Archive

Archive for the ‘Internet’ Category

Quidco App for Android Updated – v1.0.5 and v1.0.6

August 24, 2011 2 comments

On the 23rd August, a new version of the Quidco App for Android was released to the Android  market. It claims to resolve the security problem indicated here.

v1.0.5

Quidco App for Android Updated - v1.0.5

Quidco App for Android Updated - v1.0.5

The updates include #11 – Removed debug logs..
It’s great to see such a quick response to a problem, however the raft of updates created some further bugs, and v1.0.5 was quickly superceded by v1.0.6.

v1.0.6

Quidco App for Android Updated - v1.0.6

 

Software Updates

As always, I advise you to keep all your software up to date. You can access the latest version of the Quidco app for Android directly from the Android Market.

I have not yet confirmed the claims that logging is removed and the log file created by the v1.0.4 version is deleted, will update when these checks have been completed.

Beta Testing

If you’re going to release beta software, make it by invite only, then you know who is running it.
If you get a serious issue, you know who’s affected and have a central place to disseminate information.

Wikipedia says

Versions of the software, known as beta versions, are released to a limited audience outside of the programming team. The software is released to groups of people so that further testing can ensure the product has few faults or bugs. Sometimes, beta versions are made available to the open public to increase the feedback field to a maximal number of future users.

http://en.wikipedia.org/wiki/Beta_testing#Beta_testing

 

Want To Know More About Quidco?

Read my post on Quidco – how it works and why you should sign up.

Advertisements

Quidco App for Android Logs Username, Password, IMEI and Card Details Without Encryption

August 21, 2011 3 comments

Quidco App for Android v1.0.4 – Still Just A Beta Test

I installed the Quidco app for Android from the Market a few days back, and I thought it would be nice to do a review.
However, after a bit of poking around I found a log file – Qlog.txt – with my Quidco username and password stored plain-text.

Quidco Username & Password

A quick check revealed also the app was logging my quidco userID and my phones IMEI number.
The IMEI is unique to every handset, and doesn’t necessarily relate to any individual, the SIM does that through the IMSI.

Anyway, the quidco app gets your IMEI through the READ_PHONE_STATE permission, which is requested on installation. It is shown below as Read Phone Status and ID.

Quidco App Permissions

Store Card

The app gives you the opportunity to register a credit card, for earning in-store cash back.
I read through the terms and conditions first, to see what safe guards are in place to protect my data.

T&C Section 2

Great! My card details are only stored and processed in encrypted format..

Screen grab was made after bug found, to illustrate the problem, but log file is exact except redactions.

My Card 8888..

Logged Un-Encrypted

Data Protection Fail.
Please note, the screen grab of card number was made after the bug was found, to better illustrate the problem, but the log file is exact except redaction.

Further Development

This fault has been reported to Quidco, un-installing the app does not delete the log file.
My handset has root privileges, you may be able to view or delete you own log file without root.

Update; the Quidco response to this issue is

..that the android version of the Quidco app is only a test version and this is not meant for use at the moment.

We have not launched the android version of the app so any personal use of this is completely at your discretion as we are currently running our own tests on this to ensure everything is ready before our official release.

If you have any worries or concerns, contact the app developer or read the Information Commissioners Office guides;

Disclosure of personal information
If your personal information has been disclosed in a way that you did not expect you can complain to us.

http://www.ico.gov.uk/complaints/data_protection/supporting_evidence.aspx#disclosure

Security or loss of personal information
If your personal information has been lost or is not held securely you can complain to us.

http://www.ico.gov.uk/complaints/data_protection/supporting_evidence.aspx#security

I’m sure it’s possible a malicious program could be written to extract these details from your log, and gain full access your quidco.com account.
You do use a different username and password for all sites, don’t you?

Google Web and Mobile Search UI Update

June 29, 2011 Leave a comment

The new Google UI is based on 3 key principles, focus, elasticity and effortlessness. You can read more about the three key design principles directly from the official Google blog.

