moko running everything as root

Robert Taylor subscribers at tinsputnik.com
Mon Jun 16 18:23:56 CEST 2008


Kevin Dean wrote:
>
> In the mobile world, there is NOTHING more important than the user's
> data. Nothing. And in the mobile world, you can impliment root priv
> seperations till the cows come home, but it doesn't eliminate the fact
> that the most vulnerable part of the system is being put at risk
> still.
>
>
>   
This is nonsense.

Encrypt the data and have it backed up via policy/service/etc.

You cannot separate security from a device this powerful.  Hell you 
cannot separate security from even crappy devices.  Hell we now live in 
an age where frickin printers come with full webservers with 
ssh/ftp/telnet and are now a security risk as much as any desktop.

Despite the common belief, PHYSICAL access to a device DOES NOT 
GUARANTEE physical access to data.

A good enough key with a proper authentication scheme will keep the 
frickin NSA busy for 10's of thousands of years.

Let's not kid our selves.  Security is of the utmost importance 
ESPECIALLY IN A WIRELESS WORLD.

If you think Bluejacking was nothing, just wait until you start owning 
these puppies during a walk by - hell, I have plans for making a 
carrying bag with a full spectrume of equipment and antennas that does 
nothing BUT sniff out wireless devices in an attempt to own them just 
for fun.

How long do you think an root priviledged device like this would last 
under such circumstances?

The world is getting MORE HAZARDOUS not less, with the full power of 
laptops only 10 years old or less in our pockets how can anyone think 
this is not a serious consideration?

Rob




More information about the community mailing list