Hoofnagle heads the privacy foundation set up with money collected from settlements of privacy lawsuits against Facebook.
Hoofnagle is clearly objective/sarcasm... not that Facebook isn't evil, or that Google isn't building up one of the biggest data collections humankind will ever encounter... but he is employed by a company that pays it's bills because of suing Facebook.
The name they use for this is misleading - it has nothing to do with other tabs. It only requires you to leave the malicious page you initially landed on. You don't need to go to a new tab, all you need to do is go to a new tab or page or other application, as long as the malicious page/tab loses focus - it uses the window.onblur() event:
* You land on a malicious page, usually from a legit looking fake e-mail
* The malicious page displays HTML copied/scraped/etc from the legit site the e-mail was faking
* You go to another tab, window or application
* After 5 seconds (in the demo) the malicious page replaces its content with the 'scam' login for either the original page it displayed or another site (such as Gmail, Facebook, etc)
* When you return to the malicious "tab" you encounter the scam login.
The page the exploit takes you to is not legitimate, it just looks legit because it loads a copy of the correct site's login page... then swaps them if you leave the tab.
Changing it when you're not looking is done very easily: window.onblur = function(){ ;TIMER = setTimeout(changeItUp, 5000);
}
BTW, this isn't just a FireFox issue, he's only tested it in FireFox. It also works in Safari and IE 7 but didn't take in Chrome 5 (Mac).
New plan: steal my own identity sloppily under the guise of your identity which I stole perfectly. Now polish my boots!
Now, that is just evil. Go to your room and think about what you've... um, on the other hand, stop thinking about that stuff before you come up with an even more devilish plan.
NoScript will help because this is done via simple javascript. The 'tab' is not manipulated - a new front-most 'div' appears that displays the fake login screen. I'm sure the same type of thing could be accomplished by changing the document.location via a timer rather than displaying a new div.
The tech behind this type of scam is not new by any means... it's just that the concept is different.
So his "exploit" is to wait until you are away from HIS tab and then alter HIS tab to look like it is a different site.
Exactly... but if the 'fake' site checks your browser history for the specific fake login screens they have in their repertoire then they can show one that you have used recently.
Um, the iPhone (all versions), iPod Touch (all versions) and the iPad (all versions). Gee, I thought that list was required reading to get an account on/.?
Unfortunately, Write once, run anywhere will never be a reality. And that isn't necessarily a bad thing. No software or tech company is going to be able to make sure their products run on everything. And every platform/OS company shouldn't have to make their products support every other product out there.
Sure, Flash should play nice on all the major platforms, but it doesn't (and probably never will). If you can live without it (I can) then you don't install Flash. The consumer ends up with a mishmash of choices and someone is always going to be saying "but I wanted A, D, F, K & N with R, but I can't get exactly that mix". Not everyone is going to be happy. Not every consumer, not every software company and not every platform/OS company.
These numbers are tasty, but they also are misleading and jump to conclusions. They're assuming everyone who tried GoogleMan was at work? I wasn't... I guess I'm the only person who uses Google for non-work purposes? They really aught to try to break into the "home users who use search engine" market, who knows, they may be able to significantly expand their user base.
They're assuming 36 extra seconds per visit, too. If you "count to 11" like they suggest, counting to 47 will demonstrate that they're guestimating far too much time was spent on GoogleMan.
Yes, but since he'll be revealing, um, announcing iPhone v4 you needed to be 4th in the thread to win. Better luck next time, and thanks for participating.
I thought Apple's approach was to strictly control both the hardware platform and the developer's tools, both to ensure they will work together and also to make it highly inconvenient for developers to port their apps to other platforms like Android. That sounds like marketing and vendor lock-in experience.
Most app features will work on most iProducts... but not all. When iPhone 4.0 comes out this summer some of the newer features won't work on earlier handsets (ie, multitasking won't work on a 3G or earlier handsets). Yes, Apple is evil for their lock-in, but I was referencing the article's main subject, which is fragmentation & obsolescence due to handset and OS vertsions.
The term "software experience" seems to suggest that they have tackled the complexity involved with developing for diverse systems instead of avoiding it.
