Ice Cream Sandwich

From its navigation methods to fonts, Android is redesigned and refreshed in its Ice Cream Sandwich edition to meet thetastes of its users. Google introduced the update to Honeycomb and Gingerbread Tuesday night alongside Samsung's debut of the Galaxy Nexus. Here are thehighlights.
The Lock and Homescreens
The Android 4.0 lockscreen closely resembles the one found on Android Honeycomb tablets: a lock icon, surrounded by a circle, which you flick outward to unlock the phone. Home screens behave the same way as they currently do on Android (swipe left or right to navigate, open an app drawer, retrieve widgets, and so on) except you now get a customizable “favorites tray” that resembles the dock in iOS. Because the Galaxy Nexus lacks physical navigation buttons, the Back, Home, and Recent Apps icons are located at the bottom of the screen and lit up when touched. Google gave no word on how ICS will work on older phones with physical nav buttons, but future phones running Android 4.0 may lack them as well.

The app drawer is updated to look more like the one in Honeycomb and you now scroll through apps by swiping left or right. Widgets have their own tab in the app drawer to make them easier to find. They look and work like the ones we have seen on Honeycomb, and are resizeable so you can fit them wherever you feel like.
Taking another leaf out of Apple’s book, Android 4.0 lets you create folders by dragging one app onto another. Apps can be rearranged in folders by dragging them around and folders can be renamed to your liking.
Recent Apps and Gestures
If you tap the Recent Apps icon at the bottom right of the screen, a scrollable list of running apps pops up -- each with a thumbnail image of that application. You can close a particular app by flicking it away. The flicking gesture command is accepted throughout Android Ice Cream Sandwich, and is also used to dismiss specific notifications in the Notification Tray.
Besides accepting gestures, the Notification Tray displays photos and supports music controls, so you don’t have to go into a specific app in order to skip a song or pause your music. The Notification Tray is now accessible without having to unlock your phone. Just drag down the tray from the lockscreen and you can quickly jump to new text messages or e-mail messages by tapping on a notification. I like the fact that you can quickly get into apps without having to unlock the phone first, but I hope Google puts a security measure in place so that not just anyone can access your private communications.
Speaking of security, in Android 4.0 your face can be used to unlock your phone. Ice Cream Sandwich and the Galaxy Nexus support facial recognition, so the phone can be set to unlock only if it recognizes your face. When demoed on stage, the phone failed to recognize its owner and defaulted back to the traditional pattern unlock screen. Let's hope the Android team gets the kinks worked out before launch, and that other phone manufacturers support this feature in future handsets.


