This exploit allow hackers to remotely access data and modify application behaviour. Only Cordova Android applications are affected, iOS applications are not affected. Description and demo of exploit: http://bit.ly/1rNIDBL.
Upgrade Cordova to version 3.5.1 and above.
sudo npm install -g cordova
Go to application directory, rebuild Android app.
cordova update android
In each case, the innovator built on top of concepts which had already been iterated upon billions and billions of times in social systems. Too often we make the mistake of trying to use concepts in our products, and thus words in our interfaces, which have no current meaning to users. As an innovator with limited resources, building a new concept is not something you can usually afford to do.
Good article on innovation through improving existing solutions. Sometime it is not necessary to new solutions from scratch.
Some forms of innovations:
Instruction for adding cross-platform push notification features to Cordova mobile apps: https://www.scorchsoft.com/blog/free-angularjs-cordova-push-notification-plugin/
This is copied from Meteor framework documentation. I like the last 2 points. There are already many tools out there. Instead of requiring developers recreate everything again, it is better to allow developers to utilise existing tools.
KISS. Always prefer the simpler solution, this makes the software easier to maintain in the long run.
By default developer mode is hidden on Xiaomi. After enabling developer mode, and additional step is required for Mac OS X machine. That is defining USB vendor ID.
If you see “unauthorised” when
adb devices is executed, this step is required. Append the following entry to ~/.android/adb_usb.ini.
0x2717 0x8087 0x2080
Then run the follow commands
adb kill-server adb start-server
Ionic makes it incredibly easy to build beautiful and interactive mobile apps using HTML5 and AngularJS.
a lawnchair is sorta like a couch except smaller and outside. perfect for html5 mobile apps that need a lightweight, adaptive, simple and elegant persistence solution.
When reviewing any new technology, library, or framework, you’ll first ask, “Where does this fit into the stack, and how would it benefit me?”
Sometime new technology is not meant to be a complete replacement of existing technologies. When evaluating a new technology, it is good to think about how it can work with existing technologies you are currently using.
Even router is also subjected to CSRF attack. My TP-Link Wireless ADSL modem router (TD-W8961ND) is also affected. The DNS configuration was changed. All request to Google.com and Yahoo.com resulted in a redirection to a fake Adobe website, requesting user to download an updated version of Flash player.
Lesson web developer can learn from this incident