I'm calling non-event because everytime the Media reports these "Emerging Critical Threats" like the sky is falling, a month down the track nothing happens. Maybe, at most 1000 people in china infect their device by manually enabling side-loading for pirated apps and the rest of the world gets on with life.
I'm suggesting its not sophisticated or unknown because it just asks for permission through the intended API, i.e Not A Bug. I didn't mention anything about how the user perceives the question, that completely out of scope. If I come to your house and ask to steal all of your stuff and you say "Yes" because you didn't understand the question, that still doesn't make it a sophisticated robbery, thats just a normal robbery. We'll call it a user misunderstanding shall then we?
The method of obtaining install permissions and privilege escalation don't look particularly "unknown". It seems as though the app just asks for it and waits for the user to say yes.
Did I miss something or does this look like every other non-event Android malware except with a new crypto scheme? http://www.securelist.com/en/blog/8106/The_most_sophisticated_Android_Trojan
It seems that the video game has appeared in the Steam Online store before a method has been devised to download it. http://store.steampowered.com/app/212680
Rather than using the Phone to do the monitoring and polling, I'd consider using a service on the network at work and then make your phone a client of this service. An example would be to use Nagios to do the monitoring and then use one of the countless Nagios Clients available to read the monitoring state from the service. You'll get the added bonus of knowing what happens if your Network coverage goes away to fill in the blanks after the event and be able to escalate to someone else if you're not available.
for what its worth, solve it from the command line in bash with the following. wget -qO - http://pro.sony.com/bbsc/jsp/forms/generateCaptcha.jsp |grep "</b></span></td>" |sed -e s/\<b\>//g |sed s/\</" "/g |awk '{print $1}' (Yes its a bit messy but what do you want for 5 mins work.)
Yeah, That sounds like the one. About 12 months ago a bunch of PDP-8 machines still in original packaging came up for auction around the place that were perfect for hobbyists and collectors.
I think I remember reading that Steve Gibson of GRC purchase a handful or so.
Wasn't this like a system they used before GPS that was still in minimal use until recently?
I vaguely remember they still had PDP-8's still in storage as replacement parts
Why can't they just use something unique to mix it with an email address like, oh I don't know, The console ID directly pulled from the hardware.
One assumes an attacker can't steal those in bulk easily. (artificially created replay attack possibly?)
They seem to be pretty good at finding it to use against George Hotz (yes I know it turned out to be the previous owner but it shows they know the mappings).
There was a lot of similar contention about the commodore 64 app a while ago. They had to cut significant bits out, such as the commodore basic interface before they would approve it.
http://itunes.apple.com/us/app/commodore-64/id305504539?mt=8
seems recently the the commodore basic interface has come back anyway, although I'm not sure if there are any restrictions.
Kinda sounds the same as people foolishly relying on switches (as opposed to hubs) for keeping malicious users from sniffing username/password combos going by. Just use ssl over the top and you're good to go still. Multiple layer is for a reason.
One would assume that if you had physical access to most equipment, its usually game over anyway. No more vulnerable than a netbook really(both being more portable than desktops). Just more people have phones.
Slashdot Mirror
This is entirely possible. http://weknowmemes.com/wp-cont...
So bigfoot turns out to be manbearpig. Didn't see that coming.
I'm an Australian and I'm paying nowhere near that much.
I currently enjoy 200Gb for $50 with Adam Internet in Adelaide South Australia.
http://www.adam.com.au/products/adamezychoice_adsl2
I'm no sucker. I only buy coins named after celebrities.
Like 50 Cent?
I'm calling non-event because everytime the Media reports these "Emerging Critical Threats" like the sky is falling, a month down the track nothing happens.
Maybe, at most 1000 people in china infect their device by manually enabling side-loading for pirated apps and the rest of the world gets on with life.
