beat him and robbed his MacBook Pro laptop, iPhone and wallet. The student advised Columbia University security personnel that since his laptop was partitioned with both a Windows and Mac Partition, he had installed both PC PhoneHome and MacPhoneHome tracking and recovery software on his computer which is available by contract to all Columbia University students, faculty and employees as a free download. Columbia University security personnel immediately notified Brigadoon Software, Inc.the makers of PC PhoneHome and MacPhoneHome who’s recovery agents, most of whom are former law enforcement, sprang into action. Messages from the stolen machine indicated the thieves were using both partitions of the stolen computer and moving around logging onto the internet from various locations in the NYC Metropolitan area in the following week. Working with NYPD Detectives, Columbia University security personnel and local Internet Service Providers, Brigadoon’s Recovery Agents pinpointed the exact location of the stolen laptop. NYPD Detectives secured a search warrant and raided the location. Result: The student’s MacBook Pro, his iPhone and wallet were recovered. One mugger arrested and three others have been identified and are being sought. What are you doing to secure your computers from theft? Checkout PC PhoneHome and MacPhoneHome at: http://www.brigadoonsoftware.com

May 1st, 2010

Posted In: Mac Security

Tags: , , ,

Graham Lee is working on a title about Mac OS X Application Security. You can find it at Wiley or click on the link for Amazon: http://www.wiley.com/WileyCDA/WileyTitle/productCd-0470525959.html

January 30th, 2010

Posted In: Articles and Books, Mac Security

Tags: , ,

Sorry, I can’t help it. That whole “iPhone Security Problems” thread I’ve seen on a few sites recently due to that worm. Oh, then there was a second worm that did the same thing. Really? Did these awesome security gurus realize that the device has to be jailbroken? Oh and they have to still have the default password used for SSH? I would hope that if you know enough to jailbreak the device without bricking it that you know enough to change the default SSH password. Interestingly enough though, an estimated 6 to 8 percent of iPhones are jail-broken… If there have been 21 million sold, that provides an attack surface of around a 1.2 million if you just target jail-broken phones. A PC needs to be running on the same network infected with a totally different worm that tries to log into the phone and steal things. By the way, here’s a huge new security vulnerability I should write – if you leave your LinkSys with the default password AND you allow administration over the WAN then someone can break in over the WAN and mess it up… Of course, in that case you should maybe be with the LinkSys (although the power adapter might cause more damage in terms of hit points), but for some reason people aren’t being beaten over the head with an iPhone but instead so-called security experts find spreading FUD is far more helpful than doing something for a living, like real research. I just have to reiterate this. There’s a worm out there that scans a subnet and attempts a specific SSH user name and password, if it works then it tries to steal some data, or in a different variant just Rick Rolls ya’. Somehow the fact that in order to put an SSH server on the subnet in the first place you had to void a warranty and forklift SSH onto a device, which took great pains to do, and subsequently forgot to change the password for that SSH server means nothing; nor does the fact that you also need a frickin’ Windows computer to carry the worm to you that’s also infected. Crap, just crap.

November 25th, 2009

Posted In: iPhone

Tags: , , , ,

Apple has posted the documentation for Snow Leopard Server: http://www.apple.com/server/macosx/resources/documentation.html You may now learn how to do all kinds of fun things…  Like play with Podcast Composer, one of the nicest updates of them all (so much so, it got its own PDF).

