Android Ransomware Threatens To Share Your Browsing History With Your Friends

An anonymous reader writes: The newly discovered Lockdroid ransomware is unique in two ways. First it uses perfectly overlaid popups to trick users into giving it admin privileges. This trick works on devices running Android versions prior to 5.0 (Lollipop), which means 67% of all Android smartphones. Secondly, after it encrypts files and asks for a ransom, it also steals the user's browsing history and contacts list, and blackmails the user to pay the ransom, or his browsing history will be forwarded to his contacts.

Flogging | tar & feathers

[cold+fjord]

Bring it back.

A good thing?

[by+(1706743)]

Anything to force vendors to, you know, provide up-to-date software. Unfortunately, this probably won't have much of an effect...

Re:A good thing?

[Admiral_Grinder]

Does that mean I can finally hang Verizon on the hook for failing to update my Droid Maxx in a timely manner?

Re:A good thing?

[sycodon]

I was about to post a snarky comment on how some Slashdotter will defend this in some backhanded manner.

Guess I was too slow.

Re:A good thing?

[Coren22]

No, but you could buy a new phone already. That thing has got to be like 4 years old already.

Re:A good thing?

[MobileTatsu-NJG]

Force vendors ...? It should force Google to design an OS that doesn't require vendor approval to get an update. Even Windows manages to do that!

Re:A good thing?

[Carewolf]

Anything to force vendors to, you know, provide up-to-date software. Unfortunately, this probably won't have much of an effect...

Even the most up-to-date software allows a user to be an idiot and install untrusted software and give it permission to take his phone ransom. It is not abusing a software vulnerablity, but an idiot user vulnerablity, and those are not easily fixed without taking away user freedom.

Re:A good thing?

[Coren22]

Apple is guilty of the same thing. In this case, it isn't Google doing anything of the kind, it is usually the carrier as they feel they HAVE to load their crapware on every phone.

Apple and Google have pretty much the same support time frame.

When iOS 8 shipped, the iPhone 4 was not supported anymore. That is 4 years.

Google supports their Nexus line for 3 years.

Most phone batteries frankly don't last past 2 years anyways, and as they aren't replaceable on most phones anymore, the phone lasts only as long as its battery. Expecting companies to support their products forever is naive at best.

Here is a cute little comparison chart of Apple vs Google in support timeframes.

http://lifehacker.com/this-cha...

Re:A good thing?

[sims+2]

Droid MAXX is only 2 years, 5 months, 7 days old

The phone I use on a daily basis is a 2 year, 4 month, 29 day old stupid phone and verizon last pushed a software update to it just 2 weeks ago

The MAXX was $699 when it was first released.
My Samsung Convoy 3 was $199 when it was released.
They were released just 9 days apart. If I had paid $699 for a phone and it wasn't being kept as up to date as a $199 flip phone I think I would be pretty pissed too.

Re:A good thing?

[sims+2]

Something that does still irk me is that I happen to have a LG tv made in 2012 model 55LM6700 msrp $2,299.99 and it has no netflix profiles support. Yet my 2006 model RVL-001 msrp $249.99 nintendo Wii does WTH?

Re:A good thing?

[LinuxIsGarbage]

Nexus is Google's flagship phone, and since Google is directly involved, they want the crapware free experience, and relatively long support period.

The moment you start looking at OEMs, it goes downhill.

Take the Samsung SIII. It was Samsungs flagship phone at one point, and sold in high numbers.

Released May 29, 2012, in most markets the last official version is 4.3 JellyBean, with limited markets / unofficial support for 4.4.4 Kitkat.
Kitkat was released October 31, 2013, and Lollipop November 12, 2014. So you're topping out on 1.5 years on a flagship phone.

The moment you look at bargain android phones, even new, they are usually outdated when you buy them.

Apple, as much as I hate them, usually has a predictable support life. For sale from carriers, you will usually only see N,N-1, and N-2 models. Right now that is 6S, 6, and 5S. The current iOS (9.2.1) supports back to 4S (a phone released October 2011).

