TECHNOLOGY: Who “owns” your hardware?

Wednesday, March 9, 2011

http://blogs.forbes.com/andygreenberg/2011/03/06/google-nukes-rogue-android-apps-on-users-devices

Andy Greenberg
THE FIREWALL

Google Nukes Rogue Android Apps On Users’ Devices
Mar. 6 2011 – 9:26 pm
Your Android phone has a built-in kill switch for nasty apps. And Google, apparently, is not afraid to use it.

*** begin quote ***

Over the weekend, the search giant announced that it had remotely wiped “a number” of malicious Android apps from users’ phones, programs that earlier in the week had been identified as malware and pulled from Android’s app store. “We are remotely removing the malicious applications from affected devices. This remote application removal feature is one of many security controls the Android team can use to help protect users from malicious applications,” Google wrote on its mobile blog, linking to an explanation it posted in June of a built-in functionality for deleting apps from users’ phones.

*** and ***

The last time Google deleted applications that were already downloaded to users’ devices was in June, and its targets were two proof of concept apps built by security researcher Jon Oberheide. As I wrote at the time, that use of its kill switch seemed to be a loud warning to malware writers about the company’s ability to remotely destroy their tools. After all, Oberheide’s apps were designed to show the possibility of creating an Android-hosted botnet, not to actually create one.

*** end quote ***

Isn’t anyone concerned that “HeadQuarters” can assume control of YOUR hardware and override something you’ve done?

“Sorry, we know better.”

We’ve seen Amazon nuke content that a reader had paid for. We’ve seen Microsoft “Live Update” computers into bricks with “fixes” that break rather than fix. And, content purveyors have always harassed legitimate uses and legal Users with “digital rights management” schemes that “fit” like a suit from Omar the Tent Maker (i.e., good for the provider, disasterous for the User).

I think this is a demonstration to Android Users that you’ve taken a “snake to your bosom”. And, what happens when the bad guys crack the HQ code and they can put stuff on or take it off your hardware.

Haven’t we been down this road before?

# # # # #

Leave a Comment » | Technology | Tagged: | Permalink
Posted by reinkefj

SERVICE: What’s wrong with the “security” people at the UK Mail Online?

Saturday, June 26, 2010

What’s wrong with the “security” people at the UK Mail Online?

They don’t set expectations and they don’t know that a password is a shared secret?

Argh!

I wanted to make a comment on one of their stories. Doesn’t matter which one. But here’s the saga.

Comment box asks for Name and Location.

OK, that’s not bad.

Then, to get it published, you have to give them and email and a password.

OK, that’s not too bad. (I have a page of one time passwords. But how many folks do? Most just reuse the same one.)

Then, it doesn’t like my password length. (I like 12; it wants 5 to 10. Do you think you might mention that on the page that asks for it. I feel like I’m playing gotcha!)

OK, that’s not too too bad. (I drop the last two characters to get to 10. No big deal!)

Then, it doesn’t like that I have a special character in it. (I like 26 letters, upper and lower and special characters at random — 26 lc + 26 uc + 10 digits + 4 specials = 66 ** 12. I always score strong on most password ratings.)

OK, that’s not too too too bad. I drop the special characters and readd the two characters I dropped before.

Then, it says we’ll email you a link.

OK, that’s not too too too too bad. I’ll just wait for the link.

Then, I find the email after a short wait — hey it’s a long way across the pond. It has the huge multiline link to click. But being a member of the “I NEVER click email links” church, I faithfully copy the link to my plain text editor, cntl a, cntl c, and got my browser and paste.

OK, that’s not too too too too too bad. I get a message that they’ll post my comment if they see fit.

Then, I read the rest of the email message and I find my password, my “shared secret”, my “carefully generated but mangled by their rules” password in the clear for any system or mail administrator to read. With the subject, “Welcome to Mail Online”. (Not to hard to id that!)

OK, that’s bad.

How many “security rules” did they break? How many “human factors design principles” did they break?

Now I have to go back and change my password, just incase someone wants to post something under my name.

Ok, that’s very bad.

I could ramble on to make more lines with “very very very bad”. But I’m bored with the topic. And, my ADADHDD is kicking in.

# # # # #

Begin forwarded message:

From: communication@mailonline.co.uk

Date: ZZZZZZZZZZZZZZZZZZ

To: YYYYYYYYYYYYYYYYYYYY

Subject: Welcome to MailOnline

Thank you for registering with MailOnline

To authorise your new user account please click on the link below.

https://register.dailymail.co.uk/activateRedirect?Mail=yetanotherblogger%40reinkefaceslife.com&Key=2c9e82652709ccb50129365aaf810ac9&redirectPath=http%3A%2F%2Fwww.dailymail.co.uk%2Fnews%2Fworldnews%2FreaderCommentsSecurity.html%3FmessageKey%3DBC141E2DF3A9EB189F8FC662CECDDD6CReaderComment

If comments on this article are unmoderated, your comment should appear shortly. If comments on this article are pre-moderated then your comment will be checked in advance and will be queued for checking. We receive thousands of contributions every day so please be patient. If your comment does not appear, this may be due to the volume we receive or your content.

To find out if comments under a particular article are pre-moderated or not, look just above the comments to see if they are “pre-moderated” or “unmoderated”.

If the above link does not work, copy and paste the link into the address box on your web browser.

Your log in details are shown below:

Email: YYYYYYYYYYYYYYYYYYYYYYYYYYYYY

Password: XXXXXXXXXXXXX

You can update your details at any time – just tick the box marked ‘Update my details’ next time you log in.

Terms: http://www.dailymail.co.uk/home/terms.html

House Rules: http://www.dailymail.co.uk/home/house_rules.html

Privacy Policy: http://www.dailymail.co.uk/home/privacy.html

Contact: http://www.dailymail.co.uk/home/contactus.html

mailonline.co.uk

# – # – #

*** begin quote ***

Thank you!

Thank you for adding a comment to MailOnline.

Comments on this article are being checked in advance. We aim to publish as many as possible. MailOnline receives thousands of comments every day, so please be patient. If your comments do not appear, this may be due to the volume we receive or due to the content of your comment.

Why not get the latest News from Mail Online delivered via RSS?

*** end quote ***

# # # # #

Leave a Comment » | SERVICE | Tagged: | Permalink
Posted by reinkefj