Posts by Mr.Bill

emulator

"Having struggled with the performance of the Android emulator in the past"

Well, I don't think you've tried the android emulator in quite a while then. Runs as smooth as my phone, on a circa 2012 sandy bridge PC (Linux, anyway). After an initial boot of a fresh image, it from then boots in 10 seconds, never mind if snapshot is enabled.

The key issue back then was that they were inexplicably defaulting to use emulated ARM system images, which of course bogged it down x10 right off the bat. The excuse was that they just didn't think anyone wouldn't just want to debug on a device and the emulator was completely an afterthought.

targeting

If the best they can do on "targeting" is put up ads for the things I had already looked at and bought a week ago from amazon or ebay, (other then good old search based ads) - the good news is its clear that Google is using its knowledge primarily just to give me great services making my "data" work for me. The idea by some "privacy watchdogs" that perhaps my google home or phone is surreptitiously listening to me for "secret" words they hear to advertise against is ludicrous.

amazing

"Gnuinos, Refracta, Exe GNU/Linux, Nelum-dev1, Star, heads, good-life-linux and Crowz."

The sheer # of obscure distros. I'm wondering how many have essentially 0 regular users outside of the developer(s) themselves. They use the distro to develop the user-less distro. At best many probably have users who install, test, wipe and move on to the next in the distrowatch list, for fun.

just assume its always vunerable

I use a setup where I have two machines - my main machine is Ubuntu and I remote desktop to my windows 7 machine for windows only stuff, so its semi-seamless between the two. I only use my browsers on the ubuntu side and try my best to not do any internet access from the windows side and avoid inserting strange USB sticks, etc, since my windows work involves a lot of USB debuggers and devices, so I can't just put glue in all the ports. Not that I assume Ubuntu is not vulnerable to anything but odds are much lower, if nothing else than from relative obscurity. I do periodic windows backups and git source control to a local linux server, to avoid ransomware.

upgrades?

I always question the "everyone is sitting around impatiently waiting for android upgrades" thing. I've used samsung because they've always had the important user facing features first, (not that they were always fully baked). What has android introduced over the last few years, that samsung and others hadn't had for years, that weren't internal OS improvements going forward, or that couldn't be added via play services or support libraries. For example the key user noticeable "feature" for android 5 was a painfully long boot time after a cache wipe or upgrade. Also I can think of the generally unnoticed google on tap, and the potential for a bit longer battery life. Eventually they introduced native IR support which they didn't use on nexus, and the IR phones have continued to disappear since.

no additional clicks

Its both in the security companies and news sites best interests to pick up on these non-stories. "no additional clicks" - right, maybe to download it. There are always multiple clicks and warnings to be able to install it.

not quite

"The mobile security firm further argues that Google's Verify Apps feature addresses malware, but it can't stop all malicious code from running, especially since security patching on the platform is somewhat lagging"

Generally with malware we are talking about apps that were granted permissions by the user but abuse them. This is specifically looked for by the Verify Apps feature and can be updated at the play store level via GMS.

Android security patching has to do with OS level updates to "exploit" "virus" type bugs that typically give root access and then of course, all bets are off. An example was stagefright. Google also looks for apps that could take advantage of unpatched root exploits but again, the GMS verify apps/play store can look for this behavior too.

The biggest potential issue involves receiving and 'running' files such as media files (stagefright) that are specifically crafted to take advantage of an exploit, not really play store apps. Even there, typically there are other layers of mitigation (explicit and implicit) that make affecting significant #s of even unpatched users still quite unlikely.

it comes down to this

Since the advent of quality digital technology including storage, reproduction and distribution globally essentially for free, infinite times, simply means the music industry simply can not expect to be paid for each copy of the data required to reproduce a song. Blame digital technology and the internet if you want.

The arrangement of the bits and bytes only needs to be paid for once and thanks to the same technology, great music can be created relatively inexpensively. The data itself is _physically_ worthless, sand in the sahara, doesn't matter if its all 0xFFs or forms actual audio (or video) samples.

We used to use vinyl, tape, CDs etc because that was the only way to get the data into the hands of people to reproduce the music for on demand playback. That music turned the worthless plastic disks into something that could be marked way up in price - like turning worthless sand into expensive glassware. That just is not the case anymore. No matter how much you plead to the public to pay $15 for the album "for the good of the artist", most will not - they don't _need_ to. Just like most will not "go green" just because "its good for the environment to".

The sooner they view the bits and bytes as essentially an advertisement to build up the value of the musicians/performers themselves, and get people to purchase merchandise and go to shows - things that you actually have no choice to pay for, the better.

yes, quite dumb

"There are 16 million Win32 or .NET apps in the world. When we built the Universal Windows Platform, we left them behind. And that was dumb,"

looking at my taskbar right now, I see about 24 applications open, and every one is a so-called "legacy application". Eclipse Mars, Android Studio, Atmel Studio, Chrome, Firefox, Saleae logic, Keil uVIsion, Wireshark, Putty, etc. How the funk did they "leave them behind". This is what I've been thinking for years, how can they be so blind? These are the reason I am typing on windows right now - the only reason.