Core Apps Updated
All the core Android apps are getting a facelift and new features, though only the Browser, Calender, and Gmail were explicitly detailed at the introduction event.
The Browser now supports incognito mode and your bookmarks from the Chrome browser on desktop are now synced to the Browser in ICS. Google adds support for tabbed browsing, and you can quickly view which tabs are open, each with a live preview of that page. As with the notifications and Recent Apps list, you can quickly close tabs by flicking them away.
The biggest update to the Browser has to be the capability to save pages for offline reading. You can save web pages exactly as they are, and access them even when you don’t have a data connection. This is great for people who find an interesting article they want to read, but are going to be in an area with little to no data coverage.
Gmail also received a substantial update and is now much faster to use, thanks to the new Action Bar at the bottom of the screen. The bar is context-sensitive and changes depending on where you are in Gmail. For example, when viewing your inbox you the Action Bar has options for composing a new message, searching for a specific message, and so on. However, once you select one or more e-mail messages, the Action Bar buttons change and offer options to Delete, Archive, or Move those selected messages.
A new preview pane allows you to preview messages without having to open them, and you can now search through the last 30 days of your e-mail offline. It's unclear whether these updates are exclusive to the ICS Gmail app, or if the Gmail app on older Android devices will be updated to support these features as well. 
The Calendar was mentioned only briefly, but you can now pinch to zoom in on your calendar events to see more details about specific events or you can zoom out to see all your events for that day. It's pretty cool, and beats tapping each event individually to find out more about it.
Maps, Music, and other core apps were updated as well but weren’t demonstrated.
Talk To Me
Yes, the Android keyboard is updated for better text predictions, but the show-stealer was definitely the improvements that were made to the speech-to-text software.
Previously, in order to dictate a text message or other text field, you had to manually presSiri, this is huge for people who use their phones while driving, since it no longer requires them to fuss with their phones to activate the dictation software.
Cut and Paste is improved upon even further as well. Now you can drag selected text to the position you want, and the controls for cutting and pasting text are more consistent throughout the operating system.
Camera and Gallery
The camera on the Galaxy Nexus has zero shutter lag -- and demonstrators proved it by rapidly taking a series of photos just seconds apart. We still aren’t sure if that is a feature of Android 4.0 or if it’s exclusive to the Galaxy Nexus, but it was impressive nonetheless.
Once you snap a photo, you can quickly share it by tapping on it. A list of applications you could use to share the photo will pop up, and you can quickly select where you’d like to send the photo. If the photo could use a touch-up, ICS provides an impressive array of photo editing tools. These include various filters (which were lovingly described as “hipster”), the capability to adjust the image angle, red eye removal, cropping capabilities, and a few others that were not discussed. Any edits you make to a photo will create a copy, in case you ever want togo back to the original.
ICS also comes with a simple-to-use panorama mode. You just set the mode to panoramic, then take the first picture. A slider at the bottom of the screen guides you so you know when to move the phone, and you can preview the image as the device stitches the pictures together. I would expect to see way more panoramic pictures on Facebook and Twitter once Android 4.0 launches.
Video recording gains continuous focus as well as support for time-lapse and video snapshots.
Like with the Notification Tray, you can quickly access the phone camera from the phonelockscreen by flicking the lock icon to the left. A small camera icon pops up and you can launch straight into the Camera app.
People App and the Dialer
The Contacts app is revamped as the new People app. The People app functions in the same way as the Contacts app found in Android 2.x, but it changes contact cards to show much more information at a glance. Nice big photos replace the tiny thumbnails, and you can quickly see a contact's recent photos or status updates. If that person is your friend on a social network, that data is automatically pulled so you can easily see their latest Tweet without having to open the Twitter app. Though described as an evolution of the current Contacts app, this felt more like a fine-tuning than a sensational leap forward.
The Dialer also has a few tweaks here and there. You can now retrieve voice mails from inside the call log, and can speed up or slow down their playback. Those nice big photos in the People app take up the entire screen whenever someone calls you, and you can send a Quick Response to anyone whose call you decline. Quick Responses are customizable canned text message responses that you can send to a caller to explain why you declined their call. It's pretty neat, and I can see myself using them on people I want to avoid.
Android Beam
Google is really pushing Near Field Communications with its Google Wallet app, and Android Beam in Ice Cream Sandwich is just another reason to own an NFC-equipped phone.
With Android Beam, you can share any contacts or content between two Android devices just by tapping them together. You can share webpages, maps, and even apps. It's handy if you want to give your friends directions or want to share an article you found while browsing the web.
Odds and Ends
Google mentioned tighter Google+ integration in Ice Cream Sandwich, but didn’t really demo anything. Representatives did, however, bring up the subject of data caps, and described a way for to better manage data usage.
By going to Settings>Data Usage, you can see a chart of how much data you have used that month as well as an estimate of your expected usage. You can also set limits and alerts so that you know exactly when you exceed your data limit, so you don’t get hit with overages. You can also select specific sections of the chart to see which apps used the most data that day. The phone will show you a breakdown of how much data that app uses, and allow you to restrict the app so that it uses data only when you want it to.
This is a huge step in giving users more control over their phones, and should help save people the headache of accidentally exceeding data limits.
Android 4.0 adds a handful of new live wallpapers as well as a new font aptly titled "Roboto." The live wallpapers were kind of neat, but Roboto was interesting because it is designed to be used on high-density displays. Since Ice Cream Sandwich natively supports 1280-by-720-pixel displays, let’s hope it gets used a whole lot more often. Barometer support is also added, although its use is unclear.
The first Ice Cream Sandwich equipped phone will be the Nexus Galaxy, which launches in November, but the SDK is available for developers now on the Android.com website. Now we wait to find out which phones are getting a tasty Ice Cream Sandwich update.

