d_engberg - Slashdot User

Comment Re:Core features of apps == "leaks"? (Score 2, Insightful) 299

by d_engberg on Thursday September 30, 2010 @04:51PM (#33752632) Attached to: Many More Android Apps Leaking User Data

Right, the paper lists some common applications used by millions of people (BBC, Evernote, Weather Channel) that appear to be using the requested APIs for exactly what you'd expect. It lumps those in with a few obscure and sketchy ones doing nefarious things with those APIs. It makes no attempt to determine which apps are actually doing anything unexpected/evil, and which are behaving in exactly the way that a user would expect.

The unfiltered list gets posted on Slashdot, showered with the obligatory snark and tinfoil.

A first pass sanity check on the apps would have been more responsible.
E.g. "The Weather Channel app sends my location to their servers ... could this have a legitimate purpose for telling me the weather?"
This would have probably pruned the list of applications down to a handful of garbage ones that no one had ever heard of.

Comment Core features of apps == "leaks"? (Score 5, Insightful) 299

by d_engberg on Thursday September 30, 2010 @02:29PM (#33750552) Attached to: Many More Android Apps Leaking User Data

The headline doesn't really match the contents of the paper as far as I can tell.
For example, "Evernote" is listed in the paper for:
1) Taking pictures with the camera
2) Recording audio with the microphone
3) Determining your location
And for transmitting this data to its servers.

These functions are, however, exactly what the application is designed for. You take notes (including snapshot notes and voice notes) and upload them to your account. When you launch the app, there are big buttons for "take a snapshot note" , "take an audio note", etc. Geo-tagging via the location APIs can be disabled from the Settings page, but this is another core advertised feature of the product.

So this is a bit like making it into Slashdot by discovering that a mail client transmits text that you type (and your email address!) to a mysterious "SMTP" server.
Headline: "Researchers discover nefarious 'e-mail' application leaking your data ... on the INTERNET!"

Annual Video Game Report Card Is Positive, For Once 75

Posted by Soulskill on Thursday November 27, 2008 @12:59PM from the i-blame-the-wii dept.

Every year, the National Institute on Media and the Family releases a report card which grades various aspects of the video game industry on how well they keep "inappropriate" games out of the hands of children. This year's report was largely positive, which is surprising given the history of strong criticism by the Institute. They acknowledged that gaming is becoming a much bigger part of family life than it was in the past, and they're making an effort to shift the focus onto the parents to keep their kids' gaming habits under control. The full report is available here (PDF), and Game Daily has an interview with Entertainment Software Alliance CEO Michael Gallagher which touches on some of the same issues.

Comment CRL scalability (Score 2, Informative) 360

by d_engberg on Thursday January 08, 2004 @05:56PM (#7920982) Attached to: Verisign Certificate Expiration Causes Multiple Problems

I'm guessing that this Denial of Service effect is largely due to the known scalability problems with X.509 CRLs. In a mature Public Key Infrastructure (PKI), about 1 in 6 certificates is revoked. A CRL is around 20-30 bytes in length for every revoked certificate.

That means that if you've issued 250,000 certificates, you can expect to have a CRL of about 1MB.

This aggregate information isn't bad for some back-end processing, but when a lot of clients try to grab the CRL, you can quickly saturate even a high-end 100Mbps hosted server farm.

Virtually every serious large-scale PKI (including VeriSign and Microsoft) is moving to OCSP to replace CRLs since each client will retrieve ~1kB per status request rather than a full 1MB CRL.

Slashdot Top Deals