Articles

Original, longer posts, as opposed to quotes and micro-posts

LinkedIn app: another #fail for Apple’s iOS when it comes to protecting your privacy

0

Some “media experts” and some consumers and companies believe that because Apple is curating apps you can find in their apps store, they face a lesser chance of being infected with malware or of using badly written apps which don’t perform well or leak information.

Well, once again (remember Instagram?), a security researcher proved that iOS is missing basic privacy protection mechanisms and that pretending to check apps to protect users is only an excuse to make money by taking a cut of the profit. Apple simply can’t control, in detail, what is in every app they release.

So this time, we have the LinkedIn app which is sending users’ calendar meetings to the LinkedIn servers without the user knowing about it… This can be especially dangerous when things such as conference call phone numbers and passcodes are stored in the event itself. Fortunately, there is a way to turn that feature off, by simply refusing to let LinkedIn show the calendars in the app itself.

But it doesn’t solve the big privacy issues plaguing iOS, a 5 year old OS which was never built to be secure, but to look smooth and to be very easy to use in order to kill Nokia’s Symbian. Apple has tried multiple times to implement enterprise features, but most attempts have failed as it’s simply not in Apple’s DNA to build a secure OS. SMEs and corporations usually have to rely on 3rd party solutions to try and make these devices usable in a business environment.

[LinkedOut – A LinkedIn Privacy Issue]

 

Did you like this? Share it:

lush.co.uk was hacked and your credit card details stolen… Is your data safe?

1

Just another example of how unsafe “the cloud” can be. What surprises me is how little companies care about security. I often ask cloud providers about their security measures and the typical answer is that they protect the connection to their servers with SSL which is “very secure”. This is probably enough to reassure a novice consumer that heard from his bank that SSL is the way to go to protect online transactions, but what about the data that is stored on the servers? Most don’t encrypt it unless required by law (credit card details).

There are so many stories nowadays about data theft by rogue employees or hackers, that I’m still amazed that people trust their most sensitive data with companies like Dropbox, Apple, Evernote, Google, Facebook, Sugarsync, etc., These guys have your password. They can look at all your most private documents or pictures unless you encrypt them before you send them. Sure, it’s so convenient to be able to have access to everything from everywhere, to share documents with your mates, etc., but just remember that it makes data thieves very happy as well.

Be safe online, provide a minimum of information, use email address aliases, encrypt your data, use services like Jungledisk or Wuala.

Did you like this? Share it:

Amazon has just swallowed the whole of Lovefilm

0

Lovefilm has had an interesting progression. First they were shipping DVDs and Bluerays, which was a good way to watch movies in HD, but that meant planning for it and more often than once, that meant that you would have discs lying around for weeks.

So last year, they started to stream some movies online and on some TVs. That was perfect for impulsive movie watchers. The quality will never be as good as Bluerays, but who cares when you’re going to watch the latest romcom, you can always get them to send you the latest blockbuster via mail. Later on, they even managed to offer the service for the PS3, which means having access to an even larger user base.

Because it became so successful, Amazon had to buy the remaining shares it didn’t already own and I’m glad they did. With their cloud infrastructure, their books and MP3 store, this was the logical next step. They’ll probably expand the service all over Europe and will make lots of film lovers very happy :).

Did you like this? Share it:

Trapster got hacked, but at least they came through

1

If you have an account with Trapster, you should go there and change your password now. Leaks of sensitive information happen all the time, but it’s not so common for companies to communicate about it, even when it’s required by law (UK, EU, etc.).

So many little and not so small companies just don’t care about data leaks when they should. Sometimes, they don’t even realize until a customer lets them know.

And, as a consumer, how can you know? Well, unless you use this trick or that one, it’s not that easy to be able to tell what the source of the leak is.  And even if you tag your connections, you never know whether some shady website owner sold your data or whether a server got hacked or simply if the person doing the mailings got his Outlook account scanned by a bot…

Did you like this? Share it:

Stuxnet: I can’t believe sensitive industrial systems are running Windows…

0

So, it seems people in the UK are starting to freak out about the “super computer virus” called Stuxnet that could bring down power plants, etc. They’re right! That thing is powerful and very scary! But wait a minute…Companies in charge of protecting key UK infrastructure components decided to give the contracts to Siemens after seeing that the solutions were based on Windows?!? Seriously!?! It’s fine for desktops if you’re extra careful, but come on. It’s a poor choice for business critical missions unless you’re a small PME that got coerced into using a suite of Microsoft tools to ru(i)n your business…

Read all about Stuxnet here

Did you like this? Share it:
Haut de page