“I have always said if there ever came a day when I could no longer meet my duties and expectations as Apple’s CEO, I would be the first to let you know. Unfortunately, that day has come. I hereby resign as CEO of Apple. I would like to serve, if the Board sees fit, as Chairman of the Board, director and Apple employee. As far as my successor goes, I strongly recommend that we execute our succession plan and name Tim Cook as CEO of Apple. I believe Apple’s brightest and most innovative days are ahead of it. And I look forward to watching and contributing to its success in a new role. I have made some of the best friends of my life at Apple, and I thank you all for the many years of being able to work alongside you.”



Via: email

BackTrack is a Linux-based penetration testing arsenal that aids security professionals in the ability to perform assessments in a purely native environment dedicated to hacking. Regardless if you’re making BackTrack your primary operating system, booting from a LiveDVD, or using your favorite thumbdrive, BackTrack has been customized down to every package, kernel configuration, script and patch solely for the purpose of the penetration tester.
According to team Back track This release is their best one yet! Some pesky issues such as rfkill in VMWare with rtl8187 issues have been fixed, which provides for a much more solid experience with BackTrack.We’ve have Gnome and KDE ISO images for 32 and 64 bit (no arm this release), as well as a VMWare image of a 32 bit Gnome install, with VMWare Tools pre-installed.
We are mighty excited and are already downloading this release just as we speak!
Download Backtrack 5 R1

=============================================================
 Android Browser Cross-Application Scripting (CVE-2011-2357)
=============================================================

1) Background
--------------
Android applications are executed in a sandbox environment, to ensure that no
application can access sensitive information held by another, without adequate
privileges. For example, Android's browser application holds sensitive
information such as cookies, cache and history, and this cannot be accessed by
third-party apps. An Android app may request specific privileges during its
installation; if granted by the user, the app's capabilities are extended.
Intents are used by Android apps for intercommunication. These objects can be
broadcast, passed to the startActivity call (when an application starts another
activity), or passed to the startService call (when an application starts a
service). Normally, when startActivity is called, the target activity's
onCreate method is executed. However, under AndroidManifest.xml it is possible
to define different launch attributes, which affect this behavior. One example
is the singleTask launch attribute, which makes the activity act as a
singleton. This affects the startActivity call: if the activity has already
been started when the call is made, the activity's onNewIntent member function
is called instead of its onCreate method. Moreover, if the target activity is
not in focus when the call is made, Android automatically inserts the
FLAG_ACTIVITY_BROUGHT_TO_FRONT flag to the input Intent, which it doesn't do
otherwise.


2) Browser Internals
---------------------
The Android browser's main activity, as defined in its manifest file, is
BrowserActivity. This is defined with the singleTask launch mode. The input
Intent for the activity may hold a URL, which is opened and then rendered by
the browser.
* The activity's onCreate member function, tries to restore the
  browser's previous state. If it fails to do so, it creates a new tab, with the
  input Intent's URL (if there is one), or else with the defined homepage.
* The activity's onNewIntent member function, has the following characteristic:
  If the Intent is not a search Intent (for example, if its action is
  ACTION_VIEW), or if it is a search Intent with a query string defined in URL
  form, then it performs a resolution in order to deduce which tab to load the
  given URL under (again, if there is no input URL, the homepage is used as a
  fallback):
  * If the intent contains FLAG_ACTIVITY_BROUGHT_TO_FRONT flag, it tries to
    find a tab with a matching application ID (as indicated by the Intent's
    Browser.EXTRA_APPLICATION_ID extra string) or with a matching URL. If it
    fails to do so, it loads the URL in a new tab, as long as the number of
    opened tabs is less than MAX_TABS (usually 8). Otherwise, it opens the URL
    in the current tab.
  * As a last resort, it loads the URL in the current tab.
   