August 27th, 2009

Posted In: Mac OS X, Mac OS X Server, Mac Security

Tags: , , , ,

Google’s Android is a very small Linux distribution. Recently I needed to test some applications that were developed by a couple of friends of mine. Rather than run out to T-Mobile I figured I’d just install the new LiveAndroid disk and thought I would write up how to get setup using VMware Fusion and then go about doing some tasks with Android. To get started make sure you’re running the latest Fusion (or Parallels or Q or VirtualBox). Then download two ISO files from http://code.google.com/p/live-android/ liveandroidv0.2.iso.001 and liveandroidv0.2.iso.002. Once you have downloaded the two ISO files we’re going to need to join them.  To do so
cat liveandroidv0.2.iso.001 liveandroidv0.2.iso.002 > liveandroidv0.2.iso
That will take a few seconds to complete.  When it’s done, open up VMware and then click on the New button in the lower left corner of the Virtual Machine Library screen.  At the New Virtual Machine Assistant, first click on Continue Without Disk and then choose the Use Operating System Installation Disk Image File: option, selecting the ISO file from the browse screen.  Once selected, click Choose in the Browse dialog box and then back at the New Virtual Machine Assistant Screen click on Continue. At the Choose Operating System screen, leave the Operating System and Version fields set to Other and then click on Continue.  The Default memory and disk capacity should be fine (256MB of memory and 8GB of disk).  The default Shared networking (NAT) option will also have the Android instance able to boot with the network interfaces functional (unlike in my VirtualBox testing), so leave that as-is as well.  Click Finish and then the Android virtual machine will start. Once started you’re going to get an error about the battery.  This is not a big deal, click on OK to suppress it.  If you can’t find your cursor then look for the faint grey arrow.  You can then click on the default home screen applications (Messaging, Dialer, Contacts or Browser) or on the slider to the right of the screen for the rest of the applications (such as the Gallery or the Camera).  If you use the space bar you’ll open the dialer (not that you can dial out or anything) and if you use the the Escape key you’ll back out of an application, back to the home screen. To get to the command line you can use the fn-alt-F1 (the F1, when pressing the fn key is immediately to the right of the Escape key whereas the alt is the same as the option on Mac in that scenario).  The fn-alt-F7 combination will switch back from the command line to the home screen. When you’re at the command line you’ll have a number of options. Because LiveAndroid .2 supports DHCP there’s usually no need for configuration of the network stack, although I did have to configure it manually in VirtualBox.  To do so I started with ifconfig, which works similarly in Mac OS X.
ifconfig eth0 192.168.210.30 netmask 255.255.255.0
Then I setup a gateway with the route command:
route add default gw 192.168.210.1 dev eth0
You can also use setprop to define your DNS servers.  For example, to set 4.2.2.2 as a DNS server you would use the following:
setprop net.eth0.dns1 4.2.2.2
I also use a proxy so I had to configure that in order to be browsing the old interweb.  After a bit of noodling around I realized that Android stores a number of settings in a sqlite database stored in /dat/data/com.android.providers.settings/databases/settings.db.  If you remember, I did an article on using sqlite3 with Address Book on Mac OS X awhile back – this is all very similar to that, as sqlite doesn’t really change much (if any) from platform to platform.  To open the database in sqlite3, use the following command:
sqlite3 /dat/data/com.android.providers.settings/databases/settings.db
Then type .tables and you should see one called system.  We’re going to insert the proxy data into it, in this case inserting proxy.krypted.com:8080 using the command:
insert into system values(99,’http_proxy’,’proxy.krypted.com:8080′);
At this point I’m off to the races with the web browser.  Next I have a couple of applications friends have developed that I’d like to install.  From the command line this is pretty easy.  They put them up on their websites and then I go to /system/app using the following command:
cd /system/app
Next, I use wget to pull down the app (which is in the form of an apk file), assuming that the name of the server is my.server.org and the name of the app is myapp.apk:
wget http://my.server.org/myapp.apk
Once I’ve downloaded the app I’m going to go ahead and create a shortcut key just for that application by adding a line to /etc/bookmarks.xml that reads as follows (which would use the z key to open the app):
<bookmark package=”com.myapp” class=com.myapp.class” shortcut=”z” />
Next, I’m going to flip through all of the tables looking for any other settings back in the settings.db that I’d like to change.  To look at the options for each table use ‘select * from’ followed by the table name.  So if I wanted to look at the SYSTEM table I could use the following command from within the sqlite3 interactive mode for settings.db:
select * from SYSTEM
You can then find a value and edit it as we did earlier but with update instead of insert. Many of the common commands and tasks that you might be used to are exposed in android.  For example, you can edit the /etc/hosts file to force address resolution.  Also, while I’m testing my friends applications I’m also monitoring statistics within my Android instance.  This is fairly straight forward in some cases as I can simply cat many of the files located in the /proc directory, such as cpuinfo and loadavg. Looking at these files through VMware while launching an application exposes some of the underlying security framework.  Much like the iPhone, processing for a given application is halted when another application is launched.  In Android though, each application is written in Java and each runs both as its own Java virtual machine and with its own UID.  This isn’t to say that Android applications are sandboxed from one another as in the iPhone when the Activity (screen) is not in the foreground.  Instead, there is a framework for background processing with a service.  Many of the built in aspects of Android can run as services, although none of the third party applications I was looking at leveraged this component of the Binder (borrowed from BeOS).  Any information shared between different applications works via a Content Provider service.  If you look at the path for the sqlite3 database, it’s using providers in the path.  This isn’t meant to reference cell phone providers but instead the internal’s content providers. Each application can be considered a risk to install.  Therefore, each application has a corresponding AndroidManifest.xml file which provides the rules that the application has to follow along, permissions and a listing of all of the components of the application (binaries, libraries, scripts, etc).  Each application can therefore have a component of itself exposed to other applications (typically used for example if you have a chain of applications with permissions between them), with an additional permission of having an application that publicly makes its data available to others.  I could see uses for something like this with photo sharing applications but overall it leaves exposure for the manifest to open communications between applications if compromised.  I have not been able to thoroughly test whether input validation is available  here, but it’s theoretically possible for an application to either obtain elevated privileges from another or to influence the data in another.  Granularity of these permissions is possible but must be configured by the developer.  I was able to use one of the applications I was testing to access the contacts on the machine, a bit of a concern, but common.  Overall, it’s hard to conceive installing any application without a prior thorough review of the manifest if I were working on a production device. Android is just a trimmed down Linux.  I would expect a Chrome OS to be very similar.  I don’t even expect it to have much more or much less (although I would assume it will run gears and all of the dependencies of gears).  If you replace the Dialer application in Android with Google Voice and add support for an LDAP client then you would have much of what I might expect out of a NetBook OS.  If Android is to be tailored to be a NetBook OS I’d like to see Full Disk Encryption for Android as well, even if most data is stored in the cloud.  But then, I’d like to see that for all devices…  If Android does offer a snapshot into what Google Chrome will look like then it seems like applications written in Java, whether for Blackberry, Palm Pre or Android would likely fairly easily be ported into the platform and therefore be a sandbox worth pursuing assuming that is the case; because while people seem to love the idea of the cloud at the end of the day they seem to also be hooked on their fat clients.

July 28th, 2009

Posted In: Ubuntu, Unix

Tags: , , , , , , , ,

« Previous PageNext Page »