ok, listen to me...lord knows i hate reading just as much as the next schmoe...but this book...omg...omg...this book.
i just finished it and let me just say...spectacular.
check it out here http://www.nealstephenson.com/snowcrash/
also you can get it on Audio Book if reading isn't your type of thing. trust me, get this. you won't regret it.
Monday, October 4, 2010
Hacker claims third-party iPhone apps can freely transmit UDID, pose serious threat to privacy
When Apple addressed a congressional inquiry on privacy in July, the company claimed that it couldn't actually track a particular iPhone in real time, as its transactions were anonymous and thoroughly randomized. Bucknell University network admin Eric Smith, however, theorizes that third-party application developers and advertisers may not have the same qualms, and could be linking your device to your name (and even your location) whenever they transmit data. Smith, a two-time DefCon wardriving champ, studied 57 top applications in the iTunes App Store to see what they sent out, and discovered that some fired off the iPhone's UDID and personal details in plaintext (where they can ostensibly be intercepted), including those for Amazon, Chase Bank, Target and Sam's Club, though a few were secured with SSL. Though UDIDs are routinely used by apps to store personal data and combat piracy, what Smith fears is that a database could be set up linking these UDIDs to GPS coordinates or GeoIP, giving nefarious individuals or organizations knowledge of where you are.
It's a scary idea, but before you direct hate Apple's way, it's important to note that Cupertino's not necessarily the one to blame. iOS is arguably the best at requiring users to opt-in to apps that perform GPS tracking; transmitting the UDID and account information together publicly is strictly against the rules; and we'd like to think that if users provide their personal information to an application developer in the first place, they'd understand what they're doing. Of course, not all users monitor those things closely, and plaintext transmission of personal details is obviously a big no-no.
Smith's piece opens and closes on the idea that Apple's UDID is like the unique identifier of Intel's Pentium III processor, which generated privacy concerns around the turn of the century, and we wonder if ths story might play out the same way -- following government inquiries, Intel offered a software utility that let individuals manually disable their chip's unique ID, and removed it from future CPUs.
source
It's a scary idea, but before you direct hate Apple's way, it's important to note that Cupertino's not necessarily the one to blame. iOS is arguably the best at requiring users to opt-in to apps that perform GPS tracking; transmitting the UDID and account information together publicly is strictly against the rules; and we'd like to think that if users provide their personal information to an application developer in the first place, they'd understand what they're doing. Of course, not all users monitor those things closely, and plaintext transmission of personal details is obviously a big no-no.
Smith's piece opens and closes on the idea that Apple's UDID is like the unique identifier of Intel's Pentium III processor, which generated privacy concerns around the turn of the century, and we wonder if ths story might play out the same way -- following government inquiries, Intel offered a software utility that let individuals manually disable their chip's unique ID, and removed it from future CPUs.
source
Study Shows Some Android Apps Leak User Data Without Clear Notifications
i thought i would post this article because i have an android phone
and am are currently uninstalling everything.
Something as simple as changing your Android phone’s wallpaper or downloading a ringtone could transmit personal data about you, including your location, without your knowledge. Sound farfetched? It’s not: About 15 of 30 randomly selected, popular, free Android apps sent sent users’ private information to remote advertising servers and two-thirds of the apps handled data in ambiguous ways, say researchers. The researchers at Duke, Intel Labs and Penn State University, created a tool called TaintDroid that identifies apps transmitting private data to distant locations. TaintDroid monitors how applications access and use your location, microphone, camera, phone numbers in your contact list. The tool also provides feedback once an app is newly installed, letting you know if the app is transmitting data. “This automatic feedback gives users greater insight into what their mobile applications are doing and could help users decide whether they should consider uninstalling an app,” says Peter Gilbert, a graduate student in computer science at Duke University who’s working on the project. The TaintDroid program isn’t publicly available yet.
source
ASIO files found in drug raid
A CACHE of secret files stolen from ASIO and police and anti-corruption agencies has been discovered during a drug raid in Melbourne, raising fears of a major breach of national security and crime intelligence. Police are investigating whether the former head of intelligence and phone tapping at Victoria's Office of Police Integrity stole the documents. The files were discovered on September 10 by detectives searching a house in Melbourne's north as part of a drug investigation. They found boxes containing sensitive national security and law enforcement documents, including files from ASIO, the OPI and West Australian police. The suspected criminal whose home was raided is believed to be in a relationship with the former OPI official suspected of taking the documents. The former official previously worked for the Victoria Police and the West Australian Anti-Corruption Commission. It is unclear how long the pair have been in a relationship. The Age believes many of the documents contain information that may pose a threat to sources used by the agencies. The files also contain specific details on highly sensitive operational matters.
source
Subscribe to:
Posts (Atom)