Security

iOS struggles against Linux phones

Leave a comment

A colleague who recently returned from China told me he bought an iPad in a market for $50. He then said it really just looked like an iPad but was actually running Android. He thought it was terribly funny to see a different OS on hardware than originally designed, as if he did not realise the irony. Proprietary RISC hardware running proprietary UNIX was supposedly behind us. It felt like he was showing me that he was able to buy a mainframe or midrange system cheap and run Linux on it. How funny, except I thought we were long past that point in technical liberation.

Then I noticed reports saying Android is “embedded”, far ahead of Apple iOS numbers in China.

…since many of the products were embedded with Android system, this system took the lion’s share in the market in 2011, occupying 51.1% of the market; secondly, the market share of Symbian system has been decreasing constantly. However, the system is still the second largest mobile operating system in China at present; thirdly, other smart operating system shared balanced market share, far lagged behind the abovementioned two major operating systems.

Apparently this is no exception nor a local/national situation, as illustrated by Lookout in an infographic that shows Android growth surging past Apple.

The numbers look global but they do not specify. They also do not mention that Nokia Symbian phones are still far ahead. The Economic Times gives a little more perspective.

Smartphones make up less than a third of industry volume. Nokia has also been working on a new Linux-based software platform, code-named Meltemi, to replace its Series 40 software in more advanced feature phones, industry sources told Reuters.

The Series 40 platform has been used in more cellphones than any other software, reaching a cumulative total of 1.5 billion units a few months ago. Meltemi would enable a more smartphone-like experience on those simpler models.

With that in mind, I wonder if the graph above should look more like this?

That’s still a lot of Symbian left to decrease. Could the Linux distribution Meltemi (ancient Greek for “summer wind”) blow in before the others get there? It’s certainly interesting news that a Linux option is being developed to appeal to an S40 upgrade market. It begs a question of strategy. Apple could find itself squeezed from both the high-end and low-end of the market by Android and Linux phones that run on a wide selection of devices and share applications.

At the same time Nokia has introduced a Windows phone version of their N9 hardware (called the Lumia) into the American market for $99. Apple will be faced not only with the squeeze by open operating systems and a rapidly growing decentralised app market but even those consumers who want a proprietary experience have an alternative to iOS.

All that being said I am most interested in the big security question: who will try to differentiate the privacy story in the fastest-growing markets with complex threat models. I mean, if you are one of the hundreds of millions of women trying to run a small business, what mobile system will you trust more with your business and personal secrets? A Pakistani woman on a Chinese carrier, for example…will she trust iOS?

Security

Cost of a Cellphone Tap

Leave a comment

Forbes has an interesting summary of recent ACLU work to expose the business of cellphone taps in America

Wiretaps cost hundreds of dollars per target every month, generally paid at daily or monthly rates. To wiretap a customer’s phone, T-Mobile charges law enforcement a flat fee of $500 per target. Sprint’s wireless carrier Sprint Nextel requires police pay $400 per “market area” and per “technology” as well as a $10 per day fee, capped at $2,000. AT&T charges a $325 activation fee, plus $5 per day for data and $10 for audio. Verizon charges a $50 administrative fee plus $700 per month, per target.

…an AT&T spokesperson referred me to the company’s privacy policy, pointing out a specific line that reads, “We do not sell your personal information to anyone for any purpose. Period.”

That claim is “simply misleading,” says Catherine Crump, an attorney with the ACLU who coordinated the group’s FOIA project. “That’s a curious definition of ‘sell,’ given that they seem to be charging money for people’s information on a regular basis and handing it over to law enforcement agencies around the country.”

The data is obviously full of clues of how to make a cellphone tap as expensive as possible. It also reveals that the carriers vary widely in their definition of operational “cost”.

In any case the ACLU has an excellent point. Although access to data may carry a cost burden that carriers need to recoup, they directly assign a value and sell access to data instead of covering their costs indirectly.

History, Poetry, Security

Are they singing or speaking, or both?

