Page 2 of 2 FirstFirst 12
Results 21 to 37 of 37
  1. #21  
    Just woke up to this article on engadget. Could these known security issues be the reason for the 2.0 delay here in the states? Maybe Palm is hoping to block these holes before the release?
    Security experts unearth unpleasant flaws in webOS -- Engadget
  2. #22  
    Probably still needs to be tested and approved by the carriers, that's typically the cause for delays.
    Last edited by NachoB; 12/20/2010 at 10:13 PM.
    If you found my post useful then please sign up for a Dropbox Account, I could use the extra 250mb of storage.

    HOW TO: Zip/Unzip via Pre/Pixi using Terminal
    HOW TO: Modify DTMF audio (webOS 1.4.5 or earlier)
    Palm Pre wallpapers
  3. #23  
    Quote Originally Posted by NachoB View Post
    Probably still needs to be tested and approved by the carriers, that's typically the cause for delays.
    Or possibly because the carriers dont even have it yet..
  4. #24  
    Quote Originally Posted by RUSH View Post
    I don't believe that article has anything to do with why we haven't seen 2.0 yet. They(Hp|palm) just haven't release it to carriers yet... > that's all.
    Right....i understnad all of that. Im saying tho, could this be the reason that they havent released it to the carriers yet?
  5. #25  
    Quote Originally Posted by jayjam99 View Post
    Just woke up to this article on engadget. Could these known security issues be the reason for the 2.0 delay here in the states? Maybe Palm is hoping to block these holes before the release?
    Security experts unearth unpleasant flaws in webOS -- Engadget
    WOW...

    Why they don't tell the webOS security model doesn't allow to anyone to get data from the device without user interaction?

    -- Sent from my Palm Pre using Forums Beta
    Newness Developments apps:

  6. dtreo's Avatar
    Posts
    131 Posts
    Global Posts
    719 Global Posts
    #26  
    Engadget Mobile:
    Security experts unearth unpleasant flaws in webOS
    BY CHRIS ZIEGLER POSTED NOV 26 TH 2010 01 : 18 AM
  7. #27  
    Isn't this, like, really old news?
    My device history:

    - Jim J.

    (On Sprint for many years)
  8. #28  
    Quote Originally Posted by jjeffcoat View Post
    Isn't this, like, really old news?
    I thought so too, but they talk about webOS 2.0 as well. So it must be something more recent I guess...
  9. #29  
    I see there's a story on the P|C main page addressing this...
    My device history:

    - Jim J.

    (On Sprint for many years)
  10. #30  
    Quote Originally Posted by jayjam99 View Post
    Just woke up to this article on engadget. Could these known security issues be the reason for the 2.0 delay here in the states? Maybe Palm is hoping to block these holes before the release?
    Security experts unearth unpleasant flaws in webOS -- Engadget
    These types of flaws have been there since Day One with webOS. This is an inherent risk with the way webOS is designed. I highly doubt this is causing any delay. I suspect that the delay (if there is one) would be carrier-related.


    My Themes:CLICK HERE
  11. #31  
    <<threads combined>>
  12. #32  
    If security isn't the reason, then why don't they tell us. We won't be as upset as now.
  13. dsei's Avatar
    Posts
    194 Posts
    Global Posts
    196 Global Posts
    #33  
    Update from DailyTech - UPDATED:Researchers Hand WebOS Vulnerabilties to the Hacking Public

    "Palm surely wants to keep its smartphones from becoming part of a malicious botnet, but unfortunately seems rather slow to correct the issues. *SecTheory informed Palm of the problems in June. *Palm thought it fixed the issues, but retesting by SecTheory confirmed that they had, in fact, not fixed the weaknesses. *SecTheory contacted them in July to provide further details and Palm would only give a vague promise of a fix in a future patch.

    ...

    We were contacted by*Daniel Herrera of SecTheory. *We had erroneously reported that SecTheory was disclosing the vulnerability before approaching Palm. *To the contrary, SecTheory actually gave Palm five months to fix the issue and only is disclosing the unpatched vulnerability after Palm has remained inactive on the issue."

    Believe it or not, these guys are actually doing Palm and its users a big favor: they're helping to discover holes to make webOS a more secure platform. If Palm can't fix a serious vulnerability in six months, that's on them.
  14. #34  
    Quote Originally Posted by dsei View Post
    Believe it or not, these guys are actually doing Palm and its users a big favor: they're helping to discover holes to make webOS a more secure platform. If Palm can't fix a serious vulnerability in six months, that's on them.
    Yup.

    HP's inability to patch this vulnerability despite being given ample time is the issue here - not NDA violations or unauthorized usage of webOS 2.0 (which seems like it would be laughed out of court if HP, as some suggest, opted for litigation).
  15. #35  
    Quote Originally Posted by Garrett92C View Post
    "The most dangerous of the vulnerabilities is an injection flaw they found on the WebOS version 1.4.X that allows remote command and control, including access to a phone's files or injecting a remote JavaScript backdoor into the phone's Contacts Application to build a botnet."

    Wow...
    Yeah. It's always bothered me that everything on the phone runs as root. They could make the phone more secure AND give us the ability to more easily write 'services' if Luna and such ran under a different user. For example, writing something that showed you things found in /proc would be trivial. But since everything is run as root, they don't give you access to doing OS things like you would on any other linux box.
    : (){:|:&};:
  16. #36  
    There has been alot of misinformation regarding the release of the security issues related to webOS; however, the documentation has been posted online for further details.
    see: cybermediaplanet[dot]com
  17. dsei's Avatar
    Posts
    194 Posts
    Global Posts
    196 Global Posts
    #37  
    Quote Originally Posted by malloci View Post
    There has been alot of misinformation regarding the release of the security issues related to webOS; however, the documentation has been posted online for further details.
    see: cybermediaplanet[dot]com
    Good stuff, thanks for sharing and doing the research. I'm curious, did you hear anything positive from Palm? Obviously they haven't shown us great things in terms of security responsiveness. It seems like such a trivial bug to squash...
Page 2 of 2 FirstFirst 12

Posting Permissions