Androids full of viruses; at least its not herpes …

So a report was released today that suggests that there are around 50 malicious app on the android app market. Well I cant say im surprised. Not to flaunt any discontent towards google; I myself am an avid googler, and think they should be in the guinness book of world records for the worlds longest wardrive. Anyway, not to digress… Having one location to download software from (for the typical user) mean that it would inevitably be taken advantage of. My analogy for this a football stadium, no matter what you try to do , eventually someone is going to get past security and run onto the pitch naked and screaming. They will of course be delt with, but by that point the act has already been performed.

It appears that the mechanism for spreading these viruses is to patch, or rather tach-on the additional, malicious code to popular and well known application. Then, repackaging them and hosting the new version on the app market. The name of the virus is DreamDroid, and affects current versions of Android, barring the newely released Gingerbread. The code allows the remote installation ( and by extension we can assume remote execution) of applications on your device, aswell as sending your personal information and phone id to a remote server. The open source basis of Android has arguably brought this on itself, that being said, the open source community is very likely to respond with a patch to this attack, though any changes to the app market are down to google to solve.

“don’t be evil” – google moto

Just what is it about Linux?

So Ryan and I were touring around prospective students today, and I couldn’t help but find myself preaching to them. In the end all it would do is benefit them (I guess that what all preachers say). Never the less it seems safe to say that Hackers love Linux. Thinking back to it I’m not sure that most of them will even knew what Linux is. When is was in that position, I knew what it was, though beyond that it was an operating system my knowledge was shamefully bare. But why do we like Linux? Yes it is open, and yes it is free, but so are most UNIX distribution. Surely it has to be more than that? Personally I enjoy the ease of it. The idea behind it makes sense; a system that I can change and redistribute till my heart is content. Having played about with the kernel components of Linux for a time now, I can honestly say that I actually enjoy the kernel. All of the header files are easily accessible (and alterable), and including your own headers is easy once you know what you are doing. Kernel modules are an excellent way of loading in drivers, or other software that you need running in the kernel (rootkits anyone?) Linux just ticks all of my boxes, and while I don’t dislike Windows, I find it a system that I use on a less frequent basis (avoiding proprietary format that force you to use Windows.) I guess the fact stands, penguins rock.

A consideration of Hacking

People in security can define a hacker.  It is not only a requirement of their job, but in general a part of their passion for what they do (assuming that they are as security obsessed as I am.) The worrying point is that the public have a false impression of what a hacker actually is. By surprising extension, even the Oxford definition a hacker is somewhat, misleading…

” a person who uses computers to gain unauthorized access to data.

informal an enthusiastic and skilful computer programmer or user.”

So yes, we might consider a hacker as someone who can break the security of a computer system. Though It is their intention and motive (as well as their contract and disposition) that dictates whether the system has been hacked or cracked. There should be, if their is not already, a movement within the security community to raise awareness among non-techies. To educate and reassure the public that a hacker is not the baddy, but rather a dark superhero fighting to make the world that little bit safer.

Ok, so maybe that is a little idealistic. What can i say, maybe one day