Technical Tidbits™

Some disturbing news hit the wires yesterday late in the afternoon that I really need to make you aware of.

As we’ve discussed in our recent radio show broadcast on Technical Tidbits in the Social Media Remorse episode, many of us are using smart phones to engage and keep up-to-date. Besides being a quick way to respond – and not always thinking before we do as that episode points out, there’s yet another danger that has been brought to light by a Free Mobile Security provider for Smartphones – Lookout.

The AP reported that Lookout has found that many of the apps you use on your iPhone and Android enabled smart phone, are sending back some of your personally sensitive data and forwarding it to third parties without your consent or knowledge.

The AP article, What your phone doesn’t say: It’s watching, Reporter, Jordan Robertson states:

Lookout Inc., a mobile-phone security firm, scanned nearly 300,000 free applications for Apple Inc.’s iPhone and phones built around Google Inc.’s Android software. It found that many of them secretly pull sensitive data off users’ phones and ship them off to third parties without notification.

The article points out:

The data can include full details about users’ contacts, their pictures, text messages and Internet and search histories. The third parties can include advertisers and companies that analyze data on users.

The information is used by companies to target ads and learn more about their users. The danger, though, is that the data become vulnerable to hacking and use in identity theft if the third party isn’t careful about securing the information.

This is a disturbing piece of information for all smart phone users! And it’s not just the new evil-doers of wifi data collection Google! Apple’s apps are guilty too!

Well, Microsoft, move over! You’ve got company on the “evil” sofa of software developers in the hall shame!

And shame on the app developers and the third parties collecting this data! You’re all GUILTY in this one!

A special thank you to Lookout, Inc. for discovering this! I’m glad someone is watching!  (And no! The links are not affiliate links! The software is free!)

Read the full article: What your phone doesn’t say: It’s watching

Ok, should I have named it: AT&T and Hackers/Security Researchers Break Open the Meow Mix?

You get the picture.

Unless you live under a rock, you’ve probably heard about YET ANOTHER breach with AT&T and their data! (It’s really getting old!)

Hacker’s were able to obtain over 114,000 account holders private data over the AT&T network due to a flaw in the network. According to the initial report by Gawker,

The specific information exposed in the breach included subscribers’ email addresses, coupled with an associated ID used to authenticate the subscriber on AT&T’s network, known as the ICC-ID. ICC-ID stands for integrated circuit card identifier and is used to identify the SIM cards that associate a mobile device with a particular subscriber.

For those who are new to this kind of technology, the ICC-ID can be used to track you through GPS, or gain more information on you through other means.

For those of you who are more technically minded, Gawker has the entire method that Goatse Security used to access the data online here: http://gawker.com/5559346/apples-worst-security-breach-114000-ipad-owners-exposed

Although there is a huge debate going on as to whether or not this information should have been made public and when it should have been – are you getting nervous yet? – the fact remains that this breach is very similar to what some of you have experienced in your WordPress or website scripts.

There are two points I want to make about this issue.

1. Why the hell are people arguing if this should have been made public? Aren’t we entitled to know when there’s been a data breach?

As far as I’m concerned, EVERY data breach should be made public! There needs to be corporate responsibility for this stuff.

And if there’s any doubt about AT&T withholding disclosure, read Goatse Security’s response to them here:  A Response to AT&T’s Letter – We have an iPad exploit and all iPads are vulnerable.

Right after the first sentence in their response they say,

AT&T had plenty of time to inform the public before our disclosure. It was not done. Post-patch, disclosure should be immediate– within the hour. Days afterward is not acceptable. It is theoretically possible that in the span of a day (particularly after a hole was closed) that a criminal organization might decide to use an old dataset to exploit users before the users could be enlightened about the vulnerability.

So why did AT&T wait?

2. If the big guys like AT&T are vulnerable, what does that say for your blog or website?

Enough said?

Oh, as a P.S. to this post, I mentioned in my previous post, AT&T Overhaul my a$$, that,

I don’t have an iPhone purposely because of the carrier – All Talk & Talk (AT&T).

And,

AT&T (formerly SBC – known around our home as Sonofa Bitching Company)….

I received a snail mail advertisement from them and on the back of the envelope in their big AT&T blue lettering there is the following statement:

all talk, all action

I swear! I have the envelope! If you want proof I’ll scan a copy and post it here! Is that in response to my allegation that AT&T is all talk and no action? Or rather, All Talk & Talk?  What do you have to say for yourself AT&T?

I don’t have an iPhone purposely because of the carrier – All Talk & Talk (AT&T).  I refuse to ever have service with them again – even if they were the last known carrier on the planet! I’d do without!

AT&T (formerly SBC – known around our home as Sonofa Bitching Company) is notorious for hidden fees and overcharging.  So you can imagine my interest in the article I read article on FierceBroadbandWireless that stated AT&T was overhauling its plans.

According to the article, AT&T claims that 98% of the smartphone customers use less than 2 GB of data a month on average, while 65% use less than 200 MB per month on average.

The new pricing plans, which go into effect June 7–the same day Apple is expected to make its debut of the new iPhone OS 4–give subscribers an option to purchase 200 MB of data for $15 per month or 2 GB of data for $25 instead of requiring one unlimited $30 plan per month.  AT&T said that currently 98 percent  of its smartphone customers use less than 2 GB of data a month on average, while 65 percent of customers use less than 200 MB per month on average.

But there’s a little clue as to what’s happening with this later in the article.

AT&T delayed tethering – the ability to share web connection – because the function threatened to exponentially increase traffic!  So, if traffic is increased by tethering, than wouldn’t data use increase?

Tethering for the iPhone will be available when Apple releases iPhone OS 4, the company said. Tethering, which enables users to share their device’s web connection with a laptop via a Bluetooth or USB connection, is already enabled in overseas markets. AT&T had delayed the capability indefinitely because the function threatened to exponentially increase traffic on the network. (Emphasis added by me!)

So, as usual AT&T is not doing you a favor Apple device users!

You know how I love doing my predictions? In July or August, there’s going to be nothing but articles, tweets, and Facebook posts about Apple users crying over their bills! Why? Because AT&T knows you are going to use the tethering and you are going to go over your usage so they can charge you more!

Don’t say I didn’t warn you!

Read more: AT&T overhauls smartphone data plans, brings iPhone tethering to market – FierceBroadbandWireless http://www.fiercebroadbandwireless.com/story/t-overhauls-smartphone-data-plans-brings-iphone-tethering-market/2010-06-02#ixzz0pphtjAJA