Posts tagged Mobile Apps
Instagram and Grindr stored images on their servers that were accessible without authentication, study finds
Instagram, Grindr, OkCupid and many other Android applications fail to take basic precautions to protect their users’ data, putting their privacy at risk, according to new study.
Data integration is often underestimated and poorly implemented, taking time and resources. Yet it
The findings comes from the University of New Haven’s Cyber Forensics Research and Education Group (UNHcFREG), which earlier this year found vulnerabilities in the messaging applications WhatsApp and Viber.
This time, they expanded their analysis to a broader range of Android applications, looking for weaknesses that could put data at risk of interception. The group will release one video a day this week on their YouTube channel highlighting their findings, which they say could affect upwards of 1 billion users.
“What we really find is that app developers are pretty sloppy,” said Ibrahim Baggili, UNHcFREG’s director and editor-in-chief of the Journal of Digital Forensics, Security and Law, in a phone interview.
The researchers used traffic analysis tools such as Wireshark and NetworkMiner to see what data was exchanged when certain actions were performed. That revealed how and where applications were storing and transmitting data.
Facebook’s Instagram app, for example, still had images sitting on its servers that were unencrypted and accessible without authentication. They found the same problem in applications such as OoVoo, MessageMe, Tango, Grindr, HeyWire and TextPlus when photos were sent from one user to another.
Those services were storing the content with plain “http” links, which were then forwarded to the recipients. But the problem is that if “anybody gets access to this link, it means they can get access to the image that was sent. There’s no authentication,” Baggili said.
The services should either ensure the images are quickly deleted from their servers or that only authenticated users can get access, he said.
Many applications also didn’t encrypt chat logs on the device, including OoVoo, Kik, Nimbuzz and MeetMe. That poses a risk if someone loses their device, Baggili said.
“Anyone who gets access to your phone can dump the backup and see all the chat messages that were sent back and forth,” he said. Other applications didn’t encrypt the chat logs on the server, he added.
Another significant finding is how many of the applications either don’t use SSL/TLS (Secure Sockets Layer/Transport Security Layer) or insecurely use it, which involves using digital certificates to encrypt data traffic, Baggili said.
Hackers can intercept unencrypted traffic over Wi-Fi if the victim is in a public place, a so-called man-in-the-middle attack. SSL/TLS is considered a basic security precaution, even though in some circumstances it can be broken.
OkCupid’s application, used by about 3 million people, does not encrypt chats over SSL, Baggili said. Using a traffic sniffer, the researchers could see text that was sent as well as who it was sent to, according to one of the team’s demonstration videos.
Baggili said his team has contacted developers of the applications they’ve studied, but in many cases they haven’t been able to easily reach them. The team wrote to support-related email addresses but often didn’t receive responses, he said.
Rival’s ‘Continuity’ feature would make a useful addition to Office on iOS and OS X, says analyst
There’s no good reason why Microsoft can’t adopt Apple’s “Handoff” technology in its iOS and OS X Office apps, an analyst said today.
“Office would be more useful if they did,” said Wes Miller, an analyst with Directions on Microsoft. “I don’t see a good reason not to.”
Handoff, part of “Continuity,” a term that describes several new features slated to ship in iOS 8 and OS X Yosemite this fall, lets users begin an activity — writing an email, browsing the Web, creating a document — and then resume it on another device. The feature relies on Bluetooth-powered proximity awareness to recognize Apple devices registered to the same iCloud account. Once that ad hoc recognition takes place, users can hand off in-progress tasks.
Apple will support Handoff on many of its own iOS apps and OS X applications bundled with iOS 8 and Yosemite, including the iWork troika of Pages, Numbers and Keynote. But it will also open up Handoff to third-party developers via several APIs (application programming interfaces), giving them a chance to bake the feature into their own software.
If Microsoft were to add Handoff support to its iOS apps — Office Mobile on the iPhone, Office for iPad on Apple’s tablet — and its desktop edition for OS X, a document begun on the iPad could be picked up on a MacBook Air at the point it was left when the two devices neared each other.
But Microsoft already has its own solution to the multi-device problem in Office, said Miller. “With OneDrive, Microsoft has ‘document continuity,” Miller said. “You can step away from one device and the document is saved in the background. Then you can open it on another device from OneDrive.”
