# Security

Told ya so.
Tuesday, November 17, 2020

Loudspeaker Announcement: Would the user behind IP Address 88.75.24.196 kindly reconfigure their RSS readers to poll less often? As flattered as I am by being perceived as this important, I really don’t publish on a 5 seconds schedule.

80.211.89.118 - - [17/Nov/2020:15:01:49 +0100] "GET /blog/index.xml HTTP/1.1" 200 90177 "-" "UniversalFeedParser/5.2.1 +https://code.google.com/p/feedparser/"
80.211.89.118 - - [17/Nov/2020:15:01:50 +0100] "GET /blog/index.xml HTTP/1.1" 200 90172 "-" "Mozilla/5.0 (Macintosh; Intel Mac OS X 10_8_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/31.0.1650.63 Safari/537.36"
80.211.89.118 - - [17/Nov/2020:15:01:55 +0100] "GET /blog/index.xml HTTP/1.1" 200 90172 "-" "Mozilla/5.0 (Macintosh; Intel Mac OS X 10_8_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/31.0.1650.63 Safari/537.36"
80.211.89.118 - - [17/Nov/2020:15:02:00 +0100] "GET /blog/index.xml HTTP/1.1" 200 90172 "-" "Mozilla/5.0 (Macintosh; Intel Mac OS X 10_8_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/31.0.1650.63 Safari/537.36"
80.211.89.118 - - [17/Nov/2020:15:02:05 +0100] "GET /blog/index.xml HTTP/1.1" 200 90172 "-" "Mozilla/5.0 (Macintosh; Intel Mac OS X 10_8_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/31.0.1650.63 Safari/537.36"
80.211.89.118 - - [17/Nov/2020:15:02:10 +0100] "GET /blog/index.xml HTTP/1.1" 200 90172 "-" "Mozilla/5.0 (Macintosh; Intel Mac OS X 10_8_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/31.0.1650.63 Safari/537.36"
80.211.89.118 - - [17/Nov/2020:15:02:15 +0100] "GET /blog/index.xml HTTP/1.1" 200 90172 "-" "Mozilla/5.0 (Macintosh; Intel Mac OS X 10_8_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/31.0.1650.63 Safari/537.36"
80.211.89.118 - - [17/Nov/2020:15:02:20 +0100] "GET /blog/index.xml HTTP/1.1" 200 90172 "-" "Mozilla/5.0 (Macintosh; Intel Mac OS X 10_8_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/31.0.1650.63 Safari/537.36"
80.211.89.118 - - [17/Nov/2020:15:02:25 +0100] "GET /blog/index.xml HTTP/1.1" 200 90172 "-" "Mozilla/5.0 (Macintosh; Intel Mac OS X 10_8_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/31.0.1650.63 Safari/537.36"
80.211.89.118 - - [17/Nov/2020:15:02:30 +0100] "GET /blog/index.xml HTTP/1.1" 200 90172 "-" "Mozilla/5.0 (Macintosh; Intel Mac OS X 10_8_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/31.0.1650.63 Safari/537.36"
80.211.89.118 - - [17/Nov/2020:15:02:35 +0100] "GET /blog/index.xml HTTP/1.1" 200 90172 "-" "Mozilla/5.0 (Macintosh; Intel Mac OS X 10_8_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/31.0.1650.63 Safari/537.36"
80.211.89.118 - - [17/Nov/2020:15:02:40 +0100] "GET /blog/index.xml HTTP/1.1" 200 90172 "-" "Mozilla/5.0 (Macintosh; Intel Mac OS X 10_8_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/31.0.1650.63 Safari/537.36"
80.211.89.118 - - [17/Nov/2020:15:02:45 +0100] "GET /blog/index.xml HTTP/1.1" 200 90172 "-" "Mozilla/5.0 (Macintosh; Intel Mac OS X 10_8_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/31.0.1650.63 Safari/537.36"
80.211.89.118 - - [17/Nov/2020:15:02:50 +0100] "GET /blog/index.xml HTTP/1.1" 200 90172 "-" "Mozilla/5.0 (Macintosh; Intel Mac OS X 10_8_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/31.0.1650.63 Safari/537.36"
80.211.89.118 - - [17/Nov/2020:15:02:55 +0100] "GET /blog/index.xml HTTP/1.1" 200 90172 "-" "Mozilla/5.0 (Macintosh; Intel Mac OS X 10_8_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/31.0.1650.63 Safari/537.36"
80.211.89.118 - - [17/Nov/2020:15:03:00 +0100] "GET /blog/index.xml HTTP/1.1" 200 90172 "-" "Mozilla/5.0 (Macintosh; Intel Mac OS X 10_8_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/31.0.1650.63 Safari/537.36"
80.211.89.118 - - [17/Nov/2020:15:03:05 +0100] "GET /blog/index.xml HTTP/1.1" 200 90177 "-" "UniversalFeedParser/5.2.1 +https://code.google.com/p/feedparser/"

