[liberationtech] Google confirms critical Android crypto flaw

[Nathan of Guardian]

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

On 08/15/2013 12:07 AM, Nadim Kobeissi wrote:
> Hot on the heels of last week's Bitcoin wallet for Android heist,
> Google has confirmed that this was due to a critical crypto flaw in
> Android, which could affect security in thousands of apps according
> to Ars Technica:

The only silver lining from their post was that HTTP/SSL connections
were not affected, so this only really affects apps that are
generating keys at the Java layer, which include apps like Android
Privacy Guard (APG) and our own Gibberbot.

Gibberbot v12 alpha (now renamed Chat Secure) is available with the
fix, and we'll be pushing a public beta extremely soon to Google Play.

+n
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.11 (GNU/Linux)
Comment: Using GnuPG with Thunderbird - http://www.enigmail.net/

iQIcBAEBAgAGBQJSDFWnAAoJEKgBGD5ps3qpYVYQAIz4TK1YypU0jsYA/4AlAMeq
hT/ckvtVGuTdWm3FlFZzC4EKW7kMT36aZf6IJMnWS3hwaRZ2opPsbm2dak+1X2y7
0B7vQHebxjAHI/GXvctxi9DYhNHOjQPcXz/BTecN6GHiuNzSBnzygT4DhWyE3NOS
xFOZ8RZm95BF8cl1+OEmtl7V5uTSXpf/8K/3Szh62getXZadxOZpSJDwhKQE92tp
d3V1PinGayFeDN2s06wfDisqjHq75UwlnrBrD8NWZnS354ectXhcCltOH2fMBbN2
53X86QwHKIjEJ/5pwu79qtsS6s8rEbi4gyi0RXdhoqRYK4ifQWKu63PKT/SG26WA
JYlQGt8oGsAd2JMI5j28bREMJDxAorWJjKbRkq1AR00m9v7FqvHlghFpJOdtzPqI
su7ZgxkycCroXZhUzQkh/Gr/o/PQWX1zUDw2bfsAdPwvd8Ndc6HLL+s0fnS1x7ol
noPk8zBQGRlDOiiyiFVuYw4505PxOlAsCf8M2LikzVbeUyvF7rOh0oH6BiE5rjeL
ONzuDQK9v9Ee9OALXrRgmh/SFnWU1rvfVUb44+OPduAspbTJC5UQ1zw7Cg75FYpd
XLSuak/UVJ/sn7Fg0yvSBrjpFBBK6QhHQPZ/icFPVhR9KCEQS2WjkW+l/z/5MHeO
ppt4NFf1VatClaDVCrVK
=3o23
-----END PGP SIGNATURE-----