Thursday, 13 August 2015

Learning from mistakes

Learning from mistakes, I was raised in the firm belief that this is a fundamental concept of mankind to acquire knowledge. The canonical example:
  • Kid is told not to touch the hot plate because it's too hot.
  • Kid touches it anyways.
  • Kid burns his fingers.
  • Kid realises the mistake she just made.
  • Kid cries in pain.
  • Kid does not touch the hot plate again.
When and why did the corporate world un-learn this concept? A recent ludicrous example (links only in German, sorry). Some of you may use a Motorola Moto G phone, praised for its very good bang-for-the-buck-ratio. Unfortunately for some users, it does not come with a charger for a standard power outlet.
Last year, a few German discounters wanted to close this gap and just bundled a cheap charger with the Moto G. Too cheap, as it turned out, because the damn thing was prone to dangerous overheating and was subsequently recalled. "That happens", you might say, and you may be right.
This year, German discounters sell the successor of last year's device, the Moto G (2nd gen.), and, again, this device does not come with a charger for a standard power outlet. Again, the discounters wanted to close the gap and bundle a cheap charger with the Moto G (2nd gen.). I am sure by now you see it coming. A few days ago, these chargers have also been recalled because of - you guessed it - overheating issues. Good old friend Spock would probably right now raise his eyebrow and make his trademark statement: Fascinating.

Sunday, 9 August 2015

Fasten you seat belt Dorothy, 'cause your PDF is going bye-bye

You may have heard of this already, because it is already a couple of days old, and probably you have already received a security update that patches the vulnerability that allows Firefox's built-in PDF reader to read any file that you have access to, but the fact that an exploit for this has been spotted in the wild last week chills me to the bone. We all use web browsers, on a daily basis I guess, and many developer hours go into making them such that remote sites cannot, under any circumstances, break out of that sandbox the browser provides to a web app. The fact that a malicious PDF file can be used to read any file I have permission to tells me something in that area went terribly wrong. Since it is unlikely that this is the last such vulnerability to be discovered and used against the users, you should always keep reminded that the only reason nothing evil has happened to you so far is that most of the time you are browsing sites that don't want to do anything evil to you.

Saturday, 1 August 2015

It's Android's media lib again

News about one of my favourite pieces of horrible horrible terrible horrid software: Android's built-in media management has the wonderful capability of rendering your favourite phone pretty useless, just by placing a broken mkv file somewhere onto said device. The flaw has been reported to Google three months ago, but of course no fix in sight. Great. Just great.

Be sure to make everything wifi-enabled, and be sure to screw up

There seems to be a widespread obsession nowadays to make everything "smart", which, in many cases unfortunately is nothing more than a bloated management buzzword for a wifi connection. Of course, as you would naturally expect, in 99.99999975% of all cases, the vendors screw it up, allowing random third parties to do virtually anything with the device by accessing one of their countless remote exploits. This funny case, brought to my attention by my dear friend Daniel, reports a remote hack of a wifi-enabled rifle to shoot targets at the will of the remote attacker.