November 30, 2011

Malware? Who Needs Malware? - Updated at bottom of post and another Update too.

Many people are tweeting the story in The Register today.  The app in question is on many Android devices including HTC units, also Blackberry and Nokia phones.

BUSTED! Secret app on millions of phones logs key taps

An Android app developer has published what he says is conclusive proof that millions of smartphones are secretly monitoring the key presses, geographic locations, and received messages of its users.


I went and found the youtube vid for those who are geekily inclined.



Many people will see this and say it's overly paranoid.  But the app is recording everything. Stop and think about that for just one minute. Ponder exactly what that means. Every keystroke, all your locations, everything all in one tidy log package. How convenient. 

Go now and read the whole thing, it's one page, I'll wait til you get back.

Carrier IQ is making the point that the data is being used for diagnostics.  Since phones crash using any of the included software as well as during calls, it would make sense to have a log of information including what happened prior to any type of crash be it browser based, messaging based, phone based, or app based.

BUT once information gathering starts, bad things can and do happen.

Let me repeat, in case I wasn't clear enough earlier... the problem is, they are recording everything, all keystrokes...  private data like usernames and passwords, banking information if you bank via your phone, emails you type out and send, sms messages you send, wifi information including SSIDs of other wifi's nearby, your location at any given time, etc, etc, etc.

This is wrong on so many levels it's enough to leave one gasping at the extent of the over reach in data gathering.

And then your private data can be included in the snippets sent back without your knowledge when carriers are trying to find a problem. That's a best case scenario.

If that's not enough to worry about how about these major items of concern:

1. This information is being stored in a log file that is not encrypted.  This log file can be accessed, copied, and transmitted by other malicious apps.

2. It's not clear to me if you do a copy/paste from a password safe (such as Last Pass) whether the usernames/passwords would be recorded since they would not be actual keystrokes. Then again how many people actually use a password safe type of app?  Not many, sadly.

3. This certainly violates many laws such as HIPAA among others which means companies that fall under these regulations have to figure out fast how to deal with this.

So far we don't know that any data has been compromised because of this, but now that the information has been released, you know there will be many a data thief looking for ways to exploit this huge security flaw.

Why oh why is it so hard for people to get it through their thick skulls that collecting private data is NOT a good thing without careful thought as to how it's done and how it's protected.  How many times does this have to happen? 

Carrier IQ and any companies using this service, stop looking so dumbfounded. It's sheer idiocy to be using this type of logging and you should already know that.

Ah the joys of being connected in an internet world.

PS - it wasn't too long ago there was an utter meltdown in the world because Apple was collecting location data (only location data) on the phone itself.  If the response to this app is at all in proportion it should cause the world to stop revolving and then explode.

UPDATE: Sheri posted a link to a Naked Security Blog post about this issue in her comment.  I thought it should be added to the end of the main post.  Also, in that blog post they reference another post about Carrier IQ traces in Apple's iOS devices but it appears to be a true diagnostic feature in Apple

However, the good news is that it does not appear to actually send any information so long as a setting called DiagnosticsAllowed is set to off, which is the default. Finally, the local logs on iOS seem to store much less information than what has been seen on Android, limited to some call activity and location (if enabled), but not any text from the web browser, SMS, or anywhere else.


***
UPDATE 2: Dan Rosenberg, a security researcher who specializes on Android type devices, has written his own post to dispute some of the claims made by the original story. 

It appears to be HTC who is the culprit behind the major overkill of information being gathered in the video, not CarrierIQ.  I was never all that disturbed by the general information being gathered such as phone numbers dialed, location, that kind of thing.  First because the carrier already has access to that info and second, you can't debug a problem without information. 

The part I find disturbing is the very verbose collection of keystroke data that is kept in a log on the device.  If the device is lost or stolen, that log would be available to whoever ends up with the device in hand.  Or a malicious app could grab the log file and send it to a remote server over the airwaves without the user even know it.  So until HTC changes the type of data it is collecting in the background - I can't say they can be trusted to provide any devices I would want to use as my own phone.


Posted by: Teresa in WebTech at 02:44 PM | Comments (8) | Add Comment
Post contains 950 words, total size 7 kb.

November 23, 2011

Happy Thanksgiving!

I know I've been AWOL from blogging for a bit.  Nothing to say really.  I should blog anyway, but sometimes it's better just to leave things be.

In about 10 minutes (or even by the time I finish writing this) it will officially be Thanksgiving day.  My favorite holiday of the year.  This year will entail little by way of cooking.  It's just my husband and I so there's no reason to cook for 50. On the menu will be crockpot Coq au Vin and cranberry pecan pie.  Easy to make and even better to eat. 

The boy is in SF with a friend for the long weekend.  The girl is in Chicago.   She's been busy working and her cell phone cut out when she called today so we'll talk to her tomorrow. I'm sure she'll be hanging out with friends for the day. 

Hope everyone has a most fantastic day. Eat, drink, and be merry.  There is much to be thankful for.

Posted by: Teresa in FUN at 11:59 PM | Comments (5) | Add Comment
Post contains 165 words, total size 1 kb.

November 18, 2011

Headline...

