Category Archives: security

BitTorrent Sync on mobile

Just tested the new free file share and sync software from BitTorrent Labs, BitTorrent Sync. I shared files between my home PC and my mobile phone, Samsung Note. It works and was easy to set up and use.

Test
Installed on Windows 7 PC. Copied some files onto the shared folder. Installed BTS on Android phone. Added a new folder to share. On PC copied the secret code (a very long alphanumeric string) to the BTS running on the mobile phone. Saw the files from the PC. On PC copied a new file into shared folder. Saw that file on mobile device. Sweet.

One thing I noticed is that if you turn off WiFi you lose connectivity. I saw no settings on the mobile device for turning on 4G use.

About
You can read all about BTS on their official site or search web. In a nutshell it allows you to share your own files among your computer and devices without using a central server. What that gives you is security, privacy, speed, and no size limits. No cloud. Note that this is still in beta mode.

Corporate issues
Of course, this gives another avenue for corporate information to be compromised, by Bring Your Own Device (BYOD) initiatives, or just careless use.

Alternatives
The number one alternative is DropBox, of course. One of many advantages of DropBox is that it doesn’t require that both devices sharing files are turned on and connected. But in “Roll your own Dropbox with BitTorrent Sync on Amazon EC2” Sam Glover shows how to use your own server to do this. He shows how to use the Amazon EC2 system. If you run own home based server, it of course would be much easier.

Further reading

Creative Commons License
This work is licensed under a Creative Commons Attribution-NonCommercial-NoDerivs 3.0 Unported License.

Download app, give away your body, mind and soul?

I was looking to download one of those flashlight apps for an Android phone. I have one on the iPhone.

Found some free ones. So, I hit the download or install button and then looked at the permissions that this app requires or is given. What! It wants to read my phone number, look in my contacts list, make internet connections, look at my school records, review my medical charts, do a rectal exam, interview my neighbors, cop a feel, practice root canal, withdraw from my meager savings, take out a second mortgage, and also, but not the last, peer into my soul and decide if I deserve Moksha or must burn for eternity in some exoteric religious hell.

Ah, no thanks. I’ll just go buy another real flashlight.

The Android market as a whole needs to address this. Or don’t. Just do what Microsoft, Apple, and every other company does, don’t talk about it; don’t even mention permissions. Shhhhh. All apps are dangerous. Secret, its between you and me.

What you expect the User to install VPN, Firewalls, Antivirus, Virtual Machines, etc. Ain’t gonna happen. Besides, security and privacy are partially a human behavior and marketing issue. Lack of privacy is profiting someone somewhere.

Updates
Funny I wrote this and later read about what Google is doing to combat malware. Synchronicity perhaps.

2012-Mar-9: My Samsung Note phablet came with a paltry set of ringtones, unlike the iPhone. Went to Android Market for some. Yup, a ringtone app wants access to everything! Just while viewing the reviews on one of the free ones, I felt a tug on my wallet. What gives? Its a ringtone, sounds, you need to access my contacts, phone, yada, yada, yada…….

2015-6-1: 10 best Android flashlight apps with no extra permissions

Further reading


Tony Bennett – Body and Soul


Coleman Hawkins – Body & Soul


Bill Evans trio + Toots Thielemans – Body & Soul

Creative Commons License
This work is licensed under a Creative Commons Attribution-NonCommercial-NoDerivs 3.0 Unported License.

Email addresses should be more securely handled

Email addresses are entered in the clear, passed around, and even used for identification. Yet, these are not subject to many security concerns that other items such as user name and passwords. Why not?

They should be. Not only are email addresses identifiable pieces of one’s profile on any network, they are also attack vectors for nefarious schemes, smut, spam, and just plain nuisance. Yet, people don’t treat email addresses as that important.

Did you ever get a joke email sent to you about some amusing web page or You Tube video and on the cc address there were hundreds of other people’s email address? What is up with that? If you tell people that this is unwise or to just use bcc addresses, you get a blank stare (from even technical people).

I just got an email from a company telling me that their email provider’s database was compromised. They say that only the email addresses were stolen (yea, I believe that).

Yes, email addresses are valuable and should be treated as such.

Further Reading
Email Privacy Concerns
Users Still Careless With Email

Creative Commons License
This work is licensed under a Creative Commons Attribution-NonCommercial-NoDerivs 3.0 Unported License.