i guess because many people require a driving license to be a productive member of society. taking away someone's license, causing them to lose their job and go on public assistance or worse isn't good for anyone. so you allow them to drive to work only.
Clue tip. just because someone has or is working towards a Phd, is head of a company, and so on, don't assume they are clever or smart. judge by the content. in the real world, simpler is better. i assume that applies to the world of digital attacks as well.
the article discusses a very convoluted and complicated way to perform a phishing attack. the point is you don't need to know anything more than the foreground process. e.g., run the "bank of whatever" app. when the login screen comes up, run your app and see that the activity is "com.bank.LoginActivity". now your phishing app watches for that, and inserts it's fake login screen on top of that. simple and effective. doesn't rely on spurious metrics from the device that are going to vary based on the device, other processes, and so on.
the article takes something simple and makes it needlessly complex. i guess that's fine for thesis. the point of which isn't necessarily practicality but doing something in a novel way.
TFA article isn't much more than an academic exercise. practically what they are doing makes little sense. if you want to know the foreground process, you don't have to look at shared memory and fingerprints. do this,
that's it. start a service that queries this every 500ms or whatever. or, use this in conjunction w/ the shared memory "UI state change" trigger TFA article discusses. you now know the foreground app, activity, it's name, it's unique identifier, it's icon, everything.
this requires the android.permission.GET_TASKS but someone that's going to fall for a phishing attack isn't going to be aware enough to note that permission either.
1. in android, you can detect when the UI state changes (a new activity, or screen is brought to the foreground) by looking into a shared memory channel. this tells you nothing else other than that the UI state has changed.
2. you can build a "fingerprint" of a particular UI state change based on CPU utilization, network activity, process list, or possibly other things when the state change occurs. you can use this, plus #1 to know when *specific* UI state changes are occurring.
3. if you have managed to get a malicious app installed, and you know when a specific UI state change is occurring, the malicious app can impersonate the real UI state change, fooling the user into entering sensitive information.
Make the sender, subject and body look like spam so they won't open the file and you could probably ruin somebody's life quite thoroughly.
sigh. if it was really that easy, don't you think it would have happened by now?
no one is getting locked up because they were sent a spam email with child porn. it hasn't happen and it won't happen. google's not that stupid and even the FBI isn't that stupid.
here's what websites / apps, whatever will do: WHATEVER MAKES THEM THE MOST MONEY. they've learned that almost no one will pay then $X a month to access, but almost everyone is happy with having a few ads in the sidebar and accessing for "free".
like it or not, that's what consumers want.
Some website operators are greedy, they want the "free" page views and they want the income at the same time. That's evil. Luckily there are plenty of people like me, who have well paying day jobs, and have no problem whatsoever to give away free software to help ordinary people deal with and filter that shit out.
wanting to get paid for a service you provide is not evil. i assume you provide a service for your day job that you already admitted you get paid for? so you are you evil? no, it's just that you decided the work you do is worth getting paid for. well, great, bully for you then huh?
I can literally order everything I need and have it shipped to me, and never touch amazon. Lowes, Giant Foods, clothing stores, Ali Baba, Ebay, all have online stores.
yep, and you have to remember your logins for all those stores, go through a lengthy registration process re-entering your CC info, addresses, and so on.
that's not how it works. it didn't wear off, your spouse's vision has just continued to naturally degenerate to the point that it was when she had the surgery. if she didn't have the surgery it would have been much worse now.
the whole point of Apple's ebook efforts was to provide a bulwark against the Amazon Ultron-like eater-of-worlds mopolistic behavior. It was a last ditch effort from apple and the publishers to try and prevent Amazon from eating and owning the entire author and book industry, from writing books to editing them to printing them to selling them.
so your whole argument is that it was okay for apple to commit a crime to thwart amazon from becoming more successful? if amazon ended up breaking laws, so be it, and let them stand accountable at that point.
apple isn't some angel coming down from on high to protect the poor little ebook authors. they were simply trying to thwart a competitor from becoming dominant in the field. they wanted a (larger) piece of the pie, and they broke the law trying to get it.
the irony of course is that Amazon is the one that pushed the DOJ in the first place, and that an "independent" lawyer involved on the plaintiff's side does a lot of work for amazon and even works out of Amazon's building.
big companies never fire employees unless it's something really, really terrible.
i talked to a manager about this once. to fire someone, he needed to go through 3 cycles of evaluating, documenting their deficiencies, and laying out a plan for improvement with the employee. he said it just wasn't worth his time. thinking back on this, that seems like a cop-out. they should have subtracted that employee's wages from his, because that's what he was losing the company by letting them stay on.
