Tag Archive for 2010

| June 25, 2010
One comment

Google Remotely Removes Apps

Google Remotely Removes Apps– Updated 03-19-2011 – After the recent discovery of some 50+ malicious applications on the official Android Marketplace, Google removed the malware as soon as they became aware of their existence. According to Help Net Security, this was four days too late to prevent the tainted applications from being downloaded over 50,000 times.

In response, Google remotely executed its Android kill switch to delete the apps in question. Google is pushing an update to close the software hole.

In an official confirmation of the incident, Rich Cannings, Android Security Lead says that Google will notify the owners of the affected devices after the malicious app(s) are deleted and the update is installed, “You are not required to take any action from there; the update will automatically undo the exploit,” he explained. </update>

Over at the Android Developers Blog, Rich Cannings, Android Security Lead details how Google (NASDAQ: GOOG) can remotely remove applications from an Android phone. The article explains how the Android Security team removed two applications that violated the Android Market Terms of Service.

The Google article says, “...we’ve also developed technologies and processes to remotely remove an installed application from devices.”  The article says that Google chose to remove the applications because they knew better, “ … we decided … to exercise our remote application removal feature…”. Google does try to minimize the impact of this ability in Chrome by stating,  While we hope to not have to use it, we know that we have the capability to take swift action …

I wrote about Google’s and Apple’s control of the OS in 2009. The master marketers at Google have spun this ability to delete any file to be a good thing. However, nowhere in the article does Google state that it will not remove files in an arbitrary fashion like Amazon’s 2009 big brother-like overnight removal of George Orwell’s 1984 and Animal Farm from Kindles.

 

Ralph Bach has been in IT long enough to know better and has blogged from his Bach Seat about IT, careers, and anything else that catches his attention since 2005. You can follow him on LinkedInFacebook, and Twitter. Email the Bach Seat here.

Category: Uncategorized | Tags: , , , , , , ,
| June 24, 2010
Comments Off on Keyboard Viruses

Keyboard Viruses

Keyboard VirusesComputer keyboards are so dirty they could cause symptoms of food poisoning and other illnesses, according to an article on InfoWeek. British researchers for Which? Computing says that your computer keyboard is filthier than toilets. The site had a microbiologist compare germs on 33 office keyboards to toilets and bathroom door handles and found the keyboards contained the most bacteria.

The keyboards were so dirty, they could cause symptoms of food poisoning and other illnesses, according to the article. One keyboard had 150 times the recommended limits on bacteria and was five times as dirty as one of the toilet seats. The magazine said that office workers who fail to wash their hands after using the bathroom and those who eat lunch at their desks are likely to blame for the dirty keyboards. Half the people surveyed said they clean their keyboards less than once a month. Ten percent said they never clean their keyboards, and 20% said they never clean their mouse.

Another survey by the University of Arizona‘s Dr. Charles Gerba contained similar findings. He found that women’s makeup, phones, pocketbooks, hand lotion bottles, keyboards, desk drawers, and mice had the most germs. Men’s wallets, handheld devices, and phones topped the male list. That study found that women’s desks contained, on average, seven times more germs than men’s desks. Gerba, whose study was backed by Clorox, recommended frequent hand washing and the use of disinfectant wipes. The British report recommends turning off computers, shaking out food crumbs, using a damp cloth to wipe surfaces, and following up by disinfecting with alcohol wipes.

Related articles
  • Technology and Toilet Seats: The Skinny on Germ Transmission (medicaldaily.com)

 

Ralph Bach has been in IT long enough to know better and has blogged from his Bach Seat about IT, careers, and anything else that catches his attention since 2005. You can follow him on LinkedInFacebook, and Twitter. Email the Bach Seat here.

Category: Health care | Tags: , , , , ,
| June 20, 2010
Comments Off on Facebook Adds IPv6

Facebook Adds IPv6

Facebook Adds IPv6NetworkWold is reporting that Facebook began offering “experimental, non-production” support for IPv6 on June 10,2010. With more than 350 million active users. 65 million of them accessing the site through mobile devices, Facebook is planning its deployment of native IPv6 to its network backbone. The social network says it wants to support both IPv4 and IPv6-aware clients. In a presentation at the Google IPv6 Implementors Conference, Facebook’s network engineers said it was “easy to make [the] site available on v6.”

FacebookFacebook said it deployed dual-stack IPv4 and IPv6 support on its routers, and that it made no changes to its hosts to support IPv6. FB also said it was supporting an emerging encapsulation mechanism known as Locator/ID Separation Protocol (LISP), which separates Internet addresses from endpoint identifiers to improve the scalability of IPv6 deployments. “Facebook was the first major Web site on LISP (v4 and v6),” Facebook engineers said during their presentation. They also said that using LISP allowed them to deploy IPv6 services quickly with no extra cost. Facebook’s IPv6 services are available at www.v6.facebook.com, m.v6.facebook.com, www.lisp6.facebook.com, and m.lisp6.facebook.com.

John Curran, president, and CEO of the American Registry for Internet Numbers (ARIN) has been urging Web site operators to deploy IPv6. Curran set a deadline of Jan. 1, 2012, when all public-facing Web sites must support IPv6 or risk providing visitors with lower-grade connectivity. The remaining pool of unallocated IPv4 addresses could be depleted as early as December due to unprecedented levels of broadband and wireless adoption in the Asia-Pacific region, experts say.