I'm suggesting its not sophisticated or unknown because it just asks for permission through the intended API, i.e Not A Bug. I didn't mention anything about how the user perceives the question, that completely out of scope. If I come to your house and ask to steal all of your stuff and you say "Yes" because you didn't understand the question, that still doesn't make it a sophisticated robbery, thats just a normal robbery. We'll call it a user misunderstanding shall then we?
The method of obtaining install permissions and privilege escalation don't look particularly "unknown".
It seems as though the app just asks for it and waits for the user to say yes.
Did I miss something or does this look like every other non-event Android malware except with a new crypto scheme?
http://www.securelist.com/en/blog/8106/The_most_sophisticated_Android_Trojan
It seems that the video game has appeared in the Steam Online store before a method has been devised to download it.
http://store.steampowered.com/app/212680
Just how recursive is this issue?
I think that's 3 days later?
I seem to remeber something very similar after Hurricane Katrina a few years back.
http://science.slashdot.org/story/05/09/25/1850228/armed-dolphins-released-into-gulf-of-mexico
Rather than using the Phone to do the monitoring and polling, I'd consider using a service on the network at work and then make your phone a client of this service.
An example would be to use Nagios to do the monitoring and then use one of the countless Nagios Clients available to read the monitoring state from the service. You'll get the added bonus of knowing what happens if your Network coverage goes away to fill in the blanks after the event and be able to escalate to someone else if you're not available.
over 3 months uptime....So no Windows Updates then?
for what its worth, solve it from the command line in bash with the following.
wget -qO - http://pro.sony.com/bbsc/jsp/forms/generateCaptcha.jsp |grep "</b></span></td>" |sed -e s/\<b\>//g |sed s/\</" "/g |awk '{print $1}'
(Yes its a bit messy but what do you want for 5 mins work.)
Anyone else want to have a go? (in perl maybe?)
When it comes to "for profit" companies: If you're not paying for anything then chances are, you're whats for sale.
Yeah, That sounds like the one. About 12 months ago a bunch of PDP-8 machines still in original packaging came up for auction around the place that were perfect for hobbyists and collectors.
I think I remember reading that Steve Gibson of GRC purchase a handful or so.
Wasn't this like a system they used before GPS that was still in minimal use until recently?
I vaguely remember they still had PDP-8's still in storage as replacement parts
Although its a bit old and things may have changed since then, this article shows how basic the detection is (video within):
http://nakedsecurity.sophos.com/2010/06/18/apple-secretly-updates-mac-malware-protection/
Keep in mind its sophos's own site/blog so there's a definite conflict of interest potential.
Here's the rest over at apples site:
http://configuration.apple.com/configurations/macosx/xprotect/1/clientConfiguration.plist
Just search for defender
Why can't they just use something unique to mix it with an email address like, oh I don't know, The console ID directly pulled from the hardware.
One assumes an attacker can't steal those in bulk easily. (artificially created replay attack possibly?)
They seem to be pretty good at finding it to use against George Hotz (yes I know it turned out to be the previous owner but it shows they know the mappings).
I see Fox News did a fantastic job on spelling in their link.
usama-bin-laden-dead-say-sources
almost 10 years and they didn't get it right.....sigh
There was a lot of similar contention about the commodore 64 app a while ago. They had to cut significant bits out, such as the commodore basic interface before they would approve it.
http://itunes.apple.com/us/app/commodore-64/id305504539?mt=8
seems recently the the commodore basic interface has come back anyway, although I'm not sure if there are any restrictions.
# slater86 likes Facebook's Status
Maybe if they fastened the laptop onto a Roomba or something that would have helped.
Something similar to this?
http://xkcd.com/413/
Haven't I seen this before somewhere?
http://www.zeldawiki.org/Sage
Kinda sounds the same as people foolishly relying on switches (as opposed to hubs) for keeping malicious users from sniffing username/password combos going by. Just use ssl over the top and you're good to go still. Multiple layer is for a reason.
Once it's installed on the Android phone
One would assume that if you had physical access to most equipment, its usually game over anyway. No more vulnerable than a netbook really(both being more portable than desktops). Just more people have phones.