back to article Bible apps are EVIL says John McAfee as he phishes legal sysadmins in real time

If there's a difference between John McAfee and Eugene Kaspersky in their public speaking behaviour, it's more in their tones of voice than in the paranoia of the message. Perhaps because he's 70 years old (or perhaps because he's practicing a presidential bearing), McAfee speaks more slowly and more quietly than Kaspersky. …

  1. John Tserkezis

    Both apps only available via google play.

    Meaning you have to be Google's bitch before you can get them.

    1. Anonymous Coward
      Anonymous Coward

      http://apps.evozi.com/apk-downloader/

      1. John Tserkezis

        "http://apps.evozi.com/apk-downloader/"

        Er, no. First, somewhere along the line I got that fake bluescreen strongly encouraging me to call the number thoughtfully supplied, when I tried again, when I click 'generate link', it didn't, but it did strongly encourage me to sign up to adf.ly.

        I'm not their bitches either.

        1. This post has been deleted by its author

    2. (AMPC) Anonymous and mostly paranoid coward

      I fear it is too late

      If you have an android, you are already Google's bitch.

      1. John Tserkezis

        Re: I fear it is too late

        "If you have an android, you are already Google's bitch."

        Or maybe not. Google apparently doesn't charge a licence fee for Android, but does make their money from ads. But since I don't see ads, they're not making any money from me.

        However. Rumour has it that Microsoft charges $5 a pop for sections of code, so, if anything at all, I'm actually Microsoft's bitch.

        That doesn't make me feel any better, but at least I'm accurate. Sigh.

        1. Anonymous Coward
          Anonymous Coward

          Re: I fear it is too late

          That app downloader pops up a full page ad in a new window when you click the 'generate' button. If you kill that tab, you're back at the page with the download link ready for you. Could that be what's happening to you there?

  2. Winkypop Silver badge
    Alert

    Thanks Richard, most interesting

    Set non-corporate apps to: delete

  3. DerekCurrie
    Happy

    Conclusion: Don't Allow BYOD Android Devices. Do Allow Non-Jailbroken iOS Devices

    Stick with iOS BYODs. That's the simple message from my POV.

    Reservations:

    1) iOS devices have to be verified as non-jailbroken at the place of business.

    2) Apple has STILL not adequately addressed Wirelurker exploits whereby stolen enterprise developer security certificates can be used to sign malware that fakes itself as another existing application, overwriting the real applications and PWNing the device when the fake app is run by the user. Just this week a new Wirelurker related exploit was made public. It abuses an AirDrop setting to send malware pretending to be a 'photo' to a victim. That malware is automatically installed upon reboot of the device. When the resulting faked app is run, the device is PWNed. Fix this Apple!

    [Note: The AirDrop exploit has been 'mitigated' but not yet patched in iOS 9.]

    ['PWN' = 'Own' = The device is now under the control of a malware rat.]

    1. Grikath

      Re: Conclusion: Don't Allow BYOD Android Devices. Do Allow Non-Jailbroken iOS Devices

      This is not about exploits, but about excessive rights claimed by legitimate, vetted Apps, which can be abused by the less scrupulous. The flavor of your OS/device has preciously little to do with that.

      So if you think your fruity device would be safe, you're prime meat for that particular market...

      1. gnasher729 Silver badge

        Re: Conclusion: Don't Allow BYOD Android Devices. Do Allow Non-Jailbroken iOS Devices

        Again, there is a difference with iOS. If your app needs some permission, you need to convince Apple that you need it. And the choice is between app on the app store, and app not on the app store, so Apple is in a strong position to enforce what's good for its customers. Without that kind of aggressive filtering, the user downloads an app, it asks for permissions that it shouldn't really need, and the user's choice is between using the app and having to go without it. So careful customers have less choice than careless ones.

  4. h4rm0ny
    Black Helicopters

    Paranoid?