Re:A good thing?

[whoever57]

My phone got an OTA update about 4 months ago. It's a T-Mobile Samsung Galaxy S 2, which was released about 4 1/2 years ago.

Re:A good thing?

[ihtoit]

my phone is just over twelve years old. The battery is still good for nine days standby. It gets daily use. I won't even consider another phone.

MotorRAZR V3 for the win.

Re:A good thing?

[ihtoit]

the Nexus uses some of Motorola's patents they sold to Google in 2012...

Re:A good thing?

[AmiMoJo]

No need. I mean, you have to go find an alternative download site for the "Porn 'o' Mania" app, enable unknown sources, click through the warning about enabling unknown sources, then click through the warning about installing apps from untrusted locations. Then it fails to install anyway because by default the Play Store app scans even sideloaded apps for malware.

The combination of extreme stupidity, enough intelligence to sideload apps, and the short window of vulnerability before Google kills it means that doing an OS update is probably a bit of an over-reaction. In any case, chances are Google will back-port the feature that stops the overlay this trojan relies on, since the application installer is updatable via Play.

Re:A good thing?

[bbeagle]

No, Apple is NOT guilty of the same thing. You do NOT have to rely on carrier updates if you own an iPhone. The phones can be updated without worry who your carrier is. Google has failed in their update method.

Re:A good thing?

[Karlt1]

iPhone 4s - introduced 9/2011 -- still running the latest OS probably until 9/2016.

I'm just saying.....

Re:A good thing?

[Karlt1]

Apple is guilty of the same thing. In this case, it isn't Google doing anything of the kind, it is usually the carrier as they feel they HAVE to load their crapware on every phone.

Apple doesn't allow the carrier to load crapware.

Apple and Google have pretty much the same support time frame.

I can buy a PC from any manufacturer running Windows and get security updates from Microsoft. Why can't I do the same with third party Android phones?

Google supports their Nexus line for 3 years.

And what about third party phones running Google licensed versions of Android? Microsoft doesn't just provide updates for Surface computers.

Here is a cute little comparison chart of Apple vs Google in support timeframes.

It's "cute" and all but why if MS makes it their responsibility to support their licensed OS on third party hardware then why doesn't Google do the same?

Re:A good thing?

[Coren22]

Do you not speak English? You are arguing things I didn't say.

Google updates the only phones they can update, which is the Nexus phones. All the other phones are the carriers holding them up, not Google. Apple stops supporting phones too, despite your venom.

Re:A good thing?

[Coren22]

I can buy a PC from any manufacturer running Windows and get security updates from Microsoft. Why can't I do the same with third party Android phones?

Talk to the carriers about that. This is not something you can pin on Google, it is carrier greed and need for control that you are seeing.

And what about third party phones running Google licensed versions of Android? Microsoft doesn't just provide updates for Surface computers.

Many of them can be updated to whatever you like, it just might not work properly because of Qualcomm's control issues.

It's "cute" and all but why if MS makes it their responsibility to support their licensed OS on third party hardware then why doesn't Google do the same?

I am sure Google would love to control updates on their phones, but the Carriers and Manufacturers, and Qualcomm won't let them.

Re:A good thing?

[leonardluen]

are you sure about that?

these were even posted to slashdot. and i am sure this isn't all of them.

225000 accounts comporised via ios malware

Apple xcodeghost malware more malicious than originally reported

Advertising malware affects non-jailbroken ios devices

apple cleaning up app store after is first major attack

Re:A good thing?

[Karlt1]

Talk to the carriers about that. This is not something you can pin on Google, it is carrier greed and need for control that you are seeing.

Apple forbids any carrier from adding anything to their phones. Why couldn't other manufacturers?

Many of them can be updated to whatever you like, it just might not work properly because of Qualcomm's control issues.

Why not all of them? I was able to install Windows 7 on an old 2006 Core Duo Mac Mini. This was out any support from Apple (no I didn't have to use BootCamp).

