McAfee Predicts Mobile Devices May Be Corporate America’s Real Trojan Horse

If security firm McAfee is right, 2011 may be the tablet computer takes over corporate America. Or more specifically, the year the tablet takes over corporate networks. McAfee predicts that the onslaught of consumer-owned and lent smartphone and tablet devices entering and exiting the office space may pose a new unanticipated threat to corporate security. Their concern is that, not only is the consumer largely ill-prepared to secure devices that may amount to a hole in the Trojan wall big enough to drive a wooden horse into, but that the lack of comprehensive security tools designed around the likes of iPhones, iPads and Android devices, leaves them ill-equipped, even if they were prepared. Potentially, this could mean that personal gadgetry may become the host du jour for new infectious computer viruses, malware, and most alarmingly, remote access to the network the form of "Trojan horses".

While McAfee, one of the world's largest anti-virus software manufacturers, is understandably concerned about the interconnection of consumer-maintained -- and largely unsecured -- devices to more secure corporate networks, I think they may be missing an even bigger threat. While for years USB "thumb drives" have been cheap and affordable, and available in sizes small enough to swallow, they still required the physical removal of data from the premises. This meant exhaustively copying and then walking data out of the building. (See "sneakernet".) And, while every year these storage devices hold more and more data, so does the average corporate server. It's unlikely that portable media will ever quite catchup.

On the other hand, the prevalence of high-powered personal computing devices (yes, I'm talking about your average smartphone) connected to the corporate network allows, not only for the immediate transmission of data off-the-premises, but potentially even the cheapest, least sophisticated, pre-paid Android phone, left "cradled" overnight to a desktop computer, (the same cradle used to charge the battery, and synchronize contacts and calendar events,) could allow for unrestricted unauthorized remote network access over a hard-to-trace personal cellular data connection. Not only is this possible today, but it doesn't require a sophisticated computer virus to accomplish.

Read more at http://www.technewsworld.com/story/71541.html


Proof That Sprint’s EVO 4G Battery Doesn’t Suck

Sprint EVO 4G Stops Bullet

Sprint EVO 4G Stops Bullet

With all the news on this site about the misuse of personal data, it's nice once in a while to read about how a device can save a life, even when it's severely abused in the process.

The HTC EVO 4G, while a workhorse of a phone, has gotten a very bad wrap for its less-than-stellar battery life. Meanwhile, it looks like Sprint will be facing some real stiff 4G Android competition from its rivals, in the aftermath of this year's Consumer Electronics Show in Las Vegas. Thus, we're sure Sprint will appreciate a little good press for its flagship phone, no matter how decidedly un-technological.

Via Engadget:

We knew the HTC EVO 4G was a pretty super phone, but we didn't know it was an actual superhero. A nightclub valet in Atlanta was recently the victim of two disgruntled patrons' wrath, falling in the middle of a five-shot bullet volley, but luckily for him, he had his EVO in his chest pocket. While the phone's glass shattered on impact, its battery did not and absorbed much of the impact of the one bullet intent on ridding him from this mortal coil. The fortunate chap is still with us, uninjured but stupefied by the event, and he promises he'll never buy another brand's phone again.

Read full article at http://www.engadget.com/2011/01/08/htc-evos-battery-deflects-a-bullet-earns-life-saver-badge-v/


Can you hear me NOW?

Your Cellphone Is Subject to Warrantless Searches in California [Privacy] http://bit.ly/fTsSnb


If your car’s not owned it could be pwned

Disgruntled Hacker [Debt Collector] Disables More Than 100 Cars Remotely

Pay Technology's Webtech Plus

Cleveland-based Pay Technologies is a company that sells hidden wireless black boxes that allow car dealers to remotely disable a car’s ignition, or trigger the horn to begin honking, as a not-so-gentle reminder that a payment is due. The Webtech Plus responds to commands issued through a central website, and relayed over a wireless pager network.

A car dealer in Austin Texas began receiving complaints from hundreds of stranded customers late last month. According to the dealership's manager, the complaints stopped several days later, when he reset all the Webtech Plus employee passwords. Then police obtained access logs from Pay Technologies, and traced an IP address to a former employee. Police say he hacked into the dealership's computer system to deactivate the starters on the cars and set off their horns.

To call the suspect a "hacker" is really an insult to hackers. On the other hand, anyone who's ever spoken with a debt collector probably isn't very surprised by allegations of unethical behavior.

According to the dealership, the employee's account had been closed when he was terminated last month, but they allege he got in through another employee’s account. They claim he was working his way alphabetically through a database of all 1,100 customers whose cars were equipped with the device.


Infidelity — There’s a map for that.