    Seems a little harsh. I mean he's right, after all. Another interesting one from his blog that didn't make it into the article above is a conversation he had with a US bank about their app for customers. He asked a spokesperson for the bank why such an app needed permissions to use the microphone and camera and the spokesperson replied quite openly that they get a lot of claims that a money transfer wasn't really done by the account holder when the account holder later regrets what they've done. The bank spokesperson said "if we have a picture of the person using their phone at the time of the transfer or a recording of them joking with friends about how much they're about to spend, then we've got them".

    McAfee is an interesting guy. He'd make a better president than any other current candidate. I wonder how many of the disaffected it's not worth voting crowd could actually get up and vote for him if they wanted to upset things.

    1. Anonymous Coward
      Anonymous Coward

      Re: Paranoid?

      Well, a banking app using the camera is completely justified if they're performing camera-based check scanning for mobile deposits. Just saying.

      1. Snorlax

        Re: Paranoid?

        People are still using cheques? So last-century...

        1. Anonymous Coward
          Anonymous Coward

          Re: Paranoid?

          Yes, some of us still use cheques. They work very well for the purpose they were written for.

          1. h4rm0ny

            Re: Paranoid?

            Who the Hell said anything about cheques?

            1. This post has been deleted by its author

            2. Anonymous Coward
              Anonymous Coward

              Re: Who the Hell said anything about cheques?

              Snorlax, in response to the first reply to your post. I suspect that he, like I, was indulging in a little wordplay.

              Some of us commentards do that from time to time.

          2. Tom 38 Silver badge

            Re: Paranoid?

            Yes, some of us still use cheques. They work very well for the purpose they were written for.

            Which one: delaying a payment, giving the appearance of having paid or giving a huge wodge of cash for banks to use for three days?

            (I once worked as an account clerk for a small company, whenever we paid suppliers I was told to make sure that the cheque was folded smartly in half, because that meant it couldn't be machine processed and so the money stayed an extra day in our account..)

            1. Eddy Ito

              Re: Paranoid?

              Meh, if you track many electronic transactions you'll see that they usually take a few days to fully process as well. The caveat is that not all banks show both the transaction and posting dates. I've even seen a few that took a week. Don't kid yourself into thinking the banks aren't taking a free loan from you for a few days regardless of how it gets handled. Hell, I closed a bank account many years ago when I was told my deposit would take a few days to clear - yes it was a cash deposit.

            2. Anonymous Coward
              Anonymous Coward

              Re: Paranoid?

              "(I once worked as an account clerk for a small company, whenever we paid suppliers I was told to make sure that the cheque was folded smartly in half, because that meant it couldn't be machine processed and so the money stayed an extra day in our account..)"

              You'll find today's check readers can easily handle creases. As for who uses them, mainly firms too small to shoulder the additional burden of electronic bookkeeping (which normally only rates better with volume) or those who are mandated for one reason or another to keep a strong paper trail, complete with physical signatures and carbon copies.

            3. Jonathan Richards 1 Silver badge

              re folding in half

              "Fold, Spindle and Mutilate for personal attention"

              How many people here remember what the items were, that one was told never to 'fold, spindle or mutilate'?

              Edit: bloody search engines make this easy to answer even if you were born (figuratively) yesterday. </grumble>

        2. lybad

          Re: Paranoid?

          Cheques? Of course. Not everybody or organisation is set up to use electronic payments.

  5. jake Silver badge

    Remember back when "office hours" were 9-5?

    Seems to me that "locking down corporate systems" was fairly easy when office work was kept at the office.

    The entire "24/7 mobile office" concept has always been a security nightmare, and always will be. I have never known an actual security bod to sign-off on the cluster-fuck.

    But manglement will have their way anyway, usually so they feel "modern". Data will continue to be lost, stolen or strayed, and whoever is nominally in charge of security will be blamed ... for manglement's lack of clue.

    1. Anonymous Coward
      Anonymous Coward

      Re: Remember back when "office hours" were 9-5?

      When global commerce became the norm, the 9-5 workday disappeared. After all, events that happen literally halfway around the world may have a major (and more importantly, immediate) effect on things back home, and if you're asleep at the wheel, your competition won't, and by the time you wake up it's already too late: Bed is for the Dead.

