Friday, July 30, 2010
by now you might have read a story about the recent activities of one ron bowes, a security consultant and former employee of symantec (if not, check it here). thanks to his handiwork there is now a torrent roaming the interwebs containing information on over 170 million facebook users. now before you start to panic and check your account for hacks, understand that no private information was taken. the torrent file, which weighs in at slightly under 3gb, is nothing more than a consolidated list of all public information that are made public by facebook users. how did he do this? all he had to do was make a crawler to scour the facebook directory, publicly available at http://www.facebook.com/directory/, which on its own is still kind of spooky to look at. no hacks. no cracks. technically not even a security breach.
so what was the motivation? back when bowes worked at symantec, he posted something on the symantec blog called attack of the facebook snatchers (which i highly suggest all of you read). this blog post was about data phishing, and went over the idea of how privacy is an illusion, and that illusion can cause people to be far more free with the information they share. the spirit of this was to enlighten users as to how public information can be used to exploit you. that's what he does. facebook, of course, was not a fan of the post. in the same vein came this torrent he recently created, which is, in my opinion, in that same spirit of awareness in the digital age, even though it started as a pool of test users for a security tool. by his own words (i'd link his blog at skull security but it seems to be down):
"Why do I bring this up? Well last week @FSLabsAdvisor wrote an interesting Tweet: it turns out, by heading to https://www.facebook.com/directory, you can get a list of every searchable user on all of Facebook!
My first idea was simple: spider the lists, generate first-initial-last-name (and similar) lists, then hand them over to @Ithilgore to use in Nmap's awesome new bruteforce tool he's working on, Ncrack.
But as I thought more about it, and talked to other people, I realized that this is a scary privacy issue. I can find the name of pretty much every person on Facebook. Facebook helpfully informs you that "[a]nyone can opt out of appearing here by changing their Search privacy settings" -- but that doesn't help much anymore considering I already have them all (and you will too, when you download the torrent). Suckers!
Once I have the name and URL of a user, I can view, by default, their picture, friends, information about them, and some other details. If the user has set their privacy higher, at the very least I can view their name and picture. So, if any searchable user has friends that are non-searchable, those friends just opted into being searched, like it or not! Oops :)"
so what's the point here? as it always is with social networks, make sure you are the one who controls what others see. the problem in this particular story isn't the bad security man hacking your info, it's not really big bad facebook not protecting users, it's that your public info is in fact, public. and therefore easily accessible. don't publicize anything that could remotely come back to bite you later. given that the facebook service has extended from the chosen social network of twenty somethings to teenagers makes this all the more important. facebook's response to this whole thing is that they offer a number of controls to allow users to take their name out of the directory, and make their profiles unsearchable by engines like google or bing. this is too bad for people that fall into the "didn't know why" or "don't know how" category of users. even though this isn't really facebook's fault, they should go out of their way to make sure that users are fully aware of the privacy controls offered to them. facebook, as mr. bowes says, "has a special responsibility to go beyond doing the bare minimum."
on top of that, there are reports from gizmodo that large corporations and groups are downloading the torrent, either authorized or not. this includes computing giants like apple and HP, as well as groups like the united nations and the church of scientology. i'm not sure how legit this is, but gizmodo's generally pretty good about that. i'm not really surprised - i mean think about the statistical relevance of a sample size of 170 milion. their marketing departments must be very happy.
at any rate, hopefully this whole thing will make people re-think the way they share information in the future.
Thursday, July 22, 2010
|microsoft's kin two|
ultimately the kin one and kin two were a pair of horrible failures. i mean what can you do when no one wants the product? what i can say is that they definitely were different than other available smartphones, but at the same time served as an illustration that different doesn't always mean good. a casualty of a botched project with the creators of what became t-mobile's sidekick, the kin was finally relieved of the twisted misery that was its existence by microsoft last week. kin has been the latest misstep in microsoft's quest to become relevant in the mobile/smartphone market again, and combined with the lukewarm reviews of the windows mobile 6.5 OS that is currently running on windows-based smartphones, they have no choice but to pick it up. windows phone 7 is supposed to be their answer, but after two years of development do they have what it takes to compete with the iphone and droid-based devices?
coming off the heels of the kin debacle, microsoft promised that all focus has been shifted to windows phone 7, and that it was going to be awesome. based on what i first saw months ago on it, i thought that maybe it would live up to the hype. but what about the timing? within the last 2-3 months, apple's iphone 4, motorola's droid x, and htc's incredible emerged as the most sought-after smartphone devices in history between at&t and verizon wireless. windows phone 7 is slated to be available by the upcoming holiday season, after most of us have had one of the aforementioned devices for only 4-5 months. and while i can't speak for others, i generally will wait until i have an upgrade discount on my mobile account to buy a new phone - otherwise, most smartphones range from $500-$600 at full price. and i don't know how many people have that kind of spare scratch just laying around.
