Found this article about a safety issue with 99% of the android phones concerning personal info.
Oke seems i cant post links yet :S. Google : Android handsets 'leak' personal data
and the top result is the BBC news article.
Here are the links:
http://www.uni-ulm.de/en/in/mi/staff/koenings/catching-authtokens.html
And this is from BBC:
http://www.bbc.co.uk/news/technology-13422308
I'm fed up with the bbc giving preferential treatment to ios users in the UK, so I set up a petition on UK govt website asking them to tell the bbc to implement downloads for android users OR remove this for ios users. Not to hurt ios users but to force the bbc to treat android users equally and fairly. I hope people will sign it. It's nearly 5 month's since the bbc made downloads available to ios users, and promised to do the same for android "soon". 5 months is not very "soon" is it ? I hope a non New user will post this with the link
epetitions direct gov uk /petitions/44867
Heartbleed: Install Chromebleed on Chrome to Detect Affected Sites
Yesterday, OpenSSL’s biggest bug – Heartbleed – was announced, along with the fact that it affected some two thirds of the world’s websites.
Some pretty important sites have been affected by the security bug, including Yahoo, Flickr, Kickass Torrents and many more.
Visiting these sites until the vulnerability is fixed is a bit dangerous. While the situation hasn’t exactly changed over the past two years and users are still vulnerable to the same issues, more hackers could now attempt to exploit the bug.
Since any attacks conducted so far have left no traces, there’s no way of knowing exactly how many times the vulnerability was used to obtain data that should have been encrypted, be it passwords or banking information.
Now that Heartbleed has been exposed, sites are that much more in danger until they fix the security problem since, after all, if hackers didn’t known about the bug, they do now.
Along with the announcement, a patch has been made available for OpenSSL, as well as a small Chrome extension for those users who want to make sure they’re not browsing a website that is still exposed to the issue.
Dubbed “Chromebleed,” the tool uses a web service developed by Filippo Valsorda and checks the URL of the page. If affected by Heartbleed, a notification will be displayed.
The tool is in no way intrusive and takes a small place in the extensions bar to the right of the address bar in the browser. It can easily be removed at any time.
You can download Chromebleed from the Chrome Web Store or from Softpedia.
Sent from my SM-N900P using XDA Premium 4 mobile app
Not a very smart thing to install SOME application to run on your device to detect a security hole.
It's a nice way to trick people to install things they would not normally install.
Heartbleed is out in the air for a longer time, not from yesterday.
OpenSSL TLS flaw
Claims most all testers are flawed.
"Herein lies the problem with the detection tools..."
http://www.theguardian.com/technology/2014/apr/16/heartbleed-bug-detection-tools-flawed
A good look at the results of detection tools compared:
http://www.hut3.net/blog/cns---networks-security/2014/04/14/bugs-in-heartbleed-detection-scripts-
I know openSSL is free software, but maybe someone could pay them to have a few full time employees?
One plus ten or so volunteers? Not gonna catch everything :-$
Doesn't make sense to test for something you cannot fix. We should wait for updates from teh devs and that's the only thing we can do.
Can smartphones, particularly Android ones, be affected by this bug? I thought only windows are affected. Correct me if I'm wrong...
New funding for OpenSSL security audits etc.
av2588 said:
Can smartphones, particularly Android ones, be affected by this bug? I thought only windows are affected. Correct me if I'm wrong...
Click to expand...
Click to collapse
If you run Android 4.1.1. or similar early JB you might be still open to exploit.
Apr 15, 2014
The Heartbleed OpenSSL flaw affects the earliest version of Jelly Bean, which powers millions of activated Android devices.
Click to expand...
Click to collapse
http://www.citeworld.com/article/2143625/mobile-byod/heartbleed-android-jelly-bean-disaster.html
If you'd like to chek yourself out: https://play.google.com/store/apps/details?id=com.lookout.heartbleeddetector
This thing might be less likely in future.
Tech giants team up to prevent new 'Heartbleed' -- 04/24/14
Click to expand...
Click to collapse
http://thehill.com/policy/technology/204260-tech-giants-team-up-to-prevent-new-heartbleed
++++++++EDIT+++++++++
Sorry - I spoke too soon. Others may also be vulnerable to that heartbeat flaw
According to FireEye, Android apps can often bypass the operating system's libraries for cryptography and use their own native OpenSSL
libraries, which may not have been patched. Even though an app may be connecting to a secure, patched server, if the app itself uses
a vulnerable version of OpenSSL, the connection is still insecure, Hui Xue, senior engineer...
...
To add further insult to injury for end users, FireEye found that apps that claim to scan for the Heartbleed flaw on Android, for the most part,
don't really work. Looking at 17 different apps that claim to scan for Heartbleed ...
"Only two of them did a decent check on Heartbleed vulnerability of apps,"...
...
"We've also seen several fake Heartbleed detectors in the 17 apps, which don't perform real detections nor display detection results to users
and only serve as adware."
Click to expand...
Click to collapse
http://www.eweek.com/security/heartbleed-puts-150-million-android-app-downloads-at-risk.html
All 4.1.1 devices should be updated to 4.1.2 by manufacturers regardless of whether they were former flagships or entry level devices.
http://www.bbc.co.uk/news/technology-30143283
Saw this on the BBC website. Should we be worried and how can we stay safe?
Sorry if this is covered elsewhere and I've missed it.
Xave1 said:
http://www.bbc.co.uk/news/technology-30143283
Saw this on the BBC website. Should we be worried and how can we stay safe?
Sorry if this is covered elsewhere and I've missed it.
Click to expand...
Click to collapse
Simple, you can stay relatively safe if you don't surf suspicious websites, you don't open attachments you don't recognize from your email, and you are aware of what you're installing and the source of the app (eg. Play Store).
Be wise, and you're good to go!
Sure this tipp is a widly known myth that trusted sources are safe, they are not and even experts can't protect against this, there are several techniques such mitm, sql hacks and such that also affects normal sites. Because hacker have an huge interest on popular sites to get your data. In the past there were also infected apps months in the play store or some apps use 3th party connection to load there malware and and and. It's a good beginning but I recommend to all beginners to use an av, you not need it daily but it helps to scan once in a week or only for website scanning.
But this is a never ending story and matters which backround knowlage you have about how malware and social engeneering works.
Just spotted this article from AndroidAuthority about the release.
Posting of links not allowed (especially for noobs and potential spammers), but the article is legit.
Registration was required on Imagination site. They have the Vulkan Image available for download.
Didnt see any other postings related so I posted here.
This is the article OP is talking about
http://www.androidauthority.com/imagination-vulkan-google-nexus-player-gnome-horde-674344/
Direct download link:
https://imagination-technologies-cl...s.com/vulkan/img_vulkan_nexusplayer_image.zip
I apologize for my misunderstanding. I understand that this is another software for hardware to run on. It improves graphics, but what does this actually do for the Nexus Player?
To my understanding Vulkun is just a 3D framework, like DirectX and OpenGL and Apples Metal, but the key idea is that its cross platform, it should work on windows,OSX,Android,Web,Consoles all the same.
Its really only important to game developers