Monday, October 4, 2010


ok, listen to me...lord knows i hate reading just as much as the next schmoe...but this book...omg...omg...this book.

i just finished it and let me just say...spectacular.

check it out here

also you can get it on Audio Book if reading isn't your type of thing. trust me, get this. you won't regret it.

Hacker claims third-party iPhone apps can freely transmit UDID, pose serious threat to privacy

When Apple addressed a congressional inquiry on privacy in July, the company claimed that it couldn't actually track a particular iPhone in real time, as its transactions were anonymous and thoroughly randomized. Bucknell University network admin Eric Smith, however, theorizes that third-party application developers and advertisers may not have the same qualms, and could be linking your device to your name (and even your location) whenever they transmit data. Smith, a two-time DefCon wardriving champ, studied 57 top applications in the iTunes App Store to see what they sent out, and discovered that some fired off the iPhone's UDID and personal details in plaintext (where they can ostensibly be intercepted), including those for Amazon, Chase Bank, Target and Sam's Club, though a few were secured with SSL. Though UDIDs are routinely used by apps to store personal data and combat piracy, what Smith fears is that a database could be set up linking these UDIDs to GPS coordinates or GeoIP, giving nefarious individuals or organizations knowledge of where you are.

It's a scary idea, but before you direct hate Apple's way, it's important to note that Cupertino's not necessarily the one to blame. iOS is arguably the best at requiring users to opt-in to apps that perform GPS tracking; transmitting the UDID and account information together publicly is strictly against the rules; and we'd like to think that if users provide their personal information to an application developer in the first place, they'd understand what they're doing. Of course, not all users monitor those things closely, and plaintext transmission of personal details is obviously a big no-no.

Smith's piece opens and closes on the idea that Apple's UDID is like the unique identifier of Intel's Pentium III processor, which generated privacy concerns around the turn of the century, and we wonder if ths story might play out the same way -- following government inquiries, Intel offered a software utility that let individuals manually disable their chip's unique ID, and removed it from future CPUs.


Study Shows Some Android Apps Leak User Data Without Clear Notifications

i thought i would post this article because i have an android phone

and am are currently uninstalling everything.

Something as simple as changing your Android phone’s wallpaper or 
downloading a ringtone could transmit personal data about you, including 
your location, without your knowledge.

Sound farfetched? It’s not: About 15 of 30 randomly selected, popular, 
free Android apps sent sent users’ private information to remote 
advertising servers and two-thirds of the apps handled data in ambiguous 
ways, say researchers.

The researchers at Duke, Intel Labs and Penn State University, created a 
tool called TaintDroid that identifies apps transmitting private data to 
distant locations. TaintDroid monitors how applications access and use 
your location, microphone, camera, phone numbers in your contact list. 
The tool also provides feedback once an app is newly installed, letting 
you know if the app is transmitting data.

“This automatic feedback gives users greater insight into what their 
mobile applications are doing and could help users decide whether they 
should consider uninstalling an app,” says Peter Gilbert, a graduate 
student in computer science at Duke University who’s working on the 
project. The TaintDroid program isn’t publicly available yet. 


ASIO files found in drug raid

A CACHE of secret files stolen from ASIO and police and anti-corruption 
agencies has been discovered during a drug raid in Melbourne, raising 
fears of a major breach of national security and crime intelligence.

Police are investigating whether the former head of intelligence and 
phone tapping at Victoria's Office of Police Integrity stole the 

The files were discovered on September 10 by detectives searching a 
house in Melbourne's north as part of a drug investigation.

They found boxes containing sensitive national security and law 
enforcement documents, including files from ASIO, the OPI and West 
Australian police.

The suspected criminal whose home was raided is believed to be in a 
relationship with the former OPI official suspected of taking the 
documents. The former official previously worked for the Victoria Police 
and the West Australian Anti-Corruption Commission. It is unclear how 
long the pair have been in a relationship.

The Age believes many of the documents contain information that may pose 
a threat to sources used by the agencies. The files also contain 
specific details on highly sensitive operational matters.