Tagged: security

Runaway Android apps

mailmail

[UPDATE June 5, 2014] Multiple observations confirm: Instagram (which behaves (mostly) properly on Wi-Fi connections) becomes a CPU hog on carrier (cellular) connections. Not sure why, will report here if I find out more.

***

[UPDATE June 2, 2014] In an effort to gain a better understanding of what’s going on inside my Nexus 4, I installed two utility apps:  and . Lookout scans and monitors for malware, and offers a bunch of other security features; Watchdog alerts me when an app exceeds a certain CPU threshold.

  • advertisement

 

 

 

 

First impressions are great. Phone runs cool. Interesting observation: When I kill Instagram — the worst offender — through Watchdog, it stays dead. By comparison, when I used to force-stop Instagram via the Android device (system) settings, it would often start up again right away by itself.

***

My phone (Google Nexus 4) has been getting really hot lately, draining the battery in the process. I started monitoring running Android processes and services, and found out that several apps sometimes don’t close when I tell them to, but keep running and consuming CPU cycles and battery juice. The biggest offender is Instagram, followed by Facebook (which starts on boot and keeps running (and restarts itself after a force-stop, the nerve!)), Google Play Music (which seems to randomly start itself on a whim, or possibly gets launched by Google Drive), and MailDroid (as ).

[UPDATE May 17, 2014] Adding Snapchat to the list of runaway apps that must be force-stopped after every use.

My response:

  • Remove the Facebook app, which I have been threatening to do for a while. I am not leaving Facebook, just removing the app from my phone.
  • Scale back the use of the Instagram app, and force-stop the app after each use.
  • Scale back the use of the Google Drive app, and force-stop Google Play Music after each use (confirm cause-and-effect).
    • [UPDATE from a ]: “Google support told me to uncheck the box Settings > Accounts > Google > Accounts > [myemail]@gmail.com > Sync Google Play Music. I had sync checked before the update as well, but it caused no problems. In any event, this didn’t do all that much good. The app is like the freakin’ Terminator — force stops won’t kill it.”
    • [UPDATE from A.T.]: Disabled Google Play Music. Problem solved.
    • [UPDATE from A.T.]: Also wiped a ton of other Google shit off my phone. It felt great.
  • Stay away from the MailDroid app.
  • Monitor Android system activity regularly for runaway apps and force-stop them as needed.
  • Reboot my phone daily.
  • advertisement
Follow A.T. on these networks
rssrss

Jurnalizm, the ABC way

mailmail

How is this not like ?

In case you haven’t heard it yet, here’s the story: A “funnyman” tricks a US Olympic athlete into tweeting a fake video purporting to show a wolf on the loose in the athlete’s hotel in Sochi. The funnyman’s network (ABC) knows about the plan, but keeps mum. The story goes viral, as other legit news networks (NBC, CNN) report it as true. The funnyman goes “Sike!” ABC goes:”It is a piece of comedy.” Ha-ha!

Not everyone’s laughing.   and managing editor overseeing Olympics coverage:

“It wasn’t just that it was a potentially viral video. The news was that security may have been breached where the athletes stay. How did a wolf get into a place that was supposedly fortified? Was there a hole in the fence? Were there other weaknesses? How did it get past the guards? Was it even a wolf? These were all legitimate questions in the context of what has been reported about Sochi.”

In my opinion this “prank” goes well beyond stupid and irresponsible, into malicious and probably criminal. Confession: I am a little angrier than usual because I thought the story was true and shared it on social media as such. I am also no fan of ABC’s for other reasons.

Here’s the video:

  • advertisement
Follow A.T. on these networks
rssrss

Tennis news from the US Open August-September 2013

mailmail

The 2013 is almost here, and there’s a lot of tennis in the news. In this article I will keep a running log of what I consider newsworthy tennis stories throughout the 2013 US Open tournament. Stories appear in reverse chronological order, with the latest story on top, and the oldest story (Thursday, August 15, 2013) at the bottom of the article.

  • advertisement

 

 

 

 

Thursday, September 5, 2013

  •  In three sets, no less. 6-4, 6-3, 6-2.

Wednesday, September 4, 2013

    • Here’s Flavia and me at the 2010 US Open:

Tuesday, September 3, 2013

  • “To watch Federer this summer is to listen to an opera singer who can no longer hit the high notes.” –Greg Bishop, The New York Times (why no NYT link)

Wednesday, August 28, 2013

  •  American teenager Victoria Duval stunned 2011 U.S. Open champion Sam Stosur in the tournament’s first round Tuesday. The 17-year-old qualifier, ranked 296th, won 5-7, 6-4, 6-4, leaping into the air in celebration after converting her fourth match point with a forehand winner. Duval was playing in just her second Grand Slam match.

