I suspect it uses normal exec(), just like it works in every other program.
Almost any Windows program doesn't require root/admin now a days, and if they do, it's for a reason. You can't really compare to Windows 98 and the programs from that age. If we go that route, we might as well start digging the hundreds of privilege escalation and remote exploits that Linux in its history has had.
You also don't need to run the whole desktop as root. You can launch Firefox by typing "firefox" in terminal (either in text-mode terminal, or the terminals in X), if it just has a desktop to connect to. This is how you start applications to a remote X desktop like Xming too.
It's not an Adobe bug, it's a feature in the PDF specs that can be exploited with user stupidity. That's the point I've been trying to made, no OS unless it's completely locked down a la iPhone will protect you from user stupidity. Not Windows, not Linux, not BSD.
Maybe Ubuntu pushes updates itself, but Debian, Fedora and CentOS doesn't. Not for me at least, and I haven't changed anything regarding that. If you want to update, you need to type in the yum update or apt-get update commands manually. And thats before we even get to programs or distros that have you compile themself and you have to make sure to periodically check them and keep them up to date.
Most malware doesn't need root/admin access. It's only needed if you want to pwn or hack the server. Malware on the other hand runs just happily in userland too.
Yes, Foxit patched it last week. It uses the same technique so the Foxit patch should work, but this new "exploit" just takes it a bit further in that the malware can be embedded in the PDF file.
"del" is a Windows command, not an application. It doesn't work the same way.
Also I know that most Linux users don't run as root - but just like with Windows, some people do it for convenience. Yes, there really are such people.. even I don't always su out of root even if some command between what I'm doing doesn't require root.
If it can't boot after a vulnerability is exploited or you can't remove it within 30 minutes then have it count doubly so.
The days when malwares purpose to trash the system to an unbootable state have been over for 15 years. Now a days you don't really even notice them being on your machine unless its one of those which show fake virus alerts. How would you notice if it just starts sending spam or sniffing your passwords?
Another point is that you can fairly easily hide in a Linux system. If you absolutely need root access, there have been serious privilege escalation exploits over the years. Most of the Linux systems aren't even necessarily being patched consistently. I've seen one of these privilege exploits used on many hosting companies that usually keep their systems up to date and secure too. That beside the point that it's not usual that you even need root access.
Since it's part of the PDF specs, it should work in Linux too. What's even worse than with Windows is that since 'rm' is just a normal binary the PDF can launch that, and if you run as root privileges, just issue a command like "rm -rf/". If you don't run as root, then for example Ubuntu should give you the sudo box to input password to. This of course being just one of the examples it could do. Remember that most malware doesn't even need root access to function.
Another reason why it would be even more serious on Linux is the way you can pipe commands and how most systems come pre-packaged with a ton of little utility apps. You can create the whole malware with a series of commands, or wget a bash script from the internet and start that to hide even more malware in the system. Since most Linux systems dont even have the kind of application firewalls or antiviruses that Windows does, and because the Internet accessing is actually done via wget, they don't even get any kind of a "Give internet access to this application?" dialog.
It also doesn't help at all that most Linux users (especially those who are told so by the geeks!) believe that Linux cannot get malware. In my opinion this is a really stupid thing to do from those promoting Linux or Mac OS X as it will just lead to false sense of security.
But it wasn't even Microsoft's fault, it was a bug in the rootkit code. They overwrote OS code they though never gets updated, and when MS update patched it.. well, crash.
What are you smoking? Windows kernel itself hasn't really been vulnerable to anything, it's the third party software like Flash, Adobe PDF Reader, internet browsers, and previously some services.
If you read the comments from Army and US in the video before it was now released to public, they're just really blatant lies. They also did not release the video when Reuters requested it by Freedom of Information Act. Like the earlier news note, they followed, photographed, filmed and detained a Wikileaks editor about this video, not knowing what will they uncover. There's definitely more dirty secrets they don't want anyone to know.
In the video you see the people weren't attacking anyone, weren't targeting anyone (hell, all they had was cameras!) and that they were just civilians walking on the street. The military clearly had no idea what they were doing. Now theres plans to employ remotely controlled UAC's too? Make it a video game so that you don't need to care about the people you are murdering. These are people with families, with kids, with a whole lot of their own life, dreams and childhood. Then some idiot with large caliber weapons comes and shoots them without even a blink of an eye or thinking what he is doing. In top of that the truth is held from the public and the families of those who were killed, and US Army admits no mistake. I have no respect for these people - they're scum.
