Finally lifted my head from a busy day deeply involved in some hot to-do's for a client and took a peek at the news of the day. Since I didn't do a good job having a "real" blog post ready in time to post today and since these items are of interest to me I'm going to try and make them of interest to you.
Also noteworthy is that this is the first blog post I'm crafting entirely on my recently acquired Chromebook Pixel. I'll be discussing that more in a future post.
News Item 1: Google Sells Motorola Mobility to Lenovo
Not really a surprise as this always seemed to me to have originally been a purchase to get at the patents to protect Google and their other Android using partners. They are sending off Motorola hardware bits to Lenovo with a nice tail wind of recent and well received devices. I certainly hope Lenovo builds on the successes here and leaves what seems to be working nicely well enough alone.
News Item 2: Twitter Hack & Two-Factor Non-Factor
This is a long article and not all of it is all that interesting, but it does resurface the issue of the vulnerabilities of humans attempting to authenticate other human beings. The hacker in this case worked themselves through an increasingly familiar chain of services phone support personnel working standard social engineering tactics. It is long past time that companies (and it is always the same group of companies or is it just me?) need to develop a better procedure for validating a customer over the phone.
My apologies to my friends at IDology and other "generate questions from public database" companies, but asking these ridiculous questions about what my car payment is or what address I lived at back in the 80s is not the way to go. The information is too easy to get at if you've worked yourself up the chain of services such that you have all the information you need when you get to that point.
Oh, and asking for the last 4 digits of a credit card is just plain ol' moronic. These are the digits that don't even get masked on receipt printouts for cryin' out loud!
What would be better? Well, let me tie into the comment in the article by the hackee that even 2-factor authentication wouldn't have helped. Really? I have two-factor turned on with service X predominantly for use on the web, but guess what? That same two-factor authentication method will work just fabulously over the phone! They can ask me and I can tell them the one-time code. That causes anyone angst giving a customer service rep a code that is also used to authenticate me for login, then have me type the code in on the keypad and have the phone system which is listening ("your conversation may be recorded...") merely give a "yup that's the right guy" response to the customer service rep.
Anyway, as you can tell this one really punched a couple hot buttons with me!
Hurray, Hurray, Hurray! Samsung makes great devices and is doing some interesting things with camera hardware and other cool little things that I'd love to have. Problem is that having used their CheezWhiz UI and the plain Google Android UI, I want no Cheez!
It isn't just the UI, but also their custom Samsung apps. They are not good. I am not alone as you can see from this quote lifted from the article:
In his Galaxy S4 review , Re/code’s Walt Mossberg wrote, “I found Samsung’s software often gimmicky, duplicative of standard Android apps, or, in some cases, only intermittently functional.”
I'm thrilled to hear Samsung is moving toward more stock Android and only time will tell if it turns out to be true. The sooner it is, the sooner it is likely I'll buy another Samsung device vs. my current commitment to all Nexus devices, all the time.