Insights For Success

Strategy, Innovation, Leadership and Security

IOS

Install IOS Update 10.3.3

GeneralEdward KiledjianComment

As mentioned in my various articles, keeping your operating system and applications updates is a critical component to good overall security. 


Apple released IOS 10.3.3 yesterday, and amongst all of the bugs it fixes, there is one nasty security vulnerability that justifies installing it now. Right now. Do it. I'll wait. Come on, we don't have all day. 

Put Apple's banal sounding description aside for a second ("A memory corruption issue was addressed with improved memory handling".) This vulnerability comes from the Broadcom BCM43xx wifi chipset (CVE-2017-9417) and allows an attacker to execute code on the targeted device with kernel privileges.

To be clear, millions of Android smartphones (e.g. HTC, LG, Nexus and most Samsung devices) are also vulnerable to the BroadPwn vulnerability. 

Google also issued the BroadPwn fix in its July patch bundle (you are receiving the security updates for your phone right?)

Secret to a 3 minute better you

GeneralEdward KiledjianComment

Why continuous improvement is important

Companies have competitors, but so do employees. There are others that can do your job, the questions is who can do it better. Continuous development through education (formal and informal) is the only way to keep and and hopefully move ahead. Moving ahead means you gain unique differentiating qualities that hopefully will lead to promotions, better compensation and maybe lead to the job you've been dreaming of.

By improving who you are, you gain the ability to deliver better services to clients, your company, colleagues and friends. A true professional is always striving to become better so that they may serve their entourage better. It increases the value you deliver to others and it increases your value.

ipsa scientia potestas est - aka Knowledge is power
— Sir Francis Bacon

Continuous improvement is important both in your professional space and your personal one. You need to become better at what you do (your chosen profession) and who you are (your ability to handle different situations and make the best possible decisions). Sure in good times, better knowledge could lead to promotions but in bad times, it could be the difference that helps you keep you job. 

So continuous personal development improves knowledge, skills and ability. At the same time it strengthens confidence and many times this new calm, cool confident you results in you being more relaxed (even in though situations) which means it improves your well-being.

The bank can take your house or car but they cannot take away your knowledge. What you learn is yours to keep and will benefit you your entire life. An investment in yourself is the best investment you can make.

The 3 minute secret

The biggest complaint I hear from people is that they want to learn and improve but they just don't have the time

Time is one commodity we can't buy or make more of. So in the spirit of helping you improve without consuming large amounts of your personal time, I present to you the GetNugget.co app. It is a small and simple iPhone & Android app that distills the wisdom of thousands of well reviewed books into small easy to consume information snippets.

They have thousands of books grouped in these categories:

  • Biographies
  • Business
  • Business Strategy
  • Creativity
  • Health & Happiness
  • Leadership
  • Management
  • Marketing
  • Money
  • Our Journey
  • Personal Development
  • Sales
  • Science
  • Startups & Entrepreneurship

When you open the app the first time, you are asked to chose categories that interest you.

Then you are presented with books of interest.

When you chose a book, you get the nuggest for that book.

When you click on a nugget, you get the full screen view.

And all of this for free. So go download it now and become smarter.

The best lightning cable for your IOS products

GeneralEdward KiledjianComment

Like it or hate it, one thing we can all agree on is that Apple's in-package lightning cables are horrible. They are weak and usually become frayed and unusable within months. 

First stay away from the cheap Chinese knockoff cables. Every MFI (Made For Iphone) certified cable comes with a special (in cable) authentication chip. Chipworks has a good write up about this secret chip. This is why many of the cheaper lightning accessories and cables you buy on Amazon, eBay and AliExpress, turn out to be useless junk.

Over the years, I have found that certain higher quality cables (micro USB style) are able to transfer data more reliably or support faster charging. Not so with lightning. It turns out that all MFI certified cables I have tested have been about the same as it relates to data transfer speed and charging speed.

So the real deciding factor is the durability of the cable. So over the last several months, I have been real world testing dozens of lightning cables from name brand companies. I wanted to see how they would hold up to the rigours of rough use:

  • threw them in my work bag
  • used them to charge via battery while in the pocket of my winter jacket
  • user them to charge while in the car
  • swung them with the phone attached
  • crunched them and tightly packed them in jeans pockets
  • etc

You get the idea.

