Your Smartphone -IS- Spying On You!
- Editor's Corner
Your Smartphone -IS- Spying On You!
- Admin Toolbox
- Admin Tools We Think You Shouldn't Be Without
- Webinars & Seminars
- VIPRE Antivirus Business Product Demonstration - 12/6, 12/13
- Free Desktop Virtualization Seminar
- Tech Briefing
- HP LaserJet Printers Vulnerable To Attacks, Researchers Warn
- Network Admin Eats Humble Pie
- IE 10 One Step Closer
- Surprise! Certified IT Jobs Are Paying Less
- Windows Server News
- Developing Mobile Apps For The Cloud
- Local Storage For Virtualization: Will It Catch On?
- Technologies And Trends To Be Grateful For In 2011
- Hidden Gems In Windows Server 2008 R2?s Resource Monitor Tool
- Third Party News
- Access Control and Security Management
- VIPRE Business Service Release 1 Beta 2
- WServerNews FAVE Links
- This Week's Links We Like. Tips, Hints And Fun Stuff.
- WServerNews - Product of the Week
- New Free Tool - Real-time Bandwidth Monitor
for Sub Second Device Polling and Interface Monitoring
- New Free Tool - Real-time Bandwidth Monitor
Your Smartphone -IS- Spying On You!
#FAIL! For most cell phone carriers. There is a process installed on most recent smart phones called Carrier IQ. You cannot stop this process. It looks at what is happening on the phone and sends every button you press to the IQ app. From there, the data ? including the content of text messages ? is sent to Carrier IQ?s servers, in secret. I checked it out on my own HTC Android phone from Sprint and sure enough, it's there.
It cannot be turned off without rooting the phone and then replacing the whole OS. Moreover, even if you stop paying for service from your carrier and just use Wi-Fi, your phone still reports to Carrier IQ. Dang! Worse, if you use Google search, and type in a search term, this is supposed to be https, so it should be encrypted. However, the Carrier IQ software sends it over Wi-Fi in cleartext: #DOUBLEFAIL.
This particular software is installed on hundreds of millions of handsets, including modern BlackBerry and Nokia phones, and early versions of Apple's iOS, but no one knew about it until Android developer Trevor Eckhart analyzed how it works. Carrier IQ's software is even running on every iOS version dating back to iOS 3, well-known iPhone hacker "Chpwn" said in a blog post. (Apple seem to have woken up with iOS5 where you can turn off Diagnostics and Usage in Settings.) Link to Chpwn here: http://www.wservernews.com/go/1322990280328
The software secretly logs pretty much anything that happens on a phone, supposedly for the reason that carriers and phone manufacturers 'can do quality control'. Yeah right, maybe so, but Carrier IQ can be served with subpoenas as well, and then all traffic is right there for Big Brother to be perused. Me no like. And think about compliance for a moment! This thing has a bunch of legal and ethical angles that the lawyers are just going to LOVE. I'm pretty sure the first class action lawsuits are being filed are you read this.
I would not be surprised if this will go all the way up to the Supreme Court, it is related to the the Fourth Amendment of the U.S. Constitution: "The right of the people to be secure in their persons, houses, papers, and effects, against unreasonable searches and seizures, shall not be violated, and no Warrants shall issue, but upon probable cause, supported by Oath or affirmation, and particularly describing the place to be searched, and the persons or things to be seized."
Wow, what a privacy and security hole, unbelievable. Below is the 17-min video where he clearly shows what is going on. Eckhart calls it a rootkit, but that is a bit much, though it clearly qualifies as a Backdoor Trojan in my book.
Probably CIQ started out with the laudable idea to measure carrier and handset performance. But that is where it went off the rails in a hurry. Using code that acts like a backdoor Trojan is totally the wrong way to do that. I wonder if they heard of the Sony rootkit debacle of 2005?
The carriers (and Carrier IQ) have access to Android source code, and apparently they do what they want with it, without Google being able to object. Apple seems to have taken action, caused by user backlash. Google, I suggest you have a look into this... remember 'do no evil'?
Ben Scott remarked: "A while ago some people said, "Glad I'm on Verizon!". Then the apparent Verizon reporting was discovered. Other people were saying, "Glad I don't use Android!". Then Symbian and RIM reporting was discovered. Other people said, "Hah hah! Apple would *never* let this happen!" Then the iOS reporting was discovered. There appears to be a trend here." I wonder if the Carriers are in bed with the Feds,and that Law Enforcement is using this. Talk about privacy violations.
You can see the video where Eckhart demos what happens on Android. Not that I have anything to hide, but I'm going to root my phone now, or look for some app that rips out CIQ.
