Start up: Google v security redux, how your browser can track you, unboiling eggs (really), Android MVNO = flop, and more

Don’t worry, we’ll soon have that nice and runny for you. Photo by Sidereal on Flickr.

A selection of 10 links for you. Avoid contact with hands. I’m charlesarthur on Twitter. Observations and links welcome.

This guy found a way to block robocalls when phone companies wouldn’t » WIRED

Robert McMillan:

Aaron Foss won a $25,000 cash prize from the Federal Trade Commission for figuring out how eliminate all those annoying robocalls that dial into your phone from a world of sleazy marketers.

The year was 2013. Using a little telephone hackery, Foss found a way of blocking spammers while still allowing the emergency alert service and other legitimate entities to call in bulk. Basically, he re-routed all calls through a service that would check them against a whitelist of legitimate operations and a blacklist of spammers, and this little trick was so effective, he soon parlayed it into a modest business.

Last year, his service, called Nomorobo, blocked 15.1 million robocalls. He uses cloud computing services—primarily Amazon Web Services and Twilio—to block Florida timeshare sellers and fake Microsoft support gurus from the 190,000 VOIP customers1 who use his free product.

I know, you’re saying “Where do I sign up??” Except for this addendum to the story:

113:00 EST. Correction. An earlier version of this story stated that the Nomorobo service works with mobile phones. It runs on VOIP phones only.


How you can be tracked by your browser’s fingerprint and how you can stop it » CompTutor

You have your browser set to Private Browsing or Incognito mode where it doesn’t store coookies or history. You load up your favorite VPN, Tor, or I2P and are thinking, “I am totally secure and no one can track me now.” Wrong. You still are possibly leaving a digital fingerprint or browser fingerprint behind. Just because you have a secure computer and can change your IP, people can still find you. Browser Fingerprinting is how some agencies have been able to identify people even through Tor or a VPN.

The EFF, or Electronic Frontier Foundation, discovered this a few years ago and has set up a website to demonstrate their findings. Check out the website below, run their fingerprinting test, and see if your online fingerprint is unique to you out of everyone they have tested. I’m guessing it will be.

It’s “canvas fingerprinting”, which has already found favour with Google, and relies on characteristics of HTML5-capable browsers.

Microsoft is no longer manufacturing the Surface 2 » The Verge

The big unmentioned detail there is that it’s the end of the line for Windows RT, which everyone except for Microsoft had already given up on. Its future looked even bleaker during Microsoft’s Windows 10 announcements last week, with the company saying that the new OS was not coming to the Surface RT or Surface 2, its last remaining Windows RT devices.

The Surface 2 debuted near in the fall of 2013 as a successor to the Surface RT, which received a lukewarm response and ended up costing Microsoft millions in stock that did not sell. It was thinner and lighter than the previous model, and also had a considerably better display, but was still stymied by Windows RT, which did not support traditional Windows programs.

RT’s really dead now, Jim.

Android Wi-Fi Direct vulnerability disclosed » Threatpost

Michael Mimoso:

Google and Core Security are at odds over the severity of a vulnerability affecting a number of Android mobile devices, details of which were released by the security vendor today.

The issue was reported to the Android security team on Sept. 26 and in subsequent communication between the two parties, the severity of the vulnerability was debated, culminating today with Core’s disclosure. Google three times acknowledged Core’s report and request for a timeline on a patch, and each time Google said it did not have one.

The flaw is a remotely exploitable denial-of-service vulnerability in Wi-Fi-Direct, a standard that allows wireless devices to connect directly. The implementation is used not only between Android devices, but also printers, cameras, PCs and more.

So here’s Google not fixing new flaws in Android. Shouldn’t Core Security feel justified in releasing exploit code and full details?

Read on for Google justifying not fixing old code in Android….

Google defends policy that leaves most Android devices unpatched » Computerworld

Remember the WebView weaknesses that had everyone jumping up and down because around 60% of Android devices that hit Google Play (and potentially many more altogether) are vulnerable? Gregg Keizer followed up:

“Until recently, we have also provided backports for the version of WebKit that is used by WebView on Android 4.3 and earlier,” wrote Adrian Ludwig, Android lead security engineer on Google+. “But WebKit alone is over 5 million lines of code and hundreds of developers are adding thousands of new commits every month, so in some instances applying vulnerability patches to a two-plus-year-old branch of WebKit required changes to significant portions of the code and was no longer practical to do safely.”

So it’s too much trouble for Google to fix code that’s over two years old, but it feels justified in publicising security flaws – and exploit code – for Windows and OSX? What’s that Biblical saying about beams and motes?

