Security, Linux and the Roving Bug

[Database Administrator]

CBFalconer wrote:

>"Dean G." wrote:
>>
>... snip ...
>>
>> Most people who have zombieware do not know it. There are several
>> million Windows boxes that have been so compromised, and most of
>> these users would undoubtedly rid themselves of the problem if
>> they only knew about it.
>
>They usually know about it.

Not in my experience. Not until things get REALLY bad.

>They don't know how to eliminate

That's for sure. Virus scanners? Worthless!

>and/or avoid it in the first place.

Blame M$ for encouraging (indeed, almost requiring) users to run as
admin.

[Database Administrator]

In article <13885j98uu1do0b@corp.supernews.com>,
CptDondo wrote:

> It seems to be more a bug in the cell-phone protocol/hardware. Or
> possibly a hardware mod to the cell phones. I can well imagine the cell
> phone companies would have a way to update the firmware in your phone
> remotely.

Actually, it seems to be none of the above. It's more likely to be
total BS.

http://www.computerworld.com/action/...ArticleBasic&t
axonomyName=mobile_and_wireless&articleId=9025893

[Database Administrator]

In comp.os.linux.advocacy, CptDondo

wrote
on Thu, 28 Jun 2007 13:37:47 -0700
<13887544la6c37f@corp.supernews.com>:
> Nedd Ludd wrote:
>
>>
>> To summarize the points:
>> a) Cell phones are vulnerable to hackers via the 'Roving Bug'.
>> Hackers include the government but also juvenile "l33t haxor" brats.
>> b) The cell phones that are vulnerable include the Razr which runs Linux.
>> c) Linux has a huge security vulnerability.
>> The open source community has known about the vulnerability.
>> The open source community has done nothing to fix the vulnerability.
>> Linux's security vulnerabilities persist.
>>
>> The above is a list of documented facts. The facts illustrate a weakness in
>> Linux. No one will come forward and point me to a link where a fix to the
>> Roving Bug is available for download.
>
> Please demonstrate.
>
> If we take your points a) and b), I could just as easily say,
>
> The cell phones that are vulnerable include those that come in blue.
> Therefore all blue phones (and only blue phones) are vulnerable.
> Furthermore, it is the fault of the blue color that they are vulnerable.
>
> So far, I have not seen anything that would indicate that this is a
> *linux* issue. It is, AFAICT, a cell phone issue.
>
> The ability to remotely turn on the mike must be in the hardware; I know
> of no such ability within the linux kernel.
>
> Presumably, once the phone is off, the linux kernel is not running; yet
> according to the reports, the phone can still transmit conversations.

That is an interesting but probably false assumption,
though I'll admit to some curiosity on the details.
Presumably, there are three modes:

[1] The thing is really off, as in
removal-of-the-battery-pack off. Some might also
have a power switch that cannot be remotely actuated.
Windows, Linux, Symbian, HURD -- it doesn't matter;
only one's finger (or brushing against something)
can flip that switch.

[2] The thing is in a mode where it takes a minimum of
power, listening to its antenna at most, waiting
for a call. IINM, this is "standby" mode, and is
characterized by low power consumption. This is the
mode which is allegedly hackable, according to the OP.
Whether it's actually possible may depend on the phone.

[3] The thing is on and the mike and speaker are active,
either for an actual phone call or for video.

Which mode is everyone's cell phone in? Most likely, [2].
This is not off, just on standby.

This problem is not limited to phones, of course, though
laptops and other such units have different dynamics.

And of course it is not a weakness in Linux per se, but
in the entire system. At most, there might be a weakness
in Linux for allowing a transition from [2] to [3] without
proper user authorization -- and that's assuming Linux
gets involved at that level, as presumably it will punt
to a module that is part of Linux to do the actual gruntwork.

>
> How is this then a linux issue? Is the linux kernel imbued with some
> ghost geekiness that allows it to run even if shut off? > playing> Or perhaps is there some Uber-kernel that persists beyond all
> attempts to power it off, sucking the energy from the ether?

IBM z-systems do have such an "uberkernel" -- z-OS -- but are far
larger than one's normal portable device. :-)

--
#191, ewill3@earthlink.net
Is it cheaper to learn Linux, or to hire someone
to fix your Windows problems?

