Dear Stan,
"came to light"?
...Most amusing...
Love,
Flint
On Wed, 5 Nov 2014, Stanley Brinkerhoff wrote:
Date: Wed, 5 Nov 2014 11:29:35 -0500
From: Stanley Brinkerhoff <[email protected]>
To: Paul Flint <[email protected]>
Subject: Re: Smartphone Flashlight APP may be more than you want
Which was great until the OpenSSL bug and Bash bugs came to light.
On Wednesday, November 5, 2014, Paul Flint <[email protected]> wrote:
Dear Dave,
One other option is to only use Open Source Software.
Remember Eric Raymond's Law:
"Under 10,000 eyes all bugs are small"
Regards,
Flint
On Tue, 4 Nov 2014, Dave Wilson wrote:
Date: Tue, 4 Nov 2014 12:33:35 -0500
From: Dave Wilson <[email protected]>
To: Paul Flint <[email protected]>
Subject: Smartphone Flashlight APP may be more than you want
Dear Paul Flint,
To view online click here: http://www.invario.net/flash-
light-app-may-want/
Right now I want to talk about smartphone apps and how you may be getting
more than you bargained for. A recent study done by a group called
snoopwall.com looked at the 10 most popular flashlight apps for android
phones and found that ALL of them did much more than simply turn on the
light on your phone.
•iPhones have the same problem, but do come with a safe built in flash
light.
•SnoopWall Threat report on Flash Light Apps.
•Table of Vulnerabilities from popular Flash Light Apps.
Snoopwall Analysis of top 10 Android Flashlight Apps
Snoopwall Analysis of top 10 Android Flashlight Apps
(CLICK TO ENLARGE).
If an app is free to use, its business model could involve selling
customer data. Some apps could also be "developed by professional cyber
criminals, enemy nation states for spying, or by hackers for malicious
reasons",snoopwall warns.
In the report from the link above, they recommend 5 steps to secure your
phone. Unfortunately most involve drastically reducing the functionality of
your phone, like turning off the GPS locator, Bluetooth and putting masking
tape over the camera. Personally, I think those measures go too far in
reducing functionality of your smartphone. In this day in age, who of us is
going to turn on GPS, and wait for satellite acquisition to find out how
long we will be stuck in traffic? Our lifestyle demands answers as fast as
possible and these functions will likely not be turned off for long. So
what can we do to get what we want without being a sitting duck?
Invario Recommendations to protect your Smartphone
1.Have the screen lock when idle and type a quick code to open the phone.
Very important if your phone is ever lost.
2.Get in the habit of paying for apps. Even though this is no guarantee
that you will be installing a ‘safe’ app, you are much less likely to have
“extra features” if you are paying for what you want. Most apps cost less
than $5 so this should not be a great financial burden. Encourage you kids
to buy their apps as well. Then as a parent and bill payer you will know
what is on their phones without snooping.
3.The smaller the size of the application the likely better. The popular
free flashlight apps are 1-5MB in size when the code needed to do this
function need not be over 150kb. Makes you wonder what the other 90-95% of
the code is doing. From what I have been able to find out, nobody knows
what the code does except the makers of the app. At the very least this
extra code will negatively affect your battery life.
4.Snoopwall.com has released a free app that they claim as a private
flashlight app that does not do any snooping. Total size 72k
5.Read the fine print. This is easier said than done. The Federal Trade
Commission found that a popular Android app, "Brightest Flashlight Free"
has been collecting users' personal data including location and device ID
and sharing it with advertisers without their consent. The only result of
this investigation is now “Brightest Flashlight Free” has a long disclaimer
describing how your information will be shared with advertisers. So
consider yourself warned, I guess. Read more:
6.At this time, I would recommend against doing any online banking or
anything that could affect your wallet on your phone. Avoid using your
e-mail contact list for storing passwords, Credit Card Numbers and account
numbers or be extremely careful about what apps have access to your
contacts.
7.Finally, I would suggest moving to two-factor authentication when
accessing anything that requires a password on your smart phone.
TWO Factor Authentication
Two Factor Authentication is a more secure way to logon to computer
system. It works like this. First you are asked to authenticate with
something you know and then a second authentication with something your
have.
What you know would be your username and password to your account.
What you have is a cell phone or e-mail address. A verification code is
sent to these devices to complete logon. The good news is this only has to
happen once per trusted computer and browser.
•Windows Phone
•Android
•iPhone (Same app as the Android, but here is a tutorial for the iPhone.)
Below is a link to a good article on how to secure your Facebook account
with the authenticator app. I was able to set this up pretty easily and it
worked for me. However, I suggest setting up some trusted friends in
Facebook, so if you do get locked out of your account, they will be able to
send you a code that will get you back in.
Link to setup Microsoft Authenticator with Facebook.
Snoopwall Analysis of top 10 Android Flashlight Apps
Facebook Security Settings
Final Thoughts
Having information leave your phone on to an unknown third party without
your knowledge or consent is certainly a violation of privacy, but when
does it become a crime? The stealers of information protect themselves with
a long a cryptic license agreement that we must accept in order to use the
app. I may not care that Walmart knows I shop at Target, but I certainly
don’t want to give just anyone access to my bank account, credit cards or
Facebook page. What the license agreement does not disclose is how the data
they collect will be used or sold. It is the use of the data that is
harmful. The collection is only the first benign step.
So be very careful with passwords on your smart phone. Assume your phone
is insecure and the more apps you have the more likely you are transmitting
your personal information. If in doubt, ask your Invario Network Engineer
for help.
INVARIO REFERRAL$
If you know of a company that would be interested in the services of
Invario Network Engineers, please reply to this e-mail with your
suggestions, and with whom we should contact.
That is all you will have to do! Upon receipt of the first payment from a
new customer, Invario will pay 10% of the retainer or labor portion of the
first project to the referring person or company. If a new customer signs
up for a Worry-Free IT or Server contract the referring party would receive
the equivalent of one month of the agreed to contract.
Recipients that cannot or do not wish to receive a referral payment may
elect to have the referral fee donated to a charity of their choice or put
into a company entertainment fund.
FEEDBACK
If there is an IT topic you would like to know more about please e-mail
me your suggestions.
Dave Wilson
Message sent by: INVARIO
Unsubscribe https://ww1.autotask.net//autotask/Popups/Unsubscribe.
aspx?pageType=0&credentials=0x010000008fa7bd6100ba973932de
a947a973588525f89c330c20288c41e9a1aa13323777d23fb795f3c44e32
4b3a3682c16cd09515deb0409477d1ef762eb4cc3d952804
Kindest Regards,
Paul Flint
(802) 479-2360 Home
(802) 595-9365 Cell
/************************************
Based upon email reliability concerns,
please send an acknowledgement in response to this note.
Paul Flint
17 Averill Street
Barre, VT
05641
Kindest Regards,
Paul Flint
(802) 479-2360 Home
(802) 595-9365 Cell
/************************************
Based upon email reliability concerns,
please send an acknowledgement in response to this note.
Paul Flint
17 Averill Street
Barre, VT
05641