Saw this headline today:

Mass. Gov. Patrick aims to lower unemployment

And my first thought was... so he's going to shoot the unemployed because that would certainly lower the unemployment rate. 

I blame The Bloggess.  I read this and laughed so I am certainly going to hell.  Then I read a bunch of the comments which made me laugh even more (especially #25 about Pittsburgh).  So what do you expect when I then see the headline above... it's all in how you look at things.

Posted by: Teresa in Ummmmm at 02:23 PM | No Comments | Add Comment
Post contains 86 words, total size 1 kb.

November 15, 2011

Random Thoughts.

Here are a few things that have wandered through my mind today.  They may or may not be of interest. 

****
I am apparently incapable of reading labels on cans. Twice this week I have bought the wrong type of tomato for different recipes. First diced tomatoes for a recipe that should have had whole tomatoes then whole tomatoes when it should have been diced.  Since I seem to be a just in time shopper nearly all the time now, I bought the cans on the day I was cooking.  I think someone else should do the cooking.
 
****
Been tracking our walks with the free Runkeeper app. Once I got it working right, it appears we are very consistent when walking. Not sure if this is good or bad.  At least we know.  About 14.5 minutes per mile.

****
BTW the app above is very finicky.  It's a phone only app since it's supposed to use the phone GPS. It took a bit of looking around and trying different stuff to make it work. First off you can't have the wi-fi on... if you have it on it will double your distance whenever you get near a wi-fi signal. A simple pop up when you go to start it would be very helpful... Sheesh!  Then I had it in a coat pocket that had a small magnet to close the pocket - threw off the distance enough to enter the realm of hilarity.  Instead of about 3/10 of a mile it said we had gone 8 miles.... pace of 37 seconds per mile!!! I love it!  We are suddenly the fasted walkers on the planet!   Then I tried it in the pocket of another coat. It doesn't like being a pocket, kept losing the signal.  I finally got an armband and now it works.  Once I get the routes mapped I won't need to run the app while walking.  I can save the routes. Thank heaven because it's a PITA to wear the armband over a coat - keeps slipping.
 
Also found from this app that one of our routes is an entire mile longer than we thought. I could swear I google mapped it and it said 4 miles. Today the app GPS says it's 5. Hmmm. Which one do I believe? Heh.
 
****
Really want to move my stuff to iCloud from mobile me. However this means I have to upgrade my computer to the Lion OS. Since upgrades are fraught with issues I'm waiting for the Thanksgiving weekend.  Right now any calendar item I add to the iphone only syncs with the ipad... not the mobile me website or my desktop.  Weird. 

****
I watch way too many episodes of House Hunters.  I find some of them hilarious others are pretty interesting.  A couple of things I wait for... shows where people say they want to "downsize".  As soon as I hear those words I just know they will walk into each place and the first words out of their mouths will be... "it's so small!"  Heh.

****
Then I watch the House Hunters International shows.  Those are mostly people attempting to buy a "vacation house" somewhere.  Now people can spend their money however they want, but I wonder how many of them, who are on such "tight budgets" that they can barely afford a shack in the vacation locale, have ever taken a math class.  If they spend oh say... $150K on a place.  (we won't even include the amount they'll spend in interest over the years or the fees they pay for maintenance - that's fair right?)  And let's say they spend 14 days a year at the place.  That's 2 weeks total - most people don't have that kind of time for vacations but we'll be generous.  Now if you were to splurge on a hotel and food - say $500 per day when you're on vacation... it would take you 21.4 years to spend $150K... and you wouldn't be limited to one place, nor would you have to go on vacations and spend that money if you ran into some lean times. 

Yeah, I'm a kill joy.  Ha. 

****
Okay I think that's enough random wandering for today. 

Posted by: Teresa in FUN at 12:02 AM | Comments (4) | Add Comment
Post contains 708 words, total size 4 kb.

November 13, 2011

The Bruins Do Veteran's Day Right

 I saw this on television last night because hockey rocks and I was ready to watch the game!   Yay Bruins and Yay NHL. Thank you for your support of our military!



Better yet, the Bruins got a win.  Great night of hockey for everyone.

Posted by: Teresa in Military at 11:29 PM | Comments (10) | Add Comment
Post contains 50 words, total size 1 kb.

November 09, 2011

Got An Android Based Phone?

Here's a chart showing a number of models and how out of date the software versions are on them. There doesn't seem to be much that can be done about the update problem since it's per vendor, but you may want to be very careful about what you do on your phone if you are using an out of date OS.

Like Windows of old, out of date OS installs are open to security problems. In other words you may want to rethink doing your banking on them among other things. heh.

the understatement: Android Orphans: Visualizing a Sad History of Support

If you want to hear the author of the post talk about how he developed the chart, he was interviewed by Patrick Gray of Risky Business and you can listen to the podcast here.

Posted by: Teresa in WebTech at 10:44 PM | Comments (7) | Add Comment
Post contains 141 words, total size 1 kb.

November 06, 2011

Fall Back

It's fall back night.  The second most annoying night of the year.  The first most annoying being the spring forward night. 


So why would a fall back night be annoying when I get an extra hour of sleep?  