The one cable that came out on top was the Anker PowerLine lightning cable. It is competitively prices, MFI certified, it can charge all IOS devices at full speed (except the ipad pro) and it super durable. 

The tips are encased in a solid plastic housing and a nice rubbering joint between the cable and the connectors. 

Anker claims the cable is reinforces with kevlar fibers which is impossible to prove but the cables do feel solid and very sturdy (compared particularly to the Apple, Monoprice and Amazon basics ones). Now before anyone emails me, there are other more durable cables but these typically cost so much, they are not even being considered by the average consumer. Remember that this is a review for a consumer and not one for a product used in an industrial setting where $50-75 is considered acceptable.

The Anker Powerline lightning cables fit comfortable through the opening of various cases including the original Apple ones, LifeProof, Rhinoshield and any other one I threw at it. This is an important consideration and a major win for Anker.

As a sanity check, I read reviews on major online retail sites and comments were overwhelmingly positive. 

You can find these lightning cables almost everywhere so grab a couple. You'll be glad you did.

 

Will your Android phone allow someone to hack you?

GeneralEdward KiledjianComment
Image by  Jared Tarbell  used under creative commons license

Image by Jared Tarbell used under creative commons license

When a new undisclosed (0 day) vulnerability is used to hack a target's device, the media jumps all over it and create a small panic. Government intelligence and organized crime are always looking for new creative ways to break into target devices and are willing to pay top dollar for new unknown hacks. Vulnerability brokers (companies that are willing to sell 0-day vulnerabilities) are paying to dollar for these rare and very in demand weaknesses. Zerodium is now paying $1.5M for a good complete IOS attack.

Although these are troubling, the truth is the majority of attacks (and malware/virus') still exploit time tested and patchable vulnerabilities. This is why keeping your computer, smartphone and tablet operating system/apps updated is so important.  This is one of the reasons Microsoft switched to an automatic forced update model with Windows 10.

Apple's products are opaque and I do not believe in security through obscurity. I wish they allowed for more scrutiny of their mobile products but when something is discovered, they release updates very quickly and make it immediately available to all supported devices worldwide regardless of the carrier it was acquired through. 

This is one of the chief complaints against Android. Most Android devices are never updated once they ship and the ones that do receive updated typically get them slowly and infrequently. Check out the Android Platform distribution statistics:  

Only 0.3% of Android devices support the latest version (Android 7.0 Nougat) 1.5 months after release. On the IOS side, 60% of devices had updated to IOS 10 a month after release.

Only 0.3% of Android devices support the latest version (Android 7.0 Nougat) 1.5 months after release. On the IOS side, 60% of devices had updated to IOS 10 a month after release.

Even top tier manufacturers like Samsung (Note 7 issue notwithstanding) only update their most recent flagship products and that is if your carrier decides to allow it. 

Right now, as I write this, I have an Apple iPhone 6s Plus and and Google Nexus 6P sitting next to me. I  love android and find many of the features in the most recent Nougat release better than comparable Apple features. Don't call me an Apple fanboy or Google hater. The moral of the story is you shouldn't buy any Android phone where the manufacturer has not committed to delivering (quickly) the OS updates and the monthly security releases

As it currently stands, the only android products I can recommend are those sold directly by Google (Nexus or Pixel).

Buy an unlocked Nexus or Pixel product directly from Google to make sure you receive all of the updates quickly. 

Questions

Q A question I will likely receive is what about [insert brand / model here]?

A I expect emails asking me about the OnePlus 3, ZTE Axon 7, HTC 10, LG V20, Motorola Moto Z, etc. None of these manufacturers have committed to providing the OS and security updates quickly. The answer therefore is no. I love the price / quality proposition of the ZTE Axon 7 and the OnePlus 3 but without a commitment to updates, its a no go for me.

