Archive for Security

Android’s trust problem isn’t getting better

Published today, a two-year study of Android security updates has revealed a distressing gap between the software patches Android companies claim to have on their devices and the ones they actually have. Your phone’s manufacturer may be lying to you about the security of your Android device. In fact, it appears that almost all of them do.

Android is perceived as untrustworthy in large part because it is. Beside the matter of security misrepresentations, here are some of the other major issues and villains plaguing the platform:

  • Version updates are slow, if they arrive at all.
  • Some Android OEMs snoop on you.
  • Android remains vulnerable, thanks in part to Google’s permissiveness.
  • Android hardware development is chaotic and unreliable.

Source: Android’s trust problem isn’t getting better – The Verge

What types of privacy data does the GDPR protect?

  • Basic identity information such as name, address and ID numbers
  • Web data such as location, IP address, cookie data and RFID tags
  • Health and genetic data
  • Biometric data
  • Racial or ethnic data
  • Political opinions
  • Sexual orientation

The GDPR requirements will force U.S. companies to change the way they process, store, and protect customers’ personal data. For example, companies will be allowed to store and process personal data only when the individual consents and for “no longer than is necessary for the purposes for which the personal data are processed.” Personal data must also be portable from one company to another, and companies must erase personal data upon request.

That last item is also known as the right to be forgotten. There are some exceptions. For example, GDPR does not supersede any legal requirement that an organization maintain certain data. This would include HIPAA health record requirements.

What could be a challenging requirement is that companies must report data breaches to supervisory authorities and individuals affected by a breach within 72 hours of when the breach was detected. Another requirement, performing impact assessments, is intended to help mitigate the risk of breaches by identifying vulnerabilities and how to address them.

For a more complete description of GDPR requirements, see “What are the GDPR requirements?”.

Source: What is the GDPR, its requirements and deadlines? | CSO Online

How to delete or disable your Facebook account

Facebook will try to guilt you into staying by showing you photos of your Facebook friends, and then asking you why you want to deactivate your account.

Source: How to delete or disable your Facebook account | PCWorld

also if you are smart enough to find that screen, i’m pretty sure there is no way you “don’t understand how to facebook”

Want to see something crazy? Open this link on your phone with WiFi turned off.

But what these services show us is even more alarming: US telcos appear to be selling direct, non-anonymized, real-time access to consumer telephone data to third party services?—?not just federal law enforcement officials?—?who are then selling access to that data.

Given the trivial “consent” step required by these services and unlikely audit controls, it appears that these services could be used to track or de-anonymize nearly anyone with a cell phone in the United States with potentially no oversight.

Source: Want to see something crazy? Open this link on your phone with WiFi turned off.

Your Data is Being Manipulated

Google learned American racism and amplified it back at all of its users.

Source: Your Data is Being Manipulated – Data & Society: Points

Amazon suspends sales of Blu phones for including preloaded spyware, AGAIN

Spying software from Chinese company Shanghai Adups Technology was still present on certain Blu handsets. The software leaves users vulnerable to remote takeovers and having their text messages and call logs recorded, as well as other forms of discrete data collection.

Source: Amazon suspends sales of Blu phones for including preloaded spyware, again – The Verge

Seems to be the only way to make money on Android phones not from Samsung.

The “Doubleswitch” social media attack: a threat to advocates in Venezuela and worldwide – Access Now

Having gained full control of the compromised account, the hijackers exploited a feature that allows Twitter to recycle unused usernames. After changing the credentials of the accounts, the hijackers registered Twitter accounts using the original usernames, which were now freely available, and connected the accounts to a new email address.

Source: The “Doubleswitch” social media attack: a threat to advocates in Venezuela and worldwide – Access Now

Making a call to HTTPS

If you are making use of ATS or making a call to HTTPS please note that you are required to submit a year-end self classification report to the US government. Learn more

So I go to publish an app in the AppStore today and this ^ pops up, let that sink in for awhile

macOS High Sierra – Reader can now be set as default mode

Reader has mostly languished over the past few years, but in iOS 11 and MacOS High Sierra it’s back in the spotlight, and it’s gotten a wide-reaching upgrade. You can now set Reader as the default mode for “every web article that supports it,” which will potentially turn a lot of articles into something that looks more like a PDF than graphics-laden web page. (Previously, you had to first load the site and then toggle into Reader, which at least gave ads a chance to show up before you bid them adieu.)

Source: Apple Can Afford To Mess With Annoying, Snoopy Ads–And At WWDC, It Did

Social Media Screening for U.S. Visitors Is Now in Effect

As for U.S. citizens, border agents can’t bar them from entering the country even if they refuse to share social media activity or other information from their phones. But they do have the power to detail Americans in “secondary inspection” and to confiscate devices.

Source: Social Media Screening for U.S. Visitors Is Now in Effect