I have summarized this bug in a video here.
http://youtu.be/O8lSz7yYnY4
moksha51 said:
I have summarized this bug in a video here.
http://youtu.be/O8lSz7yYnY4
Click to expand...
Click to collapse
The reason is that you are a) using Wifi that requires an HTTP type of authentication via browser like ones you find in Hotels, Coffee shops, etc. and b) the reason it works on an external browser besides Chrome because updated Chrome has SSL validation checks to disable certain types of SSL certificates that certain sites uses. Other browser might not have the same security validation checks, therefore, it loads the page ok.
vboyz103 said:
The reason is that you are a) using Wifi that requires an HTTP type of authentication via browser like ones you find in Hotels, Coffee shops, etc. and b) the reason it works on an external browser besides Chrome because updated Chrome has SSL validation checks to disable certain types of SSL certificates that certain sites uses. Other browser might not have the same security validation checks, therefore, it loads the page ok.
Click to expand...
Click to collapse
I agree the problem is due to SSL validation in Chrome. But there must be a way to "trust" certain websites or a workaround in Chrome that allows you to continue to the website anyway.
If you noticed in the video, when you try to login from Settings-> Wifi directly, that's impossible to do, as well. I witnessed something similar in Kitkat. I remember I had issues logging in to the same Wi-Fi with KK . But I was able to hit "Proceed anyway" in Chrome and was able to login.
Hypothetically, if you don't have a third party browser installed and you want to login to a hotel wifi, you can't ?
Related
I have a bit of a concern here regarding Skyfire as i wonder how it works and loads pages.
I tested the following by opening a site which shows your IP-adress, source and stuff (sorry links are forbidden for me but it doesnt matter anyway and can easily be tested by you guys).
(1) 3G connection, OPERA browser: It shows adress A (as expected)
(2) WLAN connection, OPERA browser: It shows adress B (as expected)
(3) 3G connection, Skyfire browser: It shows adress C (???)
(4) WLAN connection, Skyfire browser: adress C again (??????)
What i am worried about: am i using a proxy all of a sudden (automatically)? Can I forbid it to do so?
I have the bad feeling about that, so could someone please explain to me what exactly happens (say when I open my bank account)? Who grants it is my device that renders the pages?
Privacy terms:
(is it normal to collect all this as a browser? Does Opera/IE do so as well?)
Am i just paranoid?
When you use Skyfire Labs' mobile browser, Skyfire Labs keeps collects activity information as follows:
•When you sign up for a Skyfire Labs account or service in the application, you provide personal information during the registration process, such as your name, email address, mobile phone number, and account password. We maintain your sensitive information, such as account passwords in an encrypted form on secure servers.
•When you use the Skyfire Services, our servers automatically record certain information about your usage from your mobile device. These server logs may include information such as a mobile device identification number and device identifier, web requests, Internet Protocol ("IP") address, browser type, browser language, referring / exit pages and URLs, platform type, number of clicks, domain names, landing pages, pages viewed and the order of those pages, features used in the Skyfire mobile application, the number of shared pages and referrals related to Skyfire, the amount of time spent on particular web pages, the dates and times of your requests, and cookies that may uniquely identify your device to web sites you visited.
•Skyfire Labs might maintain usage data to assist Skyfire Labs in debugging its system or addressing other problems in its products or services. This usage data may include such information as your web request, web response, IP address, the date and time of your request, size of the communication, and cookies as well as client side data such as connect times, connect failures and performance problems.
Click to expand...
Click to collapse
archvile77 said:
I have a bit of a concern here regarding Skyfire as i wonder how it works and loads pages.
I tested the following by opening a site which shows your IP-adress, source and stuff (sorry links are forbidden for me but it doesnt matter anyway and can easily be tested by you guys).
(1) 3G connection, OPERA browser: It shows adress A (as expected)
(2) WLAN connection, OPERA browser: It shows adress B (as expected)
(3) 3G connection, Skyfire browser: It shows adress C (???)
(4) WLAN connection, Skyfire browser: adress C again (??????)
