Forwarded from Hacker News
BleepingComputer
AT&T, Verizon reportedly hacked to target US govt wiretapping platform
Multiple U.S. broadband providers, including Verizon, AT&T, and Lumen Technologies, have been breached by a Chinese hacking group tracked as Salt Typhoon, the Wall Street Journal reports.
π±7π3π1π1
Is this author correctly interpreting the consequences of this Android signature policy?
Discuss:
How Google Kills Privacy and Security
One of many atrocities destroying privacy and security introduced in Android 12 and later is:
'Known signers permission'.
Per Android doumentation
What this essentially means is that a third party app that declares the attribute (known certificates) can obtain system level permissions without any additional action.
This is a huge security hole, because the actual signatures (by OEMs or custom rom developers) do NOT matter, as they automatically become 'known certificates'.
So, basically, starting from Android 12, your device is sold to third party apps, which essentially become system apps.
Another 'nice' feature is 'lease or credit' scheme, which for now is being implemented in branded phones:
if you leased or financed the phone, it could be disabled for non-payment.
Essentially, it's a Kill Switch. Welcome to the Brave New World.
I 'wonder' what could possibly go wrong?
https://t.me/LeOS_Support/138172
Discuss:
How Google Kills Privacy and Security
One of many atrocities destroying privacy and security introduced in Android 12 and later is:
'Known signers permission'.
Per Android doumentation
"Starting in Android 12, the knownCerts attribute for signature-level permissions allows you to refer to the digests of known signing certificates at declaration time.
Your app can declare this attribute and use the knownSigner flag to allow devices and apps to grant signature permissions to other apps, without having to sign the apps at the time of device manufacturing and shipment."
What this essentially means is that a third party app that declares the attribute (known certificates) can obtain system level permissions without any additional action.
This is a huge security hole, because the actual signatures (by OEMs or custom rom developers) do NOT matter, as they automatically become 'known certificates'.
So, basically, starting from Android 12, your device is sold to third party apps, which essentially become system apps.
Another 'nice' feature is 'lease or credit' scheme, which for now is being implemented in branded phones:
if you leased or financed the phone, it could be disabled for non-payment.
Essentially, it's a Kill Switch. Welcome to the Brave New World.
I 'wonder' what could possibly go wrong?
https://t.me/LeOS_Support/138172
Telegram
Ftr in LeOS β GSI - no gapps will work !!!
i wonder if this is true (copy/pasted)
[How Google Kills Privacy and Security
One of many atrocities destroying privacy and security introduced in Android 12 and later is:
'Known signers permission'.
Per Android doumentation
"Starting in Android 12, the knownCertsβ¦
[How Google Kills Privacy and Security
One of many atrocities destroying privacy and security introduced in Android 12 and later is:
'Known signers permission'.
Per Android doumentation
"Starting in Android 12, the knownCertsβ¦
π7π€4
When you have ads in response to conversations you just had their protest holds no water. Case Closed...
https://www.tweaktown.com/news/100984/google-responds-to-claims-pixel-smartphones-send-private-user-data-every-15-minutes/index.html
https://www.tweaktown.com/news/100984/google-responds-to-claims-pixel-smartphones-send-private-user-data-every-15-minutes/index.html
TweakTown
Google responds to claims Pixel smartphones send private user data to Google every 15 minutes
Google has responded to a recent report that claimed a Pixel smartphone was sending private user data back to Google servers every 15 minutes.
π₯10π3π―2
Forwarded from Bones' Tech Garage
"A quick link back to the beginner's videos for Linux. The videos will be the first post of the day."
https://t.me/BonesTechGarage/2304
https://t.me/BonesTechGarage/2304
Telegram
Bones' Tech Garage
"10 Things I Wish I Knew When I First Started With Linux"
https://www.youtube.com/watch?v=HIJ6LixbcAY
https://www.youtube.com/watch?v=HIJ6LixbcAY
π7β€1
π Just in case we need a refresher or you are just starting out.
π12
Our advice for avoiding this scam, is ditch the master scammer - Google.
https://www.makeuseof.com/ai-gmail-scam-scaringly-realistic/
https://www.makeuseof.com/ai-gmail-scam-scaringly-realistic/
MUO
This AI Gmail Scam Is Scaringly Realistic: Here's How to Stay Safe
AI advancements are a double-edged sword, and this new Gmail scam proves it.
π10