There are differences: When Computerworld opened a Word 2013 document on the iPad — the document was last edited on a Windows 8.1 notebook — it was positioned with the cursor at the top, not at the location of the last edit. And neither OneDrive nor Office spawned an on-screen alert that pointed the user to the document-in-progress, as does Apple’s Handoff.
Microsoft’s desire to support Handoff in Office will largely depend on how the Redmond, Wash. company perceives its rival’s requirements. To use Handoff, an Apple device owner must have an iCloud ID, and be signed into that account on all hardware meant for content forwarding. (That’s how Handoff recognizes the devices owned by an individual.)
Naturally, Microsoft pushes its own identity system for accessing its services, ranging from Office 365 and OneDrive to Outlook.com and Skype.
There should be no concern in Redmond about document storage, even though Apple makes it much easier for developers who use iCloud as their apps’ document repositories. iCloud is not a requirement — as Microsoft’s own Office for iPad demonstrated — and Microsoft can continue to rely on OneDrive as Office’s default online storage service. There were no other obvious barriers in the limited amount of documentation that Apple’s published on the technology.
Microsoft would likely benefit in the public perception arena — or the subset composed of Mac, iPhone and iPad owners — said Miller. When Microsoft took nine months after Apple debuted a full-screen mode to add the feature to Office’s applications, some customers criticized the firm for not putting its shoulder behind the OS X wheel. By jumping on Handoff, Microsoft would shut up those critics.
The move would also let the company again demonstrate that it’s in the game with all players, not just those inside its own ecosystem, a point CEO Satya Nadella has made numerous times — notably when he introduced Office for iPad — since his February promotion. “They’re more open to being open,” said Miller, citing the new regime’s viewpoint as another factor that could tip the debate.
Miller expected Handoff to debut in Office, if it does at all, when Microsoft launches the next edition for the Mac. “I’d expect Office 365 to pick it up automatically, but I wouldn’t expect it on the Mac side until the back-to-school timeframe,” said Miller.
Microsoft would also have to revise Office for iPad and the iPhone version of Office Mobile, and if it decided to support Handoff between native and Web-based apps, modify the free online editions of Word, Excel, PowerPoint and OneNote.
Crown Castle will pay $4.85 billion for purchases and long-term leasing rights on AT&T’s towers
What will you be doing over a mobile network in 28 years? Whatever it is, AT&T and cell-tower company Crown Castle want a piece of it.
In a deal announced on Sunday, Crown Castle International will lease about 9,100 of AT&T’s towers for an average term of 28 years. The agreement, under which Crown Castle will also buy about 600 AT&T towers outright, will bring AT&T about $4.85 billion in cash up front. It’s expected to close by the end of this year.
After Crown Castle takes over the towers, it will lease them back to AT&T, so the carrier says it doesn’t expect the transaction to affect subscribers’ service. But the arrangement does provide a hint of how much faith mobile companies have in the future of this still-young business.
At 28 years, stretching out until 2041, the average lease term for these towers is far beyond the horizon of most predictions about mobile bandwidth, apps or devices. But the trends underlying mobile data point to new capabilities coming online for years, and full-size cell towers are likely to be critical infrastructure for decades, according to Tolaga Group analyst Phil Marshall.
“It’s a pretty good bet,” he said.
Vendors are already looking at demand for the next generation of mobile networks, a so-called 5G that’s not yet being hashed out as a standard. Vish Nandlall, Ericsson’s CTO and senior vice president of strategy, said last week that 5G gear is likely to appear in commercial networks beginning in 2020. He sees it offering 10 times the capacity of 4G LTE, as well as features for low-power machine-to-machine communications.
If a new generation of mobile comes every 10 years, as Nandlall believes, then 28 more years may bring us to 7G. Even the most advanced technologies in labs today won’t go that far, instead giving hints about the networks of just 15 years from now, Tolaga’s Marshall said. Small cells will transform networks over the next few years, allowing carriers to serve more subscribers in areas of dense mobile use, but the kind of longer-range towers Crown Castle is buying into will still be needed for broad coverage, he said.
“There’s no evidence that there’s anything that will … replicate the need for these macro cells,” Marshall said.
Though it’s hard to make detailed predictions, networks 28 years from now will probably feed increasingly powerful mobile devices with updated information and help users find what they need, he said.