What i am worried about: am i using a proxy all of a sudden (automatically)? Can I forbid it to do so?
I have the bad feeling about that, so could someone please explain to me what exactly happens (say when I open my bank account)? Who grants it is my device that renders the pages?
Click to expand...
Click to collapse
Skyfire works by rendering pages server side, compressing them, and then sending them to you. It has a few advantages, but yes, it does mean that all information goes through them. Adjust tinfoil had accordingly.
this means that even the information i enter like usernames/passwords and so on have to be transferred to their servers. otherwise they would be unable to render protected sites.
which means: bank accounts, any logins,....
i am shocked tbh.
Yup. It's the downside of server-side rendering with compressed transmission. Opera Mini does it as well (not Opera Mobile).
opera mobile do it too if you turn on opera turbo
On a browser, you can initiate an SSL connection to log into your facebook or twitter account by using https...what about these apps on Android? Do I need to worry about people intercepting my passwords??
That's entirely dependent on the application. Dropbox can use a secure channel of communication or it could communicate in the open. Based on it's methods, I'm inclined to believe it's secure but I've not tested it.
Twitter had a large push towards it's OAuth login mechanism. However, there are documented methods that don't require applications to use it. So, again, it entirely depends on the application. Really, regardless of how this is done, your password shouldn't be passed in the clear.
Hi, my university (California State University, Long Beach in case you know it) has a splash page (BeachNet) for its campus-wide WiFi network. The page requires you to log in and prevents you from saving the username and password via (I'm guessing here) autocomplete=off.
Is there a way to get around this limitation via the Android Browser (or any other browser)? The page does not have to stay open, you must just login once. Disconnecting and reconnecting even works w/o re-entering credentials.
Does anyone know how to force the browser to save log-in information?
Edit: Being able to open the page, it's basically something like secure.arubanetworks.com/login.cgi&ip=10.0.0.0&mac=4d:7e etc. So it looks like the mac address and ip address are used as part of the URL identifier. I suppose that this would mean the browser would see them as separate pages. Hope this helps!
Check out firefox beta for (i guess) android?
It supports saving account + password. Works very well for me.
it didn't show up in the market (do i need a market hack/fix?), so i got the latest Fennec build from Mozilla FTP. Unfortunately, that didn't work.
Hey guys...
I need your help... I have been trying to install my CA Certificate so i can use it for XenApp Hosted Applications.
After 3 hours of struggling & trying to get my Xoom to recognize the Certificate i finally got it working by changing the .cer file to .crt & changing it from .pfx to .p12
& placing it on the mnt/sdcard/
So after it was recognized i was jumping with joy and started Citrix Receiver and logged in on my domain & started an app.. but i still get the same certificate error The error is "An Error has occured while making an SSL Connection to Xenapp. Please contact your Xenapp Administrator"
Please help.
I've given up trying to set up citrix directly through the app. I get authentication errors and certificate errors no matter what variation i use.
People that use ipads have no problems so I've concluded its just a matter of the amount of access/device types that have been granted by the admins.
Something that does work for me though: When I open my companies web access portal through firefox it downloads an .ica file that opens in the citrix app. I've tried other browswers including the stock browser, dolphin for pad, and others that don't work correctly but firefox does.
I am the Admin & I myself have setup the Citrix XenApp Server, and i know this for sure that Mobile Devices are fully allowed.
Even if we get the .ica via firefox are we able to run it & run the hosted apps? on the stock / dolpin hd browser it doesn't work nothing happens if you click on the apps icon.
thats what I meant. Getting the .ica via firefox is the only way i can get the citrix app to launch stuff.
Hey there XDA
So I was reading this article the other day that pertains to security and encryption on the Android Operating System
http://www.bibliotecapleyades.net/sociopolitica/sociopol_cia38.htm
Basically what is says is that even if you use encryption in apps there's nothing preventing people from accessing your devices mic or camera
But I was thinking what if you encrypt ALL outgoing traffic? Now I'm not the most well versed guy when it comes to technology but I've heard about for example SSH tunnels
So I found this guide on how to setup one on Android: https://www.howtogeek.com/121698/how-to-route-all-your-android-traffic-through-a-secure-tunnel/
Would this effectively encrypt all outgoing data?
