Development Known Security Vulnerabilities

jcase · 08-15-2010, 08:50 PM

Thanks to your fellow forum member NiaTrue, I am leaving any development of the eDGe.

I did pass on some work to other people however.

I want to point out the following security vulnerabilities, which potentially put your device and personal data at risk

1) Kernel vulnerable to http://www.securityfocus.com/bid/38898

2) Kernel appears to be vulnerable to http://stealth.openwall.net/xSports/exploid.tgz

3) K9 mail app uses incorrect file permissions on the email database

MichaelV · 08-15-2010, 10:31 PM

wonder what is the edge response to this.

MichaelV · 08-15-2010, 10:32 PM

sorry to hear you are leaving. really an independent forum is needed for the Edge other dual screen android devices like Alex.

NiaTrue · 08-15-2010, 10:43 PM

At the very least, jcase should be banned for posting my work email address to the forum. Because I write and edit stuff for the web and popular magazines, my byline is out there; so that horse got out of the barn years ago. But it was still a juvenile thing to do, done with the intent to harass or intimidate me. As for the security vulnerabilities, various posters have asked over the past few months whether the eDGe is vulnerable. That's at least a partial answer.

MichaelV · 08-15-2010, 10:49 PM

I do not like personal wars on forum, but this is a full answer, the device is vulnerable and Edge should get their act together to release quickly a patch.

alefor · 08-15-2010, 10:49 PM

It is equally juvenile to continue this practice of "banning" free speech. Things have a way of naturally going away, and there is no need to institute censorship.

NiaTrue · 08-15-2010, 10:53 PM

Quote:

Originally Posted by MichaelV

I do not like personal wars on forum, but this is a full answer, the device is vulnerable and Edge should get their act together to release quickly a patch.

I'm only suggesting that it's possible there are other vulnerabilities we don't know about yet.

MichaelV · 08-15-2010, 10:53 PM

Edge are trying to protect their image but they do more harm than good. this is going now to be out of proportion on facebook and tweeter. Big retailers will notice and Edge may not ever go into retailers if the issues are not addressed soon. nobody will take on a device that has security vulnerabilities. this invites legal troubles. Edge should work with the developers not against them. I have to agree 100% with alefor.

MichaelV · 08-15-2010, 10:55 PM

Niatrue: this may be the case. and by retaining the source probably Edge is hiding those. by releasing it will allow the community to find those holes and point them out and for edge to release a quick patch, if they are able to do this, which sometimes I wonder!

JamesIvar · 08-15-2010, 11:08 PM

You are a very selfish and disrespectful person.

With the help of Justin I got android 2.2 booted on my EE today. I could not of done this myself, and now I can't finish it.

P1ss1ng of Justin guarantees vulnerabilities will be found rapidly after each update, and published for everyone to see.
Nice job enTourage and NaiTrue, way to ruin a good reader.

James Ivar

MichaelV · 08-15-2010, 11:14 PM

what is the point of having good hardware if the software is inferior? there are also hidden features that those people discovered that Edge never mentioned.

Chubulor · 08-16-2010, 12:28 AM

Everybody needs to calm the heck down and stop taking things so personally. I can't believe it's me who's saying this...

jcase, please don't take your ball and go home over this. You weren't planning on writing this software for one person, so you shouldn't not write it because of one person. Maybe you can just add a 20% surcharge to the price and we'll blame NiaTrue for that...

drsteve · 08-16-2010, 07:36 AM

I've just PM'ed Justin asking him to reconsider. Not sure if it will help. I had a feeling this would all get ugly like the last time. Why can't people just be friendly on forums and respect that others may have different opinions? I read somewhere that boris may have left the forum. I hope that' s not the case

fgruber · 08-16-2010, 08:08 AM

Unluckily that seems to be case.
In his profile he wrote:
"As my integrity continues to be insulted, I have withdrawn myself any my contributions from these forums."

and now he is listed as having only 131 posts.

Very sad day when the most helpful and enthusiastic member of the forum decides to leave because of the lack of respect.

Quote:

Originally Posted by drsteve

I've just PM'ed Justin asking him to reconsider. Not sure if it will help. I had a feeling this would all get ugly like the last time. Why can't people just be friendly on forums and respect that others may have different opinions? I read somewhere that boris may have left the forum. I hope that' s not the case

MichaelV · 08-16-2010, 08:11 AM

Dr Steve, I think this is Edge own making. If they would comply with the GPL licence and release the complete code months ago we would not have this discussion. The current release is just dust in the eyes of the community.

