orb3000 · Feb 4, 2011 at 06:00 pm

HTC Peep Vulnerability Update

XDA Moderator Noonski let us know about an interesting article published today regarding HTC Peep vulnerability. Despite we have known about this since August 2010, there was no published fix for this problem. According to the original article, the default Twitter client in HTC devices, HTC Peep, is vulnerable to two different credentials disclosure vulnerabilities during the authentication process against the Twitter service (twitter.com). The first vulnerability resides in the third HTTP request, a POST request towards the “/oauth/authorize” resource, which contains several parameters, including the Twitter user name and password in the clear, making the authentication process vulnerable to eavesdropping attacks.
The latest information claims that there is a fix: HTC replies back informing “…that for the time being the update hasn’t yet been released on the website however, any customer who wishes to download it can contact us and we will send it out to them”.

Originally posted by Noonski
Maybe of interest

HTC Peep vulnerability.

Continue reading.

Thanks to our friend and XDA member pof for the tip


_________
Want something on the XDA Portal? Send us a tip!

orb3000

orb3000 is an editor on XDA-Developers, the largest community for Android users. @orb3000 News Writer & Forum Moderator @xda-developers. Windows Phone/Android enthusiast, like HTC and flashing! 100% cert. free of i-products Xalapa, México View orb3000's posts and articles here.
Chris Gilliam · May 29, 2015 at 11:29 am · 3 comments

I/O Summary: Google Cardboard Virtual Reality

One year ago, Google introduced cardboard. Amazingly enough, that was all it took to fire up the Virtual Reality scene on Android, and what began as an open design concept exploded into thousands of apps and dozens of headsets from big and small vendors alike. Now, there are more than 1 million cardboard viewers/handsets - a Google-quoted number that might not even be accurate given the ease with which headsets can be rigged through off-the-shelf equipment. This year, cardboard returned...

XDA NEWS
Jimmy McGee · May 29, 2015 at 06:00 am · 4 comments

Android M Preview Images – XDA TV

Android M preview images are available. That and much more news is covered by Jordan when he reviews all the important stories from this week. Included in this week's news is the announcement of Google's Project Tango going on sale and be sure to check out the article talking about Google's Roboto font going open source. That's not all that's covered in today's video! Jordan talks about the other videos released this week on XDA TV. XDA TV Producer TK...

XDA NEWS
Mathew Brack · May 28, 2015 at 09:59 pm · 6 comments

I/O Summary: How Android M Handles Power And Charging

In the spirit of improving the core Android experience, Google is changing Android M to be smarter about managing power. Their new Doze feature comprises of two primary roles which allow Android to use motion detection in order to predict activity, and go into deep sleep at the right time based on accelerometer readings.   In order to extend your screen off battery life, Android M will now monitor your activity levels and if it detects that your device has...

XDA NEWS
Share This