…and that’s the last time you’ll see both those words in the same sentence in this article, as the Android so-called masterkey vulnerability reverberates. (HT to Istvan Csizmazia.)
Paul Ducklin reports for Sophos that further samples have been found that make use of it: Android “Master Key” vulnerability – more malware exploits code verification bypass. As Ducklin observes:
A bad bug – and although it’s fixed in the Android open source codebase, Google simply isn’t saying anything about how long it’s prepared to wait for its handset partners to get the fix out to Android users around the world.
No comment yet from Chris DiBona it seems… And I’m not even going to mention the Chrome password fiasco, since it appears that it’s not a problem at all. Oh, all right, I’ve already mentioned it. (Quoted in an article by Rob Waugh.)
Small Blue-Green World