Active Topics
-
List of well performing apps on Leste (35)
to Maemo 7 / Leste by smatkovi - 1 day, 1 hr ago -
Porting apps to Leste (43)
to Maemo 7 / Leste by teroyk - 1 day, 8 hrs ago -
Sailfish OS for the Motorola Moto G7 Power (XT1955-5) - (ocean) (13)
to SailfishOS by edp17 - 1 day, 23 hrs ago -
Sailfish OS for the Samsung Galaxy Note 4 (SM-N910C) - (treltexx) (79)
to SailfishOS by edp17 - 1 day, 23 hrs ago -
U-Boot for Nokia RX-51 with BootMenu (updated version 2012.10-rc3-1) (843)
to Alternatives by Arno_11 - 2 days, 5 hrs ago -
Maemo repository (5)
to Community by dredlok706 - 5 days ago -
Re-commissioning N9 in 2018 (127)
to MeeGo / Harmattan by smatkovi - 5 days, 3 hrs ago - more...
|
2010-03-23
, 07:08
|
|
Posts: 170 |
Thanked: 27 times |
Joined on Feb 2010
@ reading, uk
|
#12
|
if i had anything on my phone that i didnt want people to see i wouldnt except a pair request if they want mp3s then i will send them. so if you trust someone and pair with them and have stuff you dont want them to see why are you worried i thought you trusted them if they want mp3s and you have dodgy pics in your phone you say dont go into my pics if they do anyway then you shouldnt trust them.
|
|
2010-03-23
, 07:38
|
|
Posts: 446 |
Thanked: 79 times |
Joined on Mar 2010
|
#13
|
Originally Posted by torres76
Once you pair with some one who has this application u forward that discretion "if they want mp3s then i will send them" I see yur point though. I don't do trusting things with people who arent trust worthy. I think it's a matter of wanted the added piece of mind that comes with Knowing whats going on with your phone. Some might think it's a worthless feature but i would love some file protection around here
if i had anything on my phone that i didnt want people to see i wouldnt except a pair request if they want mp3s then i will send them. so if you trust someone and pair with them and have stuff you dont want them to see why are you worried i thought you trusted them if they want mp3s and you have dodgy pics in your phone you say dont go into my pics if they do anyway then you shouldnt trust them.
|
|
2010-03-23
, 07:46
|
|
Posts: 26 |
Thanked: 80 times |
Joined on Feb 2009
@ UK
|
#14
|
There does not seem to be any granularity in the services granted to paired bluetooth devices. Once paired and trusted the remote party has full access to all the services on the N900.
Don't pair with any devices you don't want to grant full access to the device.
On the flip side to that, access to the file system from the FTP profile is gated by symbolic links in the directory
if you wish to restrict access to specific files you could remap these links to 'safe' directories and copy files in/out of them on the device as a separate operation. Note that by doing this you will change the behaviour for all paired devices, don't mess with these links if you rely on the bluetooth FTP profile.
A smarter solution would be to have a custom FUSE module added to the kernel mounting a virtual file system at the obex-root directory. This could then configure the access based on the connected device. Something for brainstorm maybe.
This, of course, does nothing to counter the fact that from a trusted device your audio could be hijacked and all of your contacts/calendar events read via Nokia PC/Ovi Suite. Don't pair with untrusted devices.
Don't pair with any devices you don't want to grant full access to the device.
On the flip side to that, access to the file system from the FTP profile is gated by symbolic links in the directory
Code:
/home/user/.obex-root/
A smarter solution would be to have a custom FUSE module added to the kernel mounting a virtual file system at the obex-root directory. This could then configure the access based on the connected device. Something for brainstorm maybe.
This, of course, does nothing to counter the fact that from a trusted device your audio could be hijacked and all of your contacts/calendar events read via Nokia PC/Ovi Suite. Don't pair with untrusted devices.
| The Following 5 Users Say Thank You to LES.. For This Useful Post: | ||
 |
|
2010-03-23
, 08:21
|
|
Posts: 601 |
Thanked: 549 times |
Joined on Mar 2010
@ Redditch, UK
|
#15
|
Ok, I'm a linux noob, I make no secret of that.... However, I am computer savvy - and make no secret of that either.
