Silicon Shecky

Infosec Practitioner

Connect

Security Slimebags or How to be forced to pay for security

By Leave a Comment

Android is the most popular mobile OS in the world. It also has some of the most frightening security holes, currently Stagefright. The carriers know this and use it to legally to seemingly extort their customers.

Apple has one thing that Android doesn’t have, and that is a decent patch cycle. You can see people still using the iPhone 4s today. They don’t have to get a new device just to be secure, but not everyone likes the iPhone. Android, on the other hand, is awash in situations. From the heavy fragmentation of the OS, to the majority of phone snot getting critical security updates thanks to the carriers, it really is the wild west. The best bet is to get an unlocked phone that will get updates directly from Google, but the cost of an unlocked phone is high, and the everyday person might not realize that is an option.

Carriers such as Verizon, AT&T, T-Mobile, and Sprint know this and use it against the everyday person. Heck, last year when Android 5 came out, the list of phones to get it included mine. I still have not seen that update, even though Android 6 was just announced. So in my wisdom with Stagefright out there, now in two versions original and even better, I went through my phone settings to see when the last update was pushed out to me. The answer was June, before Stagefright, even though there have been patches made by Google and approved by the phone makers to patch Stagefright version 1, and soon version 2. Now why would a carrier not push out such critical patches? The only answer I can come up with is profit.

Think about it, they don’t send out the patches, you need a new phone to be secure! With the changes all the companies have been making this year to move away from plans and phone subsidies, it is the perfect plan. Extort the customers to make them secure! It is a perfect plan, especially considering no one has done the one thing that could end this. Sue the carriers once hacked. Lawsuits, especially class action ones are going to be the only way to get non-rooted, locked phones timely updates. The carriers have to be held responsible. The problem is those of us that know the carriers are doing this, root our phones, or get the Nexus line of phones. The lack of communication with the layman who uses an Android phone, continues to allow this pattern to continue.

The only other option is for everyone to move to iPhones, but without the competition how bad will the iPhone get? Think about it, most of the “great new features” on a iPhone are features that were already available on an Android phone. Apple just refines the feature a bit and whammo, now people are saying how Apple invented x, y, and z. Without Android what would spur iOS’s development?

One last thought though on all of this, and that is mobile payment, buying things online. Maybe someone else out there knows, but doesn’t being able to use your phone to make payments and the way it does subject the phones or carriers to some part of the PCI standard? If so, how many of us or them are truly compliant?

Microsoft Surface. Hit and Miss.

By Leave a Comment

Microsoft entered the tablet hardware business with the launch of the Surface line starting with the RT back in October. The timing on it for me was pretty good because my office was getting ready for a technology refresh, and I got to test it. Now, months later, what I call the new shiny syndrome has worn off.

When you look at what works and what doesn’t in the world of technology you come to realize a few things. First, so much is subjective. Second, people tend to dislike change. Third, change is inevitable. With this in mind, looking at the past 9 months with the Surface RT I have found a lot to like about it. There are pitfalls with it also, but it really is a solid tablet.

The Windows 8 interface is perfect for the RT. I find live tiles to be a great idea that matches and surpasses the widgets I have on my Android Tablet. iOS of course does not have anything like widgets or live tiles to compare to. The problem with the live tiles is the way they update, or at times don’t update. I find news stories to be on the older side half the time. I don’t get decent updates often enough for my liking. These problems though I have found to be true of widgets also.  There also is no intuitive way of stopping the live feed on the tiles.

Metro style apps are easy enough to get use to. Gestures for bringing up menus and doing things inside these apps are very consistent, which makes the learning curve a lot simpler than iOS or Android. The issue with Metro Style though is that same thing. If you are use to the way an app works on the other OSes, odds are you will have trouble finding the same features easily. Also the swipe down partially to bring up menus can be a bit trying at times, although not as difficult to master as the swipe completely down to close apps. If you don’t start from the right spot and go at the right speed, closing apps does not work, and I still find myself taking 3 or 4 swipes to close apps.

The biggest plus is the Office apps that come with the Surface RT, and with Outlook being added to that with the 8.1 Windows release, this just becomes better.

The biggest issues for me though come in the touch screen itself. I find it inaccurate. For instance, if I am on Facebook and want to share something on a friends timeline, I find myself going through the steps 4 or 5 times because I think I am tapping on share to friends timeline and it reads it as share to group. I find myself hitting links multiple times before it registers the tap also.

The soft keyboard which I have is decent, but also has its issues. I have found it losing responsiveness when typing, or registering the wrong key. In fact there is no rhyme or reason for this as the keyboard winds up either overly sensitive, or not registering my pressing at random. The Tablet itself will type normal for a moment, then buffer oddly and take 30 second or more to show the next stuff typed, which makes corrections rather difficult and causes delays in getting work done.

The weight and feel of the Surface are my final complaint about it. It shouldn’t feel as heavy as it does. Also the way it is shaped can leave hard marks in ones hand and cause pain if held for extended periods.