Pity that corporations like this always seem to want to lay everyone off at once, though. Why can't they do it gradually?
because that's absolutely terrible for morale. employees don't like coming in to work every day wondering if they are going to be asked to clear out their desk. it's much better to have a week of chaos and bad feelings then get back to business.
But mostly because it seems the new CEO has accepted they aren't going to succeed in mobile devices
no, it means they don't need two accounting depts, two HR depts, two public relations depts, and so on. it also means they don't need to continue (or at least start phasing out) development of non-MSFT mobile operating systems.
they sure as hell do. employees are a massive liability not only in wages but in healthcare, vacation balances, matching 401k, and other benefits.
in big companies, there is always some percent of people that are just hanging on taking up space. clearing them out is actually good for everyone. nothing is more demoralizing than watching someone collect a paycheck for doing nothing while you work your ass off. for the laid off employee it usually ends up being a pretty good deal too considering severance.
but it's not easier to bring a tablet and a laptop than to just bring a laptop, right? and since a laptop does everything a tablet does (faster and on a bigger screen), why in earth would anyone ever need a tablet?
which by design only really does much when a smart-phone is in your pocket
i'm in BT range of my phone 99% of the day, and i think that's pretty typical.
Re:In a watch, batteries should last a year or mor
on
Android Wear Is Here
·
· Score: 1
the tablet allows them to... not open their laptop? that's it. subset of the functionality of their laptop, and it doesn't do [the functionality] well since it has a smaller screen and a slower processor. there's nothing compelling about them.
first, you do realize what you suggest is called extortion, and it's illegal obviously. for a minute i was thinking that was your line but i guess not.
if goldman sachs wanted to cut a deal with me, why wouldn't I exploit that as much as possible?
if you saw someone drop $20 on the street, would you pick it up and walk away? if you saw an unlocked car w/ a briefcase, would you open the door and take it? if a business left their bank bag on the counter unattended, would you grab it? if you were a used car salesperson and had the opportunity to unload a lemon on a young, first time car buyer, would you do it?
with your attitude, the answer to all these questions is "of course, why wouldn't I"? the reason you wouldn't is because you realize that we live in a society and despite laws and law enforcement and courts, it largely depends on people "doing the right thing" to maintain order.
for most of us, this is just ingrained in our personalities. call it empathy. we subconsciously put ourselves in the place of others and give it the "how would you like it?" test. i know this type of thinking is completely alien to you, but i just wanted to give you a little glimpse into how the humans think.
my brother, who works in finance, has a favorite expression for when he gets the extreme upper hand in a deal. "ripping their faces off".
i'd love to get your parents in a room and just tell them what a great job they did on you and your brother. clearly upstanding, pillars of our society you two are.
it's not like we're dealing with a little old lady or a church
GS is an investment firm that manages the money of many old ladies and churches, so yeah, you are dealing with them indirectly.
Slashdot Mirror
i guess because many people require a driving license to be a productive member of society. taking away someone's license, causing them to lose their job and go on public assistance or worse isn't good for anyone. so you allow them to drive to work only.
Clue tip. just because someone has or is working towards a Phd, is head of a company, and so on, don't assume they are clever or smart. judge by the content. in the real world, simpler is better. i assume that applies to the world of digital attacks as well.
the article discusses a very convoluted and complicated way to perform a phishing attack. the point is you don't need to know anything more than the foreground process. e.g., run the "bank of whatever" app. when the login screen comes up, run your app and see that the activity is "com.bank.LoginActivity". now your phishing app watches for that, and inserts it's fake login screen on top of that. simple and effective. doesn't rely on spurious metrics from the device that are going to vary based on the device, other processes, and so on.
the article takes something simple and makes it needlessly complex. i guess that's fine for thesis. the point of which isn't necessarily practicality but doing something in a novel way.
thanks for pointing out another correlation.