“The mobile device ends up having every piece of information you could ever possibly be interested in,” Marshall said. The current MicroSD standard allows for cards with capacities as high as 2TB, one indication that there’s a long way to go for on-device storage, he said. Smarter, faster networks will help consumers use all that data, using context cues such as time and location to show users the content they need in real time, Marshall said.
Future networks will also connect many more types of devices, some of which will fade into the background from consumers’ perspective, Marshall said. Twenty-eight years from now, the launch of the original iPhone in 2007 may look like the invention of the microprocessor in 1971 does now.
“If you look at how the microprocessor is used now, it’s used in absolutely everything,” Marshall said. “Over the very protracted timeline, the same thing happens with the mobile device.”
AT&T and Crown Castle seem confident all this will pay off. When their rights under the deal expire in an average of 28 years, Crown Castle will have the right to buy those 9,100 towers for a sum that the companies estimate at $4.2 billion.
Even in the first phase of the deal, AT&T will get cash it can invest in other parts of its business. But the deal could also benefit the customers of its rivals. Crown Castle will be free to lease extra capacity to other carriers, which may open up towers in areas where Verizon Wireless, Sprint or T-Mobile haven’t been able to set up their own towers, Marshall said.
Which SaaS vendor just passed the billion-dollar mark? Microsoft
Office 365 seems to be catching on.
Despite a lot of confusion around how it works, it seems Microsoft’s SaaS version of the flagship Office suite has pretty quickly grown into a billion-dollar business. According to the most recent financials from Redmond, Office 365 is now on a billion dollar run rate and continuing to grow at a brisk pace.
For those who have been quick to throw dirt on Microsoft’s still warm body, Q3 showed the company exceeding $20 billion in revenue and $6 billion in profits. This at a time when everyone laments the drop in PC sales. Most companies would give away their CEO’s children to have those kinds of numbers.
Truth be told, $1 billion, in terms of the total revenue, suggests that Microsoft Office is not a major piece of the pie. The division that makes up Office did more than $6 billion this quarter alone, for instance. That being said, the billion-dollar mark is a watershed for this new way to consume Office, and shows Microsoft’s muscle in competing with other online productivity suites like Google Drive. From the briefings, it seems all of Microsoft’s cloud-based businesses, including the Azure Cloud, Xbox Live and Office 365, are doing pretty well.
Another factor that was discussed around the earnings is that many of the Office 365 seats are coming from large enterprise accounts. About 25% of enterprise customers are using at least some Office 365 seats. Also, many of the Office 365 seats are the higher-cost, premium versions, which translates to higher revenue and profit for Microsoft. This bodes well for Microsoft as more and more attention and revenue shifts to the cloud.
All in all, Office 365 has grown about 500% in just one year. Of course, maintaining that sort of growth rate over the course of the next couple of years will be difficult, if not impossible. But it is clear that Microsoft has used its cash cow productivity suite to give itself an anchor in the cloud/SaaS business landscape.
Microsoft has also made Office 365 more channel-friendly, allowing VARs and MSPs to bill customers directly via Office 365 portal. Putting Office 365 into the hands of Microsoft’s sizeable and powerful channel is a surefire way to increase its sales.
As I have written before, I use Office 365 for Home, which allows me to put it on five computers in the house. The only thing missing for me is if I could run it on Android tablets. But at $9.95 a month with 25GB of Skydrive and Skype minutes included, I think it is an excellent value.
Some of the initial confusion that held back earlier adoption of Office 365 is that many people didn’t realize that the applications are installed on the machine. You can access web-based versions of the apps on guest computers, but on your own computers there is little difference between the SaaS-based and traditional versions.
So maybe the old dog can learn new tricks. Good for Microsoft, if it has been able to adopt the new SaaS-based methods. Now, for their next trick, let’s see if they could only sell more Windows 8 phones and tablets.
Apple and Microsoft must have missed sniping at each other, because this is petty.
It’s been a while since Apple and Microsoft took cheap shots at each other. I guess they got bored. One news outlet reports Apple is being difficult about approving the newest version of SkyDrive for iOS.
The Next Web reports that the two are at loggerheads over a new version of SkyDrive, which has a paid storage option because Microsoft doesn’t pay Apple a 30% cut of subscription revenue generated by paid storage services.