How Google might know what you did last summer -- even if you forgot.

google-latitude-781430Google Latitude is a service that allows users to see and share their location on a Google map live and in real-time. The service runs on most smart-phones, regardless of service provider, including Apple's iPhone, Windows Mobile, the Palm Pre, and, of course, Google's Android. Latitude relies on a combination of GPS, cellular tower triangulation, and wi-fi triangulation. Having brushed-up on the service for a recent National Public Radio (NPR) Interview, I have since considered Latitude one-part creepy, and two-parts cool. However, the creepy / cool ratio may be shifting.

This week Google introduced a new and improved Google Latitude -- with enhanced features like "Location History".  With Location History Latitude users can go back in time retrace their footsteps, and even see where they stayed-put, and for how long. Kind of cool...yet, very creepy. But practical?

Imagine, for example, you're the owner of a Palm Pre on Sprint's 3G Now Network , having trouble remembering where your were when you told your spouse you were somewhere else? Now, there's a map for that!

But wait -- there's more! How about "Location Alerts"? Certainly, a application that would alert you when a particular individual, say a family member, has left work or school, would be very practical. After a while of being alerted every time someone is, or has arrived, exactly where you would expect them to be, however, could get old. So, Google's geniuses stepped it up a notch. According to Google, Latitude will learn user's patterns and behavior so that alerts can be issued when a person has strayed from their routine -- left at a different time, or arrived at a different place.

For example, if you decide to staycation with your mistress, you can receive a handy alert when your spouse leaves the office earlier than usual. Or, if traffic is particularly light, Latitude will let you know when it's time for a quick window-exit.

Best of all, when the jig is up, no one has to know, because -- for now -- Google is making all these free services available to you, and no one else... at least, without subpoena powers.

This is deception... on the Now Network.


Location, Location, Location.

Recently, I had a wonderful opportunity to play a game of hi-tech "phone tag" on the streets of San Francisco with Reporter Martin Kaste from NPR's "All Things Considered". Late last Summer I was  asked if I would be willing to sit down for an interview for a story he was researching about location privacy. But, instead of agreeing to meet Kaste, I told him he had to find me.

With the aid of his GPS-equipped smart-phone, some software, a little patience, and a good pair of walking shoes, he was able to "tag" me sipping a latte outside a coffee shop on Market St. Of course, with my own GPS, and software-equipped smart-phone, I was able to see him coming. What follows are the fruits of that encounter:

Digital Bread Crumbs: Following Your Cell Phone Trail

Jeff Fischbach is a little bit like those guys in The Matrix — when he puts on his shades and looks at the world, he sees data.

Walking down the street in San Francisco, he points out all the devices that record people's comings and goings: digital parking meters, apartment intercom systems, digital security cameras...

Listen to NPR's Digital Bread Crumbs: Following Your Cell Phone Trail

Audio and transcript: http://www.npr.org/templates/story/story.php?storyId=114241860&ft=1&f=1019


OT: Verizon — Oh no you di’nt!

It's rare that I clap for [watch] TV commercials. But Verizon just took AT&T to the mat -- er, map.

Technically, this is off-topic, but I think I can apply a little broad discretion when it comes to bad data -- That is, the data that every U.S. cell phone company uses to claim to be the best.

I know I spend a lot of time picking on Apple -- especially the the iPhone. But when something falls just short of great, it leaves room for criticism. That, however, doesn't describe Apple's choice of service partner. Verizon customers love their coverage. T-Mobile customers love their customer service. Sprint customers love their features (and free 3G roaming to Verizon). AT&T customers love their iPhones, and tolerate their service. Now Verizon is taking them to the map.

Watch and see what I mean.


Palm’s Pre has you covered — like an enemy of the state

VZ_Network_thumbHey, Verizon customers -- ever get tired of having "The Network" following you around everywhere you go? It's such a hassle, especially when you have to use the restroom, or spend some "alone time" with your significant other.

Well, Sprint's Palm prē has you covered. Palm's latest smart phone is so smart, the network can find YOU -- ANY TIME THEY WANT!

Palm Pre_FrontClosed-CardViewGoogleMaps-300-100

INFORMATION SENT TO PALM: { "errorCode": 0, "timestamp": 1249855555954.000000, "latitude": 36.594108, "longitude": -82.183260, "horizAccuracy": 2523, "heading": 0, "velocity": 0, "altitude": 0, "vertAccuracy": 0 }

The news was released on Joey Hess' blog. Hess, a programmer, noticed a log file on his Palm prē was being sent to http://ps.palmws.com on a daily basis. Among other things, the log file contained his GPS coordinates (in this case, his home address) in the form of longitude and latitude. This information is derived from the built in GPS common to most cellular telephones on the market today.

In addition to his location, the log file also recorded the name of every application he used, when, and for how long.

Although there has been some speculation that this information is only recorded when the device crashes, Hess has shown that, even though Palm's WebOS makes a record of device crashes, this is supplemental to the daily GPS location, and usage-tracking that is sent to Palm every day. (All of which, for now, he has disabled by hacking a file in the operating system.)