Eklondh said:
Hey there XDA
So I was reading this article the other day that pertains to security and encryption on the Android Operating System
http://www.bibliotecapleyades.net/sociopolitica/sociopol_cia38.htm
Basically what is says is that even if you use encryption in apps there's nothing preventing people from accessing your devices mic or camera
But I was thinking what if you encrypt ALL outgoing traffic? Now I'm not the most well versed guy when it comes to technology but I've heard about for example SSH tunnels
So I found this guide on how to setup one on Android: https://www.howtogeek.com/121698/how-to-route-all-your-android-traffic-through-a-secure-tunnel/
Would this effectively encrypt all outgoing data?
Click to expand...
Click to collapse
Not really, setting up an SSH tunnel will only encrypt your traffic between your device and your server, at some point most traffic will have to enter the internet in just as secure manner as it does now so that you can view a website for example, it will add another layer of security, but really only useful for privacy from those on your local network or (if your server is outside your ISP network) from your ISP also (but you'd have to change your DNS servers also or they can get info from there about sites you visit)
Also non of that will stop the issue you mention above about gaining access to your camera, mic, files etc that to beat encryption they just have to gain access to your phone, that could be as simple as sending you a malware link to your email, Whatsapp or whatever, which you visit. Which seems to be what my mum did 2 days ago, there was a well crafted email that appeared to be from Genes Reunited making specific reference to her personal private data & contacts in her account so she clicked the link, now she has no internet access & other issues on tablet, but of course I can't log in to fix from here & she can't follow my instructions over the phone properly! The email password she gave me doesn't work (I wanted to examine the file she clicked on), though there was no confirmation via txt of password changed. So right now I'm not sure as could be related to the TalkTalk hacks.... Or just my mum! Rant over!
So in short no, ssl is not a simple solution
this might help. https://www.torproject.org/
"err on the side of kindness"
IronRoo said:
Not really, setting up an SSH tunnel will only encrypt your traffic between your device and your server, at some point most traffic will have to enter the internet in just as secure manner as it does now so that you can view a website for example, it will add another layer of security, but really only useful for privacy from those on your local network or (if your server is outside your ISP network) from your ISP also (but you'd have to change your DNS servers also or they can get info from there about sites you visit)
Also non of that will stop the issue you mention above about gaining access to your camera, mic, files etc that to beat encryption they just have to gain access to your phone, that could be as simple as sending you a malware link to your email, Whatsapp or whatever, which you visit. Which seems to be what my mum did 2 days ago, there was a well crafted email that appeared to be from Genes Reunited making specific reference to her personal private data & contacts in her account so she clicked the link, now she has no internet access & other issues on tablet, but of course I can't log in to fix from here & she can't follow my instructions over the phone properly! The email password she gave me doesn't work (I wanted to examine the file she clicked on), though there was no confirmation via txt of password changed. So right now I'm not sure as could be related to the TalkTalk hacks.... Or just my mum! Rant over!
So in short no, ssl is not a simple solution
Click to expand...
Click to collapse
Heh, **** man.. Hope she sorts it out
Now I think I've decided to use an SSH tunnel paried with RSA authentication for the time being, it seems good enough for me
mrrocketdog said:
this might help. https://www.torproject.org/
"err on the side of kindness"
Click to expand...
Click to collapse
Tor seems awesome
The proper way to achieve this is using a vpn which permits flexibility on the networking side. I use openvpn server on my home computer and i connect my phones to it. It is set to redirect all traffic through the encrypted tunnel which is forwarded to the internet through my home computer.
Now as noted before the information still goes out to the net at some point and comes back. Encrypting traffic does not help if you click on something malicious out there.
It does help to prevent the directly connected network to snoop on your actual traffic though. Handy when you connect to free wifi etc. Also you can filter traffic by application on the phone or by destination on the other side on the server.