Leave a comment

NPR attempts to provide a comical and historical look at the problem of data classification, in terms of a debate over singing and speaking

Speak-singing, the murky marriage of spoken lyrics and sung melodies, can be heard in everything from 17th-century opera to The Velvet Underground and the latest Mountain Goats record. On this edition of All Songs Considered, hosts Bob Boilen and Robin Hilton argue over the pros and cons of this polarizing art form and take a look at some of their favorite (and not-so-favorite) speak-singing artists.

Sadly, the show does not mention anything about the history of story-telling and secret messaging through song to circumvent censorship. Their data set for analysis appears to be tiny and they seem to miss the very point of why speak-singers are so effective and important.

I am shocked (pun not intended) that at least one of the punk icons of speak-singing, like Sid Vicious or Henry Rollins are not mentioned, for example. Even more shocking to me is the show does not seem to bring up even one sample or reference to blues, reggae, rap, hip-hop…WTF? How can anyone do a music show on speak-singing and not mention rap?

Security

Attorneys and Law Firms Beware and Implement Good Cyber Security Practices

Leave a comment

If you are an attorney you need to heed the warnings: lock down and protect client data.  This is not a scare tactic, but good advice in light of recent events.  In 2010 at least seven law firms in Canada were hacked, allegedly by Chinese hackers seeking to derail a $40 billion deal with an Australian mining company and to steal valuable client data resident at the law firms; and just this year the Puckett law firm was hacked by the Anonymous hacker group because the firm represents one of the Marine sergeants accused in the Hidatha, Iraq killings.  Some members of Anonymous were upset that the sergeant was getting a pretty good deal and Bradley Manning, the private who leaked      secrets to WikiLeaks was facing life in prison.  Imagine realizing that your law firm has been hacked and wondering what this is going to do to your reputation, and what, if any, ethics or disciplinary action may result. These are the type of stories that make the headlines.

Let’s face it, if your client’s network and/or data is secure, smart hackers will look for the soft target and see if they can get what they are looking for by going through you.  “As financial institutions in New York City and the world become stronger, a hacker can hit a law firm and it’s a much, much easier quarry.” (Mary Galligan, head of cyber in the New York City office of the FBI).  As a profession, we have moved far beyond being able to claim ignorance when it comes to cyber security.

An Aug. 2011 ABA formal opinion suggested that attorneys discuss with clients the fact that email may not be very secure.  Ensure clients are comfortable sending sensitive client info via email.  Some local bar associations have taken it a step further and stated that ethics require attorneys to use a secure email service.  I agree.  In fact, I would do two things:

1) include in your engagement letter a statement that email is not secure and that clients should either agree to use a secure service or sign a statement indicating their desire to continue to use email despite the security concerns; and,

2) Incorporate into a security policy for the firm a plan that outlines how client data will be protected and ensure all in the firm have read and are following it.

Cyber security does not need to be a mystery.  Many free and easy to use tools exist that will help you keep your practice more secure.  For instance, your email service may support secure or encrypted email.  If it doesn’t, there are many good options, such as Hushmail.  It is free, like Hotmail, and allows you to password protect emails using a question and answer format.  Just send your client a text or call them on the phone and tell them the password/answer.  This will significantly lower the risk of loss or theft of data and potentially reduce or eliminate your liability if an incident does occur.  It will also be a deterrent to your client if he/she decides to share your confidential communications with a third party, thus destroying attorney-client confidentiality. He/she will have to provide the password to that person or at least take extra steps to forward the message.  This is just one of many free tools that you can use to significantly lower the risk of a cyber-incident and reduce your liability if data is lost or stolen.  Will these tools make you 100% secure?  Not even close, but if the big guys like Citibank, JP Morgan, Google, the Pentagon, RSA, Visa, and a slew of others cannot prevent getting hacked neither can you.  What you can do is pull yourself out of the low hanging fruit category and minimize the risk of an incident. It’s time to do some research into this topic or hire someone you can trust.  Do Not trust the firm that tells you they have made your network secure, its not going to happen, and if you believe it there is a little bridge I would love to sell you ; – ).  Feel free to contact me with questions or leave a comment.