--
Posted via a free Usenet account from http://www.teranews.com

[Database Administrator]

The Man wrote:

>
>> The only reason it's not *also* a windows problem is that windows can't
>> possibly run on a cellphone....
>
> http://www.windowsfordevices.com/art...468909181.html
>
> Do you have any other clueless comments you'd like to make Cpt Dungo?

Those are "smartphones" and PDA. Not what I call a cellphone. My
linux-based Motorola is about 3.5 x 1.75", way smaller and lighter than
the PDAs listed in that article.

>> As to the "horror story" - why don't they get a prepaid phone?
> Because prepaid phones suck.
>
>> Or do away with cell phones altogether?
> Sure. And let's do away with electricity too.

I have 5 stray cats that like to roll around on a particular doormat on
my deck. It's really aggavating, as they fight over it, and leave
cat**** and cathair all over the place.

I could call the paper and police and whatever, and whine about the
horrible state of stray cats.

Or I could just fold the doormat over so the cats can't get to the
scratchy part.

Hmmm... You decide.

And, BTW, I've met Einstein's daugher and secretary several times. And
sat in his chair. (And probably peed in the same urinal....) So
calling me "Einstein" is pretty neat.

--Yan

[Database Administrator]

The Ghost In The Machine wrote:
> In comp.os.linux.advocacy, CptDondo
>
>>
>> Presumably, once the phone is off, the linux kernel is not running; yet
>> according to the reports, the phone can still transmit conversations.
>
> That is an interesting but probably false assumption,
> though I'll admit to some curiosity on the details.
> Presumably, there are three modes:
>
> [1] The thing is really off, as in
> removal-of-the-battery-pack off. Some might also
> have a power switch that cannot be remotely actuated.
> Windows, Linux, Symbian, HURD -- it doesn't matter;
> only one's finger (or brushing against something)
> can flip that switch.
>
> [2] The thing is in a mode where it takes a minimum of
> power, listening to its antenna at most, waiting
> for a call. IINM, this is "standby" mode, and is
> characterized by low power consumption. This is the
> mode which is allegedly hackable, according to the OP.
> Whether it's actually possible may depend on the phone.
>
> [3] The thing is on and the mike and speaker are active,
> either for an actual phone call or for video.
>
> Which mode is everyone's cell phone in? Most likely, [2].
> This is not off, just on standby.
>

I am somewhat curious about this as well. All the phones I've seen,
when "off" - i.e. power button pushed - are pretty much doorstops. When
you push the power button, they go through a boot process - display a
logo, show some graphics, play a cheesy sound - so I would assume the
kernel is booting.

I can't see how a phone in the off state can transmit anything unless
specially modified.

In standby, there is a way for the phone to wake up - incoming calls,
flip it open, etc. Presumably in this state the phone can be updated
remotely.

I actually turn mine off quite a bit; whenever I don't want to be
disturbed. Heck, I leave it at home when I go on vacation.

I still stand by my original statement - if the phone bothers you, get
rid of it. It's really simple. Use a landline.

[Database Administrator]

