Linked List: February 12, 2012

Sunday, 12 February 2012

Digital Espionage 

Nicole Perlroth, reporting for The New York Times:

When Kenneth G. Lieberthal, a China expert at the Brookings Institution, travels to that country, he follows a routine that seems straight from a spy film.

He leaves his cellphone and laptop at home and instead brings “loaner” devices, which he erases before he leaves the United States and wipes clean the minute he returns. In China, he disables Bluetooth and Wi-Fi, never lets his phone out of his sight and, in meetings, not only turns off his phone but also removes the battery, for fear his microphone could be turned on remotely. He connects to the Internet only through an encrypted, password-protected channel, and copies and pastes his password from a USB thumb drive. He never types in a password directly, because, he said, “the Chinese are very good at installing key-logging software on your laptop.”

Fascinating story, but with regard to his password technique: clipboard history loggers are just as easily installed as keystroke loggers, no? If your device has been compromised, there’s no safe way to enter a password.

iOS Address Book Access Should Prompt the User for Permission 

Marco Arment:

When implementing these features, I felt like iOS had given me far too much access to Address Book without forcing a user prompt. It felt a bit dirty. Even though I was only accessing the data when a customer explicitly asked me to, I wanted to look at only what I needed to and get out of there as quickly as possible. I never even considered storing the data server-side or looking at more than I needed to.

This, apparently, is not a common implementation courtesy.