I'm gonna go ahead and assume that with 9/900 some messages on this board, and how slow things are this is probably not the place that those bulletins get posted. Secondly look at patch notes for the android mobile phone, I am sure they mention it. Also keep in mind that there is a good probability that posts get archived that aren't current, including old fixed bulletins.
That said... please check here: http://groups.google.com/group/android-security-announce As for your definition, how can we answer your question without your definition? On Sep 10, 9:53 am, Jan Niggemann <[email protected]> wrote: > 2010/9/10 Tauren <[email protected]> > > > First off, there have been a number of "android" vulnerabilities, go > > look at haxxor news and see what you turn up. > > I'm aware of the attack vectors and possibilities, thank you. > > > More so those bulletins probably were taken down when the > > vulnerability was removed in the followup emergency push. > > That's absurd. If so, why isn't there an archive for those security > bulletins? > And where are the postings to the full-disclosure mailing list? Let me > remind you that in 2008, the Android security team posted to that list, that > they'll publish security bulletins "when the fixes are available". > And I'm pretty certain that there have been no security bulletins so far. > Neither in the Google group, nor on said mailing list. > > > Lastly what is your definition of noteworthy? > > I'm pretty sure that no one cares about _my_ definition.Google writes: > > "We will publicly announce security bugs when the fixes are avandroid > security bulletinailable > via postings to the android-security-announce group on Google Groups." (link > in my 1st post). > So it all boils down to this:android security bulletin > > IF security_bug found AND fixed > THEN publish bulletin. > > > Is note worthy DOSing > > your phone via SMS? that has been done > > I'm sure there are also other areas of the phone that need to be > > researched and looked at. Having some toolrod open a PDF and pwn > > their phone just like they did on the iphone is an example. > > The question is: Would that be a design flaw in the OS implementation or in > an app? > If it's the OS, following their own guidelines, Google should publish a > security bulletin. Either after the availability of a fix, or after 60 days. > > > The point is, you have a phone, its actually a computer, it will have > > vulnerabilities, they are doing their best to remove them. The most > > you may hear of it is a little blurb with someones name on it for > > finding the bug. > > So please show me the blurbs - where are they to be found? > You say there _are_ security issues. If that assertion is true, then there > should inevitably be a publication of that issue, if Google respects their > own guidelines. > At least if the issue is fixed, if I understand correctly. > Or it's just a matter of misintepretation, maybe because my 1st language > isn't English ;-) > I just can't get straight that there _are_ security issues* AND there's no > publication of bulletins yet. > > Regards > jan > * No big deal for me, every piece of software has 'em. -- You received this message because you are subscribed to the Google Groups "Android Security Discussions" group. To post to this group, send email to [email protected]. To unsubscribe from this group, send email to [email protected]. For more options, visit this group at http://groups.google.com/group/android-security-discuss?hl=en.
