Catch up on stories from the past week (and beyond) at the Slashdot story archive


Forgot your password?

Comment Re:Ask Slashdot : (Score 2, Informative) 126

I don't think you were reading who you were responding to, or read but discounted it.

PP (Parent Poster) indicates that the hypothetical user isn't connecting to the internet. MMS requires internet connectivity to deliver its "more advanced than SMS" payload. From Wikipedia:

Technical description

MMS messages are delivered in a totally different way from SMS. The first step is for the sending device to encode the multimedia content in a fashion similar to sending a MIME message (MIME content formats are defined in the MMS Message Encapsulation specification). The message is then forwarded to the carrier's MMS store and forward server, known as the MMSC (Multimedia Messaging Service Centre). If the receiver is on a carrier different from the sender, then the MMSC acts as a relay, and forwards the message to the MMSC of the recipient's carrier using the Internet.

Once the recipient's MMSC has received a message, it first determines whether the receiver's handset is "MMS capable", that it supports the standards for receiving MMS. If so, the content is extracted and sent to a temporary storage server with an HTTP front-end. An SMS "control message"(ping) containing the URL of the content is then sent to the recipient's handset to trigger the receiver's WAP browser to open and receive the content from the embedded URL. Several other messages are exchanged to indicate status of the delivery attempt. Before delivering content, some MMSCs also include a conversion service that will attempt to modify the multimedia content into a format suitable for the receiver. This is known as "content adaptation".

The bolded portion of the last paragraph makes it clear: accessing the multimedia content requires HTTP connectivity via some TCP/IP network, which PP is disallowing in his hypothetical. I think you're describing the Stagefright vulnerability, and it's true that if you allow a vulnerable Android device to access malware MMS multimedia content, the malware will exploit the weaknesses of the Stagefright APIs and pwn the phone. However, most SMS/MMS programs can be configured to not automatically download multimedia content (but rather requiring user action to start the download). This changes Stagefright MMS from a "drive-by" vulnerability to a slightly less risky "requires user consent" one.

Comment Re:Go old school... (Score 2) 192

Use pen and paper. Personal papers have more legal protection than digital data that cross over the ether.

Only if you're hand-delivering. If you're using U.S. Snail Mail, they've been photographing envelopes for metadata collection for years.

It's precisely analogous to internet metadata collection: who you're communicating with, at what time. But not what you're saying (by not being allowed to open the envelope and read the mail, or not being able to crack message content encryption).

In the context of OP's question, paper-and-pen offer no meaningful improvement.

Slashdot Top Deals

Machines that have broken down will work perfectly when the repairman arrives.