08-15-2010, 08:50 PM	#1
jcase Edge User	Known Security Vulnerabilities Thanks to your fellow forum member NiaTrue, I am leaving any development of the eDGe. I did pass on some work to other people however. I want to point out the following security vulnerabilities, which potentially put your device and personal data at risk 1) Kernel vulnerable to http://www.securityfocus.com/bid/38898 2) Kernel appears to be vulnerable to http://stealth.openwall.net/xSports/exploid.tgz 3) K9 mail app uses incorrect file permissions on the email database Last edited by Snow; 08-15-2010 at 10:51 PM. Reason: removed email address

08-15-2010, 11:08 PM	#10
JamesIvar Edge User	You are a very selfish and disrespectful person. With the help of Justin I got android 2.2 booted on my EE today. I could not of done this myself, and now I can't finish it. P1ss1ng of Justin guarantees vulnerabilities will be found rapidly after each update, and published for everyone to see. Nice job enTourage and NaiTrue, way to ruin a good reader. James Ivar Last edited by Snow; 08-15-2010 at 11:49 PM. Reason: personal info

Similar Threads
Thread	Thread Starter	Forum	Replies	Last Post
Creating security	goingsp	Kindle Developer's Corner	2	03-11-2011 12:38 AM
Kindle 2 Security	Jasoon Carey	Amazon Kindle	18	08-01-2009 11:35 AM
Security.	ruibittencourt	Workshop	30	03-05-2009 12:37 AM
Macinstosh Dashboard Opens Security Vulnerabilities	Bob Russell	Lounge	0	05-09-2005 11:40 AM

08-15-2010, 10:31 PM	#2
MichaelV Edge User	wonder what is the edge response to this.

08-15-2010, 10:32 PM	#3
MichaelV Edge User	sorry to hear you are leaving. really an independent forum is needed for the Edge other dual screen android devices like Alex.

08-15-2010, 10:43 PM	#4
NiaTrue Edge User	At the very least, jcase should be banned for posting my work email address to the forum. Because I write and edit stuff for the web and popular magazines, my byline is out there; so that horse got out of the barn years ago. But it was still a juvenile thing to do, done with the intent to harass or intimidate me. As for the security vulnerabilities, various posters have asked over the past few months whether the eDGe is vulnerable. That's at least a partial answer.

08-15-2010, 10:49 PM	#5
MichaelV Edge User	I do not like personal wars on forum, but this is a full answer, the device is vulnerable and Edge should get their act together to release quickly a patch.

08-15-2010, 10:49 PM	#6
alefor Edge User	It is equally juvenile to continue this practice of "banning" free speech. Things have a way of naturally going away, and there is no need to institute censorship.

08-15-2010, 10:53 PM	#8
MichaelV Edge User	Edge are trying to protect their image but they do more harm than good. this is going now to be out of proportion on facebook and tweeter. Big retailers will notice and Edge may not ever go into retailers if the issues are not addressed soon. nobody will take on a device that has security vulnerabilities. this invites legal troubles. Edge should work with the developers not against them. I have to agree 100% with alefor.

08-15-2010, 10:55 PM	#9
MichaelV Edge User	Niatrue: this may be the case. and by retaining the source probably Edge is hiding those. by releasing it will allow the community to find those holes and point them out and for edge to release a quick patch, if they are able to do this, which sometimes I wonder!

08-15-2010, 11:14 PM	#11
MichaelV Edge User	what is the point of having good hardware if the software is inferior? there are also hidden features that those people discovered that Edge never mentioned.

08-16-2010, 12:28 AM	#12
Chubulor Edge User	Everybody needs to calm the heck down and stop taking things so personally. I can't believe it's me who's saying this... jcase, please don't take your ball and go home over this. You weren't planning on writing this software for one person, so you shouldn't not write it because of one person. Maybe you can just add a 20% surcharge to the price and we'll blame NiaTrue for that...

08-16-2010, 07:36 AM	#13
drsteve Edge User	I've just PM'ed Justin asking him to reconsider. Not sure if it will help. I had a feeling this would all get ugly like the last time. Why can't people just be friendly on forums and respect that others may have different opinions? I read somewhere that boris may have left the forum. I hope that' s not the case

Advert

Advert

08-16-2010, 08:11 AM	#15
MichaelV Edge User	Dr Steve, I think this is Edge own making. If they would comply with the GPL licence and release the complete code months ago we would not have this discussion. The current release is just dust in the eyes of the community.