      1. jake Silver badge

        @AC "31 mins" (whatever that means, ElReg (wasRe: Remember back ... ))

        "When global commerce became the norm"

        How long ago was it not the norm? Long before computers existed, Shirley?

        "Bed is for the Dead."

        And dumbasses aren't into long-term investments, rather they twitch at any sign of the market changing, thus contributing to those changes. Me, I sleep quite soundly, quite content that my finances are healthy and have been for about thirty years.

        1. Anonymous Coward
          Anonymous Coward

          Re: @AC "31 mins" (whatever that means, ElReg (wasRemember back ... ))

          "And dumbasses aren't into long-term investments, rather they twitch at any sign of the market changing, thus contributing to those changes. Me, I sleep quite soundly, quite content that my finances are healthy and have been for about thirty years."

          And these are the kind of people who suffer the most when things disappear overnight. Once upon a time, aluminum was considered a precious metal. Then electrical smelting was invented and POOF! Base metal in the 19th-century version of overnight.

          1. jake Silver badge

            Re: @AC "31 mins" (whatever that means, ElReg (wasRemember back ... ))

            "And these are the kind of people who suffer the most when things disappear overnight."

            I have an acquaintance who is a so-called "day trader". It's the only "job" he has. He made around $45,000US over the last year or so. In the recent global financial issues, he lost nearly $200,000US, selling as the bottom dropped out of the market. Me, I held tight. He's down nearly 80%. I'm only down 5%, as of today, and climbing. He spends a minimum of ten hours a day staring at his investments. I take an over-view once a week or so, and a more close look monthly. Twitch, puppies, twitch!

            "Once upon a time, aluminum was considered a precious metal. Then electrical smelting was invented and POOF! Base metal in the 19th-century version of overnight."

            Bad example. Aluminum (Aluminium to you Brits) was an expensive curiosity, not a serious investment metal ... until the Hall-Héroult process, that is. Alcoa made a fortune on it AFTER it became cheap and easy to produce. Kind of an inverse of Holland and tulips in the mid-1630s, when you think about it ;-)

  6. K

    John McAffee.. The man, the legend..

    Come on John don't get all serious on us now.. Your antics are the only thing that have kept me sain over past 3-4 years!

    1. LucreLout

      Re: John McAffee.. The man, the legend..

      As I said to my new boss recently: If you can't work for a genius like Gates or Jobs, then work for a genius like McAffee, at least it'd be fun.

  7. thames

    Definitely a Need for Security

    There's definitely a need for better security. I can't realistically see mass market consumer phones of any description filling this need though. There's just too much contradiction between "convenience" and "security". That pretty much rules out Apple, standard Android, and Microsoft (if they want to be more than just a minor niche player).

    It really needs a specialist who will be satisfied with a small single digit market share, but who will sell a handset built for security and also offer a server and management system with end to end security. If it runs most of the common serious apps but not the games or "crap apps" (e..g. a million and one flash lights), then that's fine.

    Oh wait, there's already someone who does that, and their name is Blackberry. They just need to bin the QNX OS and sell handsets based on a customised version of Android. They can sandbox apps so that they don't get unnecessary permissions, or they can give them access to "fake" ones like dummy e-mail boxes.

    Then sysadmins can just buy phones off the shelf which come already "locked down" instead of sweating over how to do it themselves (and doing it wrong). Forget the BYOD, business only goes through the business phone.

    If not Blackberry, then someone else. However, it would need to be a small to mid-size company who focusses on this and only this. Larger companies wouldn't keep focus since they would need a larger market share to justify their overheads. It needs to be a security specialist who focuses on the business market and who has no ambition to sell to the general consumer market. They need to be big enough to have global presence, but small enough to not lose focus. They also have to be willing to license out their server back-end software to larger customers so that there's no single central "cloud" infrastructure for the NSA (or GCHQ or whoever) to get their grubby little fingers into.

    I can't really see any other solution working.

