thewayne: (Default)
NY ACLU released one about a month earlier. The important thing about this app is that it directly streams the video to the ACLU's servers, so even if a cop takes your phone and removes the SIM, the video has already been captured.

There have been apps along this line available for a while, but this one doesn't look like your phone is recording something. So theoretically you might be able to record longer.

Going a little further than the NY press release,the NJ ACLU has said that if you record a police incident outside of NJ, they will forward the video to the appropriate ACLU chapter.

Gee, I wonder how many Occupiers are downloading this app right now? Oh, an iPhone version will be available soon, it's currently undergoing Apple's review.

http://www.wired.com/threatlevel/2012/07/monitor-police-app/

This is especially useful because in March, the Department of Justice posted a very public-friendly opinion. "The department of Justice (DOJ) Civil Rights Division has affirmed the First, Fourth, and Fourteenth Amendment rights of citizens to record police officers in the public discharge of their duties. In an opinion letter issued on May 14, 2012 in regard to the ongoing litigation in Sharp v. Baltimore City Police Department, the DOJ stated that the individual right to record officers who are publicly executing their duties is a First Amendment right. Relying on Glik v. Cunniffe, the DOJ letter states “Recording governmental officers engaged in public duties is a form of speech through which private individuals may gather and disseminate information of public concern, including the conduct of law enforcement officers.” (DOJ letter, page 2.)"

http://www.avinalaw.com/2012/05/our-first-amendment-right-to-record.html
thewayne: (Cyranose)
The defense contractor arm of Boeing is going to make a highly secure smart phone, based on the Android platform.

"Earlier this week, it was revealed that aerospace firm Boeing was working on a high security mobile device for the various intelligence departments. This device will most likely be released later this year, and at a lower price point than other mobile phones targeted at the same communities. Typically, phones in this range cost about 15,000-20,000 per phone, and use custom hardware and software to get the job done. This phone will most likely use Android as it's main operating system of choice, which lowers the cost per phone, since Boeing's developers don't have to write their own operating system from scratch."

$15-20k per unit. Yep, sounds like a defense contractor. Wasn't it just recently that the NSA announced that it was going to do a secure phone system based on Android? I'm sure their unit cost would be a bit lower.

I am curious, though, who would build this? Boeing is not an electronics manufacturer per se, they're certainly not a cell phone maker. If they intend this for covert use, they're going to have to buddy-up to someone like Nokia or Samsung or LG to make the phone look like a standard smart phone to allay suspicion, plus it can't really have a Boeing label on it, that'd be a bit of a giveaway.

Seems to me that it's a monumental waste of money if the NSA is already doing a similar project.

http://mobile.slashdot.org/story/12/04/15/1513222/boeing-preparing-an-ultra-secure-smartphone

Ah, yes: March 8, NSA and German government encrypting Android phones: http://thewayne.livejournal.com/787608.html


Last month the results of the 'Honey Stick Project' were announced in which Symantec 'lost' several bugged smart phones to see what people do when they find one. The results pretty much confirm the worst of human nature.

"In order to get a look at what happens when a smartphone is lost, Symantec conducted an experiment, called the Honey Stick Project, where 50 fully-charged mobile devices were loaded with fake personal and corporate data and then dropped in publicly accessible spots in five different cities ...Tracking showed that 96-percent of the devices were accessed once found (PDF), and 70-percent of them were accessed for personal and business related applications and information. Less than half of the people who located the intentionally lost devices attempted to locate the owner. Interestingly enough, only two phones were left unaccounted for; the others were all found."

My aunt found a cell phone in a casino. The smart thing to do would be to give it to casino security, instead she took it home. Fortunately it still had a charge when she told me about it, and I found an address book entry for Dad and called it and found out his daughter had lost it, conveniently she worked for FedEx in El Paso, so she called the Las Cruces office and I dropped it off there. I don't think I would poke in to a discovered smart phone beyond trying to identify the owner and get it back to them, but human nature being what it is, who knows? This particular lost phone wasn't a smart phone, which reduces the temptation to pry in to personal information. My phone does contain sensitive information, but the really sensitive info is in a password-protected encrypted system, so it's fairly safe. And there's no banking info on it, nor has it ever accessed my bank account, so that's safe.

Plus, it's an iPhone, so it's easy for me to remotely brick if I lose it, assuming the discoverer doesn't know how to pop the SIM chip.

http://mobile.slashdot.org/story/12/03/12/2351227/honey-stick-project-tracks-fate-of-lost-smartphones


And finally, Google's Android app store Play has been found to have lots of malware lurking inside in the form of apps that send expensive SMS messages without you knowing it.