Friday, September 25, 2020

Huh, the Windows XP source code allegedly leaks and all security experts are concerned. Imagine if the same happened to the Linux source code… oh, wait!

Seriously, we had a consensus for years, that security by obscurity is a bad idea. So if accidentally going open source is a concern now, then maybe that’s a reminder that Microsoft products have always been dangerous, shouldn’t have been used to begin with and it’s high time to migrate away from the Windows platform (yes, that’s costly and annoying, but don’t tell that having your business shut down because you rely on an unreliable system isn’t).

Sunday, June 28, 2020

I’m always stunned when watching a movie/TV show in which a criminal makes a final call, then breaks the phone and throws it away in order to get rid of incriminating evidence. Yeah, sure, burner phones exist to be disposed of, but why break them? Your telco has a record of the phone call and if the police found the wreckage (your telco also knows which radio mast you have been connected to, when making that final call), they could desolder the internal storage from the mainboard - NAND flash chips can be quite resilient. They are also very bad at actually erasing data (when you delete a file, the operating system just marks the storage space as available again. If you truly want to get rid of a file, then you would first have to overwrite it with random garbage. However, writing to NAND flash is slow and wears the chip down - the controller tries to avoid that).

Yeah ok, that’s a problem for criminals, not law abiding citizens. You have nothing to hide - except maybe the credentials for your Google account, online banking…

Something, one should probably keep in mind when selling a used phone: doing a factory reset means all data on the phone is lost — unless the new owner has specialized equipment.

Sunday, February 23, 2020

Always amazes me, how much emphasis smartphone reviews put on the camera. Higher resolution means bigger image files. Better image quality means you are more likely to take more pictures. In other words, the better the camera, the sooner you run out of device storage space. Of course, that’s the plan in order to upsell you on cloud storage.

Congratz! Self/Drivel inflicted vendor lock-in.

Tuesday, October 8, 2019

Adobe deactivates all Venezuelan accounts

Cloud - always sounds like a real money saver in the brochure: 'We host your data, so you don't have to', until it costs you your business!

Wednesday, October 2, 2019

Speaking of Split APK download, Linked In uses it, too. Well, it’s Microsoft. What do you expect? They never understood security. I mean, even Facebook gets this one right.

Tuesday, October 1, 2019

Just came accross a banking app that is delivered as a split APK. Seriously?! Shit for brains? Slept through cryptography 101?

If your app must communicate over an encrypted channel, then you must NOT use the split APK format. The very fact that Play asks you for your signing (=private) key should ring a bell.

Saturday, August 24, 2019

Why do smartphones have fingerprint sensors?

The three golden rules for password management are:

  1. Never write your password(s) down.
  2. Use different passwords for different services
  3. Change your passwords when they are compromised.

You always “write down” your fingerprints when touching a smooth surface. You can never change them and you (usually) have only 10 of them to begin with. Fingerprints violate all of the above rules, making them completely unfit for being used as password replacements. Smartphone manufacturers know that, but build fingerprint sensors into their devices nonetheless. Why? Because the point is not to actually protect anything on your phone, but to give you the illusion that only you can access it. Otherwise you wouldn’t trust it with your personal data.

Fingerprint sensors are not a security feature. They are simply part of the sales pitch.

Thursday, July 18, 2019

Ok, FaceApp is the latest shit now. I really wonder how many of the FaceApp fans also use face unlock to access their phone. Feels a bit like a giant phishing attack.

Sunday, July 7, 2019

Tales from the spam filter of an Android app developer

Publishing on Google Play requires you to publish a contact email address as well. Publishing a contact address means you get spam mail. The spam you get via the Play contact address is scary.