Q. Aren't iPhones more secure?

A iPhone's are slightly more secure because of the way the operating system is designed and applications are sandboxed. This doesn't mean it is unbreakable and the attempted hack of Saudi human rights activist Mansoor proves it( Read this article by CitizenLab

Both platforms can be used safely if you ensure you don't break their built in security (rooting on Android and Jailbreaking on iPhone) and you ensure you only download "real" apps from the official app stores. 

A. What else can I do?

Q In addition to using the "right" device, it is important to think about your privacy and security. Use the right apps for the right job.

  • Use encrypted communications apps like Signal. Signal's encryption has been reviewed by leading cryptographers and has been given a big thumbs up.
  • When browsing the web, use Tor to protect your identity (easier on Android) with a browser like OrFox. You can even configure Facebook and Twitter (on Android) to use Tor via OrBot.
  • Every picture taken with a smartphone contains "hidden" information called Exif information. This is information like the type of camera used, the settings used to take the picture, etc. It also contains the GPS coordinates of where the picture was taken. If you send this to someone, they can extract this information and use it to pinpoint the location the picture was taken. Send it to a social media site and they will start building a travel pattern of you. Make sure you remove EXIF information, using an app, before posting. There are tones of apps, just search the app store.
  • Uninstall apps you no longer use. Remember that apps are sometimes sold and the new buyer may push out an update that adds unwanted features "like tracking or recording". If you no longer use an app, get rid of it.

How Android N will save you money on your monthly data plan

GeneralEdward KiledjianComment
Image by  Gord Webster   used under creative commons license

Image by Gord Webster  used under creative commons license

Android N (Nougat) has a handful of new very useful features but nothing catches my attention like a feature that can save you cold hard cash. This witchcraft is a result of a feature called Data Saver. 

One thing most mobile carriers are good at is charging you top dollar for any data overage you incur. This is true whether you are at home and especially abroad. It is true whether you are in Canada, the US or Hong Kong.

Most of the time users don't realize they busted their data cap until it's too late. Overage can happen because of excessive streaming (music or movies) but it can also happen because some apps aggressively update data in the background without you realizing it....

Google wants to help you tame the data monster intelligently. Instead of just reporting on data usage or cutting off data at a certain threshold, Data Saver can prevent background processes from downloading data when on a metered connection. 

Data Saver is a feature that users will have to enable but luckily it isn't an all or nothing option. By turning it on, it prevents almost all background apps from consuming metered data but you can add apps to a whitelist if you want.

There are some apps, by their very design, that must connect in the background to function (think of instant messaging apps, VOIP, etc). For these special cases, developers will be able to ask the user to be added to the whitelist during installation. 

Hopefully developers will make these Android N (Nougat) changes intelligently and modify the operation of their apps to minimize background data usage when they detect Data Saver is enabled but they are granted a slot on the coveted whitelist. Unfortunately we'll see some lazy developers just ask for the permission then continue as usual and hopefully users will uninstall those apps sending a strong signal to the developers.

As a Canadian, I am envious of my american friends on one of those beautiful Sprint or T-Mobile unlimited plans. They can ignore this new feature and continue guzzling huge amounts of glorious data.  For the rest of us, we should turn this feature on immediately. 

My main phone has been an iPhone since the iPhone 3G days (even though I always have other phones available). Until recently, IOS was still superior to Android but not anymore. With the latest changes introduced by Google in Android N (Nougat), I truly feel Android has become a more cutting edge platform and Data Saver is a clear example of that. Hopefully most of you are on devices that will eventually receive Android N. 

I can already see the emails flying in asking what devices will be upgraded. We won't know for sure until a manufacturer publishes a statement but here is my bet:

  • Samsung - Expect most devices since the Samsung Note5/Galaxy S6 to eventually get updated.
  • LG - LG G5 is probably the only one
  • Motorola - All 2016 devices will get upgrade and probably the 2015 Moto G
  • OnePlus - Expect the OnePlus 3 to eventually get updated but don't expect it soon. My guess is sometime mid next year.Don't expect other OnePlus devices to receive Android N
  • ZTE - The ZTE Axon 7 seems to be a huge hit (I'm trying to get one to review). I expect it to receive an Android N update but like the OnePlus 3, I wouldn't expect it soon