I am sure Google would love to control updates on their phones, but the Carriers and Manufacturers, and Qualcomm won't let them.

But the carriers "let" Apple control their own updates. Apple also uses Qualcomm chipsets. Why is Google so much less powerful than Apple when Android runs on about 5x as many phones as iOS?

Re:A good thing?

[darkmeridian]

Buy Google Nexus devices. Monthly security updates pushed out over the air. Developers also flock to these devices so you will always have great ROMs. Also, Google supports those devices for a long time. The 2012 Google Nexus 7 Wi-Fi tablet was updated to Android 5.1.1.

Re:A good thing?

[darkmeridian]

Android supports monthly updates; it's the carriers that don't give a crap. The Google Nexus devices get monthly Android security updates pushed over the air, so it's possible. However, carriers want a few months to "certify" the devices to run on their own networks, i.e., cram that shit full of their "value-added" software. If you give a shit, buy a Google Nexus device.

Re:A good thing?

[malditaenvidia]

why if MS makes it their responsibility to support their licensed OS on third party hardware then why doesn't Google do the same?

Because Microsoft charges a hefty license for every copy of their OS sold, google doesn't get a cent for android licenses (they profit through other means).

Re: A good thing?

[Karlt1]

Google charges license fees for Google Play Services like Maps, the Play Store, etc.

Re:A good thing?

[leonardluen]

well if you are going that route then it should also be pointed out that this android malware also only comes from non-approved channels

from the article:

The malware is disguised as a porn app called Porn ‘O’ Mania. The malicious app is not found on Google Play and may be downloaded from third-party app stores, forums, or torrent sites. Users who have Google Play installed are protected from this app by Verify Apps even when downloading it outside of Google Play.

sounds like the infection vector for the examples i linked above for apple are quite similar to the one for android in this article.

i don't hate apple by any means, i just don't like it when people seems to think apple is immune just because it is apple. Both this and the articles above prove that if something stupid you are going to get malware.

Re:A good thing?

[leonardluen]

You pointed out that all the apple articles were only from non-approved sources, so i was just pointing out that the malware from this article is also installed from non-approved sources. i didn't mention anything saying android hadn't had any other malware infections.

you want only app store apps for apple? how about this one

and here is a proof of concept showing that apple isn't immune.

BTW, that took exactly ONE SECOND of Google-ing.

Research, THEN Post. Otherwise prepare to be outed as the pompous ass you are.

Re:A good thing?

[macs4all]

You pointed out that all the apple articles were only from non-approved sources, so i was just pointing out that the malware from this article is also installed from non-approved sources. i didn't mention anything saying android hadn't had any other malware infections.

you want only app store apps for apple? how about this one

and here is a proof of concept showing that apple isn't immune.

BTW, that took exactly ONE SECOND of Google-ing.

Research, THEN Post. Otherwise prepare to be outed as the pompous ass you are.

1. I didn't say the Articles were from "non-approved sources". Rather that the Software-containing-Malware was from sources other than the iOS App Store.

2. Actually, you DID state quite clearly that "it should also be pointed out that this android malware also only comes from non-approved channels". So I'm not sure what you are talking about with "i didn't mention anything saying android hadn't had any other malware infections." Is English a second-language for you; or are you just illiterate?

3. The "Find and Call" App WAS apparently actually a Trojan that affected both iOS and Android, I will give you that. However, it was NOT part of the original examples that I argued-against; so it constitutes a "moving of the goalposts". Also, you fail to mention that Apple not only pulled the Dev's credentials; but also modified iOS so that that type of App cannot work in the background to steal personal information. So ultimately, the system still worked. As I said, I NEVER said iOS was IMMUNE; just that the examples given were not legit examples of "Malware from Approved Sources" (in this case, the iOS App Store). That remains a true statement, sorry!

