Thread: Maemo 5 as a vulnerability / "hacking" victim
View Single Post
momcilo is offline momcilo
2011-06-16 , 07:04
Posts: 673 | Thanked: 856 times | Joined on Mar 2006
#32
Originally Posted by fasza2 View Post
I meant kind of meant both, but more of the latter; does HMAC auth protect the client from DoS and portscan by dropping non-authenticated packets before processing?
I would not go for static key mode, since in this case the same keys are reused on each connection.

It is better to use SSL based mode, SSL itself enforces the generation of shared secret each time. Thus created secure channel is used to exchange the keying material which is used to dynamically generate shared secrets.

Originally Posted by fasza2 View Post
Yes exactly, to create a chroot jain in case server or another client get compromised. Is it possible client side only assuming server is a win box?
Yes you may do that, in addition you can isolate clients within VPN.

The possible intrusion vector may be the built-in browser. I don't know which version of Gecko is used, but I am pretty sure the there were severe problems with firefox pre-3.6 versions.

Closed-source Flash might also be interesting for poking around.
__________________
http://gpl-violations.org/faq/violation-faq.html
Last edited by momcilo; 2011-06-16 at 11:51.
 

The Following 2 Users Say Thank You to momcilo For This Useful Post: