Google Chooses Mobile Devices over Street View for all Future Geolocation Sharing

Oct 192010
 

It’s official, folks: Google is done with the use of WiFi geolocation scanning.

And that’s a good thing, because most people would rather have anonymous geolocation than have to deal with their home networking identifiers getting pulled out. I’m not making this up.

But on a serious note, Google’s erroneous habit of including geolocation scans with its road-traveling Street View cars is done. Kaput. Out with the rest of the garbage. Going forward, the Mountain View, Calif.-based internet search and services company will put its entire geolocation-related focus on the plethora of downloadable apps that users already install on their phones and notebook computers — which in turn should pull Google away from the risk of accidentially latching on to private information that it had with the Street View approach.

As explained by Canadian privacy commissioner’s office representative Jennifer Stoddart in relation to an official report concerning procedural findings on the matter, collection of geolocation data using Street View “is discontinued and Google has no plans to resume it.” Instead, Google will “obtain the information needed to populate its location-based services database” from “users’ handsets.”

As it is, users of Google software products (including Chrome, Google Maps and phones running the Android mobile OS) may already be permitting this functionality to do it’s work, in turn making the potentially-intrusive methodology seem rather pointless to begin with — so the change in focus really shouldn’t be in-your-face surprising, if it even is at all.

Source: CNet News

Top iPhone Apps Transmitting UDIDs according to Security Review

Oct 052010
 

A recent review that was published a report on iPhone security revealed an important note. Most of the third-party software available for iOS-based devices transmits an accompanying unencrypted unique device identifier, and this could offer chances to retrieve personal information of the phone user.

The security review also mentioned that the top free and most popular categories on the iPhone App store were observed to be having chance to transmit UDIDs from device. Almost 68% of the mentions apps are currently having this chance of security issue. Another important this is that the 18% of apps encrypted their communications, so it could not be determined what kind of data is being shared.

The security review was published last week by Eric Smith, network administrator with Bucknell University and two-time DefCon wardriving champion.

The review was conducted on 57 apps that are available for iPhone and determined that the personal information was sent out in plain text, posing a potential security concern.

Here, this UDID is a unique identifier and this will be assigned to each iOS device and this includes iPhone, iPad and iPod Touches. In fact, this number is derived to control piracy with software available on the App Store.

The security review conducted by Smith compared UDID assigned to iOS to the controversial processor serial number that Intel attached to its Pentium 3 chips. The observations revealed that the Pentium 3 PSN “elicited storm of outrage from privacy groups”, and this is questioning why those concerns have not been expressed with the iPhone.

These privacy issues were witnessed with few of the popular apps as Amazon, Chase Bank, Target, and Sam Club. Here, The CBS News app gone little further and transmitting the UDID along with the user-assigned name for the iPhone, which typically includes the owner’s real name.

Smith wrote in his review as “Most iPhone application vendors are collecting and remotely storing UDID data, and some of these vendors also have the ability to correlate UDID to a real-world identity. For example, Amazon’s application communicates the logged-in user’s real name in plain text, along with the UDID, permitting both Amazon.com and network eavesdropper to easily match a phone’s UDID with the name of the phone’s owner”.

Here, we should remember that Apple has been very up front with security on iOS, requiring that users approve when applications access information like GPS or the phone’s address book. In addition, the company has also allowed user to opt out of data collection with services like iAds.

The company even called out one mobile analytics firm, after data about the iPad was obtained from devices in testing on Apple’s Cupertino, Calif, Campus without the company knowing. The incident prompted Apple to revise some of the rules in its iPhone Developers Agreement.

Via Appleinsider

Taint Droid-Realtime Privacy Monitoring

Oct 012010
 

Train Droid has come up with a real time privacy monitoring for all the Android devices. This is all about securing the device users’ personal data. In fact, the outcome is a combined effort of Intel, Penn State University, and Duke University that monitors the private data that third party applications request from your Android phone, through using a scientific technique called “dynamic taint analysis”. In detail, this Taint Droid will monitor applications and alerts the user whenever someone tries to send personal identifiable data from the user’s device. It cannot differentiate whether it is good or bad, just able to intimate what is being sent and where it’s being sent to only. At least it is good to learn what is happening and according to that a user can take necessary action to the incident.

Here, Android got an ability to inform a user about the related permissions an application should have, but users generally ignore them due to lack of knowledge in understanding them properly. This Taint Droid can result as a great help for such users. Taint Droid is having FAQ and Video Demo to understand about the app in detail. The app is endorsed by someone in California and soon the app will be available for all. You can see AppAnalysis here.

Via Androidcentral

Twitter Mess and Blame Taken By a 17-Year Old

Sep 222010
 

Twitter bug caused huge havoc and later it was successfully fixed. Now, a 17-years old Australian was taking responsibility for the bug. Here, the whole havoc is not done through this boy and he was just opened the gates for it to play.

The whole incident was a result when this Melbourne high school student tried to test the Twitter security flaw. The small act from a little boy caused huge head ache to many of the prominent members of Twitter. The problem was brought into the notice of Twitter team almost a month back from a Japanese hacker.

The best part is that the student is good enough to accept the fault and today many youngsters are being curious towards these issues. But, we all should wish that it will not repeat and the vulnerability should not become an advantage for the others.

Are Photocopiers A Security Risk?

Jun 302010
 

People have been using Photo Copiers for around 50 Years but what most users don’t know is that from 2002 most Copiers have a Hard-Drive!

What Does Having A Hard Drive Mean For You

Having a Hard-Drive in a Copier means that everything you Copy or Scan is stored on the Hard-Drive. Most Companies do not wipe these Copiers when the are disposed of or Sold on etc.

The information stored could be:

Continue reading »

Droid Incredible Has Some Browser Privacy Issues

Jun 172010
 

BGR reports that Droid Incredible has some Browser Privacy issues by taking snapshots of your browser history which stays on internal memory on the phone even after manufactory default reset.

incredible-browser-privacy1

Droid Incredible has 8GB of internal memory and you can’t really wipe it out, unless you hook it up to PC/Mac and look for specific folder where those cached images are.

If you fail to delete those cached images, down the road when you sell the phone, someone could easily check what pages you bookmarked  and possibly see what your username is.

Overall this isn’t big deal of privacy invasion, unless your name is Paris Hilton :)

Facebook Privacy: Are you the Problem, not Facebook

May 142010
 

Like 400Million or so other People, I’ve got a Facebook account and have had for a number of years! I would consider myself a Professional Computer and Internet user, who has been aware of the fact that you only share or publish the minimal amount of information necessary to any Website or Social Network like Facebook!

Of course over the years I realise that not everyone is aware of the Security and Privacy issues involved, even just by casual surfing the World Wide Web, as I am!  I still look at the Web as an alternative World in a way and like the real World you have to somehow protect yourself and your Property from others!
Continue reading »

FBI Asks ISPs to Keep Logs of Browsing History…Just in Case

Feb 112010
 

In a move that will alarm anyone who cares about privacy, the U.S. Federal Bureau of Investigations (FBI) is once again pushing for Internet Service Providers (ISPs) to maintain archived logs of internet browsing history of customers, for a period of at least two years. The FBI asserts that doing so will enhance their capability to investigate criminal activity, such as the viewing, downloading, and distribution of child pornography.

Continue reading »