    1. Anonymous Coward
      Anonymous Coward

      Re: Definitely a Need for Security

      "If not Blackberry, then someone else. However, it would need to be a small to mid-size company who focusses on this and only this. Larger companies wouldn't keep focus since they would need a larger market share to justify their overheads. It needs to be a security specialist who focuses on the business market and who has no ambition to sell to the general consumer market. They need to be big enough to have global presence, but small enough to not lose focus. They also have to be willing to license out their server back-end software to larger customers so that there's no single central "cloud" infrastructure for the NSA (or GCHQ or whoever) to get their grubby little fingers into."

      The problem is that the moment you TOUCH these countries, the TLAs and FLAs will want to get their hands on you, and the only countries big enough to withstand such a push will themselves have a vested interest in the information. So basically, no matter where you go you're screwed if you want to deal with any companies worth pursuing.

  8. Anonymous Coward
    Anonymous Coward

    Just as well the permissions model is changing in Android 6 so that they are requested when actually used and can be denied permanently. About time. Too late for those with phones that will never be updated of course.

    1. Charles 9 Silver badge

      And in any event, these do nothing for apps that can do "side business" with the apps they have to use anyway (like with the camera bit for, say, a barcode scanner or a chat app). Android M is unfortunately going the wrong direction with regards to this new permission model: simplifying rather than adding more specific permissions so that, say, the front camera is a different permission from the back camera.

  9. mcneuman

    Bible apps?

    I have several bible apps on my phone, not a single one of them has permission to use my camera or my microphone.

    1. Hairy Airey

      Re: Bible apps?

      Same here - Nicky Gumbel's Bible in a Year app is updated daily so needs network access. That's pretty much it - network access for updates (not to the text I hope - just the app!)

      I sense a man who is envious of Focus on the Family's 220 million audience. He's picked an easy target - probably to draw attention away from himself. Perhaps he should consider a career as a spy?

      1. jake Silver badge

        Re: Bible apps?

        Hairy Airey muses: "(not to the text I hope - just the app!)"

        Out of curiosity, why do you think that your favorite variation of an Xtian cult's version of biblical text is the correct one? I can think of at least a dozen variations off the top of my head, and that's just the English translations!

        Organized religion is a virus all by itself, IMO.

        1. Hairy Airey

          Re: Bible apps?

          That's pretty off topic - I suggest you do some actual research you'll find that the New Testament is the most accurately copied book in history because of the number of available manuscripts. Homer's Iliad has 643 and I think the figure for the New Testament is over 30,000. If you're taken in by the media stories that the truth of the Bible hangs on a single bit of evidence then you truly are a mug. I recommend Josh McDowell's books. He was a skeptic who set out to disprove Christianity and couldn't.

          1. Anonymous Coward
            Anonymous Coward

            Re: Bible apps?

            Thing is, what we read is still a translation (the Old Testament IIRC was originally written in Hebrew and the New Testament in Greek), and things can get lost in translation. Like that thing in Leviticus concerning...now was it homosexuality or pederasty? How can we be so sure things didn't get lost in translation?

            1. jake Silver badge

              Re: Bible apps?

              "the Old Testament IIRC was originally written in Hebrew"

              And Aramaic, with a little Koine Greek, in modern variations of "Old Testament".

              "and the New Testament in Greek"

              Koine Greek, to be specific, with a little Aramaic thrown in for spice.

              Absolutely zero percent of modern Xtians can read the book that they claim to be "holy" in the language that it was initially written in. There is a reason that early Xtian leaders referred to their congregations as "flocks" ... Sheeple, the lot of them.

              1. Charles 9 Silver badge

                Re: Bible apps?

                "...with a little Koine Greek, in modern variations of "Old Testament"."

                I think that refers to the Septuagint, which when put together with the New Testament basically gives you your earliest combined Bible in a unified language. Thus it's AKA "Biblical" Greek: the language of tradition for the Greek Orthodox Church.

          2. YetAnotherLocksmith

            Re: Bible apps?

            That's very cute. Hope you don't work in IT, do CAD, or manage anything else where having the correct copy is essential.

            "Accurately copied" vs "30,000 versions of manuscripts"? (Your words.)

            Because that's called "amalgamation" and is a long, dangerous way from version control.

          3. jake Silver badge

            Re: Bible apps?

