Follow Slashdot stories on Twitter

 



Forgot your password?
typodupeerror

Submission + - AVG Forces Chrome Extension on Users, Extension is Woefully Insecure (google.com)

An anonymous reader writes: The AVG Web TuneUp Chrome extension, forcibly added to Google Chrome browsers when users were installing the AVG antivirus, had a serious flaw that allowed attackers to get the user's browsing history, cookies, and more.

"This extension adds numerous JavaScript APIs to Chrome, apparently so that they can hijack search settings and the new tab page," explains Mr. Ormandy. "The installation process is quite complicated so that they [AVG] can bypass the Chrome [Store] malware checks, which specifically tries to stop abuse of the [Chrome] Extension API."

Simple XSS and MitM attacks exposes data from other tabs opened in the browser, browsing history, and even manages to render SSL useless.

Submission + - iPhone factory reset strikes dead forensic investigations (theregister.co.uk) 1

mask.of.sanity writes: Felons wanting to thwart forensic investigators need only perform a factory reset of any current model iPhone including the 4s, 5c and 5s.
Apple's decision to encrypt data on the iPhone is responsible for this state of affairs because a factory reset not only wipes data but also erases the decryption key required to reveal the handset's contents. Forensic investigators will need to wait until the release of a jailbreak for the devices in order to image the phones.

Submission + - Dealing with pay TV pirates: "It was a business agreement, it was not extortion"

Presto Vivace writes: One of the few times that a small pay-tv operation which has been pirated managed to defeat the pirates without replacing its smartcard. Sometimes the little guy wins

‘At this point I was confronted by piracy, and because I was a small operator I was much more vulnerable than the big guys,’ he said. One of Kinsbourg’s main dealers in England told him he could arrange some contact with the pirates so that they would not be targeted. ‘So there was some special arrangement made and they would leave us alone.’

I tell Kinsbourg that this sounds like extortion, and he looks pained. ‘It was a business agreement, it was not extortion. Well it is and it is not. It is whatever, a settlement, arrangement, whatever you want to call it. It’s consultancy fees.’ He laughed. ‘It was un arrangement.’

Submission + - Kubuntu announces commercial support (muktware.com)

sfcrazy writes: Kubuntu is one of those few GNULinux based distributions which brings the two leading technologies together – Ubuntu and KDE. There are quite a lot of businesses which are using this combination in their set-up. Till now there was no professional support available for Kubuntu users. To fill this gap the Kubuntu community has launched commercial support for businesses, organizations and individuals.

The Kubuntu team is partnering with Emerge Open to offer this service which is called 'Kubuntu Commercial Support provided by Emerge Open'.

Submission + - Woman with cancer, re-implanted with ovarian tissue, is pregnant with twins. (abc.net.au)

brindafella writes: A world first! When Australian woman, Vali, was diagnosed with cancer, and treated, she was not looking at a good outcome. Yet, TWO cancer treatments later, she is pregnant with twin girls. Her ovaries were sectioned and frozen before the cancer treatment. She has had her own flesh implanted outside her pelvis. Eggs were gathered, IVF techniques used later with her male partner, and her uterus is now carrying two viable girls due to be born in about 3 months. Melbourne IVF's Associate Professor Kate Stern has explained the process today.

Submission + - Chinese seek greater say in UK nuclear plants (ft.com)

mdsolar writes: "The state-owned Chinese nuclear group that is in talks to invest in Britain’s new nuclear programme wants greater operational control of any new plants it finances, potentially creating a national security headache for the government.

China General Nuclear Power Group (CGN), is in talks with EDF of France on sharing the cost of building a new plant at Hinkley Point, Somerset, which has an estimated price tag of £14bn.

But CGN has made it clear to EDF that it will only proceed if it is given more of a say in running other plants the two companies build together in the UK, according to people familiar with the talks.

As well as Hinkley, EDF also has plans to construct two new reactors at Sizewell in Suffolk. One of the people said CGN could seek to become joint operator of the new Sizewell plant – although EDF is likely to retain overall control. The Chinese could also push for greater involvement in the plant’s construction, and might even seek to provide the design for its reactors. “CGN is using Hinkley as a stepping stone,” he said. “In the next project, they’ll want greater control.”

However, given the sensitivities surrounding nuclear power, the idea of allowing a Chinese state-backed company to take an operational role in a nuclear power station could raise a welter of national security concerns."

Android

Submission + - Does Google need to weed its walled garden?

blackest_k writes: Google has a major problem called Airpush and they seem to be ignoring it, its been around for two years already.

Airpush is an ad framework api which an increasing number of applications seem to be using. The first you know of your infestation is when a Star pops up in your notification tray. Clicking on this Star takes you to an advert of dubious quality which can be anything from a 12 euro a month subscription taken from your phone bill for one ringtone to win a gift voucher from a local chain.

These ads arrive fairly regularly each morning on your notification bar. So what you may ask? just uninstall the app thats generating these notifications, but it is not that easy as the offending app is not revealed.

With 163 installed apps on my system, I was struggling to find the culprit. I tried deleting running apps but still missed. Luckily as my net was slow one morning i caught sight of a url api.adpush and googling that I found
https://play.google.com/store/apps/details?id=com.brosmike.airpushdetector

a small free tool which identifies — Airpush — LeadBolt — Appenda — IAC — Moolah Media It doesn't block the ads but it does let you uninstall the source.

it found two apps on my tablet with the airpush framework.