Now, on virtually all Windows based PC's (and I know linux most certainly is NOT windows) you have a firewall monitoring external communication ports and then you have an Antivirus, monitoring internally changes to the filesystem and hueristics of applications as they run in the background.
Linux being open source, and pardon my naivety if appropriate, does it suffer from viruses...??? Surely there are some malicious code-kiddies out there frantically scrabbling on their keyboards trying to code something that will bring the world of credit to it's knees, if only it run linux on the servers...???
So, my question is this... Is there not some kind of linux based AV that can be ported onto the phone to safeguard against unauthorised access to filesystem and changes thereof?
As stated previously, I am a linux noob and haven't got the faintest idea if this is a naive statement so please, no flame wars!
Now, on virtually all Windows based PC's (and I know linux most certainly is NOT windows) you have a firewall monitoring external communication ports and then you have an Antivirus, monitoring internally changes to the filesystem and hueristics of applications as they run in the background.
Linux being open source, and pardon my naivety if appropriate, does it suffer from viruses...??? Surely there are some malicious code-kiddies out there frantically scrabbling on their keyboards trying to code something that will bring the world of credit to it's knees, if only it run linux on the servers...???
So, my question is this... Is there not some kind of linux based AV that can be ported onto the phone to safeguard against unauthorised access to filesystem and changes thereof?
As stated previously, I am a linux noob and haven't got the faintest idea if this is a naive statement so please, no flame wars!
 |
|
2010-03-23
, 08:46
|
|
Posts: 1,217 |
Thanked: 446 times |
Joined on Oct 2009
@ Bedfordshire, UK
|
#16
|
Originally Posted by Switch_
Linux is a totally different ball game to Windows hence the lack of similar utilities. The whole system is more secure by design. There are potential threats to the system in terns of root kits etceteras but not in the same way.
Ok, I'm a linux noob, I make no secret of that.... However, I am computer savvy - and make no secret of that either.
Now, on virtually all Windows based PC's (and I know linux most certainly is NOT windows) you have a firewall monitoring external communication ports and then you have an Antivirus, monitoring internally changes to the filesystem and hueristics of applications as they run in the background.
Linux being open source, and pardon my naivety if appropriate, does it suffer from viruses...??? Surely there are some malicious code-kiddies out there frantically scrabbling on their keyboards trying to code something that will bring the world of credit to it's knees, if only it run linux on the servers...???
So, my question is this... Is there not some kind of linux based AV that can be ported onto the phone to safeguard against unauthorised access to filesystem and changes thereof?
As stated previously, I am a linux noob and haven't got the faintest idea if this is a naive statement so please, no flame wars!
Linux has a firewall built in already but Bluetooth is a differnet system again. The problem here is the services and the permissions granted.
The facility of pairing is there to allow bypassing of the annoying dialogs associated with Bluetooth activities. If you want prompting then be more careful about who you pair with. Transferring of files does not require pairing.
| The Following User Says Thank You to Fargus For This Useful Post: | ||
|
|
2010-03-23
, 13:39
|
|
Posts: 1,258 |
Thanked: 672 times |
Joined on Mar 2009
|
#17
|
Apologies for coming across as rude and offending.
When you pair a device, there's a checkbox "Set as trusted device".. If you leave that ticked the device has full access. When you leave it unticked, the N900 asks you each time the device wants to connect, and then if you accept that device will have full access to MyDocs again..
Set as trusted is something I'd only use for my own devices, no for anybody else's devices..
When you pair a device, there's a checkbox "Set as trusted device".. If you leave that ticked the device has full access. When you leave it unticked, the N900 asks you each time the device wants to connect, and then if you accept that device will have full access to MyDocs again..
Set as trusted is something I'd only use for my own devices, no for anybody else's devices..
| The Following User Says Thank You to shadowjk For This Useful Post: | ||
|
|
2010-03-23
, 13:58
|
|
Posts: 999 |
Thanked: 1,117 times |
Joined on Dec 2009
@ earth?
|
#18
|
It really depends on how serious you are about security.