Don’t get me wrong, I love the tablet itself, and it gets used way more than my iPad. My ASUS Android tablet is still my primary tablet overall, but the Surface makes a nice backup. People seem to be worried about the amount of apps for the Windows RT environment, but honestly, I find most things I use a tablet for have an app, and most of them are available across the board. A decent free IRC app is all I have not been able to find so far. With the recent price cuts, I would recommend this to most people, although I am sure there are better devices out there from other manufacturers with Windows RT on it.

Windows Surface RT: Potential but not quite there

By Leave a Comment

This summer, when Microsoft announced it was going to make its own tablet, I was pretty excited. I had a chance to play with Windows 8 at TechEd the week before the announcement, and felt it would do well as a tablet OS. When pre-orders opened, I got my boss to get me one so I can test it for deployment in our company. After having it almost a week, I can tell you, this is a product that definitely has the 1st generation problems.

I felt like a kid in a candy store that had free samples all over the place. Opening the boxes that contained my Microsoft Surface and starting it up for the first time, that sense of anticipation for something you just can’t wait for was bursting. Then the testing began. Simple enough at first, connect to a wireless network, and go through all the setup routines. Simple enough, and easy enough, but then it hit me. The Surface came with 2 small books. The warranty book in 20 different languages, and a pamphlet book that had some crappy diagrams in it. No instruction manual, no real quick start guide, nothing. this over faith in the simplicity and easy of use is the first problem I have.

No information on how to close apps on the unit. No information about swipe gestures at all, let alone things such as how to switch between apps, how to bring up a settings menu, the things one should know. The tiles are nice, and pretty, but the constant (and I mean constant) update speed on them gets annoying. When I finally found the setting (swipe in from the right side) area to adjust it, I was disappointed that the slowest refresh rate was 90 seconds.I personally believe this helps shorten the battery life of the Surface itself. As I played with opening apps, and setting up a connection to my office’s Exchange server, I found I could not pinch and zoom. I also had to do a search on the web to find how to close apps, and then the motion (swipe down) had to be performed very specifically with regards to speed, otherwise the app would stay open. Not very intuitive in my estimation, and the slower speed of swipe to close items, will drive some people crazy.

The office apps were next for me to dig into, along with switching to the desktop mode and going to a share on a server to grab some Docs. This worked fantastically. Going into explorer, pulling up a server, logging in with my domain credentials, and then opening and working in office was nice and easy. Office itself was pretty decent to work with, especially with the tablet mode turned on so items were spaced a bit apart. I also tried to find the built in Cisco VPN system that I had been told about at training in Chicago’s Microsoft Tech Center the day before, but as of this writing, I still cannot find it.

Speaking of Apps, and the App store, I have found it to be frustrating. Not because of the lack of Apps, but because of the problems I have getting the store to open up and recognize that I am online. In fact the whole, am I online issue happens in most of the Metro, oops sorry, Modern Style Apps, including mail. Yet when any one of these shows that I am offline, I can open up IE in desktop mode and show that I am online. Heck I can go to a command prompt through the desktop and ping the internet at large. This to me was very surprising, as it is not a factor of the hardware, but of the Modern UI and Apps that have the issues.

Hardware wise, everything seems pretty solid. The disappointments to me is more with responsiveness (which could be an OS thing) and with the Touch Type Keyboard cover. I have found that the responsiveness to be sluggish half the time. Switching from portrait to landscape modes is slow. Response to touch even gets slow and sluggish. The Touch Type Keyboard Cover, is a different creature. When used as a keyboard (provided the tablet sees it which occasionally it doesn’t) it is great. Where I find it lacks is when you close it. It does not have a magnet to keep it closed, nor does it put the unit into a sleep or standby mode. It makes me feel like I should have another cover that will be more protective to the Surface itself. The next issue I have is that there is no way to keep the wireless on that I have found (I have this same issue with my Asus T300 Android tablet). This means no new mails when it shuts off. The iPad seems to be the only tablet not to have this problem so I can keep it nearby and know when I get new mail as long as I am in a place where I have wireless. This also affects the Windows Automatic Updates, which are supposed to happen at 3am (when the wireless is offline). I also have found that if I store my Surface in my bag next to my iPad, the Surface turns on.

I will not go into the Apps so much except on one surprise front. Microsoft bought int Barns and Noble’s Nook spinoff. Yet the only App is Amazon’s Kindle app, which I don’t use (I own a Nook Color). the lack of a Nook app at launch is extremely surprising, and I have yet to hear when a Nook app will come out. The rest of the App story all depends on what one is looking for. There are fewer Apps than Android or iOS, right now, but that should change, and is not a worry point for me as I don’t use 500,00 to a million apps. My Android tablet has the most downloaded apps on it and that is maybe 30, out of which I use many 10-15 apps regularly. The Nook app though is a big one for me, as I have all my tech manuals in my Nook system, and do not wish to repurchase them.

All of the problems and issues I have found can be fixed. It just make sit obvious that this is a first generation device, and a first serious attempt. From the screw up with the word Metro, to the issues outlined above, everything is fixable. The question is, will Microsoft fix these problems quickly and let the platform live up to the potential it has?