[ Date Index ] [ Thread Index ] [ <= Previous by date / thread ] [ Next by date / thread => ]
Excellent discussion, thanks. I agree with the commenter who says the author is under-excited. He seems to be saying in his point 1 that absence of evidence is evidence of absence, which is just nonsense, as he ought to know, and which misses the point that it is vulnerability to exploits that matters, not existence-proven exploits. All of his remaining rebuttal seems overly complacent, especially the absurd claim that files on the SD card are not sensitive. It's such a poor rebuttal that I wonder why they went to him and why they published it. I guess he makes one point about which the Replicant devs could and should have been clearer, and that is that an exploit would run as a non-admin user with presumably limited permissions in most directories, but as those permissions would often include reading, and as other classes of exploits might elevate permissions, it is scant comfort. There is a real vulnerability here. Samsung inserted it and only they can fix it, thanks to the wonders of proprietary software. It is entirely fair to say that you're better off running Replicant (or stock Android). On 13 March 2014 18:52, Martijn Grooten <martijn@xxxxxxxxxxxxxxxxxx> wrote: > On Thu, Mar 13, 2014 at 11:36:49AM +0000, Philip Hudson wrote: >> Replicant developers find and close Samsung Galaxy backdoor -- Free >> Software Foundation -- working together for free software >> https://www.fsf.org/blogs/community/replicant-developers-find-and-close-samsung-galaxy-backdoor > > Not everyone agrees about how much of a backdoor this really is: > > http://arstechnica.com/security/2014/03/virtually-no-evidence-for-claim-of-remote-backdoor-in-samsung-galaxy-phones/ > > Martijn. > > > -- > The Mailing List for the Devon & Cornwall LUG > http://mailman.dclug.org.uk/listinfo/list > FAQ: http://www.dcglug.org.uk/listfaq -- Phil Hudson http://hudson-it.no-ip.biz @UWascalWabbit PGP/GnuPG ID: 0x887DCA63 -- The Mailing List for the Devon & Cornwall LUG http://mailman.dclug.org.uk/listinfo/list FAQ: http://www.dcglug.org.uk/listfaq