4. While the "Jekyll" App may have actually worked in a real-world application (and no, a Proof-of-Concept is not "Real-World"), there are three things that make your inclusion of this a strawman: a. It was not in the original "List", and thus constitutes a moving of the goalposts.

b. It was never actually "In the Wild".

c. I NEVER said that iOS was IMMUNE; rather, again, I simply stated that the four EXAMPLES in the original post were not scenarios for people using Apps from the iOS App Store with non-jailbroken phones (a point which you haven't actually rebutted).

So, after your EXHAUSTIVE search, we have a sum-total of ONE legit Trojan from 2012 (which fortunately doesn't seem to have targeted the U.S.A.), and one possible Proof-of-Concept in 2013. Not 100% perfect; but the difference between a typical iOS user's exposure to Malware vs. a typical Android user is both striking and utterly undeniable.

Again, wanna compare that track-record to Android, even from the Play Store?

Re:Confusing title?

[xxxJonBoyxxx]

>> Friends vs contacts? Why put up such a stupidly worded title?

The article assumes that you are acting as a consumer on a personal PC, that many of your contacts are friends (as opposed to work colleagues), and that your personal browser history contains a lot of naughty stuff. Unfortunately, it also assumes that any of your contacts would do more than delete a lengthy message like this on sight; you probably don't have hundreds of "friends" who care THAT much about you. (e.g., Even if Hillary Clinton herself emailed me a list of her classified emails, my short attention span would still compel me to delete the message before reading it and go on to something shorter and more interesting in my inbox.)

Joke's on them

I don't have any friends and my contact list is empty.

Re:Joke's on them

I don't have any friends and my contact list is empty.

If you're installing an app called "Porn 'O' Mania" I'd say that's probably true.....

Sideloaded

[farble1670]

"Once the malicious app (a fake porn-viewing app in this case) is installed and run by the user"- exactly. Also, the user would have had to enabled side loading ignoring all of the various warnings.

Re:Sideloaded

[farble1670]

that's fine, but the point is that if you backdoor install shady apps, c'est la vie. the good: you are passing around pirated apps that you don't have to pay for, and your phone was cheaper because it doesn't license google play services. the bad: malware.

Re:Sideloaded

[Trogre]

So... any app not sanctioned enough by Google to appear on their Play Store is automatically shady and pirated huh?

What an amazing world view you must have. I hope you never install software on your PC that is not first approved by Microsoft Corporation, or eat food that doesn't come from the local supermarket.

Re:Sideloaded

[farble1670]

So... any app not sanctioned enough by Google to appear on their Play Store is automatically shady and pirated huh?

no, but some are. evidence? THE ARTICLE YOU ARE READING.

not that i ever said that in the first place of course.

Re:Sideloaded

[farble1670]

How you go from equivocating "shady apps" and "pirated" (via parallelism as your grammatical tool to make it indirect) I have no idea.

that's good, because i didn't.

There are quite a few apps neither shady nor pirated when you install them via sideload.

yes, because after all, i did state that all sideloaded apps are pirated.

Newsflash

newflash: you missed your dose of lithium this morning.

Re:Sideloaded

[Trogre]

This is true, but not particularly helpful.

The problem is not that apps can be installed outside of a walled garden, which is a normal part of operating an Android device; the problem is that malicious software exists, and has done so for as long as long as computers have been affordable.

Some of the comments here suggest an attitude that wants to marginalise side-loading, as if it were the software equivalent of walking down a dark alley and accepting sweeties from a man in a trenchcoat lurking in the shadows. That is very dishonest and short-sighted view that if carried out has but one logical conclusion - a car with the hood welded shut. If people want that sort of nonsense they may as well give up and buy an iPhone.

Re:Sideloaded

[farble1670]

Some of the comments here suggest an attitude that wants to marginalise side-loading

this is just like when someone says "muslim terrorist" and we hear "not all muslims are terrorists!". of course not. i thought that was a big fat DUH but i guess not.

side loading is by far the biggest attack vector for android malware. that's a fact. it doesn't mean all side loaded software is malware. it doesn't mean all side loaded software is pirated. it doesn't mean side loading is bad, or should be disallowed.

