Security and privacy Q&A

The big players will try to lobby for a standard that medium/small players can’t afford to manage - locking more people into AWS, Azure and Google.

And when it’s signed the standards will already be obsolete.

Maybe we’ll finally figure out what (if anything) infected my SLS… :scream:

See @Hifihedgehog - even the world’s most sophisticated malware is subscription based. :scream:


I’ve been watching the talk around the Biden Administration grappling with “mandating” security, which turns out to be “industry guidelines.” It’s apparent they do not want to fight big tech lobbyists over statutory mandates, and even guidelines can become the benchmark for “standard of care” lawsuits.

What is truly interesting is how they will carve out these security guidelines, to keep the public safe, while the FBI, Homeland, Justice Dept., and other law enforcement agencies still rail against Apple’s refusal/inability to decrypt and divulge user information for criminal/national security interests…


I was going to say “still cheaper than Drawboard”. :vb-grin: But then I checked the pricing, and Drawboard is still marginally cheaper.

1 Like

That an Apple device can be secure, even against a government actor is a powerful statement.

So long as they don’t get to the point where biometrics are both legally required, and the usage of them is not not protected by the 4th Amendment, I really don’t see the problem.

A government which is strong enough to protect you from everything is strong enough to take everything from you.

1 Like

Trusting the government not to abandon the 4th Amendment


I can tell you with absolute certainty that by the time any “guidelines” are agreed upon, ordered or imposed they will be out of date and only functional to defend the very companies about which the administration is complaining.

1 Like

This is the next level after those urgent sounding emails that appear to come from someone you know: a phone call from a person who sounds a lot like someone you know. Interesting times!

This feels like it’s coming to a tipping point soon. And so far anyway, citizens seem to be coming out on the short end of things almost every time. I’m especially bothered by the inside the home footage confiscations.

There has been talk before, though so far just talk of a “digital bill of rights” which would address this and things like cookie tracking, unlocking your phone etc, but IMHO it REALLY needs to come about soon.

Cops are asking for more and more Ring footage, and Ring is giving to them. - The Verge


Well this sounds a little alarming… An Outlook exploit that doesn’t even require the message to be previewed. Just receiving the message in the Outlook client is enough to trigger the exploit. :scream:

Yes we learned about this more yesterday as one of our customers in Indonesia was significantly affected.

OTOH the thinking right now is that most up to date corporate firewalls will catch/block this, but that still leaves home users/public WiFi users vulnerable as our customer believes the initial entry occurred by an employee using a Starbucks WIFI connection

Just one of the reasons I love … love having cellular access on my Go.

Another is anywhere access. Just the other day, I had to be bedside as my 95 year old mom had a necessary procedure and attended a case management conference without a second thought about internet access. Not a thought about the security (or available bandwidth) of the wifi network.


I am becoming more of a devotee every day - hope your mom is doing well!

PS - I really wish I could have a Go size device!


Mom’s fine. At 95, she got a couple of stents. Her doctor was this incredibly competent young (42) cardiologist. Amazingly good care in a small regional hospital in Scranton, PA.

I got my Pro X and I like it so far. I’ve not gotten past the set up.

The Seller said it would come with Windows 10 Pro but it didn’t. I need Pro for the Bitlocker so I’m going to have to see if the Seller has the license so I can upgrade to W11 Pro. Can’t wait to test Word Perfect and Adobe Acrobat to see if the run okay in emulation.

I’m not going to immediately replace my Go2 with the Pro X. At least not just yet. As much as I like the weight and thinness of the Pro X, the size feels gigantic to me. I truly love the size of my Go. But, the Go is showing signs that the integrated graphics chip is struggling, particularly in Zoom. I’m getting distortion in the video image during a call, while the sound and connection appear to be stable. It could be the Zoom, the bandwidth limitations of the Cellular connection or, (gasp) it could be a failing graphics card. I can’t risk being without a travel notebook, so the Pro X is getting set up indentically to the Go2. That way, I can slip in the Pro X from time to time and see if it performs better than the Go. If so, I suspect that I will use it as an interim step so I can wait to see what Microsoft decides to do with this design. At the same time, I can test out my legacy programs to see if the ARM chips will run them. If not, I’ll have to look for another intel design, if I can find one.


I sure hope they come up with a better solution for Surface Pro 10 than stuffing Intel and ARM in same chassis again - what are you really getting for ARM except 5g and possible compatibility headaches. Give me a Go size ARM with Surface Pro X thinness and 5g, 16gb ram, and 1tb SSD, NOW YOU’RE TALKING!


This one looks to be pretty bad and there is cause for concern. OTOH this article is terribly written and doesn’t get even some of the most basic facts right and/or is very unclear about the scope and breadth of the vulnerabilities.

Nor are they clear on the possible workarounds. i.e you can turn off VOLTE on the pixels.

To give just a bit of clarity it’s not the Tensor chipset in the Pixels but the Samsung made modem that has the vulnerability,

OTOH, the brief we got yesterday says that a couple of the flaws may be unpatchable which then opens the questions of what Google and Samsung are on the hook for since these are very recent or even current models.

Google tells users of some Android phones: Nuke voice calling to avoid infection | Ars Technica

You couldn’t even make this stuff up in fiction:

“Until security updates are available, users who wish to protect themselves from the baseband remote code execution vulnerabilities in Samsung’s Exynos chipsets can turn off Wi-Fi calling and Voice-over-LTE (VoLTE) in their device settings. Turning off these settings will remove the exploitation risk of these vulnerabilities.”

Gee, let me think - protect myself and really not even have a phone - what a JOKE. Unfortunately the joke is on US…

Just some food for thought: with new image generators, like the one now being integrated in Bing chat, major companies could quickly deanonymize reddit and other forum accounts (or “more easily”, I’m sure they already can).

The generated images are initially unique and tied to e.g. a Microsoft user id. MS can easily generate a standard photo-hash/fingerprint. When you post the generated image on a forum, MS/bing search will be able to recognize the posted image, and its first online appearance is likely from the user who generated it. Boom, forum account deanonymized.

I wonder if all those handy image hosting services already do this. Seems too obvious for it not to be happening actually.


Could you do me a favor and post this image to Reddit?

1 Like