Video on WIRED:
Update: Looks like Eckhart -has- some code that checks for CIQ and disables it. Less time than rooting a phone. Start here:
Quote of the Week
"All things are difficult before they are easy". -? Thomas Fuller
"By working faithfully 8 hours a day you may eventually get to be boss and work 12 hours a day". ?- Robert Frost
"Far and away the best prize that life has to offer is the chance to work hard at work worth doing". -? Theodore Roosevelt
Warm regards, and thank you for being a WServerNews subscriber. No trees were killed in the sending of this message, but a large number of electrons were terribly inconvenienced. Please tell your friends about us. They can subscribe here:
email me: [email protected]
Admin Tools We Think You Shouldn't Be Without
rDirectory's Community Edition is a pre-configured, easy to use, web-based directory and search engine that downloads in just minutes - and it's absolutely free!
Insider. Outsider. With Centrify's detailed recordings of privileged user sessions, you've got a better way to see if outsourced IT staff are acting like insiders?or outsiders. View Demo.
Tired of your Active Directory management tools? Centralize and simplify all Windows and AD management without scripting.
Orion IP Address Manager - Get detailed visibility into IP address space usage and prevent IP address conflicts from taking down network devices.
Free Service: Email Exposure Check. Find out which addresses of your organization are exposed on the Internet and are a phish-attack target
Webinars & Seminars
VIPRE Antivirus Business Product Demonstration - 12/6, 12/13
Looking for a security solution that doesn?t slow you down? VIPRE Antivirus Business combines antivirus and anti-spyware technologies into one powerful security solution for total protection with low resource usage. New VIPRE features include scalable multisite tiering and role-based access control. Join us as we demonstrate the many features of VIPRE Antivirus Business.
Dec 6 at 2pm ET
Dec 13 at 11am ET
Free Desktop Virtualization Seminar
In this complimentary seminar, independent expert and desktop virtualization guru Brian Madden will update you on where the desktop virtualization market is in 2011, focusing on what?s real and what?s not. Spend just a few hours out of the office to take advantage of a live Q&A, peer networking opportunities and tons of valuable information.
HP LaserJet Printers Vulnerable To Attacks, Researchers Warn
Computerworld reported that millions of Hewlett Packard Co.'s LaserJet printers contain a security weakness that could allow attackers to take control of the systems, steal data from them and issue commands that could cause the devices to overheat and catch fire, according to two researchers from Columbia University. Printers from other vendors likely have the same issue, leaving users of those devices exposed to similar threats, the researchers said. The security researchers findings was first published by MSNBC.com earlier this week.
Network Admin Eats Humble Pie
An IT expert tries out an idea for configuring the company's file server, but instead confronts technical reality. This is a really good little story with a smart 'moral' we can all learn something from:
IE 10 One Step Closer
Doug Barney reported in Redmond mag.com that Microsoft has been teasing us all with its vision of the mid-term future. We have sneak peeks at Windows 8, bold cloud pronouncements and then there is the browser.
IE 10 is meant to reinvent the browser much like Win 8 is meant to reinvent the OS. While Win 8 has a fundamentally different look and feel, IE 10's changes are more in the innards. The key move is to push HTML 5 in place of Flash and Silverlight. The idea is to have a single, open standard drive as a new wave of dynamic Web pages and apps.
Developers have been toying with what Microsoft calls a platform preview. These hunks of software have a limited UI, but the underpinnings are there to explore.
Surprise! Certified IT Jobs Are Paying Less
Dang, not the kind of news I want to report, but it seems to be the case.
Bill Snyder at InfoWorld reported: "The market for IT jobs has not just bottomed out, it's stronger than it has been in several years. There is, however, a catch: The premium pay for jobs requiring the typical certifications that many IT hands labor for has continued its plunge and now is at the lowest point in 12 years. That news comes from a quarterly survey by Foote Partners, a consultancy that issues detailed reports on the IT labor market, monitoring some 2,200 employers and more than 120,000 jobs.
"Why the disconnect between a stronger overall job market and shrinking paychecks for certified techies? "Pure-play [tech] jobs are on the decline," says Bill Reynolds, a partner in the firm. Where once the majority of tech jobs were in technology companies, now many organizations whose business is not directly related to tech have many openings that require different skills, he tells me."
Windows Server News
Developing Mobile Apps For The Cloud
While cloud computing has become increasingly useful with more users accessing data via mobile devices, it?s important not to adopt mobile cloud without some careful consideration. This expert tip provides key factors to keep in mind before implementing this mobile technology: (RR)
Local Storage For Virtualization: Will It Catch On?