If people want that sort of nonsense they may as well give up and buy an iPhone.

or you should stick with your android device and not enable side loading. there are lots of choices between sideloading sketchy free pr0n apps on Android and iOS.

Stupid traps for stupid people

[wardrich86]

You still have to accept and side-load an application off of a sketchy site. Will people ever learn?

Kudos to the app author, though. The technique is pretty interesting.

Re:Stupid traps for stupid people

[alvinrod]

Can you imagine of other news stories were written using the same type of alarmist approach that we see with technology?

New report shows that toasters are extremely deadly!

Researchers have found that the common household toaster is an exceptionally dangerous product. Users who intentionally went out of their way to remove key safety features of the appliance and then connect an extension cord to the device so that they can submerge in a tub full of water while standing in that tub were found to suffer grievous bodily harm.

. . .

I can understand that is generates clicks, but we'd be better of spending time writing about why you shouldn't visit dodgy sites and install third party applications unless you know what you're doing and provide some examples of what these malicious programs might look like or how they might try to trick you. That would be far more useful to the average consumer.

Re:Stupid traps for stupid people

[Actually,+I+do+RTFA]

So, instead of having an OS with security built into it, we get an OS with a weak security model, but it's okay because if you let Google control everything you see/get a cut they'll keep you safe?

There's no real reason the Google store is any safer than any sideloaded app. All google does is runs some automated detection software, and that could be run clientside.

Re:Stupid traps for stupid people

[wardrich86]

You can report bogus apps and they will eventually be pulled.

You can't report bogus apps on sketchy sites to have them pulled.


I much prefer the lax security on Android - Google trusts that I know what I'm doing and allows me freedom over my device, whereas Apple assumes we are all morons and keeps us in a padded circle room and only lets us play with Idiot-approved applications.

Re:Stupid traps for stupid people

[Actually,+I+do+RTFA]

"Eventually get pulled" is a kludge for no real security.

I agree, i want to be trusted. But there should be a big difference between "I sideloaded an app" and "I ran an app in admin mode". there doesn't seem to be, security-wise.

Needs rooted phone

[Namarrgon]

Of course, users can't grant root access to anything, on a stock phone regardless of version. Only rooted phones would be potentially vulnerable, and all others wouldn't show an admin-access dialog at all.

This is on top of requiring the user to actually want to sideload an app called Porn'o'Rama in the first place, if that's what it was really called.

Re:Needs rooted phone

>This is on top of requiring the user to actually want to sideload an app called Porn'o'Rama in the first place

Do you have the link? It sounds great. Where is the side port on my phone to load it?

Re:Needs rooted phone

[Rei]

The permissions it needs are access to modify/erase files and the ability to lock the screen, both of which can be granted on non-root phones if the user confirms. This app uses a trick (that really shouldn't have been there in the first place... who thought that letting anything have higher window layering than the privilege window was a good idea?) to get users to agree to the privilege escalation without realizing it.

The main weakness of this app (apart from its ahem rather specific market) is that it requires side installation. That makes it only a minor threat. What I worry about is the day when someone finds a vulnerability that lets them install ransomware without user interaction via the ads that one finds in a large chunk of the free apps on the app store.

Re:Needs rooted phone

[Namarrgon]

If that's so, then I guess that limits the damage that can be done to /mnt/sdcard (which could still be enough). I'm surprised that unknown code can be downloaded and executed before the install privileges dialog has completed, though. Or am I missing something else?

At least it's a minor threat to mainstream markets, but I imagine it's aimed more at the vast and growing Chinese base, where sideloading and unvetted stores are the norm.

Re:Needs rooted phone

[Rei]

A description is in the article. The program uses a clickthrough overlay so that the user thinks that they're confirming something else when in reality they're confirming the permission escalation. They see the overlay, but it doesn't take clicks; they fall through to the hidden window underneath, the permissions dialog. After the user has unwittingly confirmed privilege escalation, then the encryption and locking begins.

