N900 security without corporate support
Hopefully someone with more technical knowledge than me can provide some insight. How secure is an up-to-date N900 currently when you only use the standard applications and maybe occasionally the browsers in the repo?
The N900 hasn't received security updates for a long time now so I am wondering how safe we are and what we can do to protect ourselves. I basically try to avoid browsing at all or browse for a short period of time and only to sites I trust. I have easy debian installed, so for 'less trustworthy sites" I can always use a recent version of iceweasel. Easy debian makes use of a chroot so I assume that is intrinsically more secure than using standard maemo apps. That is only browsing though.. other apps I should avoid or at least be aware of? |
Re: N900 security without corporate support
it's old. what are your needs? it's much better you explain your requirements then you can be told if those are possible or not.
|
Re: N900 security without corporate support
OK - not sure about my needs because they can change daily but it basically boils down to (next to just using it as a phone) this:
- Maemo platform with the latest (stable CSSU) - how secure is just enabling internet out of the box? What about security updates for libraries? Is - Browsing (1) - how secure is the default browser or any of the alternatives in the repos - Browsing (2) - how secure is using easy debian for browsing or other uses (I assume the most secure solution - but I might be totally wrong) - Other not updated apps that use connections to the internet or bluetooth (e.g. Twitter app - Mail - Facebook - Telegram - emacs) - I haven't tried it yet, but also interested in using something like modrana I am just trying to understand what the security risks are - what can happen (worst case) - how to prevent, detect or fix security issues. After understanding the risks one can decide how to continue to use the phone. I am not paranoid btw ;) |
Re: N900 security without corporate support
Just new today http://talk.maemo.org/showpost.php?p...postcount=2217
Including security update for libssl0.9.8 |
Re: N900 security without corporate support
Quote:
Note also that chroot has nothing to do with (real) security. Obviously there are many -- known and unknown -- unpatched bugs and security holes, but for most practical purposes you're safe -- safer than with a modern Windows with an up-to-date antivirus anyway :) |
Re: N900 security without corporate support
I agree with reinob.
The usual reason for writing an exploit for a system is getting economic benefit somehow. N900 is so rare phone that attacker has hard time in getting major money by attacking it. Of course it is possible to hit a jackpot, but I think attacker has better change by attacking ios or android. Naturally this does not exclude people who write nasty software just out of curiosity, but again, why would they choose nearly six years old system? Naturally generic web page exploits against browsers might hit us, but even them might grind to halt when the browser gives access to underlying system which is alien to the attacker. |
Re: N900 security without corporate support
It is awesome to see a phone as old as the N900 is still maintained and software improved. The CSSU team is doing an amazing job keeping the phone relevant.
Quote:
|
All times are GMT. The time now is 09:23. |
vBulletin® Version 3.8.8