Thursday, December 30, 2010

Updates: Mobile apps & Cloud based services

Mobile apps spying on you - It seems that there are two class action lawsuits that have been filled against Apple. Apple having tight control over apps that get posted on the iPhone app store has set itself up for this. Control also means responsibility and consumer feel cheated if they discover that Apple allows applications to spy on them.

Cloud based services and the risks - The latest victim of its cloud technology seem to be Skype, which had major outages right around the Christmas time. The service blames older clients to be the source for the outage. Those clients shutdown/crashed when receiving certain offline messages that arrived delayed. This just shows that cloud technology creates super complex systems that are not yet well understood and difficult to test for all scenarios.

Read more:
Two lawsuits target Apple, app makers over privacy concerns
Skype's mega-FAIL: exec cops to cause

1SSA - Security Consulting, Training and Products

Sunday, December 26, 2010

Cloud based services and the risks

The cloud is here, and it is here to stay...

Having worked in the outsourcing business for some time it is quite entertaining to see how the marketing folks sell you the same old car over and over again, just by changing the sales pitch. What I am trying to say is that the cloud is just a collection of technologies that already existed before, being sold as part of a regular outsourcing deal: Virtualization, data centers in cheap labor countries, and network capacity are nothing new. But what are the risks?

Many of the cloud solutions had outages according to various websites tracking these outages. Leaving sometimes customer with a total loss of data (E.g. T-Mobile's Sidekick outage).

Other times your privacy of your personal or business data is at risk (E.g. Health care records stolen).

Reading through the fine print (see screenshot) of some of those cloud based services, you will notice that you just provided them with the permission to circumvent the local law. Agreeing to have your data stored "somewhere", where the laws of the country your reside in, might or might not protect your data.

Read more:
Cloud Privacy report - World Privacy Forum
Top-10 cloud outages in 2010

1SSA - Security Consulting, Training and Products

Sunday, December 19, 2010

Mobile apps spying on phone users

Do you like listening to Pandora? According to a a study conducted by Wallstreet Journal you better be prepared to offer some of your private details. The Pandora application on iPhone, according to the article, sends information about you to at least eight (8!) tracking services that gather information. This is not unusual according to the article. Most of the 101 apps tested showed evidence that they provide information ranging from a unique phone ID up to location information, age, Zip code and gender to tracking companies. The article also mentions that iPhone apps seem to be worse than their siblings on Google's Android platform.

Apple claims to review all applications before being allowed in the iPhone app store. This has caused a false sense of privacy with users. All of the apps reviewed by WSJ were available in Apple's app store.

Blackberry applications were not reviewed but the model RIM (maker of Blackberry) introduced in it's Blackberries a different security model. Access to certain information can be blocked. The user needs to deny the application the "trusted application" status and allow just access to individual information.

Read the WSJ article here: iPhone and Android Apps breach privacy

1SSA - Security Consulting, Training and Products