Re:Needs rooted phone

[Namarrgon]

Yeah I got that part, but I was presuming the standard Android permissions dialog was shown before install, and was just curious as to how the program managed to raise a custom overlay so early. If it's talking about a later-stage specific permission escalation (e.g. SuperSU or as introduced in Marshmallow) while the app is already running, I can see how that works.

Only affects users who sideload

[tlhIngan]

If you stick with Google Play, you're safe from this.

It is only a problem if you side load apps from untrusted sources.

Re:Only affects users who sideload

I thought Google Play *WAS* an untrusted source...

Re:Only affects users who sideload

[allcoolnameswheretak]

Seriously, who downloads and installs an app called "Porn âOâ(TM) Mania" on his device?

I would say it's natural selection, unfortunately the offenders don't die.

Re:Only affects users who sideload

[allcoolnameswheretak]

Fucks sake. Will Slashdot, the self-styled site for GEEKS ever update to UTF? Drag your ass out of the stone age and get with the times man.

Re:Only affects users who sideload

[91degrees]

I'd imagine there's an overlap between the people who install that software, and the people who really don't want their browser history shared.

Re:Only affects users who sideload

[Trogre]

Some of us prefer to use FOSS repositories such as F-Droid.

Re:Only affects users who sideload

[WaffleMonster]

If you stick with Google Play, you're safe from this.

It is only a problem if you side load apps from untrusted sources.

There is a trusted source for apps?! Where??

Re:Only affects users who sideload

[Rei]

Seriously... it's so annoying I even set it to my sig. :P

Re:Only affects users who sideload

[tepples]

Will Slashdot, the self-styled site for GEEKS ever update to UTF?

No. The last time Slashdot tried Unicode, it led to moderation score spoofing. SoylentNews supports it though.

Dear friends and family...

[pla]

Dear friends and family... I look at porn. So do you. Deal with it.

Blackmail me now, suckah!

Re:Dear friends and family...

[Cro+Magnon]

Oddly enough, I don't think I've ever looked at pr0n on my phone. Now if they hacked my PC, that would be different.

Re:Dear friends and family...

[CQDX]

Bet your boyfriend does... check your email

Re:Dear friends and family...

Oddly enough, I don't think I've ever looked at pr0n on my phone. Now if they hacked my PC, that would be different.

Get married. Then your phone will be your only porn outlet.

Re:Dear friends and family...

[truck_soccer]

Sounds like you married the wrong woman.

Re:Dear friends and family...

[mlheur]

When I was young I used to do a lot of stupid things that I didn't want to get caught at, which usually involved a lot of lying.

After getting caught in one such incident a wise young man taught me the only infallible way to never get caught - don't do it in the first place.

I've tried to live by this ever since, and as best I can recall, I've not done anything in the past 15 years where I'd be worried if anyone found out.  Sure there are some things I wont volunteer, but if word got out I'd still stand by my actions or at least own up to them.

Actually, thinking back, I have done things in the past 15 years where I didn't want to get caught, but I did anyways - so, whatever.

Re:Dear friends and family...

[squiggleslash]

But do they know what kind of porn you view?

Even in a society with no shame associated with viewing porn, which we're rapidly becoming (and why not?) a little privacy in that area is probably welcome for everyone, not just the porn viewer, but also those who really don't want to imagine what that viewer gets up to in private...

Stupid people.

[truck_soccer]

Stupid people make stupid choices and get pwned. Details at 11.

And bore my family and friends?

[BrianBeaudoin]

Those animals!

Re:This is why I have an iphone

[Coren22]

Says the Apple fan-boy acting like Apple has never had a single exploit.

Re:Incognito Mode

[fph+il+quozientatore]

I wonder if there is a Pavlov effect tied to it by now --- do many people nowadays get aroused at the mere sight of the Chrome Incognito Mode starting window?

If malware forwards me my friend's history...

