I don't believe you've understood Android's security model (though I'm not an expert myself). The local user cannot do those things, and the user does not have ultimate permission. Unless there is an exploit on the device. There have been plenty of devices that were un-rootable. My HTC One M7 was un-rootable (probably still is), unless you use HTC tools to perform operations on the device when it is not booted into Android. There was literally no way for the OS's local user to gain escalated permissions. If this new exploit changes that, it's not because "remote user == local user" or because "access to the device == complete pwned". You're simplifying it. This is only possible because TeamViewer is somehow running arbitrary commands with system permissions. Prior to this exploit, a local user could not do that.
If you install TeamViewer on Mac, people can take over your machine over the internet. That's what it's designed for. Therefore, from a security perspective TeamViewer is a very bad idea.
It's no surprise that an application designed to give someone else full control of your machine is imperfect, and therefore can sometimes allow full access by someone who shouldn't have access.
Wee difference there. On Android, nobody is supposed to get full control of the system. If someone is using TeamViewer to control it, they should not need more permissions than the local user has. After all, it's a screen sharing app. The remote user can only do what the local user can do.
It seems like the app has additional permissions to do things that normally wouldn't be possible (screen capture is what the article mentions), but somehow these extra permissions are made available to one of the users. That must be the vulnerability.
> Check Point researchers found an app that is actively exploiting the vulnerability. A tool called “Recordable Activator” from UK-based Invisibility Ltd is advertised as an “EASY screen recorder” that doesn’t require root access to the device. But in fact once installed from the Google Play store, the app downloads a vulnerable version of the TeamViewer plug-in from another source... "“it’s [the plug-in] considered trusted by Android, and is granted system-level permissions. From this point ‘Recordable Activator’ exploits the authentication vulnerability and connects with the plug-in to record the device screen.”
Am I the only one that thinks this is incredibly cool? It's not clear to me whether this is exactly the same thing as a root exploit, but some screen recording app developers figured out they could hijack an old version of a well-known app that can do screen recording. This is just a beautiful hack.
But I didn't think having system-level permissions was enough to root a device. And furthermore, does this hack let you do arbitrary actions, or only the actions that the plugin would do?
This article is from April, and their data collection was presumably from some time before that. However, if you check the following map (updated hourly), it looks like the air is still terrible, despite China making some attempts to solve this problem:
But I gather the scene is still one file, mostly? I mean, it's easy to edit assets separately, but the summary makes it sound like almost *everything* can be edited concurrently. Have they just been really clever about how to separate every tiny little piece of data, so every detail is considered an asset? (And of course, they would need a clever way to store how information is mapped to assets, so the mappings themselves are not the cause of conflicts.)
Don't enzymes need to be produced by the body? (I.e., they aren't alive and won't replicate just because we're feeding them.)
On the other hand, maybe the body will start producing enzymes when they're needed, in some cases. Is there a microbiologist/nutritionist in the house?
Enzymes aren't the same as gut bacteria--our body actually produces them. I've been told that whether a person produces a given enzyme (like lactase) partly depends on their habits (if they continue drinking milk throughout their lives), but I believe there's also a strong genetic component.
Do all ads pay per click, nowadays? Because I think I've only clicked one ad in the past year, so I shouldn't feel guilty about bypassing ads.
On the other hand, if some ads still pay per page-view, then I might want to think about tweaking my ad-blocking so that I don't block ads on a domain until they do something that bothers me (ad with sound, ads that severly slow down a page, inappropriate ad, etc.)
I'd like to see what happens. I do not support this ban, but I look forward to reading about its effect on the behavior and crimes of children and young adults (assuming that a few years from now, someone manages to get good data about the behavior of children).
On my distro (arch) they're automatically bound to the "XF86Back" and "XF86Forward", and think they only generate one keycode for me. It might prove fruitful to search for instructions about how to get media keys working with linux.
I love the keyboard on my 2.5 year old thinkpad. Especially the dedicated "back" and "forward" buttons, which I've remapped to more useful functions. In fact, I think the keyboard is almost a "killer feature" that none of their competitors can match. If they start removing buttons I use, I may be able to make my next laptop a system76 or clevo.
The word isn't offensive--it would only be offensive if the church was claiming to be Jewish. (I had before never heard "Jewry" used as a location--only things like the "Jewish Quarter".)
To understand why it's offensive when Christians say they're Jews, imagine you're a Catholic. Some guy (born Catholic) takes your Bible and starts a cult around it, decrying old tenets, adding new and incompatible beliefs, and worshipping another god (alongside your old God). The cult becomes very big, many times more numerous than Catholicism. Then some members of this cult start calling it Catholicism. You might feel like your own culture was a little threatened.
