[Owasp-leaders] [Owasp-mobile-security-project] Antiy Labs - A Comprehensive Analysis on Carrier IQ

Jim Manico jim.manico at owasp.org
Sun Dec 11 16:26:37 EST 2011


I do not think OWASP has a role to play in this very political landmine.

We are great at making recommendations around web security, but I think 
getting deeply involved with issues of this nature is out of our 
mission. Besides, the entire world is watching CarrierIQ right now. 
There are plenty of pro's at other organizations who are "on it" already.

My 2 cents.

Aloha,
Jim
> So we know about Carrier IQ, the failure of opaqueness and how to work with
> security researchers properly.
>
> My understanding of the current situation is that there is effectively a
> supply-chain issue going on with a "not me guv" game going on at the moment
> from all the major stakeholders (see Eric Schmidt's comments yesterday):
> http://www.computerworld.com/s/article/9222532/Google_s_Schmidt_calls_Carrie
> r_IQ_software_a_keylogger
>
> What role does OWASP have to play in this?
>
> Thoughts?
>
>
> David.
>
> -----Original Message-----
> From: owasp-mobile-security-project-bounces at lists.owasp.org
> [mailto:owasp-mobile-security-project-bounces at lists.owasp.org] On Behalf Of
> Benson
> Sent: 08 December 2011 23:27
> To: Ludovic Petit
> Cc: owasp-mobile-project at lists.owasp.org;
> owasp-mobile-security-project at lists.owasp.org; owasp-leaders at lists.owasp.org
> Subject: Re: [Owasp-mobile-security-project] Antiy Labs - A Comprehensive
> Analysis on Carrier IQ
>
> One inaccuracy I found in the article is the claim that Carrier IQ's
> spyware/bloatware was included in CyanogenMod.  This post on the CM blog
> clears that up a bit:
> http://www.cyanogenmod.com/blog/cyanogenmod-will-never-have-carrier-iq
>
> Benson
>
> On Thu, Dec 8, 2011 at 2:26 PM, Ludovic Petit<ludovic.petit at owasp.org>
> wrote:
>> Hi guys
>>
>> Just fyi.
>> http://www.antiy.net/en/report_A_Comprehensive_Analysis_on_Carrier_IQ.
>> html
>>
>> Best.
>>
>> - Ludovic
>>
>> --
>>
>> Ludovic Petit
>> Chapter Leader OWASP France
>> OWASP Global Connections Committee Member
>>
>> Mobile: +33 (0) 611 726 164
>> E-mail: ludovic.petit at owasp.org
>>
>> LinkedIn: http://www.linkedin.com/in/lpetit
>>
>> ___________________________________________
>>
>> OWASP-Leaders mailing list
>>
>> OWASP-Leaders at lists.owasp.org
>>
>> https://lists.owasp.org/mailman/listinfo/owasp-leaders
>>
>>
>>
>> _______________________________________________
>> Owasp-mobile-security-project mailing list
>> Owasp-mobile-security-project at lists.owasp.org
>> https://lists.owasp.org/mailman/listinfo/owasp-mobile-security-project
>>
> _______________________________________________
> Owasp-mobile-security-project mailing list
> Owasp-mobile-security-project at lists.owasp.org
> https://lists.owasp.org/mailman/listinfo/owasp-mobile-security-project
>
> _______________________________________________
> Owasp-mobile-security-project mailing list
> Owasp-mobile-security-project at lists.owasp.org
> https://lists.owasp.org/mailman/listinfo/owasp-mobile-security-project



More information about the OWASP-Leaders mailing list