RELATED: Windows Phone 8 having trouble attracting developers
Microsoft may have some Windows Phone 8 momentum after all
A main sticking point is that Microsoft does not want to pay Apple the 30% cut, which runs in perpetuity regardless of whether users continue to use an iOS device or not, because the billing is done through their Apple account.
So if a user signed up for the enhanced-capacity drive on their iOS device and then moved to a non-iOS phone (say, a Windows Phone), Apple would still collect 30% of their fee for storage even though they aren’t using the iOS device any more. Microsoft is understandably not keen on this.
The problem is not limited to just SkyDrive. AllThingsD reports that this fee is also applied to Office 365 subscriptions sold through Microsoft Office for iOS, which Microsoft has all but acknowledged will be launched sometime next year.
A spokesperson for Microsoft responded to a query with this comment:
“Similar to the experiences of some other companies, we are experiencing a delay in approval of our updated SkyDrive for iOS. We are in contact with Apple regarding the matter and hope to come to a resolution. We will provide additional information as it becomes available.”
Apple, as usual, isn’t talking.
This problem could easily spread to other apps. Third-party developers that use SkyDrive would also be hit with the 30% fee, and they aren’t going to like that perpetual fee, either.
How this plays out will be very interesting. Microsoft could practice what it preaches and offer policies for the Windows Store similar to what it wants from Apple. This would be a key point of differentiation and potentially competitive.
If Apple continues to play hardball and extends the same courtesy to DropBox and other cloud storage apps, Apple could be the one shut out and shunned. Will it happen? Who knows? Tim Cook does not strike me as unreasonable, and now that this is out and in the media, the pressure may come down on Apple.
Now the real test for Microsoft will be how it behaves when the shoe is on the other foot.
One of the most common things I see on a day-to-day basis when interacting with potential clients is confusion between machine translation and translation memory. I recently covered machine translation, so in the interest of equal coverage, I will now focus on translation memory.
Best Microsoft MCTS Certification, Microsoft MCITP Training at certkingdom.com
Translation Memory (TM) is a tool that helps human translators to work more efficiently and with a higher degree of accuracy and quality.
So how does it work? At a high level, translation memory creates a relationship between a segment of source language text and a corresponding segment of target language text.
Here is an example:
You write the sentence, “My house is blue,” on your company website and translate the phrase into Spanish.
“My house is blue” is now linked in the translation memory system with its target language equivalent, “Mi casa es de color de azul.”
Why anyone would have a blue house, or would want to publish this on their website, defies logic, but work with me here, please (note: blue houses are completely normal and this post is not intended to offend anyone who lives in one).
The important thing is that the relationship between those two text segments is in place. Why is this important? For one, if that segment repeats itself across the site, it can be re-used automatically. So you are getting the benefit of accurate, human translation without having to pay for it more than once.
Since the segment is being re-used, you also have the benefit of consistent language. Language consistency is especially important to corporations for many reasons, ranging from maintaining brand voice in marketing content to increasing customer comprehension in informational content. Language is extremely subjective, meaning that content can be written or expressed in multiple ways by different authors and have the same connotation or meaning to the intended audience. The goal is to publish content that is consistent in the source language and then use translation memory tools to ensure that the translated equivalents are consistent, as well.
Another benefit of re-using language is that it increases language accuracy. Each time the technology leverages a previously approved phrase from a database, it removes a human being from having to do a manual process. Therefore, using best-practice translation technology not only increases efficiency, but also increases language accuracy, because it mitigates the risk of introducing an error for segments which have been previously translated.
Since the gating factor in getting content to market is the overall number of words that need to be translated, by reducing the amount of work that needs to be put through a human process, you can go live much faster since you are eliminating manual, repetitive effort.
Another concept of translation memory is “fuzzy matching.” This means that once your translation memory is created and updates are processed against it, the system can look for segments that are close matches (e.g. “My house is red”), so that the translators just need to make minor modifications to the existing target language segment as opposed to an entirely new translation.
We will get into the benefits of server-based translation memory versus desktop-based translation memory in a future post, but the key thing to remember is that this solution offers multiple benefits to the overall translation process.
So make sure that your vendor is using it, you’re made aware of your savings from it, and whatever translation memory is created becomes your intellectual property.
Now I am off to paint my house blue…