# security

Tuesday, October 8, 2019

Adobe deactivates all Venezuelan accounts

Cloud - always sounds like a real money saver in the brochure: 'We host your data, so you don't have to', until it costs you your business!

Wednesday, October 2, 2019

Speaking of Split APK download, Linked In uses it, too. Well, it’s Microsoft. What do you expect? They never understood security. I mean, even Facebook gets this one right.

Tuesday, October 1, 2019

Just came accross a banking app that is delivered as a split APK. Seriously?! Shit for brains? Slept through cryptography 101?

If your app must communicate over an encrypted channel, then you must NOT use the split APK format. The very fact that Play asks you for your signing (=private) key should ring a bell.

Saturday, August 24, 2019

Why do smartphones have fingerprint sensors?

The three golden rules for password management are:

  1. Never write your password(s) down.
  2. Use different passwords for different services
  3. Change your passwords when they are compromised.

You always “write down” your fingerprints when touching a smooth surface. You can never change them and you (usually) have only 10 of them to begin with. Fingerprints violate all of the above rules, making them completely unfit for being used as password replacements. Smartphone manufacturers know that, but build fingerprint sensors into their devices nonetheless. Why? Because the point is not to actually protect anything on your phone, but to give you the illusion that only you can access it. Otherwise you wouldn’t trust it with your personal data.

Fingerprint sensors are not a security feature. They are simply part of the sales pitch.

Thursday, July 18, 2019

Ok, FaceApp is the latest shit now. I really wonder how many of the FaceApp fans also use face unlock to access their phone. Feels a bit like a giant phishing attack.

Sunday, July 7, 2019

Tales from the spam filter of an Android app developer

Publishing on Google Play requires you to publish a contact email address as well. Publishing a contact address means you get spam mail. The spam you get via the Play contact address is scary.