iOS | Silicon Shecky

Security Slimebags or How to be forced to pay for security

October 5, 2015 By Michael Kavka Leave a Comment

Android is the most popular mobile OS in the world. It also has some of the most frightening security holes, currently Stagefright. The carriers know this and use it to legally to seemingly extort their customers.

Apple has one thing that Android doesn’t have, and that is a decent patch cycle. You can see people still using the iPhone 4s today. They don’t have to get a new device just to be secure, but not everyone likes the iPhone. Android, on the other hand, is awash in situations. From the heavy fragmentation of the OS, to the majority of phone snot getting critical security updates thanks to the carriers, it really is the wild west. The best bet is to get an unlocked phone that will get updates directly from Google, but the cost of an unlocked phone is high, and the everyday person might not realize that is an option.

Carriers such as Verizon, AT&T, T-Mobile, and Sprint know this and use it against the everyday person. Heck, last year when Android 5 came out, the list of phones to get it included mine. I still have not seen that update, even though Android 6 was just announced. So in my wisdom with Stagefright out there, now in two versions original and even better, I went through my phone settings to see when the last update was pushed out to me. The answer was June, before Stagefright, even though there have been patches made by Google and approved by the phone makers to patch Stagefright version 1, and soon version 2. Now why would a carrier not push out such critical patches? The only answer I can come up with is profit.

Think about it, they don’t send out the patches, you need a new phone to be secure! With the changes all the companies have been making this year to move away from plans and phone subsidies, it is the perfect plan. Extort the customers to make them secure! It is a perfect plan, especially considering no one has done the one thing that could end this. Sue the carriers once hacked. Lawsuits, especially class action ones are going to be the only way to get non-rooted, locked phones timely updates. The carriers have to be held responsible. The problem is those of us that know the carriers are doing this, root our phones, or get the Nexus line of phones. The lack of communication with the layman who uses an Android phone, continues to allow this pattern to continue.

The only other option is for everyone to move to iPhones, but without the competition how bad will the iPhone get? Think about it, most of the “great new features” on a iPhone are features that were already available on an Android phone. Apple just refines the feature a bit and whammo, now people are saying how Apple invented x, y, and z. Without Android what would spur iOS’s development?

One last thought though on all of this, and that is mobile payment, buying things online. Maybe someone else out there knows, but doesn’t being able to use your phone to make payments and the way it does subject the phones or carriers to some part of the PCI standard? If so, how many of us or them are truly compliant?

Hypocrisy: Microsoft, Google, Silicon Valley and OEMs

July 3, 2012 By Michael Kavka Leave a Comment

The world of Technology is a fickle one. You can be a darling one minute and a hated evil empire the next.

There is a lot of talk going around on the technology websites. With all the announcements made recently there has to be. You have Microsoft’s Surface, Google’s Nexus 7, Apple’s new MacBook, and that is just the tip of the iceberg. As always there is much debate about what these things mean, not only to the world at large, but in terms of what a company is or is not. These opinions help shape the future of tech, and what company’s bottom lines will be. The problem is that those writing opinions are just that, opinions, but people take them as facts.

For instance, lets look at Microsoft and its reputation as an “Evil” empire. This thought, which started back in the 90’s, when Apple was on life support and when Microsoft was trying to outflank any competitor, mostly by using integration with less superior products. There was an Anti-Trust suit, Microsoft had to capitulate to oversight and allowing use of its APIs fairly. The tech world wanted Microsoft broken into multiple companies, like AT&T had been many years ago(and that turned out so well). Here we are now in an age where the world of technology is well more than just PCs. A world where overall, Microsoft is not that big of a player. Yes it still is the dominant PC operating system. The world of mobility though belongs to Apple and Google. The world of the internet belongs to Google and Facebook. Microsoft’s name and slips seem to measure bigger, get sounded louder, and last longer than any slip from any of these other companies.