Hmm, taking a look at those - only two are windows-only.

phones?

"Ransomware variants will encrypt desktops and phones"

what are the phones that have had issues with this ransomware?

attack vector

the whole post here is about how the malware gets on the phone - with no description of what it would do when on a phone, only stated here as "malicious behaviors". Fine, this is exactly what we should care about - the attack vector.

With android, the attack vector is, 99.999% of the time (the only other time in memory- stagefright) - jump through hoops and ignore warnings to install an apk file downloaded from a russian darkweb porn site or something. But those posts are used obviously for clickbait, glossing that over and going into an in depth account of just what it would do to the victim is always explained in gory detail. Completely irrelevant waste of page space, really.

So, leaving out the description of the maliciousness, the equivalent story here for android would much less exciting - a sentence or two basically "when the user installs the apk from the porn site, malicious behaviors occur".

forgot something

just to save you from having to read the source to get the only thing that matters at all, but is not apparently important enough for the author here it is:

"We are not clear how Xbot spreads in the wild [ed. stupid individuals]. However, using VirusTotal we found samples that were hosted on the below URLs over the past several months:

hxxp://market155[.]ru/Install.apk

hxxp://illuminatework[.]ru/Install.apk

hxxp://yetiathome15[.]ru/Install.apk

hxxp://leeroywork3[.]co/install.apk

hxxp://morning3[.]ru/install.apk"

"If installed"

and how might that happen? The only relevant bit of info is "how does it get installed". Isn't that the whole point of security?!?. Ill tell you - IT DOESN'T.

This whole article might as well be shortened to:

"if installed, yada yada".

not again

"The malicious app is not found on Google Play...users who have Google Play installed are protected from this app by Verify Apps even when downloading it outside of Google Play."

If you are going to post these sorts of scary stories from the security companies, can you at least mention that, as always, you cannot get the malware from the play store, the only place that 99.999% of 1st world users get apps from?

As usual

the "once the malware is installed on the victim’s device" disclaimer. Its like "once the robbers are inside fort knox...". Conveniently skipping the slight bit about how to get in there in the first place. This is the whole point of security. A chimpanzee can write a malware.

A little reminder that the reason android malware exists is because of large numbers of non-google play store phones from china and other 3rd world countries, and the little bit about that "allow unknown sources" checkbox.

tmobile customer here

They say you can turn off "binge on" but I haven't tried. Personally, Mr legere is probably a big a*hole, but he has been shaking up things and it has seemed to be benefiting competition overall.

I actually like the idea of limiting everyone to 480p video, I hate the idea of me or others burning through the shared bandwidth with 1080p video on a tiny smartphone. Previously I'd usually have to start a video, go into settings and change it to something lower. (this is for youtube, which currently still isn't part of binge on but they gave me unlimited data anyway, for another year at least). Its not like we are talking home broadband service here. There's probably only so many towers they can put up, mobes they can service in a given area.

When he says "not throttling" he seems to mean in the sense of the usual throttle to 100Kb when you've used up your high speed data quota.

windows 10

at the end of the day "windows" is only relevant as regular old desktop windows that we all need at work, else, as we've seen, the masses could care less. He can call the Band windows 10 but that's meaningless except an extra bit to get someone just that much more excited about just how "universal" it is, or not (more likely).

Google’s operating system attracts more malware than other mobile OSs

yes, attracts - because apks CAN be sideloaded, so there's a CHANCE it will get on a couple out of a billion android phones used by stupid people. However the 99.99% of mainstream users that only use play store are at no more risk than apple.

I fail to see any evidence of malware issues, its just reports of stuff that's out there, that will never get on the phones. Its like saying - banks attract robbers. Yes, but will they manage to get into the bank is the question. With the multilayered security and central app store of ANY modern smartphone is far safer than our PCs.

knox

Maybe its nothing new to some of you but I finally started using it and its a great feature.

My work exchange server only gives me the option of pin or password, with only 10 minutes max autolock delay. I don't like it dictating my personal phone usage, not to mention it could wipe my phone. By using knox I can restrict that to just the knox sandbox and keep the main phone howerver I want. Also I can keep my work contacts separate. I don't want them getting lumped into my personal google contacts.

I never was clear on if an app can get permission for "read contacts" like facebook, would it also be able to get my exchange work contacts. But now, I don't have to know, as they are isolated.

I don't care if MS bundles some stuff - it could be worse. You can simply disable apps like that and they won't be seen.

"Most home users shouldn't be hit by this"

Don't worry, we home users have more than enough worries without this.