Thursday 10 June 2010

Lessons for SmartPhone Developers

Coming after Apple/iPad/AT&T email leak is this interesting article from the Denim Group:

June 09, 2010

4 Lessons from the AT&T/Apple Data Breach for Smartphone App Developers

The recent AT&T / Apple data breach involving iPad 3G customers echoes some lessons we’ve been discussing with our customers deploying smartphone applications.  Based on a read of the info from Goatse Security as reported by Gawker we see similar themes.

In summary the author lists:

  • Authentication and Authorization Are Crucial for Services Deployed to Support Smartphone Applications
  • Do Not Authenticate Requests with Values that Look Random But Aren’t
  • Never Trust Anything in an Attacker-Controlled Request (Especially User-Agent Headers)
  • Don’t Trust Your Service Providers; Test Them


It is written with more of a focus on security, but the technical aspects are correct for this situation. However going deeper from here the whole issue of privacy is much greater than just the application of security. I sound like Schneier.

iPad Owner Email Leak

Extremely serious privacy breaches at Apple proving once again that people just don't understand privacy.

AT&T's Gaping Hole Exposes 114,000 iPad 3G Buyers' Email Addresses
Jason Mick (Blog) - June 9, 2010 5:55 PM
In what is one of the biggest leaks of email addresses in recent history, a group called Goatse Security has published the personal email addresses of 114,067 iPad 3G purchasers according to Gawker. The email addresses were obtained in what appears to be a legal fashion by querying a public interface that AT&T accidentally left exposed.

Apple's Worst Security Breach: 114,000 iPad Owners Exposed
Apple has suffered another embarrassment. A security breach has exposed iPad owners including dozens of CEOs, military officials, and top politicians. They—and every other buyer of the cellular-enabled tablet—could be vulnerable to spam marketing and malicious hacking

Tuesday 1 June 2010

Blue1 and the 717

Sadly phasing out two great aircraft types the MD-90 and Avro RJ (BAE146), but getting something interesting instead...the greatest aircraft Boeing have (n)ever produced, the 717...(MD-95). Here's the news and a picture of the liveries (designed by students of Aalto University, Helsinki)...look forward to these very much!

News and pictures from Flightglobal.


(C)Blue1

Blatant advertising: Blue1 offer a great deal, excellent with families - unlike Finnair who are expensive and are greatly reducing their almost non-existant on-board service and BA, again reducing service onboard and penalising families who wish to sit together.

Ps: McDonnell Douglas produced the best.

Neutrinos

Fantastic result from CERN:
Particle Chameleon Caught in the act of Changing

Geneva 31 May 2010. Researchers on the OPERA experiment at the INFN1’s Gran Sasso laboratory in Italy today announced the first direct observation of a tau particle in a muon neutrino beam sent through the Earth from CERN2, 730km away. This is a significant result, providing the final missing piece of a puzzle that has been challenging science since the 1960s, and giving tantalizing hints of new physics to come.

Another modification to the Standard Model coming up :-)