On Jun 28, 3:43 pm, "Cassandra" wrote:
> Her advocates claim Linux is more secure than Windows and as proof they
> offer
> the list of viruses that target Windows. The rebuttal is typically that
> Window is an attractive target for virus writers due to its ubiquity. The
> Linux advocate's reply is that, Linux's architecture makes it impossible to
> hack. I think we've all seen this exchange. Whether Linux is immune from
> hacking is an open question. What if Linux were ubiquitous? Would hackers
> try to break in? Could hackers succeed? The answer to these questions is
> yes.
>
> Motorola has embraced Linux as the OS to run on its line of cell phones
> (http://news.com.com/2100-1001-984424.html). The following link includes
> over a dozen cell phone offering, including the Razr, which feature Linux:http://www.linuxdevices.com/news/NS4504156025.html. Motorola is a leading
> cell phone company. Motorola's market share has reached the critical mass
> required to make the devices attractive to the l33t haxtorz.
>
> Cell phones are venerable to a security threat called 'The Roving Bug'. The
> bug allows people to listen in on you conversations even when the cell phone
> is off. People can remotely turn on your cell phone, listen in on your
> conversations, upload and download data, and take photos without you knowing
> it. The only way to secure your cell phone and your privacy is to remove
> the
> battery.
>
> Here's what one site has to say:
>
>
> Nextel and Samsung handsets and the Motorola Razr are especially vulnerable
> to software downloads that activate their microphones, said James Atkinson,
> a
> counter-surveillance consultant who has worked closely with government
> agencies. "They can be remotely accessed and made to transmit room audio all
> the time," he said. "You can do that without having physical access to the
> phone."
>
> Because modern handsets are miniature computers, downloaded software could
> modify the usual interface that always displays when a call is in progress.
> The spyware could then place a call to the FBI and activate the microphone--
> all without the owner knowing it happened
> http://hootsbuddy.blogspot.com/2006/...oving-bug.html
>
> The article says, ". the Motorola Razr [running Linux] are especially
> venerable ."
>
> It turns out that Linux's security model is porous as a sieve. Devices
> running Linux are being hacked and taken over by remote hackers. The
> security hole persists even when the device is turned off. But is it some
> secret 'back door' that only the government knows how to access? Nope, the
> world knows how to by pass and exploit Linux's so-called security. Here's a
> horror story describing the hell created because of Linux's weak security:http://www.thenewstribune.com/news/c...ory/91460.html.
>
> I am sure so will say, "B-b-b-but Windows blah, blah, blah." to which I
> reply, "Irrelevant!"
>
> This issue is about a bug in Linux. This is about a known bug in Linux
> that's been hanging around for months. It is a bug a known bug in Linux
> that's been hanging around for months that has not been fixed. This is
> about
> a security hole in Linux. Windows is not the issue here. This is a Linux
> problem and not a Windows problem.

This post is weird, because it has more to do with how the phone was
designed and how they made their linux flavor work, than an actual
problem with linux. Not only that, since the phone os is closed
source, it's their responsibility to fix the bug anyway, and the OSS
community doesn't have anything to do with it. I'm going to go ahead
and make a generalized statement about telco -- they way over-
complicate things so they can charge outrageous prices for their
support. This is nothing more than a phone company doing the same as
phone companies have always done.

Really this is a linux advocacy forum and you bringing an argument in
here about an embedded os on a propietary system doesn't really fight
linux or support it, stick to the cellular forums

[CarsTMnew]

Good day!
Free sexy legs and high heels sexy legs and pantyhose and sexy legs hardcore sex!

buy generic viagra generic cialis online and generic levitra
alcohol levitra compare viagra cialis and levitra amp canadian pharmacy and levitr
buy propecia online usa uk europe worldwide reductil viagra valtrex
order viagra
order viagra online
buy xenical viagra propecia com carisoprodol
buy viagra online
viagra cowboy com buy celebrex buying celebrex online
cheap viagra
discount viagra
buy phentermine viagra meridia ultr
cialis vs viagra
viagra cialis
buy viagra buy cialis online viagra where can i buy generic
cialis uprima viagra buy viagra amp online pharmacy cheap viagra tabs
cialis viagra cialis cheap cialis order cialis cialis side
buy cialis and viagra online from europe prescription pharmacy
viagra online
generic viagra trial pack
suhagra generic viagra


blood pressure medications legs
blood pressure side effects legs red skin
pain and ache in lower legs and knees
legs heel pain
legs ache when tired
child rash legs and feet
wooden legs island kitchen
pain in legs
recipe for baked chicken legs
recipe for chicken legs
steamed crab legs recipe
barbeque chicken legs recipe
pain in the upper thigh in both legs
pain in legs and heart disease
bone pain in legs
pain in legs when resting
restless legs syndrome pain in legs
kidney infection causing pain down legs
pain and lameness in cats legs
pain and sudden lameness in cats legs

[Babydole123]

Merci de votre solution


que des informations détaillées




taux pret automobile comparatif credit auto voiture simulationUne simulation credit auto instannee et facile ici si vous avez une voituretaux pret automobile comparatif credit auto voiture simulation