Forgot your password?
typodupeerror

Comment: Re:the hard way (Score 1) 87

by farble1670 (#47757289) Attached to: Researchers Hack Gmail With 92 Percent Success Rate

Clue tip. just because someone has or is working towards a Phd, is head of a company, and so on, don't assume they are clever or smart. judge by the content. in the real world, simpler is better. i assume that applies to the world of digital attacks as well.

the article discusses a very convoluted and complicated way to perform a phishing attack. the point is you don't need to know anything more than the foreground process. e.g., run the "bank of whatever" app. when the login screen comes up, run your app and see that the activity is "com.bank.LoginActivity". now your phishing app watches for that, and inserts it's fake login screen on top of that. simple and effective. doesn't rely on spurious metrics from the device that are going to vary based on the device, other processes, and so on.

  the article takes something simple and makes it needlessly complex. i guess that's fine for thesis. the point of which isn't necessarily practicality but doing something in a novel way.

Comment: the hard way (Score 2) 87

by farble1670 (#47733937) Attached to: Researchers Hack Gmail With 92 Percent Success Rate

TFA article isn't much more than an academic exercise. practically what they are doing makes little sense. if you want to know the foreground process, you don't have to look at shared memory and fingerprints. do this,

ActivityManager am = (ActivityManager) AppService.this.getSystemService(ACTIVITY_SERVICE);
RunningTaskInfo foregroundTaskInfo = am.getRunningTasks(1).get(0);
String foregroundTaskPackageName = foregroundTaskInfo .topActivity.getPackageName();
PackageManager pm = AppService.this.getPackageManager();
PackageInfo foregroundAppPackageInfo = pm.getPackageInfo(foregroundTaskPackageName, 0); ...

that's it. start a service that queries this every 500ms or whatever. or, use this in conjunction w/ the shared memory "UI state change" trigger TFA article discusses. you now know the foreground app, activity, it's name, it's unique identifier, it's icon, everything.

this requires the android.permission.GET_TASKS but someone that's going to fall for a phishing attack isn't going to be aware enough to note that permission either.

Comment: summary (Score 4, Informative) 87

by farble1670 (#47733001) Attached to: Researchers Hack Gmail With 92 Percent Success Rate

basically, a well-timed phishing attack.

1. in android, you can detect when the UI state changes (a new activity, or screen is brought to the foreground) by looking into a shared memory channel. this tells you nothing else other than that the UI state has changed.

2. you can build a "fingerprint" of a particular UI state change based on CPU utilization, network activity, process list, or possibly other things when the state change occurs. you can use this, plus #1 to know when *specific* UI state changes are occurring.

3. if you have managed to get a malicious app installed, and you know when a specific UI state change is occurring, the malicious app can impersonate the real UI state change, fooling the user into entering sensitive information.

Comment: Re:Hash Collision (Score 1) 790

Make the sender, subject and body look like spam so they won't open the file and you could probably ruin somebody's life quite thoroughly.

sigh. if it was really that easy, don't you think it would have happened by now?

no one is getting locked up because they were sent a spam email with child porn. it hasn't happen and it won't happen. google's not that stupid and even the FBI isn't that stupid.

Comment: Re:Neither (Score 1) 436

by farble1670 (#47562215) Attached to: Which Is Better, Adblock Or Adblock Plus?

Ads are pollution, and have zero value.

here's what websites / apps, whatever will do: WHATEVER MAKES THEM THE MOST MONEY. they've learned that almost no one will pay then $X a month to access, but almost everyone is happy with having a few ads in the sidebar and accessing for "free".

like it or not, that's what consumers want.

Some website operators are greedy, they want the "free" page views and they want the income at the same time. That's evil. Luckily there are plenty of people like me, who have well paying day jobs, and have no problem whatsoever to give away free software to help ordinary people deal with and filter that shit out.

wanting to get paid for a service you provide is not evil. i assume you provide a service for your day job that you already admitted you get paid for? so you are you evil? no, it's just that you decided the work you do is worth getting paid for. well, great, bully for you then huh?

please.

Comment: Re:surpising (Score 1) 168

by farble1670 (#47535951) Attached to: Amazon's Ambitious Bets Pile Up, and Its Losses Swell

I can literally order everything I need and have it shipped to me, and never touch amazon. Lowes, Giant Foods, clothing stores, Ali Baba, Ebay, all have online stores.

yep, and you have to remember your logins for all those stores, go through a lengthy registration process re-entering your CC info, addresses, and so on.

Comment: Re:Fanbois (Score 4, Insightful) 91

by farble1670 (#47471847) Attached to: Apple Agrees To $450 Million Ebook Antitrust Settlement

the whole point of Apple's ebook efforts was to provide a bulwark against the Amazon Ultron-like eater-of-worlds mopolistic behavior. It was a last ditch effort from apple and the publishers to try and prevent Amazon from eating and owning the entire author and book industry, from writing books to editing them to printing them to selling them.

so your whole argument is that it was okay for apple to commit a crime to thwart amazon from becoming more successful? if amazon ended up breaking laws, so be it, and let them stand accountable at that point.

apple isn't some angel coming down from on high to protect the poor little ebook authors. they were simply trying to thwart a competitor from becoming dominant in the field. they wanted a (larger) piece of the pie, and they broke the law trying to get it.

the irony of course is that Amazon is the one that pushed the DOJ in the first place, and that an "independent" lawyer involved on the plaintiff's side does a lot of work for amazon and even works out of Amazon's building.

i don't think you understand what irony means.

Comment: Re:Good (Score 1) 300

by farble1670 (#47462653) Attached to: Massive Job Cuts Are Reportedly Coming For Microsoft Employees

big companies never fire employees unless it's something really, really terrible.

i talked to a manager about this once. to fire someone, he needed to go through 3 cycles of evaluating, documenting their deficiencies, and laying out a plan for improvement with the employee. he said it just wasn't worth his time. thinking back on this, that seems like a cop-out. they should have subtracted that employee's wages from his, because that's what he was losing the company by letting them stay on.

Comment: Re:Good (Score 1) 300

by farble1670 (#47462591) Attached to: Massive Job Cuts Are Reportedly Coming For Microsoft Employees

Pity that corporations like this always seem to want to lay everyone off at once, though. Why can't they do it gradually?

because that's absolutely terrible for morale. employees don't like coming in to work every day wondering if they are going to be asked to clear out their desk. it's much better to have a week of chaos and bad feelings then get back to business.

Premature optimization is the root of all evil. -- D.E. Knuth

Working...