Their Macintosh consumer software experience. They've had a lot of years of practice making sure most, but not all, software runs on older (and newer) versions of their Mac OS. That experience translates directly to making sure the same thing happens on the iProduct lines.
I don't feel like buying enough handsets to cover my desk.
I wouldn't be able to keep all the chargers straight anyway.
Just get a used vending machine, put each phone into a 'slot', attach the charger cord with a loose zip-tie and you're all set. Heck, if you set them each to cost $1 you'll save up enough for the next handset in no time;-)
These "growing pains" need to be worked out, but app developers will quickly learn to check versions at runtime to make sure most of their features will work in older (or newer) versions of Android.
Apple took care very well from the start, but they've had lots of consumer software experience. Goole & Android will get their act together... it will just take a little time.
I agree with you, but their total acceptance (if not assistance) of piracy will never be reversed enough to get to a point where FOSS will be a realistic option. Their economy can't afford to pay market value for software, and they value their own economy over everyone else's combined, so it just won't ever happen.
I hope they do start to enforce copyright more on software. It is likely to steer them more towards FOSS solutions and that will ultimately benefit them and everyone else, too.
Not trolling, flaming, etc... but why on earth would they want to get FOSS solutions when they already are getting the top commercial solutions for $1 or $2 (if not free). Even at their very low wages the cost of switching to another software solution would cost far more than the pirated software costs them.
Slashdot Mirror
So, I'm to understand that 2010 - 1973 = 50.
Back in the early days of computing they had a little trouble "carrying the one" when doing subtraction ... and it looks like the the other 12, two ;-)
The links don't say what PLATO is, except "the greatest untold story in the history of computing". So, what the heck is it?
The top 3 US States were:
*Delaware (15.56)
*Rhode Island (15.21)
*Massachusetts (15.01)
Bottom 3 US States:
*Montana (5.02)
*Idaho (4.29)
*Alaska (2.27)
Hoofnagle heads the privacy foundation set up with money collected from settlements of privacy lawsuits against Facebook.
Hoofnagle is clearly objective /sarcasm ... not that Facebook isn't evil, or that Google isn't building up one of the biggest data collections humankind will ever encounter ... but he is employed by a company that pays it's bills because of suing Facebook.
I think you meant to post "$#*! the $#*!ing $#*!ers!"
The name they use for this is misleading - it has nothing to do with other tabs. It only requires you to leave the malicious page you initially landed on. You don't need to go to a new tab, all you need to do is go to a new tab or page or other application, as long as the malicious page/tab loses focus - it uses the window.onblur() event:
* You land on a malicious page, usually from a legit looking fake e-mail
* The malicious page displays HTML copied/scraped/etc from the legit site the e-mail was faking
* You go to another tab, window or application
* After 5 seconds (in the demo) the malicious page replaces its content with the 'scam' login for either the original page it displayed or another site (such as Gmail, Facebook, etc)
* When you return to the malicious "tab" you encounter the scam login.
The page the exploit takes you to is not legitimate, it just looks legit because it loads a copy of the correct site's login page ... then swaps them if you leave the tab.
Changing it when you're not looking is done very easily:
;TIMER = setTimeout(changeItUp, 5000);
window.onblur = function(){
}
BTW, this isn't just a FireFox issue, he's only tested it in FireFox. It also works in Safari and IE 7 but didn't take in Chrome 5 (Mac).
New plan: steal my own identity sloppily under the guise of your identity which I stole perfectly. Now polish my boots!
Now, that is just evil. Go to your room and think about what you've ... um, on the other hand, stop thinking about that stuff before you come up with an even more devilish plan.
NoScript will help because this is done via simple javascript. The 'tab' is not manipulated - a new front-most 'div' appears that displays the fake login screen. I'm sure the same type of thing could be accomplished by changing the document.location via a timer rather than displaying a new div.
... it's just that the concept is different.
The tech behind this type of scam is not new by any means
So his "exploit" is to wait until you are away from HIS tab and then alter HIS tab to look like it is a different site.
Exactly ... but if the 'fake' site checks your browser history for the specific fake login screens they have in their repertoire then they can show one that you have used recently.