Monday, August 26, 2013

  • One year after Andy Roddick announced his retirement from tennis, compatriot and colleague James Blake has decided to do the same. Blake made the announcement at a news conference Monday, the opening day of the U.S. Open.

Friday, August 23, 2013

  •  At 32, winning another major will be “quite difficult,” McEnroe says.
  •  According to the tennis pro her beau has impeccable style too.

Thursday, August 22, 2013

  •  “Maria has informed us that she will be unable to compete at the US Open this year due to a right shoulder bursitis and has withdrawn from the tournament,” US Open Tournament Director David Brewer said in a statement.

Wednesday, August 21, 2013

  • The best improvement to the 2013 US Open tournament so far: All Pepsi products have been replaced by Coca-Cola products. In years past Coke fans like me have had to smuggle in their own. This year we don’t have to (although you may still choose to, as a 20-ounce bottle of ice-cold Coca-Cola will cost you a steep $5.00. Still, you have a backup plan in case you run out).
  • Coca-Cola stand at the 2013 US Open tennis tournament
    Coca-Cola stand at the 2013 US Open tennis tournament

Tuesday, August 20, 2013

  • . The U.S. Open women’s seedings will be announced Tuesday; the draw is scheduled for Thursday. John Isner, at No. 13, is the highest-seeded American.

Monday, August 19, 2013

  • Greg Rusedski: . “The fact Rafa lost so early at Wimbledon meant he had so much time to prepare for the hard courts,” said Rusedski. “Usually he is in the latter stages but that hiccup has actually helped him and he has gotten better because of it.”

Saturday, August 17, 2013

  • Going to the US Open? Read carefully the tournament’s . Here is what I’ve learned from personal experience in years past (keep in mind that rules may have changed this year, so no guarantees): You can bring a sandwich. You can bring soft drinks in unsealed plastic bottles. You cannot enter the grounds with cans, glass bottles, or opened plastic bottles. You can bring cameras, including DSLRs. You cannot bring backpacks, defined as bags with two shoulder straps. You CAN bring a bag with one shoulder strap.

Thursday, August 15, 2013

  • First off, I must tell you about the . It’s held free to the public from Tuesday, Aug. 20, to Friday, Aug. 23, and consists of 128 men and 128 women competing for the final 32 entries (16 men and 16 women) in the 2013 US Open singles draws.
  • . With her body aching after another loss, Wimbledon champion Marion Bartoli decided to retire Wednesday night, saying she could no longer deal with the continuous pain on the court.
  • . “Today I have to take care of myself and make sure I can play at 100 percent,” the 28-year-old said on his official website. “The thinking is simple, the doctors told me it would be at least two months before my tendon is partially healed and five months to be completely healed. It would be stupid to go there knowing full well that I have no chance because I’m not prepared enough.”
  • . The US Open’s latest endeavor is its grandest yet: a sweeping transformation of the USTA Billie Jean King National Tennis Center that will create a new Louis Armstrong Stadium, a new Grandstand, wider walkways and improved traffic flow around the grounds and a retractable roof over Arthur Ashe Stadium.
  • advertisement
Follow A.T. on these networks
rssrss

Repeated malware warnings for NJ.com website

mailmail

I have been a daily visitor to for years. I have never had any serious problems, other than the occasional pop-up, which somehow (I wonder how) manages to sneak past my web browser’s pop-up blocker.

However, since I started using last week, about half of the pages on NJ.com are being flagged as containing and display a message similar to this one. Other browsers, such as the latest versions of Google Chrome and Firefox, generate no warnings and display the requested NJ.com pages. So what is going on? Is Yandex Browser throwing false positives, or are other browsers failing to block potentially harmful malware?

Yandex Browser is built by the Russian internet search giant Yandex. The browser is based on the open-source code, and uses security data from — a respected antivirus and IT security company headquartered in the UK.

I have alerted a contact at NJ.com to this issue.

  • advertisement
Follow A.T. on these networks
rssrss

Bruce Schneier on privacy, security, and the future — video interview

mailmail

An excellent video interview (22:23) of security expert Bruce Schneier given at an artificial intelligence conference in Oxford, England. He talks about social media, privacy, Facebook, government, and the generation gap.

Excerpt:

We have to be careful not to project our fears onto another generation that doesn’t have them. This is a generation gap. The younger generation always wins, because the older generation dies. The older generation always tells you about the horrors, and what will go bad, and they are often right, but the younger generation makes them not horrors.

It’s wrong for us to predict and prescribe. We really have to observe.

