Silicon Shecky

Infosec Practitioner

Connect

Security Slimebags or How to be forced to pay for security

By Leave a Comment

Android is the most popular mobile OS in the world. It also has some of the most frightening security holes, currently Stagefright. The carriers know this and use it to legally to seemingly extort their customers.

Apple has one thing that Android doesn’t have, and that is a decent patch cycle. You can see people still using the iPhone 4s today. They don’t have to get a new device just to be secure, but not everyone likes the iPhone. Android, on the other hand, is awash in situations. From the heavy fragmentation of the OS, to the majority of phone snot getting critical security updates thanks to the carriers, it really is the wild west. The best bet is to get an unlocked phone that will get updates directly from Google, but the cost of an unlocked phone is high, and the everyday person might not realize that is an option.

Carriers such as Verizon, AT&T, T-Mobile, and Sprint know this and use it against the everyday person. Heck, last year when Android 5 came out, the list of phones to get it included mine. I still have not seen that update, even though Android 6 was just announced. So in my wisdom with Stagefright out there, now in two versions original and even better, I went through my phone settings to see when the last update was pushed out to me. The answer was June, before Stagefright, even though there have been patches made by Google and approved by the phone makers to patch Stagefright version 1, and soon version 2. Now why would a carrier not push out such critical patches? The only answer I can come up with is profit.

Think about it, they don’t send out the patches, you need a new phone to be secure! With the changes all the companies have been making this year to move away from plans and phone subsidies, it is the perfect plan. Extort the customers to make them secure! It is a perfect plan, especially considering no one has done the one thing that could end this. Sue the carriers once hacked. Lawsuits, especially class action ones are going to be the only way to get non-rooted, locked phones timely updates. The carriers have to be held responsible. The problem is those of us that know the carriers are doing this, root our phones, or get the Nexus line of phones. The lack of communication with the layman who uses an Android phone, continues to allow this pattern to continue.

The only other option is for everyone to move to iPhones, but without the competition how bad will the iPhone get? Think about it, most of the “great new features” on a iPhone are features that were already available on an Android phone. Apple just refines the feature a bit and whammo, now people are saying how Apple invented x, y, and z. Without Android what would spur iOS’s development?

One last thought though on all of this, and that is mobile payment, buying things online. Maybe someone else out there knows, but doesn’t being able to use your phone to make payments and the way it does subject the phones or carriers to some part of the PCI standard? If so, how many of us or them are truly compliant?

There are 3 tablets, which one I prefer

By Leave a Comment

I have in my possession a Surface, an iPad, and an ASUS T300 Android Tablet. After having spent time with all three, I look at the pluses and minuses of them, from my perspective, which means that there are opinions in here that are just that, opinions.

Tablets are the new big thing. Everyone wants one, and plenty of companies are making them. Some tend to be designed for specific things (Nook, Kindle) while others make what seem like empty promises to me. I started out with a Nook Color e-reader not long after it came out. I had figured that it would be the tablet of choice for me. Problem was, the 7″ screen and lack of apps, especially free (Ad Supported) apps made me think of getting something else.

That something else came from my work. As we were getting iPads and starting to support them at client sites, they gave me one. this was for me to play with, learn about and use so I could support them. I enjoy the iPad experience. It is quick, and solid. I don’t like Apple, their holier than god and we know what is right for you attitude, and the lack of decent tech apps. Video playback on it has been nice on trips, but I am limited to the Apple formats, as usual.

The Surface is the newest of the Tablets I have. I really had high hopes for this machine, and maybe in the future it will reach those aspirations, but not at the moment. Right now, I deal with the frustration of not finding either the apps I use or an equivalent. Flip Toast is ok, but has bugs (They have told me they are working on fixing them). I can’t find decent Network tools, most apps that I can get free with Ads on other platforms, cost money, or are more expensive than they are on other platforms. Then there is also my Nook issue. I have the Nook app, or my Nook Color on everything else. My Library is there on all my other devices. Microsoft, which bought an 18% stake (IIRC) in Nook has no Nook App for Windows 8. In Fact if you search for Nook in the App Store, you get 2 choices as of writing this article, Kobo or Kindle. So much for partnerships. Don’t get me wrong, there is good about the Surface. Office works nicely, the hardware is responsive and the tile system looks nice. Plus there is the keyboard cover, which is pretty sweet.

Both the Surface and the iPad I got through my office for testing and learning purposes. We want to make decisions on what our sales and service techs are going to use going forward. Honestly, I would lean to the Surface, because of Office, and because of the ease at which it integrates into a Microsoft environment. I can access network shares easily (even though I cannot join an RT device to the domain), and it will do everything that our sales and service teams need. The iPad integration we were trying with a Mac server and we just could not get it to do what we wanted.

The ASUS Transformer T300 is a personal item. It was a birthday gift back in Sept. To tell the truth, I love it. Outside of Flipboard not being available for it, I have everything I want or need on it right now. Yes, I am using Pulse on it, but the lack of new sources I like, and the lack of aggregation from the social media world, makes Pulse a bit annoying, especially in regards to World/U.S. news. Still, I have everything else, including a free Office Suite (which is amazingly useful in its own right). The only drawback to the T300 as compared to the Prime, is the plastic back. I also got a 3rd party case/bluetooth keyboard for it which works as nicely as the Surface’s keyboard cover.

My recommendation right now to people would be the Android Tablet. The T300 does it all, and while a bit sluggish at times, is still is plenty responsive. There are more free apps available for it, and you are not tied into iTunes or Apple’s network. The Surface might be the thing in the future, bight right now, it doesn’t have enough to make it worthwhile, especially on price point. The T300 costs under $400 for a 32GB model. The iPad and Surface (with Type touch cover) are both at $600 for 32GB (Without the Cover the Surface is $499 for 32GB).