• 3 Posts
  • 39 Comments
Joined 2 years ago
cake
Cake day: July 9th, 2023

help-circle
  • Past vulnerabilities doesn’t mean there is active mpdern vulnerabilities especially ones in widely tested operating systems that’s exploited by as many apps as people claim are listening when security researchers also regularly reverse engineer and analyze the source code of popular apps to figure out what they’re doing. You can decompile Android apps pretty easily to see what they’re doing. Some are obfuscated so it takes some effort.

    Its one thing to claim there’s some a system level bypass for the icon that the NSA uses to spy on its enemies, it’s another thing to claim that it’s being exploited on a wide scale by a tech companies on different apps, iOS and Android, multiple versions/devices.

    The reality is that we leak tons of info through other mediums that are easier and cheaper to collect than through microphones.













  • I stopped using it to pay because then I’d have to set up a PIN, and then type in the PIN every time I want to use it

    This shocked me when I went from my Galaxy Watch 3 to a Galaxy Watch 6. I used to only have to put a PIN when I wanted to pay, but now it’s anything on the watch?

    Because of that, I also disabled the payment app.





  • The companion post, I Went To SQL Injection Court, goes into detail about the court process and witness testimony. One of the interesting things is just how different computer people think about security vs lawyers. Somebody might say that having a schema would help a malicious actor a small amount, and a lawyer will jump on that to deny the request. The idea that the schema would help a malicious actor is the same as a map helping a bank robber. The vault security and security guards are the relevant factors for this, not the map.

    I’ll keep this in mind the next time I’m an expert witness in a computer case (based on this, I hope I’m not.)