Re:iChat? Really? What about multi-tasking?
on
iPad Review
·
· Score: 1
But what about when you want to quickly use some other app? Then you have to close your chat. It's things like this that demand multitasking.
Re:Location without GPS
on
iPad Review
·
· Score: 1
Probably in the US, but that service doesn't work elsewhere and even then not in places without wireless access point (and still not a pin-point location). With 3G you can get a lot more coverage, it works worldwide and you can pin-point your location based on several towers.
Re:CmdrTaco drags big brass ones along the ground
on
iPad Review
·
· Score: 3, Insightful
I don't think this is the ultimate device for keyboard-focussed nerds, but (as usual) that's not who Apple is aiming at.
But he noted that the iPad isn't usable even for grandmas. Lets face it, you have to use keyboard every now and then to use web or to do basically anything. That's not going to change until we have good speech recognition. Also if the iPad weights too much even for a guy without your hands getting sore, how can a grandma keep it in hand?
Fancy graphic designers and such that like Apple products also need Flash because thats what they develop for and is the de facto standard. But there's no support for Flash or any of the Adobe products. Therefore it's useless for that group too.
It's not good for business, as theres it weights a lot, doesn't run multiple IM and chat programs at the same time (when you want to login to MSN, you have to get off Skype), and it doesn't support MS Office.
It's not good for homes as theres no multiple user accounts.
What would be "massively innovative and useful"? I think Courier looks innovative and way better than iPad and other tablets. Live and the community on Xbox 360 is something not on other devices and the in-game interface quite innovative. But I wouldn't say it's massively innovative, in fact nothing is. Are Google or Apple in some way massively innovative? No, neither one of them are. Apple just takes an open source project and polishes the user experience and interface. There was existing search engines before Google, but they just did it better. Nothing massively innovative there.
In fact, most of the time innovations come from small startups. Most of those fail, but some happen to come across something innovative and gets bough by larger companies.
Microsoft has always been loath to change and risk alienating some of its customers
Uh, maybe if you're only looking at Windows and/or Office products. They also seem to do greatly, so why fix something that isn't broken?
But with some of their other divisions I wish they didn't change. Anyone else remember such from Microsoft Games as Flight Simulator, Age of Empires series, Halo, Train Simulator, MechWarrior, Links, Midtown Madness, Motocross Madness.. Now that they changed they're not publishing or developing those kind of games anymore. In fact no one is. Microsoft Games is just for Xbox 360 anymore.
"Without someone at the top who feels an urgency to constantly innovate in meaningful ways, Microsoft will shrink and become less relevant with each birthday to come."
Just yesterday slashdotters laughted how Microsoft is burning money on their online division like Bing and other properties, how it's completely useless. Which one it is now, to think long term or not to think?
The cashback comes from the stores pockets. Amazon, eBay and almost every store has a commission system for affiliates. Microsoft might even be making money out of the cashback system if they don't give it fully to the user, but keep a small share themself.
And in turn Apple doesn't allow you to run their OS on any other hardware than Apple's own. I'm quite sure that's not a better thing than MS making Windows contracts with OEM's.
iPad is supposed to be a computer/tablet pc. That's completely different from a MP3 player or a game console - where publishers demand that it's a closed architecture, and where the price of hardware is subsidized by selling games. Neither one is true for iPad.
There is no reason for Apple to lock it down other than their greed. Sure, enable such lock-in and no-multi-tasking by default, but have a setting that you can easily change that opens it. Easily done, but Apple doesn't want to.
I'm quite sure Apple will take this approach with Mac OSX too. It just makes sense (especially business sense) in every way for Apple.
Mac OS X is not open source. It's just as closed as Windows, and will probably be even more when they move the locks from iPad/iPhone to Mac OSX. Just because it's based on old FreeBSD code or it has UNIX like characteristics in the underlying system doesn't make it more open.
If you'd get a normal tablet or computer, you wouldn't need to jailbreak it. Apple is moving us towards closed computer environments. If Microsoft did this everyone would be angry about it, but now that it's Apple its all fine and classy.
Slashdot Mirror
I suspect it uses normal exec(), just like it works in every other program.
Almost any Windows program doesn't require root/admin now a days, and if they do, it's for a reason. You can't really compare to Windows 98 and the programs from that age. If we go that route, we might as well start digging the hundreds of privilege escalation and remote exploits that Linux in its history has had.
