2013年11月28日星期四

Nokia Xpress Browser servers found to decrypt HTTPS traffic

Nokia Xpress Browser servers found to decrypt HTTPS traffic, an update issued

Nokia’s Xpress Browser is the default web browser on the Nokia’s Asha lineup and it’s also an optional download for the Lumia phones, running on Windows Phone. Nokia prides on the capabilities of the web browser to compress data and reduce traffic.

To accomplish this Nokia servers process and compress all data to and from the mobile device. But has it occurred to you that in the process Nokia’s servers are also decrypting the information sent over the allegedly secure HTTPS protocol, which you may have thought no one has access to. Nokia does not refuse that, but claims you shouldn’t worry, as nothing is recorded. But can we trust it?

The Xpress Browser is advanced enough to translate web pages, search for keywords you tap on and even re-format pages into a nice magazine-like reading layout sans distractions. But this amazing piece of software also communicates all your sensitive data to Nokia servers where it’s temporarily decrypted to plain text form, as security researcher Gaurang Pandya has discovered.

“From the tests that were preformed, it is evident that Nokia is performing Man In The Middle Attack for sensitive HTTPS traffic originated from their phone and hence they do have access to clear text information which could include user credentials to various sites such as social networking, banking, credit card information or anything that is sensitive in nature. In short, be it HTTP or HTTPS site when browsed through the phone in subject, Nokia has complete information unencrypted (in clear text format) available to them for them to use or abuse,” – Pandya points out.

Nokia’s statement on the matter is as follows:

��Importantly, the proxy servers do not store the content of web pages visited by our users or any information they enter into them. When temporary decryption of HTTPS connections is required on our proxy servers, to transform and deliver users�� content, it is done in a secure manner. [...] Claims that we would access complete unencrypted information are inaccurate.”

Other competing proxy browser services take a different approach with HTTPS packets. The all popular Opera Mini web browser, for instance, simply routes the packets to their destinations without decrypting them. Amazon’s Silk browser or the Skyfire mobile browser detect those packages and don’t even transfer them though their servers. In contrast, Nokia’s Xpress Browser actually impersonates you and the visited site in a Man In The Middle style.

An update from today (Jan 11) by Gaurang Pandya tells us that Nokia has released a browser update. “[...]They are no more doing Man-In-The-Middle attack on HTTPS traffic, which was originally the issue, and the bad news is the traffic is still flowing through their servers. This time they are tunneling HTTPS traffic over HTTP connection to their server” – he writes.

The fact that unknown servers read my usernames and passwords just so that they can compress them, is enough to send shivers down my spine. What about you? Worried?

Source | Via

10-inch BlackBerry PlayBook photographed next to a PlayBook 4G in Vietnam

10-inch BlackBerry PlayBook photographed next to a PlayBook 4G in Vietnam

The BlackBerry PlayBook never gained the popularity that RIM was hoping for and rumors of a bigger 10″ version fizzled out. Vietnamese blog Tinhte however, received photos of just that – a 10″ PlayBook – right next to a PlayBook 4G (Sprint had plans to offer these but then canceled).

Interested to see what could have been? There are a few more shots after the break.

The 10″ BlackBerry PlayBook looks just like an upscaled version of the 7″ version with its rectangular looks and black bezel. The screen aspect ratio is different though – it looks closer to the aspect ratio of the iPad (4:3).


BlackBerry PlayBook 10-inch

The 10″ PlayBook looks as slim as its smaller sibling (so around 10mm) and has a 7250mAh battery in it.

The PlayBook 4G looks identical to the current 7″ model – same size and everything, except for the SIM card slot, the added LED flash for the camera, and the “BlackBerry 4G PlayBook” label (though it’s not clear if it’s the HSPA+ or the LTE model).


BlackBerry PlayBook 4G (7-inch)

What we’re seeing here is most likely left over prototypes. The PlayBook 4G never made it to Sprint but the model might still materialize as there are rumors that Bell Canada will be launching that model tomorrow. The fate of the 10-inch model is even more uncertain.

