Unsanity.org: More About Androids

May 20, 2004

More About Androids

Just to add on to Jason's post - Paranoid Android is designed to shield you from a different approach than described in the recent Wired article and other sources, so this is not about recent help:// vulnerability (although it will shield you from that one as well). =)

Posted by slava at May 20, 2004 03:13 AM

Trackback Pings:

TrackBack URL for this entry:
http://www.unsanity.org/mt-tb.cgi/247.

Related:

Dear APE, I want you inside me. Love, Leopard #2: APE 2.5b2 - Aug 06, 2008
Enthusiastic Trepidation - Feb 24, 2008
Pragmatic Disillusionment - Feb 24, 2008
Apple Punishes Those That File Bugs on Their Precious Leopard - Nov 11, 2007
Leopard! - Oct 27, 2007

Comments

"Paranoid Android is designed to shield you from a different approach than described in the recent Wired article..."

Great idea. However...

There is no security risk in using address:// URL's, and I use them frequently. PA makes me OK these URL's one by one. That's a drag.

So, my suggestions for the haxie's author:

- Add address:// URL's to the permitted list.

- More generally, in PA's dialogue, there should be an option for "Always allow this type of URL's". This will take of problems like mine that the author cannot foresee.

Posted by: petey on May 20, 2004 5:01 PM

I agree. I thought PA sounded like a good idea until I read a blog entry that talked more about it and I realized it makes you OK any URL that talks between applications. And that's simply not acceptable to me. If I could say "always allow this URL type" then it would be great.

Posted by: kevin on May 20, 2004 5:26 PM

oh, by the way, "address:// URL's" is a mistake. i meant to talk about "addressbook:// URL's".

the point remains the same, but i'd be slightly confused if i came across my own post...

Posted by: petey on May 20, 2004 7:08 PM

Thanks for the clarification, petey, I was sorta confused. Please keep in mind that Paranoid Android is really meant to be a stopgap solution until Apple fixes this issue. I'm considering adding a prefpane where you can configure "always ask" and "never ask" schemes, but I won't guarantee that I'll do it - after all, it's a free haxie. :)

Posted by: Jason Harris on May 20, 2004 8:40 PM

"Please keep in mind that Paranoid Android is really meant to be a stopgap solution until Apple fixes this issue."

understood.

if you want to do anymore work on it, rather than the hassle of implementing a prefpane interface, i'd suggest:

- just adding more URL types to the "safe" list. these might include rtsp, pnm, addressbook, ical, webcal, sherlock.

(if i my understanding of the exploit is correct, these can't cause any damage.)

and just to note: despite this issue, PA is a damn fine solution to the problem.

Posted by: petey on May 20, 2004 9:07 PM

Post a comment
Keep comments on topic. If a comment is unrelated to this post, it may be removed or moderated.