Follow Slashdot blog updates by subscribing to our blog RSS feed


Forgot your password?

Comment I don't think so... (Score 2) 59

...except my cable modem does not share storage with my PC. On the other hand, the baseband and Android system (not to mention the device-specific efs/imei stuff and the user data stuff) are all located on the same emmc on many devices. (Hence the ability to "flash a new radio")

Could the baseband access or change data on the Android partitions or the efs data? I'm not sure, but the articles suggest to me that they could.

Also, my cable modem doesn't share memory with my PC either: ....the application processor (with Android e.g.) and the baseband processor can share memory, so that an attack and takeover of the baseband stack offers the possibility to attack Android.

The baseband may have a separate CPU from Android, but it could access peripherals, sensors, etc. As an example:

The baseband processor (and thus REX OS) has direct access to the phoneâ(TM)s hardware (speakers, microphones), and also seemingly the ability to write to the same memory as the SoC (or application processor).

That's bad.

Also, unlike your cable modem analogy, which communicates to your router via a known network protocol, the baseband communicates with Android in most cases via the involvement of closed-source, mysterious "binary blobs".

So I guess if your cable modem were fused to your computer, sharing a hard drive, with direct access to its memory and peripherals, and communicating to your computer via a mysterious unauditable binary, then maybe your analogy would hold up.

Comment Re:Let me guess (Score 2, Interesting) 59

I know this is the second, uh, let's-just-say-"story" about Blackphone in four days, but I think it should be noted that the stolen Gemalto keys may have included "OTA keys" that can be used for over-the-air SIM card upgrades:

Access to these encryption keys do not give governmental agencies only the power to monitor cellular communications, including calls and data, but they also come with additional perks, such as the power of instructing a device to install specific programs.

Spyware could be installed on the SIM card itself, and then it could be used to install additional spy apps on a phone without the user's knowledge, or to retrieve data from it.

From the Verge story:

Manufacturers can send a binary text message directly to the SIM card, and as long as it's signed with the proper OTA key, the card will install the attached software without question. If those keys were compromised, it would give an attacker carte blanche to install all manner of spyware.

So apparently it does matter.

Comment Lawrence Kasdan gets only a quick mention? (Score 3, Insightful) 422

I don't understand. A hundred comments and you're the only one I see who even mentions, let's alone puts due faith in co-writer Lawrence Kasdan.

Kasdan co-wrote "The Empire Strikes Back", co-wrote a movie called "Raiders of the Lost Ark", and wrote other, ehem, minor movies like "The Big Chill", and "The Bodyguard" and "Silverado".

He's co-writing this thing.

Comment Re:But- but- (Score 1) 291

Yeah. The 300Mbps I mentioned was just the max TW is offering and is saying that the modem is good for (at least) that. As you point out, there's capacity for even more bandwidth beyond that.

TW is starting to offer the free quintupling of download speed because they're worried about fiber, IMO.

Comment Here's my magic formula for travelling.. (Score 5, Interesting) 126

1 Samsung Arm CB + x2go + Chrubuntu (13.10 xubuntu) =

full access to running programs on my home Linux PC from anywhere, with HUGE battery life, at less than 2 lbs and $250. With x2go I can run applications remotely, and the chromebook only has to handle the UI, not the actual processing. As a result, I can run Intel apps and it feels pretty fast, even from 2000 miles away. If the computer gets stolen, it's only a loss of $250 as opposed to the thousands a lightweight laptop would cost, and the data is on my home computer, not the cb...

x2go btw is amazing, tunneling linux application's interfaces through ssh, so they feel like they're running on the chromebook, but aren't. If you can set up ssh, you can set up x2go.

Comment Re:WRT54GL (Score 5, Informative) 133

I agree it's bad form not to put the router models in the summary. But from the press release...

Exploit shown in this video has been tested on Cisco Linksys WRT54GL, but other Linksys versions/models are probably also affected.

(emphasis mine)

Incidentally, re: the GL model of the Linksys-- the "L" I'm pretty sure stands for Linux, and was the model that was in response to everyone reinstalling dd-wrt and other firmware...

Comment Re:One Billion? (Score 1) 162

Any recommendations anyone have for a good free Android alternative for something to take quick snapshots, apply a basic filter, and share them with people? Tried Vignette and Retro Camera and they both sucked compared to Instagram.

I am not a instagram (or facebook, for that matter) user, but I did take a quick look at Pixlr-OMatic and it's probably what you're looking for.

Be careful when a loop exits to the same place from side and bottom.