By contrast, mobile systems lag far behind the established industry standard for open disclosure about problems and regular patch distribution. For example, Google has never made an announcement to its android-security-announce mailing list, although of course they have released many patches to resolve many security problems, just like any OS vendor. But Android open source releases are made only occasionally and contain security fixes unmarked, in among many other fixes and enhancements...Don't Sacrifice Security on Mobile Devices
Android is hardly the only mobile security offender. Apple tends to ship patches for terrible bugs very late. For example, iOS 4.2 (shipped in early December 2010) contains fixes for remotely exploitable flaws such as this FreeType bug that were several months old at the time of patch release. To ship important patches so late is below the standard set by Microsoft and Ubuntu, who are usually (though not always) much more timely. (For example, Ubuntu shipped a patch for CVE-2010-2805 in mid-August, more than three months before Apple.)
- GSM security defeated by German hacker: NYT on CCC Boing Boing
- Now you, too, can engage in warrantless wiretapping! - Boing Boing
- More on the T-Mobile G2 "rootkit" -- it's actually a "NAND Lock ...
- Boing Boing: TOS on Cingular's wireless data service sucks as much ...
- Password Doesn't Shear Firesheep - Boing Boing
- Boing Boing: Security blunder: Sprint Wireless leaks customer data
- China cracks down on "money sucking" mobile phones loaded with ...
I write books. My latest is a YA science fiction novel called Homeland (it's the sequel to Little Brother). More books: Rapture of the Nerds (a novel, with Charlie Stross); With a Little Help (short stories); and The Great Big Beautiful Tomorrow (novella and nonfic). I speak all over the place and I tweet and tumble, too.