ARIN logoRichard Jimmerson, CIO at the American Registry for Internet Numbers (ARIN), told NetworkWorld, “It’s moving so fast now that it’s hard for us to be current on it any longer,” ARIN provides IPv4 addresses to carriers in North America. “We’ve gone through 10 /8s since the beginning of this year,” Jimmerson says. “To put that in perspective, in all of 2009, we only went through eight /8s. It’s very possible that the IANA free pool will deplete in December or January at the earliest.”

The article reports that demand for IPv4 addresses remains flat in North America, there has been a huge surge in the Asia-Pacific region this year that is likely to stay strong. “The Asia-Pacific region has very large economies that are underserved by IP addresses such as India, China, and other places,” Jimmerson told NetworkWorld. “They are really seeing a big surge in broadband deployment and wireless data handset deployment, and that translates into having to have unique IP address space. That trend is likely to continue.”

rb-

Just last week, I was speaking with a potential client about getting ready for IPv6 on their network. They had not even talked yet with their ISP about getting IPv6 traffic to them, let alone how they were going to deal with IPv6 in and out of the network.

 

Ralph Bach has been in IT long enough to know better and has blogged from his Bach Seat about IT, careers, and anything else that catches his attention since 2005. You can follow him on LinkedInFacebook, and Twitter. Email the Bach Seat here.

Category: Uncategorized | Tags: , , , , ,
| June 19, 2010
Comments Off on Supremes Rule on Sexting Case

Supremes Rule on Sexting Case

Supremes Rule on Sexting CaseOn Thursday (June 17, 2010) the U.S. Supreme Court ruled on the City of Ontario, California v. Quon case. I wrote about this sexring case earlier and its implications for corporate technology acceptable use policies (AUP).  The case involved the use of text pagers issued to officers by the city police department. The city issued the pagers for City use, under a general acceptable use policy. The officer in question consistently went over the allotted limit on messages which caused his supervisors to get stored text messages from the service provider. The City discovered that many of the messages were not work-related but were “sexting” or sexually explicit personal text messages. The officer claimed that the search violated the Fourth Amendment.

The Supreme Court ruled unanimously that the police department’s actions were reasonable, and thus did not violate the constitutional rights of the police officer. Justice Kennedy’s opinion ruled narrowly, to avoid a final definition of electronic privacy.

Prudence counsels caution before the facts, in this case, are used to establish far-reaching premises that define the existence, and extent, of privacy expectations of employees using employer-provided communication devices. Rapid changes in the dynamics of communication and information transmission are evident not just in the technology itself but in what society accepts as proper behavior. At present, it is uncertain how workplace norms, and the law’s treatment of them, will evolve.

According to the Center for Democracy & Technology (CDT), the Supreme Court faced an opportunity to curtail workplace privacy (or electronic privacy generally) in this case. However, the Court applied the O’Connor v. Ortega (1987) precedent, that government employees generally retain their Fourth Amendment privacy rights, and it assumed that government employees may have a reasonable expectation of privacy even in communications they send during work hours on employer-issued devices.

The CDT says the message to government employers is that the courts will continue to scrutinize employers’ actions for reasonableness, so supervisors have to be careful. Unless a “no privacy” policy is clear and consistently applied, an employer should assume that employees have a reasonable expectation of privacy and should proceed carefully, with a good reason and a narrow search, before examining employee emails, texts, or Internet usage.

rb-
As we always try to tell our clients, make sure that there is a clear statement of no privacy in all policies and policy enforcement actions and as part of their policies, companies should discourage employees from using personal accounts to conduct company business.

 

Ralph Bach has been in IT long enough to know better and has blogged from his Bach Seat about IT, careers, and anything else that catches his attention since 2005. You can follow him on LinkedInFacebook, and Twitter. Email the Bach Seat here.

Category: Uncategorized | Tags: , , , , , , , , ,
| June 18, 2010
Comments Off on Full AV Needed for MacOS

Full AV Needed for MacOS

The Mac antivirus vendor Intego has identified a new malware threat for MacOS. On the Mac Security Blog, the firm calls the threat, OSX/OpinionSpy, a “high risk.” According to their blog, the main distribution channel for the malware through screen saver programs downloadable from reputable download sites including MacUpdate, VersionTracker, and Softpedia. The malicious code does the typical malware things like scan files, record user activity, create a backdoor, and send stolen data to remote servers.

SeacrchSecurity quotes security expert and SANS Institute instructor, Rob VandenBrink, writing on the SANS Internet Storm Center Diary, who said the malware is a simple bolt-on to other freely downloadable applications. “The neat thing about this malware is that it passes most static scan tests – the downloaded software itself is clean, the malware is downloaded as part of the installation process,” VandenBrink wrote. “This highlights the requirement for an on-access virus scanner for your OSX computers.”

rb-

Many people have long-held that macOS is more secure than Windows. macOS and its underlying *NIX OS have their own issues. The recent announcement by Google to increase its use of non-Windows OS’s (here and here) has made macOS security thru obscurity mute. Mickey Boodaei, CEO of security vendor Trusteer, told SC Magazine, “Mac and Linux are not more secure than Windows. They’re less targeted. There is a big difference.”

This announcement weakens the theory that using MacOS computers is the best way to secure online financial transactions. For the time being, a * NIX-based live CD is probably the safest bet to secure your online financial transactions.

macOS users should get a real anti-malware package that includes an on-access scanner.

 

Ralph Bach has been in IT long enough to know better and has blogged from his Bach Seat about IT, careers, and anything else that catches his attention since 2005. You can follow him on LinkedInFacebook, and Twitter. Email the Bach Seat here.

Category: Uncategorized | Tags: , , , , , , , ,
« Older Entries   Recent Entries »