LinuxQuestions.org
Share your knowledge at the LQ Wiki.
Go Back   LinuxQuestions.org > Forums > Non-*NIX Forums > General
User Name
Password
General This forum is for non-technical general discussion which can include both Linux and non-Linux topics. Have fun!

Notices


Reply
  Search this Thread
Old 08-31-2019, 07:40 AM   #1
hazel
Senior Member
 
Registered: Mar 2016
Location: Harrow, UK
Distribution: LFS, AntiX, Slackware
Posts: 3,284
Blog Entries: 9

Rep: Reputation: 1840Reputation: 1840Reputation: 1840Reputation: 1840Reputation: 1840Reputation: 1840Reputation: 1840Reputation: 1840Reputation: 1840Reputation: 1840Reputation: 1840
Pots and kettles


Apparently Google has accused Apple of having security holes in iOS that have allowed "hackers" to install malware from "compromised sites". This malware then skims off information about users' images, contacts, etc.

I'm flabbergasted! Isn't that precisely how Google and other companies like Facebook make their money? And doesn't Google have a horse in this race? Obviously they would prefer it if people switched to using Android phones and not iPhones.

It is a well-known fact that the Facebook app on iPhones (and probably the one on Android phones as well) harvests information from the phone's contact lists. This information is than added to the "shadow profiles" of the people concerned. The phone users are asked to give their consent to this, but the people on the list aren't asked for theirs.

What a cesspit it all is!
 
Old 08-31-2019, 08:24 AM   #2
jsbjsb001
Senior Member
 
Registered: Mar 2009
Location: Earth? I would say I hope so but I'm not so sure about that... I could just be a figment of your imagination too.
Distribution: Currently OpenMandriva. Previously openSUSE, PCLinuxOS, CentOS, among others over the years.
Posts: 2,995

Rep: Reputation: 1555Reputation: 1555Reputation: 1555Reputation: 1555Reputation: 1555Reputation: 1555Reputation: 1555Reputation: 1555Reputation: 1555Reputation: 1555Reputation: 1555
Yeah, it does sound like the pot calling the kettle black, doesn't it? Beyond that, nothing new really.

I've only ever had one Facebook account, that I had closed. I've never had (and don't intend to) Twitter, Instagram, WhatsApp, etc accounts before. I think the easiest way to avoid them getting your info is not to sign up to any of the above to begin with. I've even uninstalled the Facebook app, along with others off of my phone. I never use them, so what's the point in providing a potential attack surface?

You might not even need to actually use the app to get caught out...

https://www.wired.com/story/whatsapp...ffer-overflow/
https://www.cnet.com/news/whatsapp-t...-what-you-see/
 
Old 08-31-2019, 09:24 AM   #3
hazel
Senior Member
 
Registered: Mar 2016
Location: Harrow, UK
Distribution: LFS, AntiX, Slackware
Posts: 3,284

Original Poster
Blog Entries: 9

Rep: Reputation: 1840Reputation: 1840Reputation: 1840Reputation: 1840Reputation: 1840Reputation: 1840Reputation: 1840Reputation: 1840Reputation: 1840Reputation: 1840Reputation: 1840
Quote:
Originally Posted by jsbjsb001 View Post
I've only ever had one Facebook account, that I had closed...I think the easiest way to avoid them getting your info is not to sign up to any of the above to begin with. I've even uninstalled the Facebook app, along with others off of my phone.
I'm not sure if that's going to save you from being spied on. Facebook also keeps shadow profiles made up of information about you scraped from other people's phones. They claim that they don't keep this information in the case of non-users, but would you trust a denial from people like that? I wouldn't!

Last edited by hazel; 08-31-2019 at 09:25 AM.
 
Old 08-31-2019, 09:30 AM   #4
jsbjsb001
Senior Member
 
Registered: Mar 2009
Location: Earth? I would say I hope so but I'm not so sure about that... I could just be a figment of your imagination too.
Distribution: Currently OpenMandriva. Previously openSUSE, PCLinuxOS, CentOS, among others over the years.
Posts: 2,995

Rep: Reputation: 1555Reputation: 1555Reputation: 1555Reputation: 1555Reputation: 1555Reputation: 1555Reputation: 1555Reputation: 1555Reputation: 1555Reputation: 1555Reputation: 1555
Quote:
Originally Posted by hazel View Post
I'm not sure if that's going to save you from being spied on. Facebook also keeps shadow profiles made up of information scraped from other people's phones. They claim that they don't keep this information in the case of non-users, but would you trust a denial from people like that? I wouldn't!
Thankfully, I've never really been into the "social media craze", and don't give my phone number or info out easily. So I wouldn't "feature" in barely any social media profiles, even with the "shadow profiles". That's what I like about LQ, who's going to be looking for you here (no offense to LQ or it's members) ? Like for example; you apply for a job, they'll probably look at the "social media" sites, eg. Facebook, Twitter, etc, but I doubt they'd be looking here, or at Linux forums in general.

But yes, I wouldn't believe the likes of Facebook either, so you're right not to in my view.
 
