exceptionhandler

I personally don’t like smart TVs.  I’d prefer a dumb tv and I’ll bring my own set top and/or receiver.  If I ever get a “smart” tv, I’ll disable whatever I can and keep it off the network.  I just don’t trust the software on these race to the bottom devices.

I also want a smaller phone than what is offered.  I will stick with Apple regardless, just one area I have to deal with it.  I have average hands, but I have dropped my 7 more times than I have my 5S just because it’s harder to use one handed.  And to those who don’t understand, I often have something in my other hand preventing usage of 2 (kids, books, groceries, keys, to name a few).  I was skeptical of the size bump with the 5 series, but when I tried it I liked it.  I again was skeptical with the size bump with the 6 series, but thought, hey I liked the last increase, let’s give this a go.  I can say I have adjusted, but I do not prefer it.  I’d buy a new iPhone in a heartbeat if it was slightly smaller than the 7 but with the XS form factor with no other short comings other than decreased battery size. But alas, the thing I wish for will probably never come to pass...

duervo said:

This whole fiasco reminds me of that James Bond movie with Pierce Brosnan in it. The one where a worldwide media conglomerate made a play for world domination. Damn ... what was the name of that one?

Tomorrow never dies

foggyhill said:

Lara Croft 835 said:

maestro64 said:

HeliBum said:

Yep, leaking private information and Google are synonymous.

Anybody know where to find the list of affected apps?

It would be nice to know which apps have this issue.

Report is pay to view but

Enterprises are at significant risk from the Firebase vulnerability because 62% of enterprises have at least one vulnerable app in their mobile environment. The vulnerable apps are in multiple categories, including tools, productivity, health and fitness, communication, finance and business apps.

Worse, the data being leaked is highly sensitive including PII, PHI, plaintext passwords, social media account and cryptocurrency exchange private access tokens, financial transactions, vehicle license plate and geolocation information, and more. 

Our Mobile Threat Team discovered over 2,300 unsecured Firebase databases and 3,000 unique iOS and Android apps with this vulnerability. The Android versions of these apps alone have been downloaded over 620 million times. 

More than 100 million records are exposed, including: 

• 2.6 million plain text passwords and user IDs
• 4 million+ PHI (Protected Health Information) records (chat messages and prescription details)
• 25 million GPS location records
• 50 thousand financial records including banking, payment and Bitcoin transactions
• 4.5 million+ Facebook, LinkedIn, Firebase, and corporate data store user tokens
  

Why on god's green earth are plain text passwords even stored..., why not store salted hashes, who the hell does that... It wasn't even good security practice in 1993, let alone 25 years later!!.

I just don't get it.

Seems it's not just Google that were idiotic here; most IT and devs are lazy ass that wouldn't know security if it bit them in the ass.

Then there devs like me who like to put emphasis on security but can’t because the business doesn’t make it a priority.  I have even pointed out and executed attacks on our system to show that they are viable.  I get blank looks and get told to work on the next new feature they promised to clients a month ago.  Small businesses just don’t put emphasis on security because it’s not sexy or doesn’t “sell”.  In an industry where we deal with PII and HIPA, it should be required and absolutely the most important feature... but alas, I digress.

I wonder if he’s ever learned to code.