fantom-stranger.com

Apparently, there has been a compromise at HTC or Vodaphone. There are rumors on the web that a Vodaphone “HTC Magic” came pre-installed with multiple malware programs. How would someone slip a file onto a phone before it enters an end user’s hands? Any way you look at it, this seems like a hack.

A quick analysis of the malware reveals that it is in fact a Mariposa bot client.

Every android phone *can* be plugged into any PC or Mac via USB. Under windows it works just like any other insert digital medium (CD, DVD, Flash Drive). Upon being plugged in, it opens the folder and executes the file specified in autorun.ini. This would be the vector a bot herder/malware researcher would use to launch it’s “spread” and stay infected. As long as nobody notices the files on the phones, users would just keep getting re-infected every time they plug in their phone to download their photos. One speculation that may be responsible is: “the SD card” since all that someone would need to do is put “files” in the root of the SD card for them to execute. So the question might be instead be: “How would someone slip a file onto a flash card before it’s inserted into a phone?”.

Interestingly enough, the Mariposa bot is not the only malware I found on the Vodafone HTC Magic phone. There’s also a Confiker and a Lineage password stealing malware.

Why did it take so long for a person to notice malware on the phone? The HTC Magic is one of the most popular smart-phones in the UK. In the US, T-mobile branded this product as the “myTouch 3G“, and that phone has a massive pop. Where is the supporting evidence on the phone? The only “proof” we have so far is a few windows screen shots. I’m intrigued by this and it will be interesting to see what comes to light. I’ll keep you updated when I hear more.

In a move to stop CPU waste from processing bloated content, Virgin Airlines has trash-canned all of their FLASH content. I commend them on this move; someone needed to start the movement. Flash is bloated. End of story. There is no standard, there is no open source, and there is no relief. As soon as you start adding flash to a site, you’ve degraded the ability of the browser.

“Apple does not support Flash because it is so buggy… Whenever a Mac crashes more often than not it’s because of Flash. No one will be using Flash…The world is moving to HTML5.” — Wired

(HAHA!). But flash has it’s place, it is the best medium to deliver video on a web page and play web-games.

Hopefully, HTML5 can fix the web game problem.

Adding my own flavor to this post:

Over the technology years, flash has been metaphorically turned into a baseball bat by business owners and web publishers. This proverbial baseball bat has been beaten across every web developer’s face (repeatedly) for the last 11 years and there hasn’t been anything that the developers can do about it. You MUST specialize in flash, to make flash.

New personal hero: Ravi Simhambhatla

He has some sweet open source ideals as well.

Google Opt Out Feature Lets Users Protect Privacy By Moving To Remote Village

So hilarious but; your own hope at remaining off the web…

[thanks SD]

Wow Sony post day. Here’s a cute and fun video that disassembles and reassembles a PSP Go in stop motion. This video is all over the blog-o-spheres so I wouldn’t doubt if you have seen it.

Smack! Looks like the PS3 has finally been hacked. The ‘researcher’ supposedly bypassed the hypervisor and gained full read/write access to all the inner workings of the long un-touched gaming console beast machine known as the Playstation 3. Sony, what’s up?

The researcher named George Hotz goes by geohot. We won’t find out soon how he did it because he’s not releasing his information yet, but you can follow the updates on the researcher’s blog or his twitter.

Shouldn’t be long now, ps3. I May have to get one!

[found at hack a day]