Archive for the ‘Security’ Category

Controlling security yourself on your Android device

May 26, 2011

One of the central features of Android is the concept of “permissions” — collections of access rights to data and services on your device. There are over 20 of them and they include things like access to the Internet, access to your contacts, access to your phone’s state, access to your location (GPS and cellular), etc. The developer declares what permissions the app requires in the APK (the thing you install) and when you install it, the permissions required are shown to you. You must accept them if you want to install the app. That’s all I’m going to say about permissions here … but you can read more about them here.

So, recent CyanogenMod 7 nightly builds include a permissions manager. It gives you the ability to revoke permissions of individual apps . This is causing a bit of a stir in the app world.

Now, along comes another app, LBE Privacy Guard (Android Market link and AppBrain link), which pops up a notification when an app requests ACCESS to a permission and lets you grant or deny it (yeah, sort of like UAC in Windows 7). Along with your allow or deny response, you can tell LBE whether you want it to remember your choice or ask each time. This app also comes white and black lists (which you can edit) and logs of the permissions requests. It’s pretty slick. I’ve installed it on my phone (LG G2x) and, so far, am happy with it. I’ve denied a few requests, just for fun, and haven’t seen app crap out because of it … yet. LBR is free but requires that you have a rooted device. You can get a little more information about it, along with some screenshots of it in use, at…


New-ish “cloud” backup solution — MiMedia — also streams

January 31, 2011

This is my first real posting regarding cloud services. I’m no stranger, I just haven’t been altogether happy with what’s available. I’ve used SkyDrive, Dropbox and have done a trial with Carbonite as well as a number of the other online backup/file sharing providers and have accounts with streaming/storage providers like MP3tunes, Grooveshark and some of the other, lesser known services but, I have to say, I like MiMedia‘s prices and services. I got a MiMedia account because blueTunes folded and “gave” their users to MiMedia. All my music was transferred and I have a free trial for the service which I am exercising now.

So, what’s their deal? They provide both online backup (“cloud” backup) as well as the ability to stream/share your content with others (I’m streaming Bob Marley right now).

Via a Windows application (no Mac or Linux yet) you install on your computers ( — you can connect as many to your account as you want), you pick the files/folders you want backed up and they monitor for new files/updates/changes and upload them to their servers. One useful twist is that you can request they send you a USB drive onto which you place your first set of files (they pay the shipping both ways). Load it up with up to 250GB of pictures, documents, videos, music, applications, whatever, send it back and they’ll put it in your cloud. Then, as you continue about your work, all the stuff you’ve “tagged”  will have their changes sent to your cloud.

They don’t yet have an Android app but if you’ve got a Flash-capable browser, you can go in that way. And you can upload and download individual files.

Undiscounted prices are

  • 25GB for $5/month or $49/year
  • 100GB for $10/month or $99/year
  • 250GB for $20/month or $195/year

And they can provide more if you need it.

What does Google know about you?

November 5, 2009
From this post over at GottaBeMobile I discovered that you can find out what Google knows about you by going to the Dashboard. You need to be logged in with the Google account about which you want information.

Preventing Autorun attacks

November 11, 2007

This is probably old news to a lot of you by now but I found it in one of the newsletters I subscribe to. The article describes how to completely disable autorun.inf on any media from automatically executing. Yes, there are times that itr will still execute, even if you think you’ve turned it off. The above-linked article is derived from this weblog entry, which describes the attack and how to disable it. It all comes down to creating a new entry in your registry (you should already know how to do this) by putting the following into a text file and importing it into REGEDIT (note that everything between the “[” and the “]” should be on one line):

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\IniFileMapping\Autorun.inf]

Throw-away email addresses

August 10, 2007

Lifehacker has become one of my favorite sites (thanks, Vern!). This time they talk about 10 Minute Mail, a site that will create an email address for you that’s only good for 10 minutes. Need to get onto a site that requires an email address but you just don’t wanna give them one of yours? — use 10 Minute Mail! The domains that the email address originates from changes every month or so which means there’s very little danger of a sysadmin banning the domain. And if you need the address to survive for 20 minutes, you can click a link on the site that extends the life of the email address.

Online password storage?

June 14, 2007

Saw a reference to PassPack today in today’s (June 14, 2007) Chris Pirillo’s Picks. Would I use that free service? Think about it … you’re giving the passwords to a free service … does that make sense to you? Having run an Internet operation and seeing what can happen at various operations centers, I think I’ll pass. I know, I’m probably in the minority here. I mean, it’s soooo convenient, and they publish their privacy rules and practices and they swear that your data will always remain encrypted and and and. And that’s all well and good until it’s not. And then where are you?
I’m sure the service will flourish and go on to make its founders hundreds of millions of dollars and all of the passwords will remain safe and encrypted. Like the debit and credit card data at T J Maxx?

Safer passwords: PwdHash

January 24, 2007

From Rod Begbie‘s blog, a link to PwdHash, a browser extension that hashes a password against the domain name of the site at which you’re going to use it, producing a unique password for each site. This means that you can remember and type in only one password at each site but the password that’s actually used is different. Seems worthwhile and there are extensions for Firefox, IE6 and IE7 with a script for Opera.
Note that the opening page on PwdHash contains a link to the Firefox installer only. You need to go to the Stanford project website to get the installers for the other browsers.

5 Quick and Easy Ways To Stop Blog Spam Before It Hits Your Blog

September 29, 2006

From Digg:
This article has some pretty basic but nonetheless good ways to cut down on comment spam in your blog.

Making It Easier To Capture Passwords

February 16, 2006

SniffPass from the good people of NirSoft makes it possible, nay, even easy to capture passwords that are flying around your network. Amaze your friends, wow your boss!