Wednesday, 23 November 2011

HTC Mistreating Customers

This a somewhat controversial topic, don't like it then don't read it but if you care about internet freedom, please help spread this.

HTC/Samsung and possibly other companies are installing rootkits in Android phones, coded into the kernel and it hides in the memory. No this rootkit isn't "malicious", but it's installed [B]without your consent or knowledge[/B] and collects data on you.

One developer who goes by the name of TrevE over at XDA-Developers has blogged about this rootkit, and within the first 24hrs of his information being released, lawsuits are being filed on him by HTC that all his info and research has to be pulled down and must issue a public apology to HTC and has 24hrs to do it. HTC do this so he didn't have time to seek legal advice. Guess what? he got legal advice from EFF (Electronic Frontier Foundation), who came to his aid.

Congratulations HTC, you pissed off the Android community and now you will pay for it. Any dev is advised to dev the hell out of any HTC phone and find out what else HTC is upto.

Also, am I the only one wondering what will happen if this mistreatment continues? I'm sure we all remember what happened to Sony when our brothers from Anonymous stepped in? we wouldn't want the same to happen to HTC would we?

Just a quote from the video, but isn't this the same thing?

Hello Sony

It has come to our unfortunate attention that you have decided to interupt the free flow of information. As you well know from other acts performed by Anonymous, that we will not stand for this.
By sueing Geo Hot, and attempting to view the IP addresses of those who watched his videos, you have angered the hive.

I've bolded the parts that are relevant to this situation. Anyone agree?

Friday, 18 November 2011

Android Security - Pointless?

Thanks to a post from @Androidpolice on Twitter for posting this. The following posts contains quotes from Googles own open source project manager Chris DiBona (he's a complete douche bag btw).

Mobile Security is apparently pointless from what Chris says.

Yes, virus companies are playing on your fears to try to sell you bs protection software for Android, RIM and IOS. They are charlatans and scammers. If you work for a company selling virus protection for android, rim or IOS you should be ashamed of yourself.

So, is Lookout Mobile Security useless and pointless? Hey Chris, it's 2011, wake up and smell the coffee. Security is becoming a bigger and bigger issue, malware is evolving. Yes what we have right now may not be 'big' per se but it's heading that way.

If you read a report from a vendor that trys to sell you something based on protecting android, rim or ios from viruses they are also likely as not to be scammers and charlatans.

So Lookout are "scammers and charlatans". Hey Chris, I wonder what will happen if this was sent to Lookout Mobile Security, or Kaspersky Mobile Security, or BitDefender Mobile Security? OOOH SHIT wait I already sent it to Lookout. Oh well. Can anyone 'lawsuit'?

Also what makes me laugh:

So there you go. I'm sure people will now chime in about some worm or malware they downloaded from some app market or something, which will be moderately fun, then it will devolve into a discussion about something unrelated, then I'll cancel comments. :-)
This guy is quite obviously a troll who can't face the truth. Proposes a statement but can't back it up, and when people show him facts that he's wrong, he disables comments. Chris, PLEASE do EVERYONE a favour and kindly go kill yourself now. Thank you.

Thursday, 17 November 2011

Suing Acer; More Trouble Than It's Worth?

Acer are being sued in CA for misrepresentation. You can grab a copy of the document file here [pdf]

Acer sold some laptops that were supposed to come with OEM Recovery CD's and didn't. Obviously recovery CD's are very handy should something go wrong, and I'm guessing the person who filed this lawsuit isn't an advanced person when it comes to technology and computers. Yes Acer may have misrepresented it, but is going through (no doubt) months worth of court action, seeing lawyers, paying for lawyers, etc worth all this bother?

I see the point their making and it's a valid point, but it seems more trouble than it's worth.

I don't have any recovery discs for mine neither and yes my machine has died on me in the past and wouldn't boot no more, but seriously that's not the end of everything. I just boot Linux instead, open source, free to download the OS, free to burn to a CD, grab my data and format. Takes me what, 1hr maybe 2? that seems like less of a bother than going through months of court related stuff, having to pay for lawyers, etc

This costs me what? like £50 for a decent external 1TB HDD that hasn't failed on me in the past 3yrs, £10 for hundreds of blank CD's to put Linux on. £60 seems a good deal than bothering with courts if I'm honest. :\

I dunno, go figure.

Wednesday, 16 November 2011

Google Music: I Don't See The Point In It?

Okay so today Google released their new Google Music service, it was a decent conference, you'll probably find the recorded version for playback on the Android Youtube channel soon.

Now me personally, I don't want to come off like I'm all for piracy because I'm not, but I seriously do think this whole Google Music stuff will only lead to piracy.

Someone buys a song, shares it over Google+, so their friends can listen it to once. Now, it's not exactly hard to go download Audacity to record the song as it's played back. Now the problem is, whoever does that has a free copy of whatever song, this person brags about it to his friends and ends up passing it to them, they pass it to their friends, etc.

Somewhere along that line, the file is uploaded to the internet via file hosts/P2P/torrents, and eventually ends up on Youtube, now people across the globe can listen to it whenever they want. I have Internet Download Manager installed on my machine and IDM allows me to download songs (including video) in flv format for FREE.

Now lets recap. Songs people have to BUY eventually end up on the internet, anyone who's anybody can get a copy of them for FREE. Problem Google?