Modern linux installations usually have the option to encrypt a file or partition.
Mybe something similar can be used for the n900?
Until then i suggest one of these if you are really worried.
Modern linux installations usually have the option to encrypt a file or partition.
Mybe something similar can be used for the n900?
Until then i suggest one of these if you are really worried.
__________________
I like cake.
I like cake.
 |
|
2010-03-23
, 16:41
|
|
Posts: 4,384 |
Thanked: 5,524 times |
Joined on Jul 2007
@ ˙ǝɹǝɥʍou
|
#19
|
I don't know of how other OBEX/files transfer bluetooth profile are implemented in other phones (or PC). But if this is the case, I think at the very least, there should be a more descriptive warning prompt presented to the user.
There are numerous other prompts (IM file transfer, contacts or calendar transfers, etc) that most users would equate these kind of transfer request as a simple one-time permissions which are safe. Let's just give a warning to the exception.
Even seasoned users would benefit from a reminder or two at times.
There are numerous other prompts (IM file transfer, contacts or calendar transfers, etc) that most users would equate these kind of transfer request as a simple one-time permissions which are safe. Let's just give a warning to the exception.
Even seasoned users would benefit from a reminder or two at times.
__________________
Class .. : Power User
Humor .. : [#####-----] | Alignment: Pragmatist
Patience : [###-------] | Weapon(s): Galaxy Note + BB Bold Touch 9900
Agro ... : [###-------] | Relic(s) : iPhone 4S, Atrix, Milestone, N900, N800, N95, HTC G1, Treos, Zauri, BB 9000, BB 9700, etc
Class .. : Power User
Humor .. : [#####-----] | Alignment: Pragmatist
Patience : [###-------] | Weapon(s): Galaxy Note + BB Bold Touch 9900
Agro ... : [###-------] | Relic(s) : iPhone 4S, Atrix, Milestone, N900, N800, N95, HTC G1, Treos, Zauri, BB 9000, BB 9700, etc
Follow the MeeGo Coding Competition!
|
|
2010-03-23
, 22:09
|
|
Posts: 247 |
Thanked: 91 times |
Joined on Jan 2008
@ London/M4 Corridor
|
#20
|
Originally Posted by LES..
Good cautions, clearly stated. Thanks.
There does not seem to be any granularity in the services granted to paired bluetooth devices. Once paired and trusted the remote party has full access to all the services on the N900.
Don't pair with any devices you don't want to grant full access to the device.
This, of course, does nothing to counter the fact that from a trusted device your audio could be hijacked and all of your contacts/calendar events read via Nokia PC/Ovi Suite. Don't pair with untrusted devices.
__________________
--
If you don't know who the Eletronic Frontier
Foundation are, you should. Check out
http://www.eff.org.
--
If you don't know who the Eletronic Frontier
Foundation are, you should. Check out
http://www.eff.org.
I totally understand where you are coming from. I trust my fam with even my atm card, but i also trust them to give it back. no one really trusts anyone to 100%.
It would be nice for the n900 to receive a courtesy msg or alert that some one is atempting to remove/copy/delet/ etc a file from your phone. Just so you can be aware. not to mention there may simply be things on your phone that are ok for adults but not teenagers. or things that are ok for your girlfriend to have access to but not your wife. and vice versa lol.
My little bro has a g1 with tmo and i installed the medieval application on it for him. I was suprised to see him access all my files and pick and choose which songs he wanted. i didnt mind because i didnt have anything at the time i didnt mind sharing but that could change the next time we meet.
It would be cool if some files were password protected. that way you have this protection weather it be from showing off your phone, or people using it, or eyes from bluetooth transfers.
On the flip side maybe we will get lucky and a developer will make some kinda medieval application for maemo 5. I'ts a convenience thing to be able to let people grab what ever they want in your phone and brows it. i think it saves time. and only one person has to actually iniitiate (after initial paring of course) transfer from and end the connection