Old 08-31-2019, 09:48 AM   #5
hazel
Senior Member
 
Registered: Mar 2016
Location: Harrow, UK
Distribution: LFS, AntiX, Slackware
Posts: 3,284

Original Poster
Blog Entries: 9

Rep: Reputation: 1840Reputation: 1840Reputation: 1840Reputation: 1840Reputation: 1840Reputation: 1840Reputation: 1840Reputation: 1840Reputation: 1840Reputation: 1840Reputation: 1840
Actually the first place employers look is LinkedIn. They check Facebook mainly to see if you have been a naughty boy/girl.
 
Old 08-31-2019, 09:54 AM   #6
jsbjsb001
Senior Member
 
Registered: Mar 2009
Location: Earth? I would say I hope so but I'm not so sure about that... I could just be a figment of your imagination too.
Distribution: Currently OpenMandriva. Previously openSUSE, PCLinuxOS, CentOS, among others over the years.
Posts: 2,995

Rep: Reputation: 1555Reputation: 1555Reputation: 1555Reputation: 1555Reputation: 1555Reputation: 1555Reputation: 1555Reputation: 1555Reputation: 1555Reputation: 1555Reputation: 1555
Don't have a LinkedIn profile either. But yeah, I've heard that's why employers check the likes of Facebook; good luck finding me there, let alone Twitter, etc
 
Old 08-31-2019, 10:07 AM   #7
Firerat
Senior Member
 
Registered: Oct 2008
Distribution: Debian sid
Posts: 1,995

Rep: Reputation: 550Reputation: 550Reputation: 550Reputation: 550Reputation: 550Reputation: 550
accused is a strong word

a division of google actively looks for security holes
in Feb this year they reported this particular one to Apple *in private* so they could fix it

for what ever reason it has taken 6 mths to go public

It happens all the time.
 
Old 08-31-2019, 10:58 AM   #8
hazel
Senior Member
 
Registered: Mar 2016
Location: Harrow, UK
Distribution: LFS, AntiX, Slackware
Posts: 3,284

Original Poster
Blog Entries: 9

Rep: Reputation: 1840Reputation: 1840Reputation: 1840Reputation: 1840Reputation: 1840Reputation: 1840Reputation: 1840Reputation: 1840Reputation: 1840Reputation: 1840Reputation: 1840
Quote:
Originally Posted by jsbjsb001 View Post
Don't have a LinkedIn profile either. But yeah, I've heard that's why employers check the likes of Facebook; good luck finding me there, let alone Twitter, etc
They google you too of course. I just looked up myself for amusement. I haven't done that for years. DDG topped out with The Charm of Linux; everything else was stuff I did for OOo and later the Open Document Foundation (editing & translating plus one interview). But Bing found my doctoral thesis, which I had no idea was even online. Apparently someone donated it to some archive at the Royal Holloway College two years ago. Isn't the Internet an amazing place!
 
Old 08-31-2019, 05:41 PM   #9
Jan K.
Member
 
Registered: Apr 2019
Location: Esbjerg
Distribution: slackware...
Posts: 54

Rep: Reputation: 24
Quote:
Originally Posted by hazel View Post
Apparently Google has accused Apple of having security holes in iOS that have allowed "hackers" to install malware from "compromised sites"...
Compromised sites? Like... erhm... google store?

Try a search "malware in google store"...
 
Old 09-01-2019, 08:03 AM   #10
ondoho
LQ Addict
 
Registered: Dec 2013
Posts: 12,307
Blog Entries: 9

Rep: Reputation: 3309Reputation: 3309Reputation: 3309Reputation: 3309Reputation: 3309Reputation: 3309Reputation: 3309Reputation: 3309Reputation: 3309Reputation: 3309Reputation: 3309
Quote:
Originally Posted by hazel View Post
Apparently Google has accused Apple of having security holes in iOS that have allowed "hackers" to install malware from "compromised sites". This malware then skims off information about users' images, contacts, etc.

I'm flabbergasted! Isn't that precisely how Google and other companies like Facebook make their money? And doesn't Google have a horse in this race? Obviously they would prefer it if people switched to using Android phones and not iPhones.

It is a well-known fact that the Facebook app on iPhones (and probably the one on Android phones as well) harvests information from the phone's contact lists. This information is than added to the "shadow profiles" of the people concerned. The phone users are asked to give their consent to this, but the people on the list aren't asked for theirs.

What a cesspit it all is!
Online media are getting filled with opinion about Facebook being "the really bad guys" as opposed to Google "doing it properly".
"It" being data harvesting of course; apparently there's a "clean" way to go about it, and a "dirty" way.
I'm not surprised they're now trying to also bring Apple into the narrative.

PS:
Just in case it isn't clear: I do not believe in that. I think they're all dirty.

Last edited by ondoho; 09-01-2019 at 08:04 AM.
 