Follow me on Twitter 

  • advertisement
Follow A.T. on these networks
rssrss

Google Chrome blocks Twitpic

mailmail

UPDATE January 5, 2013 10:43 AM: The issue apparently went away the following day.

UPDATE December 30, 2012 6:43 PM: Still blocked.

  • advertisement

 

 

 

 

UPDATE December 30, 2012 3:51 PM: Twitpic says working to fix the notice, trying to contact Google.

Wow! Google Chrome now blocks access to Twitpic.com with this ominous message (screenshot below):

Danger: Malware Ahead!

Google Chrome has blocked access to this page on twitter.com.

Content from twitpic.com, a known malware distributor, has been inserted into this web page. Visiting this page now is very likely to infect your computer with malware.

Malware is malicious software that causes things like identity theft, financial loss, and permanent file deletion.

Google Chrome Twitpic malware warning screenshot
Google Chrome Twitpic malware warning screenshot

 

Follow me on Twitter 

 

  • advertisement
Follow A.T. on these networks
rssrss

Remove Java from your home computer NOW!

mailmail

UPDATE January 10, 2013 5:26 PM: “” Just saying.

###

Flaw in last three Java versions, 8 years’ worth, puts a billion users at risk

Java is an enormous security risk — always has been, always will be. I have long advised against running Java. Java is sometimes a necessary evil, mostly in enterprise systems. But YOU DON’T NEED JAVA ON YOUR HOME COMPUTER! You probably don’t even know that you have it installed.

I won’t rehash the details of the latest Java flaw discovery, they are well documented in this . My point is that unless you are planning to sue Oracle, you should remove Java from your home computer NOW!

  • advertisement
Follow A.T. on these networks
rssrss

For security purposes, my father’s maiden name is “QWERTY”

mailmail

“Elevated” online accounts security measures create more problems than they solve

I have been paying bills online since 1994. By the mid-1990s I had already set up most of my accounts and things have been routine for years. Until recently. In the last few months I had to set up several new financial accounts online. Boy, have things changed!

Gone are the days of “your mother’s maiden name” (which is apparently a spent token, along with my date of birth and the last four of my social). The security measures taken “for my protection” have been “elevated” to a whole new level. Now I must answer a series of four to six “secret” questions just to create the account. The systems ask (for my protection, of course) for my mother’s, my father’s, my spouse’s and siblings’ first and middle names, the street I grew up on, the schools I went to, the names of my pets, the makes, models and colors of all my cars, miscellaneous important dates in my life, etc., etc., etc. Merely going through the account set-up feels like a full-body scan.

In most cases users are not REQUIRED to answer these questions truthfully, yet most people do anyway. The real issue is that these pseudo-security measures point to (and in a way contribute to) a giant security hole waiting to be exploited. Example: Do the answers to these “secret” questions have an expiration date (like passwords for many networks) or do they provide a permanent link to my identity?

The way I see it, this newish strategy serves two purposes: 1) Serves as a for the service provider, and 2) Shifts the responsibility of securing the account away from the service provider and on to the account holder. The obvious unintended consequence of this apparently mass-adopted strategy is that it creates databases chock-full of personal information. How long before these databases are broken into, or sold?

It is clear that the current security “solution” puts a Band-Aid on the problem, while exacerbating it by forcing users to volunteer tons of personal information. I wish I had a better solution (other than the obvious “feed it bogus data or don’t partake.”)

NOTE: This article originally appeared in November 2010 on .

  • advertisement
Follow A.T. on these networks
rssrss

Pathetic Oracle keeps pushing crapware with Java updates

mailmail

Java comes with McAfee Security Scan Plus. To catch the malware Java lets in?

Oracle's Java update screen, set to download McAfee Security Scan Plus by default
Oracle’s Java update screen, set to download McAfee Security Scan Plus by default

Last month . This week it is McAfee. With every Java “security update” (what a joke!) Oracle tries to sneak who-knows-what-it-does crapware onto my computer. No more. Java is now removed from all my computers, and this goes a lot further than merely preventing me from seeing Oracle’s sneaky banner ever again.

  • advertisement

 

 

 

 

Java is probably the single most serious security vulnerability for any computer today. , and the best and simplest way to stop them is to uninstall Java. Not disable — UNINSTALL. Whether you believe that or , nobody has challenged the claim that a Java security vulnerability was used as the attack vector.

Don’t wait for Java to be banned – today.

[UPDATE 09/07/2012] This blog post generated a lively . Some readers agree with me, others do not. One guy thought “the end of the Article is stupid”. Hey, we are all entitled to our opinions.

[UPDATE 09/08/2012] A few more articles from around the web, all supporting my position that Java is a menace and must be treated as such:

Follow me on Twitter 

  • advertisement
Follow A.T. on these networks
rssrss