http://www.secuobs.com Observatoire de la securite Internet fr webmaster@secuobs.com 2010-06-26 00:19:01 - CKTRICKY AppSec : This morning I saw a tweet by dinodaizovi Dino posted a comment regarding an article by Google you can find Here responding to an interesting method of gaining Root via RootStrap link Here To summarize Google sort of dismissed the idea that this application and research, by jonoberheide was damaging because the application he created didn't have root permissions, it simply had network permissions to download rootkits and install them in areas of the device not meant for normal applications Google Android removed the application with an over the air update We are saved okay sarcasm It got me thinking, I remembered something I touched on during a presentation at a recent NoVAH Hackers meeting The idea was basically using something like XSS to redirect an Android user to download an attacker's application s Here is the video, stick around to the end, you may get a chuckle Android and another use for XSS from cktricky on Vimeo Happy Hacking cktricky http://www.secuobs.com/revue/news/235222.shtmlhttp://www.secuobs.com/revue/news/235222.shtml Secuobs.com : 2010-06-24 23:57:32 - CKTRICKY AppSec - Thank you to Mario Steele for creating a wxruby gem compatible with the more recent versions of Ubuntu's G compiler You can download the gem Here Install by sudo gem install --local wxruby-201-x86-linuxgem If you've tried to run DirChex or DirSnatch you'll notice problems The above tip should help to resolve Happy Hacking http://www.secuobs.com/revue/news/234849.shtmlhttp://www.secuobs.com/revue/news/234849.shtml