Source (in Vietnamese)

2013年11月27日星期三

A day in the life of Samsung Galaxy Tab 10

A day in the life of Samsung Galaxy Tab 10.1 flies by in twelve minutes on video

Someone over at the AndroidHD blog must be seriously in love with their Samsung Galaxy Tab 10.1. So much so that they spend a whole day playing with the new droid tablet and edited the whole thing into a 12 minute long ad (an unofficial one, that is).

The video takes the Tab 10.1 everywhere – from home, on the train, in the car, on a boat, or to see the Eiffel Tower back home…

Several photos are taken with the Samsung Galaxy Tab 10.1 during the making of the video and you can check them out over at the AndroidHD blog. Unfortunately, they’ve been downsized.

You’ll also spot a large number of Android dolls – the mark of a true droid geek, I suppose.

Anyway, here’s the video – all 12 minutes of it.

Much better than that short hands-on video, right?

Source

A custom package enhances Qt support on all touch Symbian phones

A custom package enhances Qt support on all touch Symbian phones, Samsung OmniaHD included

We often write about the Samsung i8910 OmniaHD and the enthusiastic community of developers behind it who try to keep its software up to date (when Samsung won’t). Well, here’s the next installment of the saga – in this episode, soft modder faenil and his friend madhacker bring the full Qt libraries to the OmniaHD thus improving compatibility with some existing apps and many more to come…

You’ve probably heard that Qt is a cross-platform developing environment, on whicn Nokia stake a lot. It should allow developers to craeate apps that run on all Nokia devices no matter the underlying OS. It seems however that non-Nokia Symbian smartphones (OmniaHD included) are missing out on the fun as they are not prepared to take full use of Qt capabilities.

The general consensus about the Samsung i8910 OmniaHD in the modding community is great hardware, ailing software. For example, apps like WordPress for Symbian, gpSP (a GameBoy Advance emulator), Wikitude and ComingSoon don’t work very well with the Qt libraries available for the OmniaHD (apparently, they’ve been cut down).

The custom libraries provide the full functionality and let those apps work properly. The installation process is quick and easy thanks to the provided one-click installer those devs made. Check out the video to see the installation process.

You can grab the installer from faenil’s website. Some people are reporting that they’re not having much success with some apps though. As always, keep in mind that this is unofficial so there are no guarantees for anything.

2013年11月25日星期一

Lenovo launching Android-running LePad tablet in June

Lenovo launching Android-running LePad tablet in June

Lenovo is one of the largest PC manufacturers in the world. It’s in the top five actually. And now they’ve confirmed an Android tablet, bound for world-wide availability, is coming in June.

The Lenovo LePad

It will bear the name LePad and, sadly, it isn’t anything to lose sleep over. It will feature a 1.2GHz processor of the Qualcomm Snapdragon lineage, Android 2.2 Froyo and a 10.1-inch touchscreen.

Expected price for the upcoming device is said to be in the $399-$449 range, which probably is inexpensive for that hardware.

We hope Lenovo’s first attempt at a Europe-bound tablet to be followed up with the much-needed software update to Honeycomb to make the LePad a truly competitive product. Android Froyo just doesn’t cut it anymore, when it comes to tablets.

Source

2013年11月19日星期二

"Apple Store" app for iOS to get an update

"Apple Store" app for iOS to get an update, will add full hardware customization for Macs

Remember the Apple Store app that was released last year that allowed you to buy Apple products from your iOS device? Considering the limited functionality it offered, you probably don’t. But according to information received by MacRumors, this modest little application is soon going to receive a major update, which will make it a lot more usable.

The biggest change that we know about as of now is going to be the ability to customize the hardware of the Macs before you purchase them. Before, you could only buy them in their stock configuration but now you will have the full set of options to choose from for both the hardware and the software, same as on Apple’s online store. You will also be able to select add-ons, such as AppleCare and printers, etc. to your purchase.

These changes are bound to make the app more useful. I just hope that Apple makes this app usable in more countries than what is currently possible.

Source