login, security and the N900
 

Hei Folks
just wondering, how do you handle access to the N900?

on my N900 many of the browser logins store the password, so anyone getting hold of the phone would be able to log in on these sites.
Clearly, using a password would be appropriate. On the other hand, typing a password for every usage of the phone seems impractical. Perhaps if a gesture could be used instead (which does not seem to be available as login).

How do you people handle this?

Re: login, security and the N900
 

no takers?

Re: login, security and the N900
 

You want something like Android visual lock screen?

It's not that secure. There is an iPhone version of that - How to bypass? Ring the phone [if you find the iPhone - insert you sim] and just hang up on the call. Done. Access to phone. Android had some bugs which had similar issues...

Re: login, security and the N900
 

Actually, I was wondering how you people deal with this issue: ease of acces on the one hand and security on the other. Now I have it wide open: if I loose the phone anybody can use the browser on the stored site with the passwords gracefully supplied by it.

swiping (like on android) would add a measure of security.

Or do you people not have the browser store logins/pw
or do you type in a 5 digit code everytime you look up something on then900
or do you simply not car (as I have done thus far)?

Re: login, security and the N900
 

Re: login, security and the N900
 

huh!! we are not safe i personally thing so

It is important to note that also official repositories "may include malware that access data stored in the device, cause financial damage or harm the device."
see this

http://online.wsj.com/article/SB1000....html?mod=e2fb

Re: login, security and the N900
 

I'm still in the experimental phase :) I, personally, do not store any passwords in my browser. But there are still many other files on my N900 that I don't want to loose. So I actually activate the lock after 30 minutes of inactivity. As a compromise you can activate the lock only when you are travelling (if you agree, that at home and hopefully at work, also, the risk is not so high).


Yes you are right, but with open source it is more unlikely than with closed source downloads. And everyone has to decide for himself, if he want to let his data completely open (just because there could be malware, anyway). ;)

Re: login, security and the N900
 

TrueCrypt'ed /home/user/MyDocs (VFAT) and also /home would solve lots of security risks, but then there should be a place in the boot scripts where the passphrase is asked so the system could boot up. It is doable.

Re: login, security and the N900
 

We are not safe anywhere. Trust no one.
http://marc.info/?l=openbsd-tech&m=129236621626462&w=2

And as long as CPUs are designed in USA, I myself assume there are backdoors inside CPU which are triggered with some data pattern which can come from anywhere (net,usbstick,program,datafile) to L2-cache and recognized by the circuity. After that CPU's secret OS-detection routines inject backdoors to any closen or open source operation system. So just sending suitable IP-packet to some IP-address will get the target machine owned, and no firewall or virus-protection will help.

We know, starting from Pentiums, there is parts of the circuity on the CPU which does not seem to have any function and number of transistors have multiplied since then.

It would be cost effective, so would be stupid NSA not to do it. Practically all CPU's are designed in USA, doesn't matter where they actually are made after that - noone will debug current huge and complex circuity by reverse engineering.

Re: login, security and the N900
 

The stuff you download from the repo is already compiled. Nobody guarantees that there isn't a backdoor. You can compare the repo with a closed source download. Even on Open Source projects, not everyone verifys that the packet which he has download wasn't replaced during a MITM-Attack(yeah I know, paranoid). And of course nearly nobody has the time to read a source code of a program fully (and undertand it). And not everyone has the skills to find a good backdoor. So you are not really protected against a good backdoor. Of course, in OpenSource projects it's still more unlikely than in closed source software.

Personally, I don't store passwords in microb/firefox. If so, then only with a master password. I encrypted the whole MyDocs partition with TrueCrypt. I moved the phonebook, SMS database, $HOME/.mozilla etc. into it. I also enabled the lock key for protection, because all my data would be accessable when the phone isn't off. So if my phone gets stolen, "they" can't access most of my personal files. The one thing they can do is to reflash the device, crack the DES lock code and have fun with it.

Oh, if you use some passwords in GUI applications, make sure that this auto complete stuff is deactivated, because it will probably store it in /home/user/.osso/dictionaries/.personal.dictionary. It was a nice awakening when I found out about it :-).