Problem solved, for now. With updates to installed apps comes the possibility of this framework being part of the update Seems there have been cases of Apps that have updated and suddenly started with this behaviour. These apps are in the Play Store and there are many more like them.

Googles PlayStore is essentially a trusted repository, but by allowing these apps into the Playstore Google is betraying the trust of its users, developers and hardware manufacturers.

I don't have a problem with Ad supported apps. If the Ad becomes an issue I can buy the paid version or uninstall it. With the Adpush framework you have to look quite a bit harder.

The 10 innocent apps I deleted trying to remove this over the last month, now have lost revenue from their civilized ads. Many users are out of pocket and some may be unaware that there is a leech attached to their phone bill. If Android is untrustworthy then people will choose an alternative costing the hardware manufacturers too. If this applies to Android is it also the case with Chrome?

Google needs to nip this in the bud, without trust the Playstore is useless. You might as well use third party app stores with pirated content because the walled garden is no longer safe.
It is time for Google to start weeding out these unacceptable applications.

           
Intel

Submission + - Intel, Samsung Spar Over Tizen OS (phoronix.com)

An anonymous reader writes: Samsung and Intel are two of the contributors to the open-source Tizen Linux software platform for mobile devices, but now they are at ends with each other. An Intel Linux developer has accused Samsung of clobbering others with Tizen. The bout comes about following a large, secretive code drop where they replaced the modern Bootchart utility with an old Java-based version that is several years out of date.

Submission + - SPAM: David Hockney Paintings

paulbrown5225 writes: "David Hockney holds eminent repute as one of the finest modern artists not simply in the UK, but in the world. David Hockney’s photography is, you may claim, as highly regarded as his artwork, and his photography certainly makes itself felt in this exhibition. View the efforts of his experimentation with ‘joiners’, an innovative and unique method of photography."
Link to Original Source
Data Storage

Submission + - Femtolaser-switched magnetic storage (extremetech.com)

MrSeb writes: "Hold onto your hats: Scientists at the University of York, England have completely rewritten the rules of magnetic storage. Instead of switching a magnetic region using a magnetic field (like a hard drive head), the researchers have managed to switch a ferrimagnetic nanoisland using a 60-femtosecond laser. Storing magnetic data using lasers is up to 1,000 times faster than writing to a conventional hard drive (we're talking about gigabytes or terabytes per second) — and the ferrimagnetic nanoislands that store the data are capable of storage densities that are some 15 times greater than existing hard drive platters. Unfortunately the York scientists only detailed writing data with lasers; there's no word on how to read it."

Submission + - Foundation "dismayed" at publication of public domain manuscript (irishtimes.com)

john83 writes: The Irish Times reports that publication of a new children’s story by a Dublin publishing house has been criticised by The Zürich James Joyce Foundation, which owns the original manuscript of the story. In a statement, the foundation said it “never permitted, tolerated, condoned or connived in this publication, and it rigidly dissociates itself from it”.

The Dublin publisher, Ithys, said the unpublished works of James Joyce were in the public domain as of January 1st. The attempt by “the Zürich Joyce Centre” (sic) proprietarily to assert some right on the document was “preposterous”. “The said centre has no rights in law in the copyright of the papers donated (given free) by Dr Jahnke.”

The stated goals of The Zurich James Joyce Foundation include "... keeping alive the memory and work of the Irish writer James Joyce ..."

Joyce died in January 1941.

Comment Re:Great. What's in it? (Score 1) 97

I'm speaking from imperfect memory, but, if you google 'grender-specific drug reactions', you'll find that differences in male/female metabolism are a concern. I remember that a decade or so ago it was discovered that certain widespread pain-killers were almost ineffective in women. The drug testing had been carried out only on male subjects, assuming that gender would have no difference on the outcome. I could look up references, but do your own research.

Comment Re:Define "massive" (Score 1) 609

No OS is immune to fragmentation. On a data store disk with ext3 and tons of files in the 5M range, this is what happened (sudo filefrag *):

rt-01n8vmuqn8xtls6d.w4c: 141 extents found, perfection would be 1 extent
rt-01n9q0j59s1sovam.w4c: 23 extents found, perfection would be 1 extent
rt-01nk9zgmitrsow7g.w4c: 8 extents found, perfection would be 1 extent
rt-01nlrr9aaasuk0yb.w4c: 20 extents found, perfection would be 1 extent
rt-01o3kwc33nhpgqg4.w4c: 41 extents found, perfection would be 1 extent
rt-01o3p9b4x2mfbwem.w4c: 16 extents found, perfection would be 1 extent
rt-01ohtzjkl2z2y3wl.w4c: 17 extents found, perfection would be 1 extent
rt-01orb2yYTsp1vALN.w4c: 1 extent found
rt-01orz1hkb5jzbepv.w4c: 29 extents found, perfection would be 1 extent
rt-01q9x02lltcvogr1.w4c: 62 extents found, perfection would be 1 extent
rt-01qq34rl6exztyx3.w4c: 17 extents found, perfection would be 1 extent
rt-01qrz236bvnim44i.w4c: 14 extents found, perfection would be 1 extent

Solution? None. Just add more drives. "Sequential" reads are now at 15M/sec if you balance the load over the raid1 array, it isn't too bad, but if it was an issue I'd take NTFS with its safe and secure online defragmentation API over Linux anytime.

Slashdot Top Deals

10.0 times 0.1 is hardly ever 1.0.

Working...