Android

On Android handsets, there is a really nice UI update to the Google Search page, tightly integrating the touch functionality of the handsets.
On launch, the address bar is hidden out of sight, however you can still scroll the page to reveal it. The focus in on Search.

Google Search in Browser

Click more to reveal extra search options – as you click, the screen smoothly scrolls to reveal icons for the more popular search tools, Images, Shopping, Places, YouTube and even Apps.

Select More for Extra Search Options and Apps for Quick Access to Google Web Apps

However, if you choose Search and select Apps, it doesn’t link directly to the new web based Market, nor does it load market app on the handset, instead showing search results with matching App details.
Indeed, choose Apps, and it presents icons for Gmail, but click the limk and it redirects to the Gmail website. So is this new mobile UI  purely superficial?

Even if the new UI loaded the apps on the handset, why would I load the browser, and navigate through to the right page, when I’ve got icons on the homescreen to do that for me?

Apps One Touch or Swipe Away

Unless you’re using the stock browser, you miss out on this over engineered front end. Opera and Firefox display the standard Google mobile search interface.

Web Interface

Google updated their Search user interface for the rest of it’s users to include a nice black bar across the top.

The new contrasting top bar is designed to focus your eyes on the logo – the search bar remains un-noticed and unobtrusive until you actually look for it.
The look and feel of the search results has changed, or feels like it – there seem to be fewer ‘sponsored links’ at the top of the search results.

Flash Player 10.3 Beta 2

April 12, 2011 Leave a comment

Flash Player has been updated to version 10.3 beta 2, (minor build v 180.65,) for 32bit browsers.

Check which version of the plug-in you have installed, and see which is the latest build for your OS / browser.

FileHippo.com

Click to download the latest IE ActiveX plugin, or you might want to download the plugin for Firefox.
I love full direct downloads, perfect for storing on a memory stick. Get your updates for IE or Firefox quickly with these direct download links from FileHippo.com – On the right hand side, just click the green arrow or the Download Latest Version text..

FileHippo.com Download

Add to favourites for future use; the page content updates, but the URL stays the same, so you can quickly find the updates you need..

64 bit Browsers

If you run a 64 bit Firefox Nightly build or the custom 64 bit Namoroka or IE9 x64, Adobe recommend you Download Flash Player 'Square'Download Flash Player “Square” because they still don’t support 64bit browsers.

It’s important to note that you must download the uninstaller too, there is a separate link to it from the download page.
You will need to un-install this preview version manually before you can update to a newer version.

Firefox 4 Beta 12

February 26, 2011 Leave a comment

Click for Firefox 4 Beta site

The Beta 12 of Firefox 4 is now officially available, click the image above or visit the firefox beta site to get it.

Categories: Firefox, Internet Tags:

Firefox 4 beta 13 pre available on Nightly.. Or Not.

February 24, 2011 Leave a comment

The official Firefox 4 beta offering is still at beta 11, but head on over to the nightly build.. and it’s showing as beta 13 pre – so does this mean beta 12 is done, and will be available soon?

Firefox Beta 13 pre on Nightly Build..

Yes and No.. Remember, there is no fixed schedule for the release of Beta 12..
In an statement on the Google group Mozilla.Dev.Planning, Christian Legnitto, Firefox Release Manager, says beta 13 is a versioning bug..

No Beta 13..

Java Runtime Env 6 – Update 24

February 23, 2011 Leave a comment

Java Runtime Environment, or JRE has been updated to version 24.
Click here to check out your Java version

Incorrect Java Version

 

You can directly download the whole install package for both 32 and 64 bit windows versions from FileHippo, or visit the Java website directly to be offered an installation suitable for your OS and language.

 

The Oracle advisory to accompany the release Advises 21 security patches, of which..

19 of these vulnerabilities may be remotely exploitable without authentication, i.e., may be exploited over a network without the need for a username and password.

 

As always, remember to keep your software patched!

Categories: Internet, Patch, Software Tags: , , , , , ,