×
Android

KeyStore Vulnerability Affects 86% of Android Devices 71

Posted by timothy from the that's-a-lot dept.
jones_supa (887896) writes "IBM security researchers have published an advisory about an Android vulnerability that may allow attackers to obtain highly sensitive credentials, such as cryptographic keys for some banking services and virtual private networks, and PINs or patterns used to unlock vulnerable devices. It is estimated that the flaw affects 86 percent of Android devices. Android KeyStore has a little bug where the encode_key() routine that is called by encode_key_for_uid() can overflow the filename text buffer, because bounds checking is absent. The advisory says that Google has patched only version 4.4 of Android. There are several technical hurdles an attacker must overcome to successfully perform a stack overflow on Android, as these systems are fortified with modern NX and ASLR protections. The vulnerability is still considered to be serious, as it resides in one of the most sensitive resources of the operating system."
Cellphones

Ask Slashdot: SIM-Card Solutions In North America? 146

Posted by timothy from the not-our-strong-suit dept.
An anonymous reader writes I'll be returning to North America for July for the first time in a few years, and I'm curious how the phone carrier market compares with the rest of the world. My last time in the U.S., I had to pick up a disposable phone with all kinds of unnecessary environmental waste (charger, packaging, etc.), and *still* had to register it with another domestic (!) phone number and credit card. I don't think I could get a SIM card there without a contract. Anywhere else I travel, picking up a new SIM card with pre-loaded credit is trivially easy. In my last trip to the UK, I just put GBP 10 into a vending machine at the airport and picked up a loaded SIM card for my phone which aldready has my contacts and settings. No ID, no name, no hassle. What are the best options for me in North America (U.S. *and* Canada)?

Slashdot Top Deals