The Browser app uses the WebView class as the underlying engine. If the WebView
class has already loaded a URL, and the same instance is used to load a
javascript:// URI, then the javascript is executed in the domain of the loaded
URL. This is the desired behavior, as it allows applications to inject scripts
into loaded pages, and control the WebView. However, this means that the
browser must take special care if it reuses the same WebView instance, in order
to avoid a Cross-Application Scripting vulnerability.


3) Vulnerability
-----------------
A 3rd party application may exploit Android's Browser URL loading process in
order to inject JavaScript code into an arbitrary domain thus break Android's
sandboxing. There are two vectors that can achieve this:
1. The malicious application causes the Android's browser to reach the MAX_TAB
   limit. From then on URLs are loaded under the current tab. The attacking
   application can open MAX_TAB URLs by calling startActivity <MAX_TAB> times
   with the attacked domain. On the <MAX_TAB+1>th call, the attacking app can
   insert a javascript:// URI, which will be opened in the context of the
   attacked domain. It should be denoted that the sent Intent should be
   combined with the FLAG_ACTIVITY_BROUGHT_TO_FRONT flag because it is likely
   that the Browser will have UI focus from the second intent and forward, in
   which case Android won't attach this flag automatically and the crucial code
   fragment under onNewIntent will not be executed.
2. Sending two consecutive startActivity calls. The first call includes the
   attacked domain, and causes Android's browser to load it. The second call
   contains the javascript code. If the time interval between the two intents
   is small enough, then it is likely that the browser will have UI focus when
   the second startActivity call is made, therefore the input intent won't have
   the FLAG_ACTIVITY_BROUGHT_TO_FRONT flag and, as explained in the previous
   vector, the JavaScript URI will be opened under the current tab, i.e. the
   attacked domain.
   

4) Impact
----------
By exploiting this vulnerability a malicious, non-privileged application may
inject JavaScript code into the context of any domain; therefore, this
vulnerability has the same implications as global XSS, albeit from an installed
application rather than another website. Additionally, an application may
install itself as a service, in order to inject JavaScript code from time to
time into the currently opened tab, thus completely intercepting the user's
browsing experience.


5) Proof-of-Concept
--------------------
The following is a PoC for the second technique:

public class CasExploit extends Activity
{
   static final String mPackage = "com.android.browser";
   static final String mClass = "BrowserActivity";
   static final String mUrl = "http://target.domain/";
   static final String mJavascript = "alert(document.cookie)";
   static final int mSleep = 15000;

   @Override
   public void onCreate(Bundle savedInstanceState) {
      super.onCreate(savedInstanceState);
      setContentView(R.layout.main);
      startBrowserActivity(mUrl);
         try {
             Thread.sleep(mSleep);
         }
         catch (InterruptedException e) {}
         startBrowserActivity("javascript:" + mJavascript);
   }

   private void startBrowserActivity(String url) {
      Intent res = new Intent("android.intent.action.VIEW");
      res.setComponent(new ComponentName(mPackage,mPackage+"."+mClass));
      res.setData(Uri.parse(url));
      startActivity(res);
   }
}


6) Vulnerable versions
-----------------------
Android 2.3.4 and Android 3.1 have been found vulnerable.


7) Vendor Response
-------------------
Android 2.3.5 and 3.2 have been released, which incorporate a fix for this bug.

The fixes can be found in the following commits:
* http://android.git.kernel.org/?p=platform/packages/apps/Browser.git;a=commit;h=afa4ab1e4c1d645e34bd408ce04cadfd2e5dae1e
* http://android.git.kernel.org/?p=platform/packages/apps/Browser.git;a=commit;h=096bae248453abe83cbb2e5a2c744bd62cdb620b

Patches are available for Android 2.2.* and will be released at a later date.
Organizations can contact security@android.com for patch information.

Android has communicated information about this vulnerability to their
partners, and all new Android compatible devices are required to
incorporate this bug fix:
* http://source.android.com/compatibility/overview.html
* http://source.android.com/faqs.html#compatibility
* http://android.git.kernel.org/?p=platform/cts.git;a=commit;h=7e48fb87d48d27e65942b53b7918288c8d740e17

Android Market actively scans all Android Market applications to detect and
prevent exploitation of security vulnerabilities.

Source: Email