‘Thunderstrike’ attack also fixed in OS X 10.10.2 » iMore

Rene Ritchie:

“Thunderstrike” is the name for an attack that can target Mac hardware via the Thunderbolt port. Apple had previously updated the Retina 5K iMac and 2014 Mac mini to partially secure them against Thunderstrike. Now, the upcoming OS X Yosemite 10.10.2 will fix the problem for all recent Macs running Yosemite.

Thunderstrike was explained here: it requires physical access or very good social engineering. Good that it’s being fixed for “all recent Macs running Yosemite”; bad that it isn’t going further back. (Is it even possible to fix it further back? Nobody seems to know for sure.)

Why an Apple-featured indie dev abandoned iOS in favor of PC » Gamasutra

Alex Wawro:

what’s more interesting about [Erik] Asmussen’s current project, at least from a developer’s perspective, isn’t so much where it is now as where it isn’t — namely, Apple’s App Store.

Like many developers, Asmussen quit his job a few years ago to dive into mobile development full-time; but despite some significant success with mobile games like PWN: Combat Hacking, Asmussen has decided to devote himself to PC development.

“I finally gave up on iOS after I got a ‘Best New Games’ feature and saw how little revenue that actually brought in,” Asmussen tells me, via email. “The risk/reward profile was just terrible, combined with annoying barriers like having to put all updates through a review process. So I decided to switch to PC. That has proven to be a good decision by any measure.”

Why? Because

his final mobile game, PWN: Combat Hacking, earned roughly $10k in its launch month.

“Which sounds cool, until you consider that it took a year to build and about $3-4K in art,” adds Asmussen. “And that that figure is in the top percentile of indie mobile games. And that it got the biggest app store feature short of the top banner.”

Asmussen laments the fact that mobile game makers often can’t get people into their games until after they’re released, and believes that developing PC games for Steam’s Early Access service is more empowering for small-scale developers.

(Thanks @Jaykannan for the link.)

Apple reports record first quarter results » Apple

The results were fueled by all-time record revenue from iPhone® and Mac® sales as well as record performance of the App Store℠. iPhone unit sales of 74.5m also set a new record.

“We’d like to thank our customers for an incredible quarter, which saw demand for Apple products soar to an all-time high,” said Tim Cook, Apple’s CEO. “Our revenue grew 30 percent over last year to $74.6bn, and the execution by our teams to achieve these results was simply phenomenal.” 

Oh, yeah, this happened. Not quite a record for Mac shipments (that happened in the previous quarter) but those iPhone numbers? That is phenomenal execution, as Cook says. It’s so easily overlooked that there’s no value in all the brand stuff and marketing if you can’t actually deliver product to people. Between Apple and Samsung, that’s about half of the smartphone market sewn up.

Chemists find a way to unboil eggs » Phys Org

Janet Wilson on news that will delight, well, anyone?

Like many researchers, he has struggled to efficiently produce or recycle valuable molecular proteins that have a wide range of applications but which frequently “misfold” into structurally incorrect shapes when they are formed, rendering them useless.

“It’s not so much that we’re interested in processing the eggs; that’s just demonstrating how powerful this process is,” [Gregory] Weiss [professor of chemistry and molecular biology at UCal at Irvine] said. “The real problem is there are lots of cases of gummy proteins that you spend way too much time scraping off your test tubes, and you want some means of recovering that material.”

But older methods are expensive and time-consuming: The equivalent of dialysis at the molecular level must be done for about four days. “The new process takes minutes,” Weiss noted. “It speeds things up by a factor of thousands.”

To re-create a clear protein known as lysozyme once an egg has been boiled, he and his colleagues add a urea substance that chews away at the whites, liquefying the solid material. That’s half the process; at the molecular level, protein bits are still balled up into unusable masses. The scientists then employ a vortex fluid device, a high-powered machine designed by Professor Colin Raston’s laboratory at South Australia’s Flinders University. Shear stress within thin, microfluidic films is applied to those tiny pieces, forcing them back into untangled, proper form.

Unspilling milk next, I hope.

5 reasons why a Google MVNO would fail » FierceWireless

Phil Goldstein enumerates them rather clearly. Summarised, they are:
1) engineering phones and networks is difficult (you can’t get one phone to join both T-Mobile and Sprint in the US as they use GSM and CDMA)
2) Google would need customer service centres and distribution – outside its core competency
3) incumbent carriers spend billions on ads, and have inbuilt advantages
4) the service wouldn’t be differentiated, and what’s the target audience?
5) if it doesn’t get scale, Google might kill it.

His article goes into much more detail. It feels persuasive.

Leave a Reply

Fill in your details below or click an icon to log in: Logo

You are commenting using your account. Log Out /  Change )

Twitter picture

You are commenting using your Twitter account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )

Connecting to %s

This site uses Akismet to reduce spam. Learn how your comment data is processed.