Also, I noticed I can't download Google Music to my SGS phone as it's only for US people. Oh wait someone leaked the APK and now I do have Google Music.

That is all.

Android Security: What Should We Worry About?

Last night I was crawling the net for the latest security news and found something of real interest. More Android malware? more Android vulnerabilities? Nope. Although I will say this. Android malware is optional, yes I said optional. What do I mean by that?

Android malware can be installed with your permission, and doesn't come free with the phone when you buy it. This security threat is NOT optional and is installed by your carrier. This threat has permissions even higher than super user and hides in your phones memory.

So what is it exactly? this rootkit is known as Carrier IQ (CIQ for short). What does it do you ask? normally CIQ is used to report back to the manufacturer when there is a problem with the phone, like if it crashes, etc. No big deal right? wrong.

The CIQ on Samsung/HTC phones is used as tracking system. It's tracking YOU. It's tracking your location via GSP even if you have it switched off, your calls, your text messages, what apps your running and when you use them, etc. Yes, this threat is keylogging you.

What makes this even worse is all that data is sent back to your carrier and is NOT anonymous. All that data has YOUR name on it. Apparently your privacy doesn't matter to HTC or Samsung, you don't have the option to opt-out of this program.

You can find both articles on XDA-Developers forum here and here.

Personally, I didn't even know about this invasion of my privacy until last night and this quote from XDA pretty much sums up how I feel about it.

Remember, we may not be the vast majority of your users/customers, but unfortunately for you, our communities are the ones who can make your sales efforts into a living nightmare. Consumers are the ultimate key holders and we suggest that you stop looking at us as dollar signs and more like people and customers. All in all, I am not for sale and my privacy is priceless.

Something tells me Samsung and HTC are about to be sued to hell, we shall see.

Friday, 11 November 2011

FBI Take Down DNSChanger Cybercrime Circle

Quick shoutout to the FBI, Team Cyru and everyone else who helped bring down the DNSChanger malware circle, 7 charged with internet fraud of $14m

We love you guys.

As always, you can find more news in my Twitter feed.

Charlie Miller Kicked Off iOS Dev Team

Recently news broke of security expert Charlie Miller who has helped find many holes in iOS, was kicked off the dev team for showing a proof of concept that allowed malicious apps to be planted into the iOS app store with a code-signing bug. Article by ComputerWorld here

I know many companies have a policy with security researchers - that they have to keep quiet until the hole is closed and not release details about it.

Miller never really released anything, I saw his video for the proof of concept he did, he didn't release the method of how he did it. Yes I can say fair enough, but I can't help but think Apple shot themselves in the foot as well. Losing a decent security researcher like Miller... we'll see how it effects Apple.

Interview with Sony's CEO Howard Stringer

So once again, another article concerning Sony. Sony's CEO Howard Stringer was interviewed by The Street about the Sony breaches. article here.

The basic message was hackers didn't impact Sony too negatively, customers still came back. In a way, I suppose it's true, I find myself still loving my PS3, but not because of what most of todays customers see in the PS3.

Sure everyday customers see the PS3 for being able to play PS3 games both on/offline and play Blurays, but what do customers NOT know about the PS3? I can still play my PS3 games offline and play Bluray movies, but my PS3 is fully unlocked under my control. Mine is jailbroken with ReBug 3.55.2 - I get all the features including OtherOS++, where I've installed Ubuntu Linux. The PS3 market is split in 2 because of Sony, one half know the love the PS3 for games/PSN, the other half love it for it's ability to boot to Linux.

But anyway, back to the article.

"The target opportunity was a revenge attack, initially -- it was because we went after a hacker who hacked PlayStation," he said. "PlayStation is vital to us, and so we were afraid that it would essentially destroy a PlayStation."

What I find funny about the article is he doesn't say why people want revenge on Sony. Good point - why would people want revenge on Sony? Lets think shall we?

1. Arresting GeoHot
2. Arresting Graf_Chokolo
3. Sending DMCA's to sites like Github
4. Arresting others hackers

and those are just the upfront facts, do I need to mention Sonys fucked up TOS? If you take a moment to read them, you'll find they are basically screwing you in the ass. THAT is why you were attacked Sony, but we all know they will never say out loud for fear of embarrassment.

He's scared of the PS being destroyed? Sorry Howard, may as well get working on the PS4, the PS3 is the most open console on the market, with both hardware and software exploits, what other console offers Bluray playback + Linux + games? As a person who loves freedom, the so called "hackers" are the ones who are probably bringing more love to the PS3 than Sony ever could, a lot of the Linux community loves the PS3.

But anyway, that's just how I feel about it.

Personal Phones - Privacy Invasion... By Your Boss

Hmm, no blog post for a good 2 weeks or so, time for an update, covering some of what I've read in this weeks new, all tech related but on different subjects.

First up, this article here got me a bit pissed off.

No way something like can stand in a court of law. Employers "demanding" the right to have remote access to employee's PERSONAL phones. Okay wait a second, personal phones? The key word here is personal. Who in their right mind gives someone they don't know remote access to their personal phone? I know I wouldn't.

The message here is DON'T use your personal phone for work, giving your boss remote access to your phone is complete privacy invasion, it's complete bullshit as far as I'm concerned. As much as I hate to say it, take the option of going with a firms provided BlackBerry phone (as much as I hate them compared to Android). Your personal phone is yours and only YOU should have access it to, full stop.