|microsoft's windows phone 7|
regardless, i still see some issues that will prevent microsoft from converting iphone/droid users to windows phone 7. first, copy and paste isn't supported. on its own i guess it's not that big of a deal, since this was already known information from the MIX10 conference in march, but when microsoft's trying to highlight the business focus of the device, it seems like that would be an important function for the on-the-go business user. it would definitely enhance their office mobile and exchange integration functionality. second is a lack of multitasking for third party apps. android introduced this first, with the iphone following suit, which puts windows phone 7 behind on that front. third, and this is a big one for me, no navigation. they do a good job of integrating bing and bing maps into the UI, but neither of those provide turn-by turn navigation or gps-style functions. in an era where a lot of consumers are looking to have one strong multifaceted device, such as using their phone as a gps unit in their car, this might be a problem.
overall, for mainstream users or users that want email, web browsing, and high levels of social integration, the windows phone 7 looks like it would be a solid choice. for the "super user," however - the user who wants it all, are going to find it a little wanting vs the existing options from apple, motorola, and htc. but there's still time, and developers have some stuff in hand, so let's see what they can throw together by the holiday release.
the thought of many is that if this mobile hail mary from microsoft doesn't work then they should consider permanently getting out of the mobile game. the problem is that they can't. the prevalent trend among tech users, both personal and business, is that an increasing amount of work (and play) is being done on mobile platforms, not seated behind a desk on a pc. it's the basic convergence of two forms of tech - pc's got smaller and more portable while cell phones became more powerful. soon the two became one. and as one of the standards in computing, microsoft has no choice but to extend their brand into the mobile sphere, like apple and google have successfully done. if the windows phone 7 doesn't fly, they have no choice but to keep trying.
Tuesday, July 6, 2010
|apple iphone 4|
"and most importantly, it comes with a double antenna design. the kind that allows you to hold the phone any way you like and use it just about anywhere to make crystal clear calls."
|the ad that launched 1000 burns|
verizon / motorola / google put a spotlight on apple's most recent public problems. the antenna in question was to revolutionize (surprise, surprise) antenna design, by having it external, and integrated into the unit's casing. holding the phone in the so-called "death grip" (tightly on the outside rim) in this configuration visibly causes signal strength (i.e. how many bars you have) to decrease and cause calls to drop. spencer webb, an an antenna consultant working for apple, says differently - that short bars don't mean dropped calls, and that "full bar" and "short bar" calls are the same in call quantity. apple claims that it's just a software calculation issue, there is no signal strength issue, and that users will be able to see a fix in the visual problem in the next iOS software update, 4.0.1. another test run by anandtech did some more quantitative testing on their own, and calculated a difference of 24dB when the iphone is tightly held, which is enough to drop a call if you live in an area where you have consistently 4 bars or less. if you have 5 bars constantly, then don't worry about it.
by itself, that should have been the end of it, but it was only the beginning of the complaints. it turns out that a $29 "bumper" is available from apple, and it's almost required to minimize the death grip induced antenna fail. some users became so irate that ultimately class action lawsuits (this is the first one, but there's more) have been filed against both apple and at&t for this plus a number of complaints, all the way up to intentional, negligent misrepresentation and fraud. are these lawsuits bordering on the ridiculous? sure. i don't see how some of the claims really stand. do i think that users deserve compensatory damages? well, yes. exactly what they paid for the iphone to begin with. it's called a return policy. and given that most iphone 4 purchases are upgrades, if they charge you a restocking fee then that's your penalty for blind loyalty.
apple and steve jobs have remained pretty silent on the issue, not addressing customers' requests that apple provide bumpers at no charge to alleviate this problem. big steve's expert advice is to buy their bumper case or "just avoid holding it in that way." but every photograph or television spot shows users and steve jobs himself holding it the "wrong" way! i mean what is a loyal apple head to do?? don't believe me? check out the compiled gallery here.
i know, i thought the same thing - absolute wonderment. in addition to all of this, the folks at boy genius report have gotten their hands on apple's troubleshooting procedures on this issue. reading them over definitely shows a lack of concern for their loyal customer base. in my opinion, apple should at bare minimum send out free bumpers to current iphone 4 customers to rectify a problem they acknowledge exists. gizmodo is of the same mind, and has started a petition to convince apple to come around on this one. cases.com is sending out free iphone 4 "lifegrip" cases, for the cost of shipping, which is as low as $3.39 for first class mail.
this amid even more rumors about iphones for verizon wireless. give it a rest, with android powerhouses like the htc incredible, motorola droid x (my next digital acquisition) and upcoming droid 2, my guess is that verizon will be trying to foster that partnership before renewing any interest in the iphone. just doesn't make sense.