TFA article isn't much more than an academic exercise. practically what they are doing makes little sense. if you want to know the foreground process, you don't have to look at shared memory and fingerprints. do this,
ActivityManager am = (ActivityManager) AppService.this.getSystemService(ACTIVITY_SERVICE); .topActivity.getPackageName(); ...
RunningTaskInfo foregroundTaskInfo = am.getRunningTasks(1).get(0);
String foregroundTaskPackageName = foregroundTaskInfo
PackageManager pm = AppService.this.getPackageManager();
PackageInfo foregroundAppPackageInfo = pm.getPackageInfo(foregroundTaskPackageName, 0);
that's it. start a service that queries this every 500ms or whatever. or, use this in conjunction w/ the shared memory "UI state change" trigger TFA article discusses. you now know the foreground app, activity, it's name, it's unique identifier, it's icon, everything.
this requires the android.permission.GET_TASKS but someone that's going to fall for a phishing attack isn't going to be aware enough to note that permission either.
basically, a well-timed phishing attack.
1. in android, you can detect when the UI state changes (a new activity, or screen is brought to the foreground) by looking into a shared memory channel. this tells you nothing else other than that the UI state has changed.
2. you can build a "fingerprint" of a particular UI state change based on CPU utilization, network activity, process list, or possibly other things when the state change occurs. you can use this, plus #1 to know when *specific* UI state changes are occurring.
3. if you have managed to get a malicious app installed, and you know when a specific UI state change is occurring, the malicious app can impersonate the real UI state change, fooling the user into entering sensitive information.
41% is still a minority. are we done w/ iphone v. android for the day?
Make the sender, subject and body look like spam so they won't open the file and you could probably ruin somebody's life quite thoroughly.
sigh. if it was really that easy, don't you think it would have happened by now?
no one is getting locked up because they were sent a spam email with child porn. it hasn't happen and it won't happen. google's not that stupid and even the FBI isn't that stupid.
Ads are pollution, and have zero value.
here's what websites / apps, whatever will do: WHATEVER MAKES THEM THE MOST MONEY. they've learned that almost no one will pay then $X a month to access, but almost everyone is happy with having a few ads in the sidebar and accessing for "free".
like it or not, that's what consumers want.
Some website operators are greedy, they want the "free" page views and they want the income at the same time. That's evil. Luckily there are plenty of people like me, who have well paying day jobs, and have no problem whatsoever to give away free software to help ordinary people deal with and filter that shit out.
wanting to get paid for a service you provide is not evil. i assume you provide a service for your day job that you already admitted you get paid for? so you are you evil? no, it's just that you decided the work you do is worth getting paid for. well, great, bully for you then huh?
please.
I can literally order everything I need and have it shipped to me, and never touch amazon. Lowes, Giant Foods, clothing stores, Ali Baba, Ebay, all have online stores.
yep, and you have to remember your logins for all those stores, go through a lengthy registration process re-entering your CC info, addresses, and so on.
that's not how it works. it didn't wear off, your spouse's vision has just continued to naturally degenerate to the point that it was when she had the surgery. if she didn't have the surgery it would have been much worse now.
the whole point of Apple's ebook efforts was to provide a bulwark against the Amazon Ultron-like eater-of-worlds mopolistic behavior. It was a last ditch effort from apple and the publishers to try and prevent Amazon from eating and owning the entire author and book industry, from writing books to editing them to printing them to selling them.
so your whole argument is that it was okay for apple to commit a crime to thwart amazon from becoming more successful? if amazon ended up breaking laws, so be it, and let them stand accountable at that point.
