Using Android 4.3? Don't let malware snatch your private login keys If you're one of the 10.3 per cent of Android users running version 4.3, aka Jelly Bean, your login keys are at risk of theft – thanks to a vulnerability in the operating system's KeyStore software. KeyStore, as the name suggests, stores a user's cryptographic keys, which are used by apps to log into services without the user …
Will android for gadgets suffer the same fate as windows for PC?
Not sure it can in the future, so far it has not. Since the "old boss" has been known to
1) lack many security mechanisms, such as, separation of system and apps, separation between apps and, finally, transparent permissions;
2) hold security as an afterthought, that is why trojans have not been the only plague of it, remember those nasty viruses, a user can magically contract?
3) be of a proprietary nature and dependent of one very well known monopoly.
Besides the fact what this article says that this particular bug might not be very easy to exploit, buffer overflows pop up here and there in a lot of types of software and most operating systems. I am not sure if any of the great infections like Loveletter, Conficker or Stuxnet were some sort of consequence of it, however, it's rather insecure design of MS Windows to be blamed there. Conficker vulnerability was patched some time before it started to spread, not too many people bothered with it. The flaw was and still is with it (and partially with Stuxnet), where RPC is allowed it as a service and enabled by default. Remember, that security is an afterthought?
Yes, all very true, though it perhaps does not match my Top x List. However, the "new boss," same as the "old boss," has many of the same issues:
1) Lacks many security mechanisms, especially and most egregiously a meaningful way for users to grant permissions to applications based on informed consent rather than the all or nothing approach that is currently the norm.
2) Hold security as an afterthought - in as much as the app store is a part of the Android experience, even if not part of the OS, it is unusual for there to be any thought of security at all, after or fore.
3) Open source is no guarantee of security or flawless code, nor that it can be repaired if there are errors or vulnerabilities. It is a valid approach, but it is not the only valid approach. As far as overwhelming influence and monopolies are concerned, try breaking the internet by googling Google. For more Android flaws, try googling "android security issues"
Here's a question that is more to the point: When MS puts out a security patch, individual users and organizations have control of when it is applied. They can test it out before deploying it on a wide scale, wait to see how other people fare, or jump right in and trust MS with an automatic patching regimen. What choice to Android users have?
The Register 
Biting the hand that feeds IT
Copyright. All rights reserved © 1998–2024