Because all this clock jumping wreaks havoc on my sleep cycle. I have a hard enough time even attempting to sleep during "normal" night hours.  Always have had. Start messing with the clock and things get completely out of control.  By the time I get it figured out it's time to change the clocks again. 

I want to go find the congress critters who voted for this and smack them with my alarm clock. 

In the meantime I have been sitting here wasting time looking at jewelry boxes online. I do have a lot of junk jewelry (let's stress the word junk here) and a few things that are about 2 steps up from there. (like 3 necklaces and 3 sets of earrings). However, all of this lives in a drawer lumped together, except for one pair of earrings that I liberated and wear daily.  Makes a plate of spaghetti look neat.  I keep thinking I need to get things cleaned up in that drawer.  Then I start looking at jewelry boxes and my head wants to explode. 

I think I'll give it up for now and go stare at the bedroom ceiling.  Perhaps inspiration will strike in the middle of the night. Of course that means I'll completely forget it by morning, but there it is. 

Happy fall back day to you. Sleep well. 

Posted by: Teresa in FUN at 12:43 AM | Comments (4) | Add Comment
Post contains 265 words, total size 2 kb.

November 03, 2011

Travel Blog Fodder

-- First thought the entire bus to the airport would be filled with blue hairs. The younger people showed up at the last minute. Wish I could time stuff like that.
 
-- Airport fashion: Red legging jeans, leopard print top, and Uggs. Okayfine.

-- Someone sitting by me at the gate using Siri to get info. Not sure I want anyone sitting near me to know what I'm searching for. Siri's a little to vocal in a crowded area.

-- Damn - everyone in the last boarding group has to gate check bags.  Guess that means a long wait in ATL to get my bag. *sigh*

-- Seriously Delta. Commercials with the safety video??? Seriously?  Now sponsored by Lincoln and some brand of bed.... Broadcast to the entire cabin... Holy crap.
 
-- Hugely big dude - yeah you - the guy about 6'5" and 300lbs. If you pull any harder on the overhead bin to get yourself out of your seat you'll break it.  Yes and the same goes for pushing down on it once standing to stretch your back... Also you do realize your feet have walked all over the airport don't you?  God knows what is on the soles of your shoes. The shoes you rested on the armrest to stretch your back. While I don't care if you die of Ebola it's not really fair to the next person who will unknowingly use that seat and that armrest. Geeze.
 
-- Noisy page turner in my seat row. Sounds like talk radio people trying to demonstrate they are holding papers in their hands. But he's doing it with every single page turn of Sky Mall, Delta magazine, and newspaper... heh.   

 
-- Wow okay. Brand new to flying twenty-something girl... the bag goes where it fits not where you are sitting.  If the bin over your seat is full, you have to find somewhere else.  Never heard someone complain that "someone took my bag space" before and stand just looking at the bin holding up seating... Wow again. And stop stuffing your carry on bag. No, a fat bag won't fit in the bin.  And it's not time to figure this out when you're trying to put the bag in the bin. So now you're holding up seating even longer while you pull crap out of your bag too?  Geeze.

 
-- At least I got my bag on this time. Considering I have to " desnow" my car it's the least they could do to help the flt along if they ever manage to get complaining girl out of the aisle and seat the rest of the passengers...  
 
-- Thank heaven I got 5 min to grab a bite to eat before leaving. Was worried I wouldn't have time with the traffic tie-ups heading to ATL.

-- Weirdly, car covered in pine needles, no snow at all, but half the lot has cars with snow cover on them.
 

Posted by: Teresa in FUN at 11:01 AM | Comments (2) | Add Comment
Post contains 492 words, total size 3 kb.

November 02, 2011

So Are They Saying Women Shouldn't Drive?

I follow Car Talk on facebook. They posted a link to this article from Cars.com

Study: Women More Likely to be Injured in Car Accidents

Here's the bit at the end that I found baffling...

Still, if you’re operating vehicle without advanced airbags, it’s important to take into account the heightened risk of injury if you are a female driver.


Take into account...  What in the world does that mean?

Are we supposed to creep along at 20mph just in case? Wear armor? Send up a flag so everyone knows there's an old airbag in the car? Buy better life insurance? Get better crash insurance? Sheesh. 

While it's interesting to know that newer cars have better airbags in them, the conclusion is silly.

Posted by: Teresa in Ummmmm at 12:43 PM | Comments (7) | Add Comment
Post contains 130 words, total size 1 kb.

November 01, 2011

The Return of Civilized Living

While phone service returned this morning, power and cable were up and running late this afternoon.  I went around the house turning on lights just because I could.  heh.

I hope to have a post tomorrow with a few fun items on my weekend trip.   In the meantime, now that I have waded through my email backlog, I'm going to kick back and watch a little tv. 

Posted by: Teresa in FUN at 09:30 PM | Comments (1) | Add Comment
Post contains 72 words, total size 1 kb.

<< Page 1 of 2 >>
72kb generated in CPU 0.07, elapsed 0.0762 seconds.
33 queries taking 0.0287 seconds, 99 records returned.
Powered by Minx 1.1.6c-pink.