[istartedi]

If malware forwards me my friend's browsing history, I would totally believe he went to all those sites, because there's no way a malware could possibly lie, or that a compromised machine could have been used as a proxy for some other agent. /s.

Be safe, follow my example.

[hey!]

I don't have any friends.

My boss once got a virus that emailed porn links

[tandavanadesan]

My boss once got a virus that emailed porn links to ask his contacts. When he realised what had happened he sent out an aplology, but said he was surprised at how many responseshe got before that said "thanks", " that's s good one", or returned the favour by sending porn links of their own.

Re:This is why I have an iphone

[malditaenvidia]

It is a shame that these are the only two serious options in terms of smartphones.

Get a cheap chinese smartphone as a canary

[John+Allsup]

Given how cheap you can get smartphones from China these days, get one of those, and try stuff out on that, rather than your main phone.

Context

[gatfirls]

It really, really matters with search history.

Example: Lot of people probably searched for 'ashley madison' when it was in the news. Now, to a spouse without the context of the time that would look really bad. And that's a tame example. Imagine the search queries you may use to look up a recent horrific crime in the news, you would probably use just keywords and the locale. Without context it would make you look pretty bad.

Re:Plausible deniability.

[neminem]

Entirely unrelatedly, the Kinkymidget Ball Stompers would make a great punk band name.

My browsing history

[Gaygirlie]

Oh, I'm sure all the people that know me would be absolutely terrified when they saw that.....I've spent most of my day surfing Hackaday, esp8266.com, Github, Orange Pi - forums and loading all sorts of specsheets. At least when they saw that I've been browsing Slashdot several times a day they'd permanently block me!

MGLP!

[jandersen]

Oh Ghod, this is terribly! Just imagine what would happen to my nerd-creds if it was widely known that I don't watch any porn to speak of, that I sometimes approve of government control, when I feel it makes sense, and I'm not all that keen on having the latest, bleeding edge gadgets?

How is this a threat?

[um...+Lucas]

By that, I mean, what's the difference between asking for money in order to not send your actual browsing history to your friends, or asking for money in order to not send a made up (and far more incriminating) browsing history to friends?

Seems like the writers could have skipped that step and still done just fine.

Loading Your Community Experience

[tepples]

All I get in Firefox is a black screen with light gray text saying "Symantec Connect Loading Your Community Experience". Checking the error console reveals a JavaScript error that "occurs when $compile attempts to fetch a template from some URL, and the request fails." If Symantec's web site is fragile enough to completely break when a JavaScript file fails to load, why should I trust Symantec with anything?

I do not agree.

[emil]

What is to stop an application from opening a socket to a trojan server, downloading a binary, writing it, chmod 700, then executing it?

Google might not recognize that malware for what it is until far, far too late.

And since the majority of Android devices are vulnerable to towelroot, that binary owns the phone.

A mass install of a popular app with such stealth malware could see thousands upon thousands of phones suddenly compromised, and there is nothing that Google can do.

Re:Flogging | tar & feathers

Flogging | tar & feathers

What? Are you admitting to your choice of porn up front?

ransomware is the answer

[Nehmo]

In the news stories I've seen, when people hack into politician's accounts, they don't do anything creative with them. They simply expose the fact that the account was compromised, and maybe the hacker's funny screenname gets credit. The result is the politician gets accused of being sloppy and unsafe.

Now, I see ransomware is the answer. Politicians wouldn't want their porn history exposed.

Re:Flogging | tar & feathers

[zieroh]

I've been using and working with computers since before you were born

Unlikely at best and laughable at worst. I have been programming longer than most people whose names aren't Kernighan or Ritchie.

and have never had a single one get infected with a virus or malware of any kind.

The plural of anecdote is not data. Your one experience means less than nothing. The simple fact is that people continue to be infected by malware of all types on all platforms. This is not a debatable point.

It boggles the mind how anyone could have that happen unless they went out of their way to make it happen and/or they are a complete moron.

Right. Now you're just being stupid.