Thread: Idea: N900 security update (openssl, browser etc)
View Single Post
Xagoln is offline Xagoln
2016-09-15 , 18:43
Posts: 262 | Thanked: 315 times | Joined on Jun 2010
#26
Originally Posted by t-b View Post
Interesting - I assume there are a lot of people using an insecure browser then.
I would say so.

Tbh - I have no idea what the red flags are all about and what are the worst issues. Most red flags doesn't necessarily mean the least secure.

I am also wondering what the risks are if you are just avoid browsing the sketchy sites. I usually use my N900 to browse one of the more well known news sites, a couple of boards or emacs sites so I feel relatively safe.
Yes, I think you would be relatively safe. There are still man in the middle attacks (which many of the recent vulnerabilities relate to), but that requires somebody to have:
  • hacked networking equipment in a carrier, ISP, or, hosting company, and
  • the time and the interest to go after you, specifically

And even if you're targeted.. what can they do? What are the real world risks for browsing the web with an insecure browser with an N900, Android or Jolla phone?
In a worst case scenario an attacker can take over your phone, extract all data and delete your files - how much of a chance is that?
The attacker might also try to install a windows file on your N900. Good luck with that...
Probably the two worst things they could do would be:
  • install ransomware on your phone and encrypt your filesystem
  • install a rootkit on your phone and then silently collect information, hoping you'd log in to a website from which they could garner info, or use your phone in DDOSing, or even record your calls, switch on your webcam, etc

Neither of these are 'low hanging fruit' with regard to N900 by any means and would require more work.

So it might look worse than the situation actually is. Any security experts here?
I think due to the fact that the browser on N900 is so old (and the hardware so RAM-starved) we're less inclined to do much browsing with it, so I think we're probably safer than many other devices.

But we really should not be complacent, either!
 

The Following 9 Users Say Thank You to Xagoln For This Useful Post: