Dec. 7th, 2012

jducoeur: (Default)
I just got an email that is clearly from some random spammer, asking for permission to share my spreadsheet "Wedding Stuff". This is the spreadsheet Kate drew up, that outlines the Wedding App that I have to have ready in Querki by April. (Yes, our wedding invitations have a spec. This simply demonstrates that we are well-suited to each other.)

That's not the disturbing part -- I expect random spammers to request random stuff all the time. What's disturbing is that it was even *possible* for him to request this. I mean, this is a private document in Google Docs, shared with nobody except Kate. Nobody else should even be able to see its existence, much less request access to it. So in principle, this email shouldn't have even been possible.

For now, I'm going to be optimistic, and guess that the spammer is simply plugging random numbers into an API -- not targeting any particular documents, just scatter-shotting requests in the hopes that some people will be dumb enough to grant access to something with personally identifying information. (Which, sadly, will probably work.) That wouldn't be *too* big a security hole. (Certainly not as bad as the possibility that Google is actually leaking the structure of my document tree.) But even that is somewhat sadly careless: as this particular phishing scam demonstrates, this approach does make it too easy for the bad guys to do something nasty.

The moral of the story is a basic security principle (which I should remember myself for Querki): simply knowing an object ID shouldn't allow you to do *anything* unless that object is fully public...
jducoeur: (Default)
I'm going through today's haul of news articles trending on LinkedIn, and pondering this article on VentureBeat. The main point is the familiar one, that mobile devices are taking over the world. But it occurs to me that they may actually be underestimating the effect.

I was particularly struck by this quote:
Mobile devices now account for 13 percent of worldwide Internet traffic, up from 4 percent in 2010.
But what does "traffic" mean? Not all traffic is created equal.

I'm especially thinking about the fact that this article is, itself, absolutely *surrounded* by junk when I read it on my desktop. There are ads, links to other articles, a survey, social-networking connections -- all sorts of crap that is almost entirely uninteresting to me. I'd bet that that junk makes up 90+% of the bits on the page. Mobile sites, by comparison, tend to be leaner if they are well-designed -- on a small screen, you just *can't* have all that junk taking up space.

So here's the question. If mobile traffic is 13%, but is much more content-focused than desktop traffic, what percentage of actual *information* is going over mobile? It seems certain that it's more than 13%; I'd be fascinated to see a study that tries to suss out actual numbers...

Profile

jducoeur: (Default)
jducoeur

June 2025

S M T W T F S
12 34567
891011121314
15161718192021
22232425262728
2930     

Most Popular Tags

Style Credit

Expand Cut Tags

No cut tags