This rather alarming looking headline refers to this research paper: http://www2.dcsec.uni-hannover.de/files/android/p50-fahl.pdf // By and large, the paper describes issues related to known SSL/TLS/PKI vulnerabilities and implementation/arguable user interface weaknesses that are rather commonly present across most platforms, not just Android.  Some of these could be avoided to some extent via automated code scanners (a technology set that is gradually coming to various environments), but the reality is that without severely restricting developer and site flexibility, there is only so far we can go toward making these systems more (but still not perfectly) bulletproof.  The paper also notes a number of methodological limitations that make a full analysis somewhat problematic.  There are really no big surprises here for anyone who studies crypto systems in the Web environment, but obviously we must work to do better.  I'll be popping back up for a couple of minutes on Coast to Coast AM radio tonight a bit after 10 PDT to discuss this.
Shared publiclyView activity