This church is called "St Lawrence Jewry"? What a confusing and possibly offensive (to Jews) name for a church. Unless there's something I'm missing about British English.
it does make Staph less problematic, in that, for serious infections, antibiotics can still be used
Yeah, you're right. The article says at one point that "we don't have modern antibiotics, because if we had them here, doctors would use them." I incorrectly interpreted that to mean that they just don't use modern antibiotics, no matter how serious the infection.
I clarified here But what I meant was that in the great majority of cases, if you get staph in the US, your situation is the same as if you get it in Norway: you will either be given antibiotics that don't work, or you will not be given antibiotics. In either case, your body has to fight off the infection on its own, which takes time, but we don't have a better way. (The caveat is that Norway does use antibiotics if a patient's life is in danger.)
Sorry to reply to myself, but I didn't read the whole article before. Apparently they do give out antibiotics in the most extreme cases, and that seems much more reasonable than "we don't have MRSA because we just let our Staph victims die."
As I understood it, there are 2 separate things Norway is doing to fight MRSA, and they are not related (although the article doesn't point that out):
1. Norway is tracking the spread of Staph and quarantining victims to limit the spread.
2. According to the article, Norway isn't prescribing modern antibiotics. This ensures that the Staph that is being passed around Norway probably isn't resistant to antibiotics. This does not make Staph less problematic or control its spread in any way. I'm all for stemming the overuse of antibiotics, but this article smacked of propaganda--or it simply didn't tell the whole story.
I'm not sure whether ancient Hebrew had vowels, but I do know that modern Hebrew is written without vowels in just about every place except a dictionary.
I would add that if your goal is to get a job offer, learning is as important as doing a good job. I interned with a film company, and by all feedback I got, I did great work for them. But by the end of the internship, I hadn't really learned all their products and hadn't gained enough background to be a really attractive hire. They didn't offer me a job--I believe I would have had a better chance if I had asked twice as many questions (about things that weren't related to my current project) and learned a lot more about the domain--for the OP, that may mean learning about how a wireless stack works, even if your job is system administration stuff, for example.
If it's not hot enough to melt the tape entirely, you could probably use JB Weld or a similar epoxy to glue the sensor on. I imagine that would be a lot safer than using duct tape.
Slashdot Mirror
I don't believe you've understood Android's security model (though I'm not an expert myself). The local user cannot do those things, and the user does not have ultimate permission. Unless there is an exploit on the device. There have been plenty of devices that were un-rootable. My HTC One M7 was un-rootable (probably still is), unless you use HTC tools to perform operations on the device when it is not booted into Android. There was literally no way for the OS's local user to gain escalated permissions. If this new exploit changes that, it's not because "remote user == local user" or because "access to the device == complete pwned". You're simplifying it. This is only possible because TeamViewer is somehow running arbitrary commands with system permissions. Prior to this exploit, a local user could not do that.
If you install TeamViewer on Mac, people can take over your machine over the internet. That's what it's designed for. Therefore, from a security perspective TeamViewer is a very bad idea.
It's no surprise that an application designed to give someone else full control of your machine is imperfect, and therefore can sometimes allow full access by someone who shouldn't have access.
Wee difference there. On Android, nobody is supposed to get full control of the system. If someone is using TeamViewer to control it, they should not need more permissions than the local user has. After all, it's a screen sharing app. The remote user can only do what the local user can do.
It seems like the app has additional permissions to do things that normally wouldn't be possible (screen capture is what the article mentions), but somehow these extra permissions are made available to one of the users. That must be the vulnerability.
> Check Point researchers found an app that is actively exploiting the vulnerability. A tool called “Recordable Activator” from UK-based Invisibility Ltd is advertised as an “EASY screen recorder” that doesn’t require root access to the device. But in fact once installed from the Google Play store, the app downloads a vulnerable version of the TeamViewer plug-in from another source... "“it’s [the plug-in] considered trusted by Android, and is granted system-level permissions. From this point ‘Recordable Activator’ exploits the authentication vulnerability and connects with the plug-in to record the device screen.”
Am I the only one that thinks this is incredibly cool? It's not clear to me whether this is exactly the same thing as a root exploit, but some screen recording app developers figured out they could hijack an old version of a well-known app that can do screen recording. This is just a beautiful hack.
But I didn't think having system-level permissions was enough to root a device. And furthermore, does this hack let you do arbitrary actions, or only the actions that the plugin would do?
This article is from April, and their data collection was presumably from some time before that. However, if you check the following map (updated hourly), it looks like the air is still terrible, despite China making some attempts to solve this problem:
http://aqicn.org/map/china/
And drones can take G-forces that human pilots can't. So they're more maneuverable than any plane.
But I gather the scene is still one file, mostly? I mean, it's easy to edit assets separately, but the summary makes it sound like almost *everything* can be edited concurrently. Have they just been really clever about how to separate every tiny little piece of data, so every detail is considered an asset? (And of course, they would need a clever way to store how information is mapped to assets, so the mappings themselves are not the cause of conflicts.)
