Active Topics

 


Page 2 of 2 1 2
Reply
Thread Tools
PMaff's Avatar
PMaff is offline PMaff
2011-12-01 , 08:37
Posts: 361 | Thanked: 219 times | Joined on Sep 2010
#11
Originally Posted by reinob View Post
@PMaff,

Given that the kernel and most programs/modules are open source, I would doubt that they contain any such rootkit-code. Of course I assume nobody has gone through the source code of all that, but I seriously doubt it would contain anything.

That leaves us with the closed modules/libraries/programs. But again, at least for the N900 somebody here would have noticed already if there was any suspicious activity going on. Keep in mind that many people around here are "constantly" looking at their N900 from the insides, so we would have noticed.

I really think that this CarrierIQ thing is a US-carrier thing, so I would expect unlocked phones to NOT have this. But AFAIK in the US everything is carrier-branded, so they have a(nother) problem.

In any case, if it turns out that HTC, Samsung and all those "me too" (me too: big ugly touch screen, AMOLED, dual-code, Android) brands are at least *allowing* the carriers to put that into their phones, it would be (for me at least) a good reason to distrust them and hence not buy anything from them.

Whatever anyone can say, I still trust Nokia more than any other brand in this field. Hey, their finnish after all, they cannot be *that* bad
I am just playing a bit paranoid here.

If we all say "naaa, you would notice if something strange is going on" it does not mean, that we looked at the programs per se.
Everyone relies on the others that they know about the inner parts
of the N900 (N9 also).
But I did not find a list of genuine programs that are on your N900 if you buy it new. The list that was posted here is Harmattan
which is N9 mainly and it did not have something to check (md5?).

If I were the bad guys I would send stuff only if the other programs do send also.
Not everyone of us has netstat running all the time.
 
Daneel's Avatar
Daneel is offline Daneel
2011-12-01 , 09:12
Posts: 549 | Thanked: 698 times | Joined on Apr 2010
#12
http://talk.maemo.org/showthread.php?t=80070
 

The Following User Says Thank You to Daneel For This Useful Post:
Daneel's Avatar
Daneel is offline Daneel
2011-12-01 , 09:14
Posts: 549 | Thanked: 698 times | Joined on Apr 2010
#13
It seems that stock clients are only available for S60
 
msa2 is offline msa2
2011-12-01 , 09:21
Posts: 3 | Thanked: 1 time | Joined on Oct 2011
#14
Originally Posted by PMaff View Post
Is there some kind of list of proven items on the N900 / N9?
Some kind of intrusion detection list, that shows which are regular
programs, libraries that we know what they do?
Perhaps with some md5 sums?
Well, on N9 Aegis active might be helpful ! Nothing
executes unless the hash of the executable is listed
in /var/lib/aegis/refhashlist.

After each install (dpkg), that changes some executable,
a new /var/lib/aegis/refhashlist is generated and old one
is stored under name /var/lib/aegis/refhashlist.backup.

So simple diff between files will tell what changed.
 

The Following User Says Thank You to msa2 For This Useful Post:
PMaff's Avatar
PMaff is offline PMaff
2011-12-01 , 12:48
Posts: 361 | Thanked: 219 times | Joined on Sep 2010
#15
Originally Posted by Daneel View Post
http://talk.maemo.org/showthread.php?t=80070
Moderators: maybe we can merge the two?
 

The Following User Says Thank You to PMaff For This Useful Post:
zeebra is offline zeebra
2011-12-13 , 18:46
Posts: 73 | Thanked: 66 times | Joined on May 2011
#16
Originally Posted by PMaff View Post
I am just playing a bit paranoid here.

If we all say "naaa, you would notice if something strange is going on" it does not mean, that we looked at the programs per se.
Everyone relies on the others that they know about the inner parts
of the N900 (N9 also).
But I did not find a list of genuine programs that are on your N900 if you buy it new. The list that was posted here is Harmattan
which is N9 mainly and it did not have something to check (md5?).

If I were the bad guys I would send stuff only if the other programs do send also.
Not everyone of us has netstat running all the time.
Try to download "package view"... This I think shows pretty much everything. Ofcourse it does not show manually installed packages that you or someone else did from source.
 
Reply
Page 2 of 2 1 2

« Previous Thread | Next Thread »

 
Forum Jump


All times are GMT. The time now is 20:01.

Contact Us - Home - Archive - Top