Posted by: David Harley | October 26, 2018

More on the Bloomberg claims

I’ve often taken issue with Cylance (and other so-called next-generation vendors) over its misleading claims about mainstream detection techniques. However, the company has published some discussion among its own researchers regarding Bloomberg’s claims about supply-chain security issues relating to Apple and other big US companies, and several good points are made therein. Worth reading.

Around the Watercooler: Bloomberg “Big Hack” Edition

David Harley

Posted by: David Harley | October 26, 2018

Apple, GrayKey, Google

ZDnet: Apple blocks GrayKey police tech in iOS update – “Reports suggest the data-slurping tool has been rendered useless — but no-one knows how.”

The Register: Apple boss decries ‘data industrial complex’ while pocketing, er, billions to hook Google into iOS – ” …”Advancing AI by collecting huge personal profiles is laziness, not efficiency,” he said. “For artificial intelligence to be truly smart, it must respect human values including privacy.”….Apple … sells Google access to iOS customers for $9bn. That’s how much Google is expected to pay Apple this year to be the default search provider on iDevices, according to a Goldman Sachs estimate.”

[added subsequently]

Danny Bradbury for Sophos: Former Facebook security chief calls out Apple for privacy hypocrisy – “Alex Stamos, the former security chief at Facebook, has called out Apple CEO, Tim Cook, for what he sees as the company’s hypocrisy over user privacy.”

David Harley

Posted by: David Harley | October 24, 2018

Antisocial Android Apps

 for ESET: Banking Trojans continue to surface on Google Play
The malicious apps have all been removed from the official Android store but not before the apps were installed by almost 30,000 users

BuzzFeed: Apps Installed On Millions Of Android Phones Tracked User Behavior To Execute A Multimillion-Dollar Ad Fraud Scheme – “A BuzzFeed News investigation uncovered a sophisticated ad fraud scheme involving more than 125 Android apps and websites, some of which were targeted at kids.”

David Harley

Posted by: David Harley | October 22, 2018

Should Bloomberg retract?

John Gruber cites Amazon Web Services CEO Andy Jassy’s tweet while considering Bloomberg’s decreasingly convincing insistence on the Apple/Amazon/etc. supply chain story: AWS CEO ANDY JASSY: ‘BLOOMBERG SHOULD RETRACT’

I have to agree: Bloomberg’s position is not looking very tenable.

David Harley

Posted by: David Harley | October 19, 2018

Apple and personal data, plus Android issues

ZDNet: Apple to US users: Here’s how you can now see what personal data we hold on you – “Apple’s privacy tools now go beyond Europe, so more now get to download the personal data it has collected….he move brings the four countries in line with Europe, where Apple began offering a simpler way to download a copy of user data in May, just before the EU’s strict GDPR privacy legislation came into effect.”

Less positively:

Security Boulevard: Inside Safari Extensions | Malware’s Golden Key to User Data – “A 2-part series looking at the technology behind macOS browser extensions and how malicious add-ons can steal passwords, banking details and other sensitive user data”

And some Google/Android issues:

  • John E. Dunn for Sophos: Is Google’s Android app unbundling good for security? – “…Google’s licensing compelled device makers to install apps such as Search and Chrome if they wanted to install … the Play Store. In July 2018, the European Commission (EC) concluded this was a ploy to give Google Search a monopoly on Android, fined the company €4.34 billion ($5.1 billion) on anti-trust grounds.”
  • The Register: Decoding the Google Titan, Titan, and Titan M – that last one is the Pixel 3’s security chip – “Chocolate Factory opens lid, just a little, on secure boot and crypto phone coprocessor”

David Harley

« Newer Posts - Older Posts »