Sivan Greenberg wrote:
On Mon, Nov 8, 2010 at 2:27 PM, Ian Stirling <ma...@mauve.plus.com> wrote:
Firstly - why on earth do you care?
If a user is authenticated, why does it matter if they are breaking any
agreements they may have made with you to only access content on their n900.
Never post to public list when you are going over your 5 tasks in the
same time limit. This is perfectly true and holds! Moreover, the
client for the service would only run on the N900 (well until I
develop a desktop version of it) . but for all purpose a user account
would suffice.
Yeah - seems more sane to apply it on a per-user basis, as a filter at
the server, unless I'm missing something.
The silly hack that comes to mind is to go to the firmware download page,
and use that as an authenticator, but that would be insane.
Out of *pure* technical curiosity how would that work? I mean, how can
I ask tablets-dev to authorize someone when it authorizes it due to
knowing that IMEI he/she provided is indeed a nokia device?
As simple as go to the firmware download page (with a script) enter the
IMEI the user supplies, see if it authenticates.
Though not specifically answering that point, I suggest
http://laforge.gnumonks.org/weblog/gsm/
http://threatpost.com/en_us/blogs/researchers-hijack-cell-phone-data-gsm-locations-042110
Also - you can bar the phone in many instances with only the IMEI, by
reporting it stolen.
My concern is not so much that you might do something nefarious - but
that you might screw up, and my IMEI turns up along with my name,
address, and possibly CC/paypal details on thieftorrent.
There are - as I understand it - limited attacks that are possible using
the IMEI at the moment.
GSM very much is not designed as a secure protocol, so I wonder if with
the increasing ease of access, if that will remain so.
Also - as a user, I would be hesitant at giving out my IMEI.
While there are few risks at the moment, open-source GSM platforms are
becoming available to the hacker community, and the protocol was not really
designed for security.
I never gave thought to this, what would it help in abuse to have your IMEI ?
I will note that http://www.omniqueue.com/ shows a pleasing sparseness of
design, that many websites would do well to imitate.
Thanks! I try ;-) Even if it had a design it would most probably be
very minimalistic on the brink of a text document....
No flash ads, no slow javascript, and at 0 bytes, quick to transfer!
Cellular data consumer kept in mind! :-p
Cheers,
-Sivan
_______________________________________________
maemo-developers mailing list
maemo-developers@maemo.org
https://lists.maemo.org/mailman/listinfo/maemo-developers