            "That's pretty off topic "

            You brought the subject up, Hairy Airey

            ."I suggest you do some actual research you'll find that the New Testament is the most accurately copied book in history because of the number of available manuscripts."

            You are wrong, Hairy Airey. Compare and contrast any four "mainstream" variations. (As a side-note, I take it that you don't believe in the Old Testament?)

            "If you're taken in by the media stories that the truth of the Bible hangs on a single bit of evidence then you truly are a mug."

            Which of the Gospels truly reported the last words of Christ? Matthew, Luke, and John each record a different story. They can't all be correct. Mark was silent on the subject.

            "He was a skeptic who set out to disprove Christianity and couldn't."

            You can't disprove a belief. All you can do is point out the illogic behind the myth.

            1. Anonymous Coward
              Anonymous Coward

              Re: Bible apps?

              "You can't disprove a belief. All you can do is point out the illogic behind the myth."

              Even if you can demonstrate the belief is paradoxical?

              1. jake Silver badge

                Re: Bible apps?

                "Even if you can demonstrate the belief is paradoxical?"

                Doesn't work with faith/belief. Consider that most religious systems insist on the belief that gawd/ess/es is/are all-powerful.

                Now consider the late, great George Carlin's simple question: "If god is all-powerful, can he make a rock so big that he, himself, can't move it?" Thus, logically, the very concept of an omnipotent being is pure bullshit. Hasn't shifted the opinion of any of the faithful, now has it?

                Near as I can tell, religions were invented by, and are perpetuated by, the ruling class to keep the rubes in their place.

                1. Anonymous Coward
                  Anonymous Coward

                  Re: Bible apps?

                  "Now consider the late, great George Carlin's simple question: "If god is all-powerful, can he make a rock so big that he, himself, can't move it?" Thus, logically, the very concept of an omnipotent being is pure bullshit. Hasn't shifted the opinion of any of the faithful, now has it?"

                  As I recall, he wasn't the one who came up with the question, which is just a single-entity variant on the "contradiction" question: What happens when the irresistible force meets the immovable object? or What happens when a spear that can break any shield meets a shield that can block any spear?. The only answer anyone's been able to come up with is, "Who the ____ knows?" So its not so much a test of faith but rather a conundrum of logic that has no simple answer. A better question to ask is, "If God is both all-good and all-powerful, why does evil exist?" The logical reasoning leads to the idea that God cannot be BOTH all-good AND all-powerful: one or the other cannot be true if evil exists (yes, even if you argue that God LETS evil exist, then he's not ALL good).

  10. Anonymous Coward
    Anonymous Coward

    Hello,

    It is kind of Mr. McAfee to raise awareness of the problems that occur with excessive app permissions, as well as offer a solution to the problem he has described.

    While I have no doubt that his programs work as advertised, it is important for enterprises to keep in mind when developing (or updating) their BYOD policy that first and foremost policies have to be ones that users will follow. If not, users will look for ways to bypass it.

    Keeping unwanted and insecure apps off of smartphones is the proper role of a mobile device management (MDM) policy. All manufacturers and carriers provide some level of MDM functionality today whether it be over-the-air or on-prem.

    There are also plenty of MDM tools available for Android, Blackberry, iOS and even Windows Phone, sometimes for free from the OS vendor and sometimes as part of existing third-party management tools.

    Mobile device management also provides additional benefits beyond securing at the app perimeter, such as encryption, being able to remotely wipe corporate data and apps while leaving the user's personal data and apps intact and so forth.

    While it is becoming more and more important to keep insecure apps off of smartphones, it is also important to remember that for enterprises, a smartphone's to provide rich access to corporate data can also benefit attackers as it does end users. Given their inherent portability and increased likelihood that an attacker may have access for an extended period, it makes sense for each organization to assess their own levels of risk and provide properly-nuanced management tools to ensure their smartphones are business productivity tools, not Trojan Horses.

    Kind regards,

POST COMMENT House rules

Not a member of The Register? Create a new account here.

  • Enter your comment

  • Add an icon

Anonymous cowards cannot choose their icon

Biting the hand that feeds IT © 1998–2022