Take a look at security and privacy. Microsoft has been working for years, and getting much better, at security. Third party applications, such as Flash and Java, have been the big holes into Microsoft systems recently. Yes there are still vulnerabilities found in Microsoft’s software, but the have gotten pretty responsive about patching those holes. Apple recently had the Flashback malware, which came through a Java exploit. A Java exploit which had a patch out from Oracle for 60 days before Apple decided to push it to the OSX machines out there. Apple has control over the updates that get pushed down to its devices. It doesn’t like playing with others. As a result, it has now changed its marketing about Macs and Malware, removing the idea that Mac’s do not get viruses from its marketing. There was a lot of talk about Apple’s problems with security, but overall it did not hurt Apple as a company. The average person didn’t even know about the whole deal. If it was Microsoft the whole world would have been down their throats and never forgotten.

For a second example of the hypocrisy in the world of technology, we can look at Tablets. Microsoft has announced it is making its own tablet called Surface. Most tech writers are pleased with this idea, but the OEMs are pissed. How dare Microsoft produce a tablet of its own. Yet when Google announced its own Tablet, the Nexus 7, these same OEMs had no issue with it. Apple produces the iPad, with utter control over it, and OEMs don’t complain. So why be up in arms over Microsoft? The issue at hand is that Microsoft has been burned by its partners on non-PC’s as of late (I won’t get into the whole HP PC stupidity). Think about it, Microsoft created a tablet type computer almost 10 years ago, besed on specific types of hardware, and the OEMs screwed it up, and overpriced it. Apple comes along with the iPad and its a revolution. Microsoft had the Windows CE phones (I had one and loved it back in the early 2000’s). The OS eventually got a bad rep as it became bloated, but when Microsoft fixed things with Windows 7 Phone were the OEMs ready to get back to producing items with it? No. For that matter, OEMs which have done the same thing with their support of Linux, claim to be supportive, and claim to be coming out with new products based on Microsoft technology, yet either come out with one item that is not pushed in the marketplace, or don’t ever come to market with the item. Now add on that Microsoft has its own store (like Apple), and you can understand why Microsoft would get into making a Tablet of its own.

The reality of it all is that people are letting certain things from the past cloud their judgement. They are not basing everything on the current facts only. Truth be told, Apple is a more controlling and “evil” empire because of its control than Microsoft is. Google has been shown to have a ton of privacy issues, as much if not more than Microsoft. Microsoft gets held to a higher standard because of their past and the Anti-Trust suit more than they should at this point. For technology to really grow right, we need to hold everyone to the same standards.

Tech-Ed 2012: Wishlist

June 4, 2012 By Michael Kavka Leave a Comment

Here I am a week away from Tech-Ed. I am going for my first time and I am a little bit nervous. Nerves aside, there are some key things I am looking forward to and things I am hoping for.

This year’s Tech-Ed is shaping up to be fantastic. At least for someone who has spent years convincing his company to send him to the premier tech event for Microsoft Technologies. I’ve used a number of different places such as Twitter and Linked in to get information on how to best manage my time and get into sessions while there. That said there are a few key sessions I am looking forward to. Most of them hit more on the security side of things, but there are also Powershell and Windows 8 sessions and hands on labs that I have marked on my schedule.

As far as the hopeful stuff goes, there is one big thing. That is getting some real time with a Windows 8 tablet. I have an iPad from the office, along with a Blackberry phone. I have a Droid phone as my personal phone (yes, I do believe in separation of work and personal devices). I have touched 2 Windows 7.5 phones, and have thought them alright, but have not had a chance to really learn them. That is mostly due to lack of need to learn them. On the other hand if the Windows 8 tablets on x64 architecture are what they say, it could be the perfect storm for Microsoft. The melding of the tablet into the office in an elegant fashion.

The one thing I hope they did fix, is the signing certificate installs. On Windows 7.5 installing a SBS self signed cert is a pain. Its Microsoft technologies not playing nice with each other, and that needs to be fixed, otherwise Exchange integration is a failure compared to the iPad and Android.

With all the vendors, Sessions and yes, parties (a group called #TheKrew and the Jam Session are the ones I want in on), the chances to not just network, but in this day of connectivity the chance to make friends is amazing. Tech-Ed should be a site to see, and I will be tweeting and Blogging from there, so stay tuned!