Remind me what devices iPhone OS runs on?
Um, the iPhone (all versions), iPod Touch (all versions) and the iPad (all versions). Gee, I thought that list was required reading to get an account on /.?
Unfortunately, Write once, run anywhere will never be a reality. And that isn't necessarily a bad thing. No software or tech company is going to be able to make sure their products run on everything. And every platform/OS company shouldn't have to make their products support every other product out there.
Sure, Flash should play nice on all the major platforms, but it doesn't (and probably never will). If you can live without it (I can) then you don't install Flash. The consumer ends up with a mishmash of choices and someone is always going to be saying "but I wanted A, D, F, K & N with R, but I can't get exactly that mix". Not everyone is going to be happy. Not every consumer, not every software company and not every platform/OS company.
These numbers are tasty, but they also are misleading and jump to conclusions. They're assuming everyone who tried GoogleMan was at work? I wasn't ... I guess I'm the only person who uses Google for non-work purposes? They really aught to try to break into the "home users who use search engine" market, who knows, they may be able to significantly expand their user base.
They're assuming 36 extra seconds per visit, too. If you "count to 11" like they suggest, counting to 47 will demonstrate that they're guestimating far too much time was spent on GoogleMan.
Troll?? With LUL? Some moderators need to learn this new "internets speak" or find a link to acronymfinder.com.
Whatever the substantive motives for the delay in publication are -
He probably just wanted to make damn sure no one was still alive who could contest his version of his life when it was published.
There, I said it. Did I say it first?
Yes, but since he'll be revealing, um, announcing iPhone v4 you needed to be 4th in the thread to win. Better luck next time, and thanks for participating.
The cache is 4GB, the drive is up to a 500 GB 'traditional' drive.
The performance of the drive gets better over time as it 'learns' your most frequently used files. I hope it's smart enough to ignore the 'swapfile'.
Oh god, you too? Let's throw a hatch party!
WooHoo!! I'll bring some DVD's for entertainment. How about that TV show Lost? I've heard some curious things about it.
Lost describes how viewers feel from episode to episode. I can only imagine they feel some measure of relief now.
I thought Apple's approach was to strictly control both the hardware platform and the developer's tools, both to ensure they will work together and also to make it highly inconvenient for developers to port their apps to other platforms like Android. That sounds like marketing and vendor lock-in experience.
Most app features will work on most iProducts ... but not all. When iPhone 4.0 comes out this summer some of the newer features won't work on earlier handsets (ie, multitasking won't work on a 3G or earlier handsets). Yes, Apple is evil for their lock-in, but I was referencing the article's main subject, which is fragmentation & obsolescence due to handset and OS vertsions.
The term "software experience" seems to suggest that they have tackled the complexity involved with developing for diverse systems instead of avoiding it.
Their Macintosh consumer software experience. They've had a lot of years of practice making sure most, but not all, software runs on older (and newer) versions of their Mac OS. That experience translates directly to making sure the same thing happens on the iProduct lines.
I don't feel like buying enough handsets to cover my desk.
I wouldn't be able to keep all the chargers straight anyway.
Just get a used vending machine, put each phone into a 'slot', attach the charger cord with a loose zip-tie and you're all set. Heck, if you set them each to cost $1 you'll save up enough for the next handset in no time ;-)
These "growing pains" need to be worked out, but app developers will quickly learn to check versions at runtime to make sure most of their features will work in older (or newer) versions of Android.
... it will just take a little time.
Apple took care very well from the start, but they've had lots of consumer software experience. Goole & Android will get their act together
I agree with you, but their total acceptance (if not assistance) of piracy will never be reversed enough to get to a point where FOSS will be a realistic option. Their economy can't afford to pay market value for software, and they value their own economy over everyone else's combined, so it just won't ever happen.
I hope they do start to enforce copyright more on software. It is likely to steer them more towards FOSS solutions and that will ultimately benefit them and everyone else, too.
Not trolling, flaming, etc ... but why on earth would they want to get FOSS solutions when they already are getting the top commercial solutions for $1 or $2 (if not free). Even at their very low wages the cost of switching to another software solution would cost far more than the pirated software costs them.