Forgot your password?

Comment: Re:Ecch ... (Score 1) 74

by farble1670 (#47968007) Attached to: Google Partners With HTC For Latest Nexus Tablet

i don't know about you, but the functionality and performance of the hardware matter to me, not just the fashion statement.

thinner, lighter.
higher res / higher quality display.
better sound.
longer battery life.
port configurations (HDMI, SD card).
antenna performance.
durability / waterproofing.
screen sizes.

there's a list of some really very obvious ways that companies can differentiate based on hardware. i'm guessing if i could come up with that list, a hardware engineer could increase that by 100x.

don't believe it? look what samsung did with the galaxy note. ALL they did was make a phone w/ a really big screen, which was something no one else was doing at the time.

Comment: Re:Ecch ... (Score 2) 74

by farble1670 (#47967285) Attached to: Google Partners With HTC For Latest Nexus Tablet

were graciously allowed to pollute the pure Android experience with some of their own crap

you can disable any android app from running ever and from showing up in the launcher, even if it's delivered as part of the firmware. it's annoying to get a new phone with all that stuff loaded, but it's not the end of the world anymore.

on the contrary, nexus devices will never have the customized UI elements that you see on every other non-nexus android device. android device manufacturers need to figure it out. let google make the software. they are pretty good at it. you focus on building awesome hardware. delivering an android phone with slightly different UI elements isn't going to differentiate you from your competitor.

Comment: market dominance? (Score 1) 74

by farble1670 (#47967161) Attached to: Google Partners With HTC For Latest Nexus Tablet

Shunning larger manufacturers like Samsung, speculation is that Google is trying to mitigate the effects of market dominance by one firm.

yes, because the nexus line has been such an amazing market success? on the contrary, the nexus lines have sold in relatively low numbers, and very thin profit margins. and AFAICT, that's by design. stock is always extremely limited at launch, and advertising is non-existent.

this is more of a desperation move by HTC. samsung is eating their (and everyone else's) lunch. try something, anything to get a name for themselves.

Comment: Re:the hard way (Score 1) 87

by farble1670 (#47757289) Attached to: Researchers Hack Gmail With 92 Percent Success Rate

Clue tip. just because someone has or is working towards a Phd, is head of a company, and so on, don't assume they are clever or smart. judge by the content. in the real world, simpler is better. i assume that applies to the world of digital attacks as well.

the article discusses a very convoluted and complicated way to perform a phishing attack. the point is you don't need to know anything more than the foreground process. e.g., run the "bank of whatever" app. when the login screen comes up, run your app and see that the activity is "". now your phishing app watches for that, and inserts it's fake login screen on top of that. simple and effective. doesn't rely on spurious metrics from the device that are going to vary based on the device, other processes, and so on.

  the article takes something simple and makes it needlessly complex. i guess that's fine for thesis. the point of which isn't necessarily practicality but doing something in a novel way.

Comment: the hard way (Score 2) 87

by farble1670 (#47733937) Attached to: Researchers Hack Gmail With 92 Percent Success Rate

TFA article isn't much more than an academic exercise. practically what they are doing makes little sense. if you want to know the foreground process, you don't have to look at shared memory and fingerprints. do this,

ActivityManager am = (ActivityManager) AppService.this.getSystemService(ACTIVITY_SERVICE);
RunningTaskInfo foregroundTaskInfo = am.getRunningTasks(1).get(0);
String foregroundTaskPackageName = foregroundTaskInfo .topActivity.getPackageName();
PackageManager pm = AppService.this.getPackageManager();
PackageInfo foregroundAppPackageInfo = pm.getPackageInfo(foregroundTaskPackageName, 0); ...

that's it. start a service that queries this every 500ms or whatever. or, use this in conjunction w/ the shared memory "UI state change" trigger TFA article discusses. you now know the foreground app, activity, it's name, it's unique identifier, it's icon, everything.

this requires the android.permission.GET_TASKS but someone that's going to fall for a phishing attack isn't going to be aware enough to note that permission either.

Comment: summary (Score 4, Informative) 87

by farble1670 (#47733001) Attached to: Researchers Hack Gmail With 92 Percent Success Rate

basically, a well-timed phishing attack.

1. in android, you can detect when the UI state changes (a new activity, or screen is brought to the foreground) by looking into a shared memory channel. this tells you nothing else other than that the UI state has changed.

2. you can build a "fingerprint" of a particular UI state change based on CPU utilization, network activity, process list, or possibly other things when the state change occurs. you can use this, plus #1 to know when *specific* UI state changes are occurring.

3. if you have managed to get a malicious app installed, and you know when a specific UI state change is occurring, the malicious app can impersonate the real UI state change, fooling the user into entering sensitive information.

Comment: Re:Hash Collision (Score 1) 790

Make the sender, subject and body look like spam so they won't open the file and you could probably ruin somebody's life quite thoroughly.

sigh. if it was really that easy, don't you think it would have happened by now?

no one is getting locked up because they were sent a spam email with child porn. it hasn't happen and it won't happen. google's not that stupid and even the FBI isn't that stupid.

Comment: Re:Neither (Score 1) 436

by farble1670 (#47562215) Attached to: Which Is Better, Adblock Or Adblock Plus?

Ads are pollution, and have zero value.

here's what websites / apps, whatever will do: WHATEVER MAKES THEM THE MOST MONEY. they've learned that almost no one will pay then $X a month to access, but almost everyone is happy with having a few ads in the sidebar and accessing for "free".

like it or not, that's what consumers want.

Some website operators are greedy, they want the "free" page views and they want the income at the same time. That's evil. Luckily there are plenty of people like me, who have well paying day jobs, and have no problem whatsoever to give away free software to help ordinary people deal with and filter that shit out.

wanting to get paid for a service you provide is not evil. i assume you provide a service for your day job that you already admitted you get paid for? so you are you evil? no, it's just that you decided the work you do is worth getting paid for. well, great, bully for you then huh?


Comment: Re:surpising (Score 1) 168

by farble1670 (#47535951) Attached to: Amazon's Ambitious Bets Pile Up, and Its Losses Swell

I can literally order everything I need and have it shipped to me, and never touch amazon. Lowes, Giant Foods, clothing stores, Ali Baba, Ebay, all have online stores.

yep, and you have to remember your logins for all those stores, go through a lengthy registration process re-entering your CC info, addresses, and so on.

Are we running light with overbyte?