But it may be that you don't get any nutritional value out of the seaweed, and Japanese people do.
Don't enzymes need to be produced by the body? (I.e., they aren't alive and won't replicate just because we're feeding them.)
On the other hand, maybe the body will start producing enzymes when they're needed, in some cases. Is there a microbiologist/nutritionist in the house?
Enzymes aren't the same as gut bacteria--our body actually produces them. I've been told that whether a person produces a given enzyme (like lactase) partly depends on their habits (if they continue drinking milk throughout their lives), but I believe there's also a strong genetic component.
Do all ads pay per click, nowadays? Because I think I've only clicked one ad in the past year, so I shouldn't feel guilty about bypassing ads.
On the other hand, if some ads still pay per page-view, then I might want to think about tweaking my ad-blocking so that I don't block ads on a domain until they do something that bothers me (ad with sound, ads that severly slow down a page, inappropriate ad, etc.)
I'd like to see what happens. I do not support this ban, but I look forward to reading about its effect on the behavior and crimes of children and young adults (assuming that a few years from now, someone manages to get good data about the behavior of children).
'qualm the clamor'
"Quell the clamor"
On my distro (arch) they're automatically bound to the "XF86Back" and "XF86Forward", and think they only generate one keycode for me. It might prove fruitful to search for instructions about how to get media keys working with linux.
Those are pretty awesome; my personal favourite use for them is switching virtual desktops
That's exactly what I use them for ;)
I love the keyboard on my 2.5 year old thinkpad. Especially the dedicated "back" and "forward" buttons, which I've remapped to more useful functions. In fact, I think the keyboard is almost a "killer feature" that none of their competitors can match. If they start removing buttons I use, I may be able to make my next laptop a system76 or clevo.
Why would the word jewry be offensive?
The word isn't offensive--it would only be offensive if the church was claiming to be Jewish. (I had before never heard "Jewry" used as a location--only things like the "Jewish Quarter".)
To understand why it's offensive when Christians say they're Jews, imagine you're a Catholic. Some guy (born Catholic) takes your Bible and starts a cult around it, decrying old tenets, adding new and incompatible beliefs, and worshipping another god (alongside your old God). The cult becomes very big, many times more numerous than Catholicism. Then some members of this cult start calling it Catholicism. You might feel like your own culture was a little threatened.
This church is called "St Lawrence Jewry"? What a confusing and possibly offensive (to Jews) name for a church. Unless there's something I'm missing about British English.
What the hell is this? You think you won't get any antibiotics in Norway when you actually need it?
I think Norway defines "need" rather differently than the USA.
it does make Staph less problematic, in that, for serious infections, antibiotics can still be used
Yeah, you're right. The article says at one point that "we don't have modern antibiotics, because if we had them here, doctors would use them." I incorrectly interpreted that to mean that they just don't use modern antibiotics, no matter how serious the infection.
I clarified here But what I meant was that in the great majority of cases, if you get staph in the US, your situation is the same as if you get it in Norway: you will either be given antibiotics that don't work, or you will not be given antibiotics. In either case, your body has to fight off the infection on its own, which takes time, but we don't have a better way. (The caveat is that Norway does use antibiotics if a patient's life is in danger.)
Sorry to reply to myself, but I didn't read the whole article before. Apparently they do give out antibiotics in the most extreme cases, and that seems much more reasonable than "we don't have MRSA because we just let our Staph victims die."
As I understood it, there are 2 separate things Norway is doing to fight MRSA, and they are not related (although the article doesn't point that out):
1. Norway is tracking the spread of Staph and quarantining victims to limit the spread.
2. According to the article, Norway isn't prescribing modern antibiotics. This ensures that the Staph that is being passed around Norway probably isn't resistant to antibiotics. This does not make Staph less problematic or control its spread in any way. I'm all for stemming the overuse of antibiotics, but this article smacked of propaganda--or it simply didn't tell the whole story.
I'm not sure whether ancient Hebrew had vowels, but I do know that modern Hebrew is written without vowels in just about every place except a dictionary.
I would add that if your goal is to get a job offer, learning is as important as doing a good job. I interned with a film company, and by all feedback I got, I did great work for them. But by the end of the internship, I hadn't really learned all their products and hadn't gained enough background to be a really attractive hire. They didn't offer me a job--I believe I would have had a better chance if I had asked twice as many questions (about things that weren't related to my current project) and learned a lot more about the domain--for the OP, that may mean learning about how a wireless stack works, even if your job is system administration stuff, for example.
If it's not hot enough to melt the tape entirely, you could probably use JB Weld or a similar epoxy to glue the sensor on. I imagine that would be a lot safer than using duct tape.