You also don't need to run the whole desktop as root. You can launch Firefox by typing "firefox" in terminal (either in text-mode terminal, or the terminals in X), if it just has a desktop to connect to. This is how you start applications to a remote X desktop like Xming too.
It's not an Adobe bug, it's a feature in the PDF specs that can be exploited with user stupidity. That's the point I've been trying to made, no OS unless it's completely locked down a la iPhone will protect you from user stupidity. Not Windows, not Linux, not BSD.
Maybe Ubuntu pushes updates itself, but Debian, Fedora and CentOS doesn't. Not for me at least, and I haven't changed anything regarding that. If you want to update, you need to type in the yum update or apt-get update commands manually. And thats before we even get to programs or distros that have you compile themself and you have to make sure to periodically check them and keep them up to date.
Most malware doesn't need root/admin access. It's only needed if you want to pwn or hack the server. Malware on the other hand runs just happily in userland too.
Yes, Foxit patched it last week. It uses the same technique so the Foxit patch should work, but this new "exploit" just takes it a bit further in that the malware can be embedded in the PDF file.
"del" is a Windows command, not an application. It doesn't work the same way.
Also I know that most Linux users don't run as root - but just like with Windows, some people do it for convenience. Yes, there really are such people.. even I don't always su out of root even if some command between what I'm doing doesn't require root.
Did you even read the two-line summary?
The exploit affects Foxit as well as Adobe Acrobat software.
And that's the only software tested with. It's part of the PDF specs, so its likely other PDF readers are affected too.
If it can't boot after a vulnerability is exploited or you can't remove it within 30 minutes then have it count doubly so.
The days when malwares purpose to trash the system to an unbootable state have been over for 15 years. Now a days you don't really even notice them being on your machine unless its one of those which show fake virus alerts. How would you notice if it just starts sending spam or sniffing your passwords?
Another point is that you can fairly easily hide in a Linux system. If you absolutely need root access, there have been serious privilege escalation exploits over the years. Most of the Linux systems aren't even necessarily being patched consistently. I've seen one of these privilege exploits used on many hosting companies that usually keep their systems up to date and secure too. That beside the point that it's not usual that you even need root access.
Since it's part of the PDF specs, it should work in Linux too. What's even worse than with Windows is that since 'rm' is just a normal binary the PDF can launch that, and if you run as root privileges, just issue a command like "rm -rf /". If you don't run as root, then for example Ubuntu should give you the sudo box to input password to. This of course being just one of the examples it could do. Remember that most malware doesn't even need root access to function.
Another reason why it would be even more serious on Linux is the way you can pipe commands and how most systems come pre-packaged with a ton of little utility apps. You can create the whole malware with a series of commands, or wget a bash script from the internet and start that to hide even more malware in the system. Since most Linux systems dont even have the kind of application firewalls or antiviruses that Windows does, and because the Internet accessing is actually done via wget, they don't even get any kind of a "Give internet access to this application?" dialog.
It also doesn't help at all that most Linux users (especially those who are told so by the geeks!) believe that Linux cannot get malware. In my opinion this is a really stupid thing to do from those promoting Linux or Mac OS X as it will just lead to false sense of security.
And what does contact syncing between devices has to do with always-on lifestyle?
But it wasn't even Microsoft's fault, it was a bug in the rootkit code. They overwrote OS code they though never gets updated, and when MS update patched it.. well, crash.
What are you smoking? Windows kernel itself hasn't really been vulnerable to anything, it's the third party software like Flash, Adobe PDF Reader, internet browsers, and previously some services.
They weren't AK's or RPG's, they were cameras and camera tripods.
A short version with some initial analysis: http://www.youtube.com/watch?v=5rXPrfnU3G0
Full version: http://www.youtube.com/watch?v=is9sxRfU-ik
If you read the comments from Army and US in the video before it was now released to public, they're just really blatant lies. They also did not release the video when Reuters requested it by Freedom of Information Act. Like the earlier news note, they followed, photographed, filmed and detained a Wikileaks editor about this video, not knowing what will they uncover. There's definitely more dirty secrets they don't want anyone to know.
In the video you see the people weren't attacking anyone, weren't targeting anyone (hell, all they had was cameras!) and that they were just civilians walking on the street. The military clearly had no idea what they were doing. Now theres plans to employ remotely controlled UAC's too? Make it a video game so that you don't need to care about the people you are murdering. These are people with families, with kids, with a whole lot of their own life, dreams and childhood. Then some idiot with large caliber weapons comes and shoots them without even a blink of an eye or thinking what he is doing. In top of that the truth is held from the public and the families of those who were killed, and US Army admits no mistake. I have no respect for these people - they're scum.
