Link

Major Qualcomm chip security flaws expose 900M Android users

Major Qualcomm chip security flaws expose 900M Android users:

Qualcomm makes chips for the majority of the world’s phones, holding a 65 percent share of the market. Most of the major recent Android devices are expected to be affected by the flaw, including:

  • BlackBerry Priv
  • Blackphone 1 and Blackphone 2
  • Google Nexus 5X, Nexus 6, and Nexus 6P
  • HTC One, HTC M9, and HTC 10
  • LG G4, LG G5, and LG V10
  • New Moto X by Motorola
  • OnePlus One, OnePlus 2, and OnePlus 3
  • Samsung Galaxy S7 and Samsung S7 Edge
  • Sony Xperia Z Ultra

Three of the four holes have already been patched, with a solution for the fourth on the way. However, most users are at the mercy of their handset manufacturers if they want these patches applied. Owners of Google’s Nexus devices have already had patches pushed to their phones, but other manufacturers have historically been less interested in patching flaws found in their devices after release.

In many cases these updates will never be released, leaving people permanently vulnerable to this very, very, very serious vulnerability. But hey: at least it only affects around 12-13% of the world’s population. Maybe phone manufacturers and cellular carriers will actually promptly act to protect their users when closer to 20-35% of the world population is affected by the next Android vulnerability…

An oil spill recovery vessel ran aground en route to a federal announcement on oil tanker safety in Vancouver on Monday, officials have confirmed.

The vessel was making a 12-hour trip from its base in Esquimalt to Vancouver for a tanker safety announcement by Federal Transport Minister Denis Lebel and Natural Resources Minister Joe Oliver when it struck an uncharted sandbar near Sandheads at the mouth of the Fraser River near Steveston.

Wow okay I feel safer already and would gladly welcome more large oil tankers in an inlet or strait near me. (via jakke)

Just…wow. I can only picture delivering the news to the Minister, and watching his face twitch upon learning about this particular PR fubar.

Aside

Ubuntu’s Privacy FUBAR

The EFF has a particularly good accounting of how the most recent changes to Ubuntu are intensely problematic from a privacy perspective. Specifically, performing local searches will (and does) leak information to third-parties such as Facebook and Amazon. Though not explicitly mentioned, remember that in many jurisdictions if you ‘give up’ or ‘abandon’ information to third-parties then you often lose considerable (legal) privacy protections. As such, Ubuntu’s decision to leak data to third-parties whenever users perform local searches on their computer could have significant implications for Ubuntu users’ legal protections concerning personal search information. If Microsoft or Apple did something similar then there would almost certainly be complaints filed to federal bodies: will similar reactions emerge from the Linux and Ubuntu communities?