"We've seen quite a few Android malware discoveries in the recent past, mostly on unofficial Android markets. There was a premium-rate SMS Trojan that not only sent costly SMS messages automatically, but also prevented users' carriers from notifying them of the new charges, a massive Android malware campaign that may be responsible for duping as many as 5 million users, and an malware controlled via SMS. Ars Technica is now reporting another Android malware discovery made by McAfee researcher Carlos Castillo, this time on Google's official app market, Google Play, even after Google announced back in early February that it has started scanning Android apps for malware. Two weeks ago, a separate set of researchers found malicious extensions in the Google Chrome Web Store that could gain complete control of users' Facebook profiles. Quoting the article: 'The repeated discoveries of malware hosted on Google servers underscore the darker side of a market that allows anyone to submit apps with few questions asked. Whatever critics may say about Apple's App Store, which is significantly more selective about the titles it hosts, complaints about malware aren't one of them.'"

This would well and truly suck. I think that most of the freedoms that Android offers are great, but as it has been said, the price of freedom is eternal vigilance and it's difficult for an end user to be vigilante about the software on their phone because most of us are not programming experts that would allow us to determine if a program is safe or not.

http://mobile.slashdot.org/story/12/04/14/195215/more-malicious-apps-found-on-google-play
thewayne: (Default)
He's a small operation, just him and his wife, and he says the problem is that the Android version of his game, Battleheart, accounts for 5% of their revenue but 20% of his support/development time.

Apparently his problem is common more among game developers than business app/utility developers. He's having to tweak shaders and installation programs to support the various graphics chips and such which aren't as much of an issue in other types of apps. This is something that I recognized a long time ago that would be an issue, and it epitomizes the difference in support between Windows and Mac operating systems. Windows lets anyone create hardware for their OS, Mac controls it tightly. Windows has an all but infinite array of hardware combinations they have to support, Mac much more finite.

Which is a better path to take? It really depends on your needs and which end of the board table you're on.

http://www.electronista.com/articles/12/03/10/mika.mobile.says.android.money.losing.platform/

http://games.slashdot.org/story/12/03/10/2226214/battleheart-developer-drops-android-as-unsustainable
thewayne: (Cyranose)
They're applying strong crypto and logging to the voice stack, not much detail as to whether the data on the phone is encrypted which I think would be fairly trivial. They're also discussion about Germany encrypting other smart phone OS's. It'd be cool if the software were released to the public, but that'd totally screw law enforcement and CALEA.

http://www.h-online.com/security/news/item/NSA-German-government-using-Android-for-secure-phones-1466294.html
thewayne: (Default)
First, available only in beta on Android phones right now, is an application called iOnRoad. You mount your phone on a windshield or dash carrier, and your phone monitors the driving conditions around you and sounds alerts if the distance between you and the car in front of you begins reducing precipitously. It's not perfect, but it is interesting. They say an iPhone version will be available later this winter.

http://www.wired.com/geekdad/2012/01/ionroad-app-for-android/


Next week's CES show marks the 5th anniversary of the introduction of the iPhone. It wasn't available at retail until June, but the slavering began in January.

I got an iPhone 4S just after Thanksgiving last November and I've been quite happy with it. It's been reliable, it reduces the number of devices in my pocket from 2-4 down to 1, and it's reliable. It will be interesting to see how smart phones, both iOS and Android, continue to evolve.

http://www.wired.com/gadgetlab/2012/01/iphone-five-year-anniversary/
thewayne: (Default)
Heh. Yes, named after Majel Barret Roddenberry, the voice of Star Trek's computers. It'll be interesting to see how it shapes up, Google has such a huge data mine to work with it should be quite viable. I use Siri occasionally, mainly as a lark. Last night I was playing with it as a joke and I said "play one song", and got Pink Floyd's One Slip, and that was it. I have used it while driving to play a podcast, and it's definitely useful that way. One thing didn't work as expected: Apple advertised that you could say 'remind me to buy milk when I leave work', I tried it to remind me to pick up some paper for my laser printer when I left Applebee's and I didn't get a reminder, but since I remembered that I needed to hit Staples it was no big deal.

http://hardware.slashdot.org/story/11/12/20/177218/google-working-on-siri-competitor-majel
thewayne: (Default)
The thot plickens. BT alleges that Android violates:
* 6,151,309: a 2000 patent for "service provision system for communications networks"
* 6,169,515: a 2001 patent for a "Navigation information system"
* 6,397,040: a 2002 patent for location tracking of users
* 6,578,079: a 2003 patent for a "communications node for providing network based information service"
* 6,650,284: a 2003 patent for an "information system" with "a fixed part and a mobile part"
* 6,826,598: a 2004 patent for "storage and retrieval of location based information in a distributed network of data storage devices"