Palm's response to this shocking revelation?

RTPP: Read The Privacy Policy. In a statement released by Palm, "Our privacy policy is like many policies in the industry and includes very detailed language about potential scenarios in which we might use a customer's information, all toward a goal of offering a great user experience."

In preparation for this posting, I read Palm's Privacy Policy (08-13-2009). Focusing strictly on users' private location data, the only mention of  location-based information being collected and transmitted is as follows:

"When you use location based services, we will collect, transmit, maintain, process, and use your location and usage data (including both real time geographic information and information that can be used to approximate location) in order to provide location based and related services, and to enhance your device experience."

This policy specifically addresses use of this data when "provid[ing] location-based and related services". That does not explain why they are collecting and transmitting GPS data as part of a daily log.

Frankly, I have some issues with Palm's right to this data, even if it has been disclosed. Although, arguably, Sprint has to process this data through their network to provide service to it's customers, Palm sells hardware and software, not network service, or even traffic and directions. As an individual who collects and analyzes similar data for criminal cases on a daily basis, I see no justification in Palm's Policy, or in terms of the way the equipment operates, for the transmittal of location-specific data to their company.

Read more @ InformationWeek (http://www.informationweek.com/news/security/privacy/showArticle.jhtml?articleID=219300120)

{ "errorCode": 0, "timestamp": 1249855555954.000000, "latitude": 36.594108, "longitude": -82.183260, "horizAccuracy": 2523, "heading": 0, "velocity": 0, "altitude": 0, "vertAccuracy": 0 }

Future Proof: the iPOD 9000, with unofficial intelligence

HAL 9000"Open the pod bay doors, HAL."

"I'm sorry, Dave. I'm afraid I can't do that"

"Dave... I know that you and Frank were planning to disconnect me, and I'm afraid that's something I cannot allow to happen."

"Just what do you think you're doing, Dave? Dave..."

Whenever we're looking for creepy gadgetry, Apple is always a good place to start. Apple insider noticed this U.S. Patent filing yesterday for a "Consumer Abuse Detection System and Method". Of course, some might argue that, if you're looking for "consumer abuse", look no further than Apple's partner AT&T Wireless. In this case, however, the technology is designed to detect abuse by consumers, no of them.

According to the patent, Apple has devised "a system for detecting the occurrence of a consumer abuse event and storing a record of the event...[T]he system may include one or more sensors for detecting the occurrence of a consumer abuse event. Consumer abuse may include exposing the electronic device to liquids, extreme temperatures, excessive shock, and may also include tampering with the device in a manner not related to normal operation of the device...the abuse detection circuitry may be configured to disable operation of an electronic device upon detecting the occurrence of a consumer abuse event, for example, by disabling power to the device."

Mind you, Apple is no stranger to "Consumer Abuse"--or, at least, it's products aren't. There was, of course, the exploding Powerbook that triggered the recall of 1.8 million laptops. And, the defective Nanos that were reported to have caused three fires in Japan. And, the overheating iPhone 3GS. But, this also isn't the first time Apple has introduced self-preservation technology (see Isaac Asimov's third law) into one of it's products. Current iPhones and MacBooks already have "Liquid Immersion Detectors" built-in.

"Just what do you think you're doing, Dave? Dave, I really think I'm entitled to an answer to that question."

Via AppleInsider (http://www.appleinsider.com/articles/09/08/06/apple_working_on_device_abuse_detection_technology.html)


911 — Black Hawk down with SMS

Black Hawk County, Iowa has become the first in the nation to start accepting text messages sent to 911.

For now, the service only works for T-Mobile customers, and only those in the Black Hawk County area. Also, the physical hardware and software does not allow emergency operators to automatically locate callers, like they can using the E-911 (Enhanced-911) capabilities of most cellular and POTS (Plain Old Telephone Service) lines--so dial-access is still the way to go for most people, in most circumstances. But, for those with physical impairments (all-thumbs?), or even temporary physical restraints (think hiding under a desk during an armed robbery), this could literally be a life-saver.

"Texting" has another advantage: it tends work where and when voice calls often can't, and requires very little battery life. Even stranded outside coverage area with a near-depleted battery, a text message is far more likely to "connect" than a voice call, and doesn't require a sustained signal to get the point across. Which, coincidentally, makes T-Mobile customers good candidates for the service.

Unfortunately, it's probably not going to do anything for response times, or T-Mobile's subscriber numbers. But, if it saves just one subscriber's life, that could make it all worthwhile--at least for T-Mobiles stockholders.

Via AP (http://www.google.com/hostednews/ap/article/ALeqM5jQRysLdp0it9uIqDi_ytuMGxpotAD99ST5RG1)


Log In

Join the conversation...

Join the conversation on Twitter

Join the conversation on Facebook

disquslogo_180 Subscribe to RSS feed

Join the Google conversaton…

Geo Visitors Map