Using local storage for virtualization is fashionable again. Check out this featured tip to learn how storage and virtualization vendors are utilizing local storage for a cost-effective alternative to shared storage: (RR)
Technologies And Trends To Be Grateful For In 2011
New storage technologies, advances in remote graphics delivery and trends such as IT consumerization are reasons for desktop virtualization experts Brian Madden and Gabe Knuth to give thanks this year. Access this exclusive tip to see which other technologies and trends made their short list: (RR)
Hidden Gems In Windows Server 2008 R2?s Resource Monitor Tool
Microsoft introduced a new performance monitoring tool in Windows Server 2008 called the Resource Monitor. But what not too many people know is that significant enhancements were made to the tool with Windows Server 2008 R2 (and Windows 7). Find out some of the new hidden gems in this resource monitoring technology in this popular piece of content: (RR)
Third Party News
Access Control and Security Management
Meeting today?s strict regulatory compliance requirements and ensuring restricted access to confidential information can be challenging. Fortunately, this process can be made easier with a unified platform that allows you to manage security across your entire Windows network.
Download this free trial today and explore the ease of utilizing a single console to search, report, and recover security settings across multiple platforms. Key benefits include:
- Migration of access controls
- Bulk changes to servers
- Targeted searches
- And more
VIPRE Business Service Release 1 Beta 2
GFI Software is very pleased to announce the availability of Service Release 1 (SR1) - Beta 2 for VIPRE Business and VIPRE Business Premium 5.0.
This beta release applies exclusively to the management console, and is currently available for download. The version number for SR1 - Beta 2 is 5.0.4943
We have included several bug fixes and improvements in this beta that are designed to improve the overall function, performance and usability of the management console.
- Introduced the ability to migrate between a Microsoft SQL database and the native database in version 5.0 (and vice-versa), including the ability to transfer all data.
- Improved the agent installation process to allow deployment on endpoints that already have a VIPRE consumer (home) product installed, without requiring the consumer product to be manually uninstalled first.
- Restored ability for customers using multiple databases on version 4.0 to retain this functionality upon upgrading to version 5.0.
- Improved email notifications and quarantine data for anti-phishing alerts (VIPRE Business Premium only) to now include the blocked URL.
- Corrected a bug that could cause a non-default Data Repository path to not be retained during upgrade.
- Corrected a bug that caused scheduled reports to not be emailed if using a MS SQL database.
- Corrected a bug that caused the Agent Installation Port setting to revert to port 80 upon upgrade if the default value was previously modified.
- Corrected a bug that could cause an unhandled exception error when creating scheduled reports.
- Corrected a minor bug that could cause an unhandled exception while viewing multiple sites.
- Corrected a bug that resulted in the policy GUID to be displayed instead of the policy name under certain grouping conditions.
- Corrected a bug where the bypass registration key status (closed networks only) may not be retained during upgrades.
- Corrected a bug that could prevent registration keys from being applied on non-English Windows language locales.
Beta Download and Support Information:
Complete details on how to obtain this beta and receive support can be found via http://www.wservernews.com/go/1322991323171 in the ?Release Statement? forum.
WServerNews FAVE Links
This Week's Links We Like. Tips, Hints And Fun Stuff
Super Fave 1: Like Blade Runner? In your next 10-minute break, watch this short sci-fi movie, It's really well made, featuring Nicolette Sheridan!
Super Fave 2: Now I know what I want for Christmas. Equip this thing with razor blades and you have the ultimate stealth remote assassination tool... LOL!
Talking about quadrocopters, these flyers can build a 6-meter tower. This is pretty cool. Look at that coordination!:
You know you?re pushing the limits of wingsuit proximity flying when you can shake hands with your own shadow. One of the best proximity flying footage ever. WOW:
Animation created in real time with a bicycle and a video camera. Crafty!:
Grant Woolard awoke to find himself in a world of famous paintings:
2012 Consumer Electronics Show Gadget Preview: From high-definition video calling via your HDTV to practically indestructible SD cards for your camera:
Nokia lit up London with a state-of-the-art light projection display transforming London's 400 ft high Millbank Tower into a huge canvas:
Holiday travelers at Denver International Airport were surprised with an entertaining treat when 100 dancers performed to a medley of Swing classics:
Digital Christmas Story told through Facebook, Twitter, YouTube, Google, Wikipedia, Google Maps, GMail and Amazon. Times change - feelings remain the same:
70 Creative Advertisements That Make You Look Twice. (Some NSFW!):
Cute animals of the week Fave. Cat and dog are best friends:
Skiing down hilly city terrain, jumping over hung laundry and parked cars, sliding down stairs and much more from the award-winning film "All.I.Can":