Let's see, the attack required here for the bad guy is:
1) Trick a user into pairing with an unknown bluetooth device
2) Then, trick that user into enabling third party app installs
3) THEN trick the user into accepting the file transfer
4) And then, trick the user into running the APK
5) And then finally, trick the user into accepting the install
Guys, stop making my life more difficult in a weak attempt to increase security! Those are 5 separate and relatively time consuming things that require positive user confirmation at every step.
If I want to get malicious code onto somebody's device, it seems like it would be less time consuming and less risky to just get a crocked app out onto the play store!
You cannot stop a stupid person from installing malware on their device - it's their device. Any step you take to stop people from running or transferring whatever they want has a non-zero impact on legitimate uses.
The long and short of it is this. A group called Tonymacx86 makes a tool that patches your Mac OS install files so they'll work on any computer and puts them on a USB drive.
Sound good? Okay. Here's the weird part: This tool goes out of its way to make sure your install files have a valid App Store reciept before it will work. If you don't, it bails out and calls you a pirate.
The EULA violating software crack goes out of its way to uphold the EULA.
I made a post about this on my blag and copied some code out of a bash script which is part of Unibeast for commentary.
I, today, recieve a nastygram (masquerading as a DMCA notice, which it isn't) from "Tonymacx86 Legal" telling me to take down... something.. I can't tell because the damn notice doesn't even say what they think I'm infringing on.
Also today, a new version of Unibeast came out with even more receipt checks than before.
Awesome. Also also today, I released a tool to strip these checks from the current version of Unibeast so anyone can use it.
All the details on the linked post :)
- TKWare EnterprisesOwner, 2009 - present
- Echostar CorporationIPTV Systems Administrator, 2011 - present
- Energy LaboratoriesHardware Technician, 2008 - 2010
The Elements of Style in Ruby #13: length vs size vs count - (think)
One of the problems newcomers to Ruby experience is that there are often quite a few ways to do same thing. For instance – you can obtain th
ClockworkMod Tether (no root) - Apps on Android Market
Tether. Internet Anywhere. Without Root. ClockworkMod Tether is a USB tether solution for Mac, Windows, and Linux that allows you to use you
Changing Safari’s safe files list » TKWare Mega Microblog
Changing Safari's safe files list