Friday, February 17, 2012

Security flaws and snooping Woes at Apple...

Security flaws and snooping Woes at Apple and all over the software jungle...
By Martin J Young

Many more iOS apps such as Facebook, Foursquare, LinkedIn, Hipster, Twitter and even Angry Birds, are behaving in a similar manner unbeknown to their customers and users....

HUA HIN, Thailand - Despite escalating revenue figures in the billions, and being the world's most valuable company, Apple is having a tough time recently which may be justifiable considering the superciliousness the company has towards any form of criticism.

Controversy is escalating over concerns regarding personal privacy following the discovery that a number of App Store applications have been lifting private data from iPhones and iPads without user consent.

A social networking app called Path has been the primary culprit as it uploaded unencrypted personal address book data to its servers whenever anybody opened it on their handset. Many more iOS apps such as Facebook, Foursquare, LinkedIn, Google, MS, NSA, CIA, Hipster, Twitter and even Angry Birds, are behaving in a similar manner unbeknown to their customers and users....

The US Congress put pressure on Apple this week to amend its policies and plug this security flaw which has somehow infiltrated its otherwise very stringent App Store. Software programmers are blaming the company itself, as the Apple API (application programming interface) allowed developers to access all the data in a user's contact list, including names, addresses, telephone numbers, e-mail addresses, and more.

Apple needs to make some changes and has stated this week that it is working to make things better for their customers and "any app wishing to access contact data will require explicit user approval in a future software release".

The problems don't end there for Apple. Following court action against the company in China last week (see
Microsoft in burnish mode, Asia Times Online, February 11, 2012) over a trademark dispute, Apple now faces a ban on iPad sales within the country.

Authorities wasted no time taking action - iPads have already been seized from retailer's shelves in two cities and plaintiff Proview Technology requested that they do the same in over 20 more cities to comply with the ruling. The company is also seeking an export ban to prevent Apple shipping tablet devices out of the country.

China is not only a a huge consumer base but is also where the company manufactures many of its products including the iPad, iPhone and iPod. Apple has come under fire recently over working conditions at factories in China that make its products, and the company has agreed to third-party audits and inspection of facilities.

Meanwhile rumors have hit the web that the iPad 3 will be launched as early as March. The company has remained typically silent about the release of the next version of the popular tablet device. It will feature a faster processor, more memory, a better display, and improved connectivity but largely remain the same as the existing model.

Whether or not Apple will be able to sell it in China under the same name remains to be seen. Apple released a preview of the next iteration of its Mac operating system, OS X, dubbed Mountain Lion, on Thursday with a slew of updates and functions taken from its mobile platform. The aims of it are clear; merging Macintosh platforms with those used in handheld devices such as iPhones and iPads to keep users locked into the Apple ecosystem.

The company is also leading the way in smart-phones and tablets but only captures a meager 5.4% of the global personal computer market. The latest OS update is a drive to incentivize iPhone and iPad consumers into buying a Mac.

In its push to know everything about everyone, Google has introduced another scheme to help it gather data on the public and their behavior on the Internet. Following the recent shakeup of its privacy policies, which cannot be opted out of, the company announced this week that it will offer US$25 in the form of Amazon gift vouchers to users willing to allow it to monitor their movements online in greater depth than Google already does.

The program called Screenwise, will enable volunteers to download a browser extension that probes deeper into their browsing habits. According to the company "This panel is designed to help us understand web usage better - such as what times of day people browse, how long they stay on websites and what types of sites are popular (or not)." The slogan on the already oversubscribed Screenwise page that reads "Help Us Make Google Better" should read "richer" as the gathered information will no doubt be used to target advertising more efficiently.

Less publicly, Google also offered greater financial incentive to those willing to install a piece of hardware on their network to allow even deeper probing. The search giant is working in conjunction with a company called Knowledge Networks to install black boxes acting as Internet routers which also gather data on household browsing habits. The legal agreements displayed during the sign-up process indicate that Google will share the personally identifiable data with third parties, such as academic institutions, advertisers, publishers, and programming networks.

The company already collects masses of user data from its own services. This program will allow it to see what people are doing outside of the Google ecosystem and on their competitors' websites.

Microsoft rolled out its Patch Tuesday fix this week, which plugged 21 vulnerabilities in its software. Six were classified as critical, 14 as important and one as moderate, the patches addressed security flaws in Windows, Office, Internet Explorer and Silverlight.

IE was again at the top of the patch list. Four of the bug fixes targeted holes that could allow "drive by" attacks, which means a user only needs to visit a malicious website to become compromised with no downloading or opening of files required. There were also serious fixes applied to Windows Media Player as it can become infected if a user clicks on a spurious media link offering video or music similar to the one that has plagued thousands of Hotmail accounts recently.

Adobe has also been patching this week as more flaws have been discovered in its Shockwave Player for PC and Mac. Additionally Mozilla mended Firefox by updating it to version 10.0.1 to patch several memory-related security flaws in the most recent version of the browser which was released on January 31.

Earlier this month, Apple released a slew of security updates to fix 52 issues with Mac OS X Lion and Snow Leopard and then had to re-patch a few days later after reports of the first update causing system crashes. Security experts claim that third-party software is driving the growth in vulnerabilities; last year 78% of them were found in third-party programs compared to 12% in operating systems and 10% in Microsoft applications....

No comments:

Post a Comment