But what about when you want to quickly use some other app? Then you have to close your chat. It's things like this that demand multitasking.
Probably in the US, but that service doesn't work elsewhere and even then not in places without wireless access point (and still not a pin-point location). With 3G you can get a lot more coverage, it works worldwide and you can pin-point your location based on several towers.
I don't think this is the ultimate device for keyboard-focussed nerds, but (as usual) that's not who Apple is aiming at.
But he noted that the iPad isn't usable even for grandmas. Lets face it, you have to use keyboard every now and then to use web or to do basically anything. That's not going to change until we have good speech recognition. Also if the iPad weights too much even for a guy without your hands getting sore, how can a grandma keep it in hand?
Fancy graphic designers and such that like Apple products also need Flash because thats what they develop for and is the de facto standard. But there's no support for Flash or any of the Adobe products. Therefore it's useless for that group too.
It's not good for business, as theres it weights a lot, doesn't run multiple IM and chat programs at the same time (when you want to login to MSN, you have to get off Skype), and it doesn't support MS Office.
It's not good for homes as theres no multiple user accounts.
Who is iPad aimed at then?
What would be "massively innovative and useful"? I think Courier looks innovative and way better than iPad and other tablets. Live and the community on Xbox 360 is something not on other devices and the in-game interface quite innovative. But I wouldn't say it's massively innovative, in fact nothing is. Are Google or Apple in some way massively innovative? No, neither one of them are. Apple just takes an open source project and polishes the user experience and interface. There was existing search engines before Google, but they just did it better. Nothing massively innovative there.
In fact, most of the time innovations come from small startups. Most of those fail, but some happen to come across something innovative and gets bough by larger companies.
Microsoft has always been loath to change and risk alienating some of its customers
Uh, maybe if you're only looking at Windows and/or Office products. They also seem to do greatly, so why fix something that isn't broken?
But with some of their other divisions I wish they didn't change. Anyone else remember such from Microsoft Games as Flight Simulator, Age of Empires series, Halo, Train Simulator, MechWarrior, Links, Midtown Madness, Motocross Madness.. Now that they changed they're not publishing or developing those kind of games anymore. In fact no one is. Microsoft Games is just for Xbox 360 anymore.
"Without someone at the top who feels an urgency to constantly innovate in meaningful ways, Microsoft will shrink and become less relevant with each birthday to come."
Just yesterday slashdotters laughted how Microsoft is burning money on their online division like Bing and other properties, how it's completely useless. Which one it is now, to think long term or not to think?
The cashback comes from the stores pockets. Amazon, eBay and almost every store has a commission system for affiliates. Microsoft might even be making money out of the cashback system if they don't give it fully to the user, but keep a small share themself.
And in turn Apple doesn't allow you to run their OS on any other hardware than Apple's own. I'm quite sure that's not a better thing than MS making Windows contracts with OEM's.
iPad is supposed to be a computer/tablet pc. That's completely different from a MP3 player or a game console - where publishers demand that it's a closed architecture, and where the price of hardware is subsidized by selling games. Neither one is true for iPad.
There is no reason for Apple to lock it down other than their greed. Sure, enable such lock-in and no-multi-tasking by default, but have a setting that you can easily change that opens it. Easily done, but Apple doesn't want to.
Just don't be upset if Apple happens to be the market leader.
People are upset because Windows is market leader. People are upset because IE is market leader. What makes Apple different?
I'm quite sure Apple will take this approach with Mac OSX too. It just makes sense (especially business sense) in every way for Apple.
Mac OS X is not open source. It's just as closed as Windows, and will probably be even more when they move the locks from iPad/iPhone to Mac OSX. Just because it's based on old FreeBSD code or it has UNIX like characteristics in the underlying system doesn't make it more open.
If you want to compare to other tablets, compare to those running Windows XP/Win7 or some kind of *nix. Kindle isn't an tablet, it's ebook reader.
And in this case, even the Windows tablets are a lot more open iPad. Or have you recently jailbroken your Windows installation?
If you'd get a normal tablet or computer, you wouldn't need to jailbreak it. Apple is moving us towards closed computer environments. If Microsoft did this everyone would be angry about it, but now that it's Apple its all fine and classy.