apple isn't some angel coming down from on high to protect the poor little ebook authors. they were simply trying to thwart a competitor from becoming dominant in the field. they wanted a (larger) piece of the pie, and they broke the law trying to get it.
the irony of course is that Amazon is the one that pushed the DOJ in the first place, and that an "independent" lawyer involved on the plaintiff's side does a lot of work for amazon and even works out of Amazon's building.
i don't think you understand what irony means.
big companies never fire employees unless it's something really, really terrible.
i talked to a manager about this once. to fire someone, he needed to go through 3 cycles of evaluating, documenting their deficiencies, and laying out a plan for improvement with the employee. he said it just wasn't worth his time. thinking back on this, that seems like a cop-out. they should have subtracted that employee's wages from his, because that's what he was losing the company by letting them stay on.
Pity that corporations like this always seem to want to lay everyone off at once, though. Why can't they do it gradually?
because that's absolutely terrible for morale. employees don't like coming in to work every day wondering if they are going to be asked to clear out their desk. it's much better to have a week of chaos and bad feelings then get back to business.
But mostly because it seems the new CEO has accepted they aren't going to succeed in mobile devices
no, it means they don't need two accounting depts, two HR depts, two public relations depts, and so on. it also means they don't need to continue (or at least start phasing out) development of non-MSFT mobile operating systems.
Moves like this don't really help anything.
they sure as hell do. employees are a massive liability not only in wages but in healthcare, vacation balances, matching 401k, and other benefits.
in big companies, there is always some percent of people that are just hanging on taking up space. clearing them out is actually good for everyone. nothing is more demoralizing than watching someone collect a paycheck for doing nothing while you work your ass off. for the laid off employee it usually ends up being a pretty good deal too considering severance.
Ask the studios and they will say billions.
considering it's a multi-hundred-billion dollar industry, "billions" does qualify as modest.
a few measly degrees warmer in the coming decades won't do it either
man, you really don't understand climate change.
"if you can compile C to machine code, i don't get the point of C."
understand now?
but it's not easier to bring a tablet and a laptop than to just bring a laptop, right? and since a laptop does everything a tablet does (faster and on a bigger screen), why in earth would anyone ever need a tablet?
which by design only really does much when a smart-phone is in your pocket
i'm in BT range of my phone 99% of the day, and i think that's pretty typical.
Are these water-resistant?
yes. both of them.
the tablet allows them to ... not open their laptop? that's it. subset of the functionality of their laptop, and it doesn't do [the functionality] well since it has a smaller screen and a slower processor. there's nothing compelling about them.
Today it's a bird the size of a dinosaur.
birds *are* dinosaurs.
first, you do realize what you suggest is called extortion, and it's illegal obviously. for a minute i was thinking that was your line but i guess not.
if goldman sachs wanted to cut a deal with me, why wouldn't I exploit that as much as possible?
if you saw someone drop $20 on the street, would you pick it up and walk away?
if you saw an unlocked car w/ a briefcase, would you open the door and take it?
if a business left their bank bag on the counter unattended, would you grab it?
if you were a used car salesperson and had the opportunity to unload a lemon on a young, first time car buyer, would you do it?
with your attitude, the answer to all these questions is "of course, why wouldn't I"? the reason you wouldn't is because you realize that we live in a society and despite laws and law enforcement and courts, it largely depends on people "doing the right thing" to maintain order.
for most of us, this is just ingrained in our personalities. call it empathy. we subconsciously put ourselves in the place of others and give it the "how would you like it?" test. i know this type of thinking is completely alien to you, but i just wanted to give you a little glimpse into how the humans think.
my brother, who works in finance, has a favorite expression for when he gets the extreme upper hand in a deal. "ripping their faces off".
i'd love to get your parents in a room and just tell them what a great job they did on you and your brother. clearly upstanding, pillars of our society you two are.
it's not like we're dealing with a little old lady or a church
GS is an investment firm that manages the money of many old ladies and churches, so yeah, you are dealing with them indirectly.
sigh. it's sad that's where your mind goes.
the developers are declaring this release stable enough for every day use
anyone see anything wrong with that statement?