The suit was filed in Delaware, I'm curious why they didn't go for West Texas. It'll be interesting to see how this plays out. I'm really sick and tired of patent wars, the system has mutated far beyond what it was intended what patents should protect.

http://www.h-online.com/open/news/item/Google-sued-over-Android-and-services-by-BT-1397721.html

http://yro.slashdot.org/story/11/12/19/139236/bt-sues-google-over-android
thewayne: (Default)
NFC is similar to the payment fobs tied to your credit cards that you can wave at some gas pumps to pay for purchases. It is a more sophisticated in that it's built-in to some cell phones and requires that you enter a PIN into your phone to complete the transaction, so it has a slightly higher level of security: you must have possession of the phone, know how to start the NFC payment program, and know the PIN.

The researchers attempted man-in-the-middle attacks when transacting and when registering new credit cards through the phone, and also analyzed the memory content of the phone. They discovered no blatant security issues and were unsuccessful with their MITM attacks, but they did find some unencrypted data cached in memory that did not contain sensitive information such as complete credit card numbers.

So overall, it looks like Google did a good job with their NFC implementation, though the researchers stressed that something as important and ubiquitous as this needs a lot more study. The iPhone does not yet have NFC tech built-in, it is more likely for the iPhone 5 than it was for the 4/4S. iPhones can accept credit card payments through Intuit or the Square dongle, I have a Square and it works pretty nice. But that's receiving payments, not making them.

http://www.h-online.com/security/news/item/Forensic-specialists-analyse-Google-Wallet-1396363.html
thewayne: (Default)
A couple of things in the news about the HP TouchPad, the WebOS tablet device that was blown-out in August for $99. The OS and the tablet got pretty good reviews, up until the point that HP decided to abandon all WebOS development at a cost to them of a billion dollars or so. It's the operating system that they acquired when they bought out Palm Pilot, and it powered their Palm smart phones.

The first piece of news is that HP is having a mondo big sale on eBay tomorrow, Sunday, 11 December, at 6pm Central Standard Time, and will be blowing out "an unspecified quantity" of factory refurbished units at the $99+ price. An accessory pack will be available, and the units will have a 90 day warranty.

http://techcrunch.com/2011/12/07/hp-touchpad-ebay/

http://hardware.slashdot.org/story/11/12/08/1545236/hp-reviving-the-99-touch-pad-on-december-11th

The other piece of news is that HP is releasing the WebOS to the open source community. It was speculated that RIM, the makers of Blackberry, would buy it. I think it would have been a good fit for RIM, but I guess it didn't happen. HP claims that they will be an active participant in the project, but I tend to question that since they've bought in to Windows Mobile OS for cell phones. No one is making hardware for this OS, and the Android community have been very active in porting to it, so I'm not sure how useful WebOS going open source will be.

I think you're going to see two things. The highest amount of activity will be the Android TouchPad community as they'll be trying to get their apps already in the various Android app stores working on the TouchPad. You'll see some WebOS activity for the newness of it, people will study it to see how they did things and what other interesting things they can adapt in to other open source projects. Some people will write some bug fixes and new interconnectedness link software, but I don't think this will be a huge group. I think the least activity will be people doing new development in WebOS. There's no growing hardware base: all of the hardware has been made, and that number will suffer a steady decline over the years as it fails and is with increasing rapidity eclipsed by newfangledness. I don't think that you'll see any manufacturers building hardware for the WebOS, it's too easy to just make it for Android, which has a growing and vibrant community.

So you've got two camps (IMO): the hackers who want an inexpensive tablet to root, port Android to it, and enjoy the heck out of it, and the people who don't pry beneath the covers and buy an inexpensive tablet and use it until it gets glitchy, then they'll bitch that they can't get it repaired and dump it for an iPad or Android tablet or eBook reader.

That's what I think, but what do I know.

http://www.wired.com/gadgetlab/2011/12/hp-webos-open-source/

http://www.h-online.com/open/news/item/HP-to-make-webOS-an-open-source-project-1393262.html

http://mobile.slashdot.org/story/11/12/09/1857254/hp-making-webos-open-source


This puts me in a bit of a conflicted bind. I was planning on buying a Nook Tablet from Barnes & Noble, if you're a member you can get them for $225. It would be brand-spanking new and have all sorts of wonderful support available through a major corporation that, as far as I'm hearing, is doing a very good job of keeping customers happy with it. Or I might be able to drop less than half that for a unit that has no company support, only a 90 day warranty, and to expand it's capability I'd have to install a new operating system on it that would be dependent on varying quality levels of community support.

