Originally Posted by stevep2007
I was just thinking that ther eis no such thing as security. Security is achieved by being harder to exploit than the other computers. Even 3-DES can be cracked with enough computing power.
So encrypting memory and stopping https caching would close two big holes. I'm now wondering what holes would remain to be exploited by the heartbeat exploit on a 4.1.1 device if this were done?
If I was on a stock phone running 4.1.1 and I was that worried about heartbleed, I'd unlock the bootloader and install Bell or Mex Retail because both are 4.1.2. I might even be possible to just swap the exploited binaries with the ones in our 4.1.2 roms, that's something someone else worried about this can do. Hell, it might even be possible to run the 4.1.2 roms with safestrap and the AT&T kernel...again, that's a someone else thing...I have no intention of dicking with SSR.
Think about Wifi being hacked....when it first came out a crappy password like 12345678 was good enough because computing power wasn't that good for consumers yet; nowadays, a basic gaming laptop can check 500,000 wpa2 passwords a second, a decent desktop with multiple GPU's can do over a million a second. All wpa2 hacking is sniffing out the verification md5*, then the tools generate passwords and their md5 and compare it against the sniffed out one, eventually you'll find one that matches, especially so if the password sucks. If you know how certain telecoms set up their wifi passwords, you can shorten the amount of time taken by limiting to the characters they use -- for example, AT&T U-Verse** uses 10 digit numeric passwords, so all you'd have to do is limit the tools to use numbers and start with 10 digits....hint: there are only 1 million codes if you use 10 numbers only....10 to the power of 10 and all....
That isn't a wifi hacking tutorial, just an example of how overtime good security unchanged becomes very bad security and how eventually an exploit will be found and security compromised, like how wpa2 for a split second sends out a the verification md5 unencrypted.
*not sure if WPA2 uses md5, but most of us know what md5's are
**last time I read about that service that's what I saw...and I read that a few months ago
If I managed to help you, click Thanks.
Please post help questions in your respected devices Q&A forum. That's we have them.
If you need my help, add an @skeevydude to your post or quote me. I'll see it.
Thank You & Have a Nice Day.
Help Me Help You. Sign up for 15gb of free storage at Copy.com using this referral -- I get 5 more GB and you get 5 more GB. We both win.
Atrix HD Off Topic Thread
"Remember there are no stupid questions, just stupid people."
-- Mr. Garrison