Archive for January, 2013
The recent and critical Java CVE necessitates that everyone either uninstall, remove or update Java immediately.
My employer uses a lot of Java, and removing or uninstalling it across thousands of machines just isn’t possible. We also support 4 platforms for each new release (in 32-bit and 64-bit), so pushing out a new version of Java involves downloading, unpacking, deploying and releasing 8 different builds per version. Today’s recent news, means I have to download and deploy 16 separate builds of Java for 1.6u38 and 1.7u11 to meet the security requirements and keep us current.
Oracle’s website is painful enough to navigate, and downloading new Java releases from their site requires an interactive click-wrap agreement to be acknowledged before you can continue with the process; before the download links become visible or active in a browser to be clicked. When you attempt to download, you’ll be presented with a page that contains this:
To download an Oracle Java release from here, you have to go to their Oracle Java Download page, click “Accept License Agreement”, and then click each version of Java you want to download, to download interactively using your desktop browser to your desktop.
In a word: Ugh.
If you need to use those on a UNIX or Linux host as I do, you then have to then take those downloads that you’ve pulled with your browser, and scp/pscp (with PuTTY or similar) or rsync those over to your UNIX/Linux machine from your desktop.
Could this process possibly be more convoluted and complicated?
But there’s a solution: Wget! (with some secret sauce)
Read the rest of this entry »
Yes, they’ve done it again.
The most-recent update of the Facebook mobile application (Android and iPhone) reverses and resets the default settings for “Location Services”, so that every single Facebook message you send, also sends your exact GPS coordinates to the recipient (and to Facebook’s own messaging servers), even if you have your GPS disabled on your phone. When the GPS is disabled, they fall back to AGPS to determine your coordinates with incredible accuracy.
Yes, even if you’ve had it disabled before, a recent update of the mobile app resets these preferences to expose your location when you’re using their Messenger app to send or receive messages through the app.
This is so specific, it actually revealed that I was in my kitchen (in the rear of my house), and not just my approximate street address on my road. Zooming into the map they helpfully provide, shows where inside my house my phone is when I sent the test messages that revealed this issue.
To prevent your phone from exposing your location with every message, go into your Facebook mobile application settings, and disable “Messenger Location Services”, as below. When you disable it here, your messages will just show “Sent from Messenger” or “Sent from Web” inside the app, instead of showing a map and GPS coordinates.
Click on the images below to see them full-size.
They may still be sending GPS coordinates with each message to their messaging servers, but not exposing it to the recipients when you disable this feature, but there’s no confirmed way to tell.
I don’t use the native Facebook mobile app to send or receive messages, opting instead to use Trillian Mobile for Android, which does not pass the GPS coordinates with each message. In addition, I can use all of my IM and chat services at once, in one interface, including Facebook, seamlessly. They have desktop apps and a web interface also, for those who wish to use those natively on any platform. Highly recommended.
Facebook, I’m not impressed with your complete lack of understanding of core security and privacy issues. This is 2013, and no application should be sending GPS coordinates to message or email recipients. Imagine what would happen if a random, unknown person were to message me, and I replied back to them. I’ve now exposed my personal location, which could include my home address, to a level of accuracy that includes where inside my home I am when I’ve responded.
In a word: Disgusting.