Google and OEM-based attack vectors →

June 24, 2019 by Bert Chancellor in Technology

On paper, Android conceptually seems like a grand, world-bettering idea. Common OS shared by a world full of hardware manufacturers, self-monitoring through it all. In execution, however, it seems to have been a nightmare. From the horrible slowness of new OS adoption to malware to “XYZ” skins to maintaining security….a nightmare.

From the Ars article, “"One of these security tests scans for pre-installed PHAs [potentially harmful applications] included in the system image," Google officials wrote in their Android Security & Privacy 2018 Year In Review report. "If we find a PHA on the build, we work with the OEM partner to remediate and remove the PHA from the build before it can be offered to users."“

This is indeed some complicated stuff but even a layman could see the challenge here.

Ars Technica Post

Facebook's Wonderful Week of Fun - March 22 →

March 24, 2019 by Bert Chancellor in Technology

Continuing the saga of all that is Facebook. All kidding aside, I read this stuff and think “surely this can’t keep happening”, “surely it won't get any worse”. Hard to believe I’m still this naive.

In this week’s issue - it was revealed that Facebook stored user’s passwords in plain text for many years. Spoiler alert, this isn’t a good thing. Essentially this means that Facebook employees could know and use your own login credentials to login to your account.

In typical Facebook fashion they have admitted the issue but are stating it’s a limited set of users. This will inevitably be revised to some higher number on page 6 of a small town newspaper later this year when nobody is looking.

Krebs on Security

Facebook's Wonderful Week of Fun - March 15

March 15, 2019 by Bert Chancellor in Technology

Each week when I make decisions about where to spend my time and what to post I become increasingly aware of the state of all things “facebook”. Maybe a weekly summary is good enough for now!

Here’s the highlights:

Facebook, Instagram, and What’s App down for hours. Not due to DDOS but to a “server Issue”. Right, ok, sure. See The Verge’s article.
Zuckerburg announces renewed focus on security and privacy, see Recode Article for details and Casey Newton for the Verge.
My favorite of the week - you remember that phone number you added for two factor authentication that was only supposed to be used for security reasons? Yeah, sorry, not true. People can find you by using that phone number. Oops! Here’s details from Fast Company.

Facebook survived issues like this a decade ago when it was run by a group of fast moving people early in their career. We accepted those mistakes with an “awwww shucks” type of attitude. Those days are over. Facebook is a global technology powerhouse with the influence to change the course of human history.

Two words for you - wake up