Old 09-02-2019, 12:12 AM   #11
ntubski
Senior Member
 
Registered: Nov 2005
Distribution: Debian, Arch
Posts: 3,498

Rep: Reputation: 1806Reputation: 1806Reputation: 1806Reputation: 1806Reputation: 1806Reputation: 1806Reputation: 1806Reputation: 1806Reputation: 1806Reputation: 1806Reputation: 1806
Quote:
Originally Posted by Firerat View Post
accused is a strong word

a division of google actively looks for security holes
in Feb this year they reported this particular one to Apple *in private* so they could fix it

for what ever reason it has taken 6 mths to go public

It happens all the time.
I guess this is https://googleprojectzero.blogspot.c...s-exploit.html

It says it was made public in February, just the blog post about it is more recent.

Quote:
We reported these issues to Apple with a 7-day deadline on 1 Feb 2019, which resulted in the out-of-band release of iOS 12.1.4 on 7 Feb 2019. We also shared the complete details with Apple, which were disclosed publicly on 7 Feb 2019.

Now, after several months of careful analysis of almost every byte of every one of the exploit chains, Iím ready to share these insights into the real-world workings of a campaign exploiting iPhones en masse.
 
Old 09-02-2019, 04:23 AM   #12
Firerat
Senior Member
 
Registered: Oct 2008
Distribution: Debian sid
Posts: 1,995

Rep: Reputation: 550Reputation: 550Reputation: 550Reputation: 550Reputation: 550Reputation: 550
ahh, ok I thought it was odd taking 6mths.

I did only hear it on the tv news which was playing in the background.


what happened to the re-launch of the Nokia 3310 ?
pocket dial aside, they were great phones.
 
Old 09-03-2019, 12:20 AM   #13
ondoho
LQ Addict
 
Registered: Dec 2013
Posts: 12,307
Blog Entries: 9

Rep: Reputation: 3309Reputation: 3309Reputation: 3309Reputation: 3309Reputation: 3309Reputation: 3309Reputation: 3309Reputation: 3309Reputation: 3309Reputation: 3309Reputation: 3309
Quote:
Originally Posted by Firerat View Post
what happened to the re-launch of the Nokia 3310 ?
It's there if you want it, along with many other "new dumb" phones, and they're cheap.
But pay attention to the phone's capabilities; some of them have all the connectivity of a smartphone, along with a suitable OS, and are therefore cases of "from the frying pan into the fire" in my reckoning.
I got myself a GSM-only phone just recently. It works. It even has a headphone jack, and I can connect it to my PC as a standard USB device!
And you can lock the keypad.

Last edited by ondoho; 09-03-2019 at 12:21 AM.
 
Old 09-03-2019, 02:17 AM   #14
Firerat
Senior Member
 
Registered: Oct 2008
Distribution: Debian sid
Posts: 1,995

Rep: Reputation: 550Reputation: 550Reputation: 550Reputation: 550Reputation: 550Reputation: 550
Quote:
Originally Posted by ondoho View Post
And you can lock the keypad.
you could with the nokia 3310 !

but some overthinker said
"but what if they need to dial in an emergency?"
"it may be too much trouble to unlock the phone"
"no problem, we can let the use the emergency No.s without unlock"

so, random No. sat on
is that number related to emergency no. ?
|| nope.. ok ignore
&& yeap, ok accept that..!

eventually you had the emergency services primed ready for the dial button

guess what happens if dial is hit at random.

I did get a flip phone in the end
 
Old 09-03-2019, 09:20 AM   #15
hazel
Senior Member
 
Registered: Mar 2016
Location: Harrow, UK
Distribution: LFS, AntiX, Slackware
Posts: 3,284

Original Poster
Blog Entries: 9

Rep: Reputation: 1840Reputation: 1840Reputation: 1840Reputation: 1840Reputation: 1840Reputation: 1840Reputation: 1840Reputation: 1840Reputation: 1840Reputation: 1840Reputation: 1840
I have an old Nokia that someone gave me and I bought a sim for it. I can use it for texting but not for calls because there's something wrong with the mic. Anyone who picks up the phone when I call them gets a horrible droning sound.
 
  


Reply


Thread Tools Search this Thread
Search this Thread:

Advanced Search

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is Off
HTML code is Off



Similar Threads
Thread Thread Starter Forum Replies Last Post
Did you know you can't get kettles any more? hazel General 48 06-22-2019 10:07 AM
I fell for it like Pooh: "Honey Pots and Rabbit Holes" Forsythe LinuxQuestions.org Member Intro 2 03-27-2013 09:04 AM
Tea Kettles??? acid_kewpie General 23 12-19-2008 04:03 AM
how to deploy honey pots vinaymudgil007 Linux - Security 3 08-19-2008 09:15 PM

LinuxQuestions.org > Forums > Non-*NIX Forums > General

All times are GMT -5. The time now is 08:21 PM.

Main Menu
Advertisement
My LQ
Write for LQ
LinuxQuestions.org is looking for people interested in writing Editorials, Articles, Reviews, and more. If you'd like to contribute content, let us know.
Main Menu
Syndicate
RSS1  Latest Threads
RSS1  LQ News
Twitter: @linuxquestions
Facebook: linuxquestions Google+: linuxquestions
Open Source Consulting | Domain Registration