Archive for January, 2010

Security Roadmap and Strategy Published

Thu, 28 Jan 2010

This week we’ve published the first full version of the Symbian Platform Security Roadmap and Strategy. It’s by no means set in stone, so any and all comments and suggestions are welcome (either in the Security forum or using the comment facility on the wiki page).

I have taken some liberties with the format and tagged on a longish “wish list” of items Open for Contribution at the end. I’d particularly like to draw attention to the last four, which are opportunities for concerned individuals or organisations to address some consumer protection issues (which our traditional contributors probably won’t address).

I did allude to this six months ago, but this time I’ll be shorter and more to the point: 🙂

  • Notarised Call Recording
    how to hold faceless utility companies to account?
  • Pre-Advice of Premium-Rate Charges
    think twice before giving your money away?
  • Privacy Labels
    how not to embarrass yourself on social networking sites?
  • Vendor Relationship Management
    how to do e-commerce on your terms?

Volunteers welcome 😉

Advertisements

Apps for the Paranoid Needed?

Mon, 04 Jan 2010

I can’t let Karsten Nohl‘s presentation at 26C3 go without comment. To be clear, he was only talking about weaknesses that were already known (so headlines like “Secret mobile phone codes cracked” are at best misleading) but his purpose was to demonstrate that those theoretically known attacks are now practical. His point is a very valid one, and holds for most (all?) cryptographic algorithms: researchers will discover more efficient attack techniques, and technology will evolve to make such attacks practical, so you’d better design your cryptographic protocols so you can switch to different algorithms if and when the future need arises.* Happily this is the case for the GSM protocols, and all (!) that is needed is for the phone manufacturers and network operators to deploy the A5/3 algorithm and we can all go about our business.

That said, there is an interesting point made, almost in passing, in the presentation. (more…)