| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Date: Sun, 04 Dec 2011 23:25:23 +0000 From: Dave <mrx@...pergander.org.uk> To: full-disclosure@...ts.grok.org.uk Subject: Re: Carrier IQ for your phone -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 On 04/12/2011 19:20, coderman wrote: > On Sat, Dec 3, 2011 at 4:14 AM, Alan J. Wylie > <shyyqvfpybfher@...ie.me.uk> wrote: >> ... >> | Yes, Carrier IQ is a vast digital fishing net that sees geographic >> | locations and the contents of text messages and search queries >> | swimming inside the phones the software monitors.. But except >> | in rare circumstances, that data is dumped out of a phone's internal >> | memory almost as quickly as it goes in. > > > one thing many of these stories seem to miss is that > these limits assume a carrier in control and acting responsibly. > > if you're under a MitM attack these "not used" features sitting latent > are now actively acting against your interests. > > similar to CALEA capabilities leveraged for clandestine surveillance, > e.g. the Athens Affair... Whatever the case, the fact that this software *can* monitor and record the I/O (regardless of what it may or may not ignore) of a device means it should be removed/blocked or fed noise by anyone who values their privacy. If one doesn't have total control over any device that one uses to process info/data that one would rather not be shared, then who does have the control and what will they do with that information? Targeted advertising is the least innocuous of possibilities.... But hey, I am talking to a list of people that should know this ;-) Sorry for not telling you something you don't know. I use a Nokia 6170, must be getting on for 7 or 8 years old now.... battery is getting a little tired. Take care... watch ya back Dave -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.2 (MingW32) Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org/ iQEVAwUBTtwBYrIvn8UFHWSmAQJQ6gf7BCN+uFWDuMcZ0tVnBTpg0KekAUsG9v+g cqCCrWr5m5GbTU91/Qb2qTVCPx8e7omZqDpyVGx0MN30g2Z59NuMpMuM2uGdPdXv sW0wInNSZmNuhsUyWAoVtBhbS7Vir/Pwm5t2lrrJQqqWEUJF1R+gVibGGXhC9lgD e+qechei6NASiYqMzwWDynG0MjMSxnmKF3VaW7+8oqHoXgQFVdKwU5c+U9KF20iQ SmF+WmBzxLu5jbRt2TUmv2rKeq65XMOJbI1CPiVMsSPg5vHgVNzAIFNCyqxPDnXb ZLufl8xMmUsbUkbyXJ254PfQ7Qlcp1qI0+yVIztTqMYiEa06YpMuUA== =Zg+r -----END PGP SIGNATURE----- _______________________________________________ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
Powered by blists - more mailing lists