I'm probably going to go with the Nook. I'm tired of having to wrestle with software, I don't want to think about the number of systems that I've had to patch, bring back from the dead, and sacrifice brindled calves to in the pale moonlight over the last 20+ years as an IT person. I just want to have confidence that my shit will work when I hit the power button, and that it won't be difficult to find good resources to fix it if it glitches or dies.
thewayne: (Default)
"AT&T is adopting technology that gives a person with an Android device two user profiles, enabling company email and other data to reside in an encrypted partition separate from a user's apps, games and unfettered web browsing. AT&T is calling the feature Toggle, and plans to release it later this year. Toggle is a regular app that, once installed, creates its own encrypted desktop under the control of company IT bosses. Toggle is a rebranding of an app developed by startup Enterproid, which continues to develop its own version. AT&T think this move will encourage smartphone adoption in the enterprise. Interestingly, Apple's current version of iOS and app guidelines exclude multiple profiles on one device."

I can see this as a good move that will help the phone be increasingly adopted in business, but what they need to do is extend this encryption to the entire phone! People are realizing that we're now functionally carrying our entire life in our pocket or purse: photos, contacts, personal and private information, etc., and that can be a real problem if lost. I've carried a PDA for close to 20 years now, and I've been cognizant of this and kept the important stuff in encrypted files. A lot of information was still vulnerable, but at least the most important stuff was affected.

But now in California, Michigan, and other states, you can get your phone sucked dry by the cops during a routine traffic stop. So this really needs to be extended throughout the phone.

One thing that I find interesting is in relation to my current employer. Currently Blackberry's are the standard data phone. I was speaking to one of my fellow IT drones and he said that policies were being put in place so that people with iPhones and Microsoft phones can have them connected to the enterprise. Conspicuously absent from the list? Android phones. The problem viewed from a security perspective is that the operating system is forked for just about every manufacturer and almost every phone. They have different screen dimensions, different keyboards, different feature sets, and this requires customizations and extensions to the operating system. And in doing so, increases the chance for exploits. This is a case where monolithic control over the code base can be an advantage.

Overall, I agree with the Free/Open Source concept of many eyes makes problems visible and easy to fix, but this works in both directions, for good guys and bad guys. And the bad guys are very highly motivated, there's a lot more money for them to find and sell an exploit than there is for the good guys. And this is a problem for the overall Android code base: Maker X finds a significant bug that can lead to an exploit in their code, so they fix it. They may or may not notify other Makers because that bug may or may not exist in their code base. And they can report the bug to Google's Android team, but THEY CANNOT directly patch the fix back in to the base code tree! Most F/OSS projects you can either directly patch the code or submit a patch for review to the code maintainers, unless Google has changed this policy since I first heard of it, its a lot harder to get these patches submitted to them.

http://apple.slashdot.org/story/11/10/14/0350258/android-phones-get-dual-accounts
thewayne: (Default)
Sounds a lot like Zone Alarm Pro, the only software firewall that I have a lot of experience with (and quite liked).

http://yro.slashdot.org/story/11/05/04/0428224/Marlinspikes-Droid-Firewall-Kills-Tracking


In other news, Apple released an iOS patch today to fix their location tracking kerfuffle.
thewayne: (Default)
B&N are releasing an update that gives the Color Nook Android 2.2, Froyo. It's not the latest and greatest Android OS, but it is Android. Give 'em a couple of weeks and someone will root it to give it access to the full Android app store. And there's a Kindle app there.

$250 for an Android tablet, not bad!

http://www.wired.com/gadgetlab/2011/04/nook-color-tablet/
thewayne: (Default)
Amazon requires that your phone be set to allow apps from untrusted sources, which can open your phone to exploits. Google's app store does more inspecting, but is still not invulnerable. Amazon won't consciously allow compromised apps through, but you never know. And Amazon doesn't have a remote kill switch to remove installed apps that are found to be compromised like Google does.

http://www.wired.com/gadgetlab/2011/03/amazon-app-store-security/

July 2017

S M T W T F S
       1
23 4567 8
910 11 1213 14 15
16 17 18 19 202122
232425 26 272829
3031     

Syndicate

RSS Atom

Most Popular Tags

Style Credit

Expand Cut Tags

No cut tags
Page generated Jul. 27th, 2017 12:36 pm
Powered by Dreamwidth Studios