Follow Slashdot stories on Twitter


Forgot your password?
Slashdot Deals: Cyber Monday Sale Extended! Courses ranging from coding to project management - all eLearning deals 20% off with coupon code "CYBERMONDAY20". ×

Google To Block Local Chrome Extensions On Windows Starting In January 260

An anonymous reader writes "Google today announced it will block local Chrome extensions starting in January, but only on the Windows platform. This means that next year, Windows users will only be able to install extensions for the company's browser from the Chrome Web Store. The changes will affect both Chrome's stable and beta channels on Windows. Google says it will continue to support local extension installs on its Dev and Canary channels, as well as installs via Enterprise policy. Chrome apps are not affected at all and will continue to be supported normally."

Microsoft Botches More Patches In Latest Automatic Update 254

snydeq writes "'No sooner did Microsoft release the latest round of Black Tuesday patches than screams of agony began sounding all over the Internet,' writes Woody Leonhard, reporting on verified problems with Microsoft Automatic Updates KB 2817630, KB 2810009, KB 2760411, KB 2760588, and KB 2760583. The latest round of MS Auto Update hell comes on the heels of one of the worst runs in MS Patch Tuesday history — and just in time for Microsoft to expand the scope of its automatic update damage. 'Does this make you feel warm and fuzzy about automatic app updates in Windows 8.1?'"

Senate Bill Rewrite Lets Feds Read Your E-mail Without Warrants 403

concealment writes "A Senate proposal touted as protecting Americans' e-mail privacy has been quietly rewritten, giving government agencies more surveillance power than they possess under current law. [Sen. Patrick] Leahy's rewritten bill would allow more than 22 agencies — including the Securities and Exchange Commission and the Federal Communications Commission — to access Americans' e-mail, Google Docs files, Facebook wall posts, and Twitter direct messages without a search warrant. It also would give the FBI and Homeland Security more authority, in some circumstances, to gain full access to Internet accounts without notifying either the owner or a judge."

Leaked Memo Says Apple Provides Backdoor To Governments 582

Voline writes "In a tweet early this morning, cybersecurity researcher Christopher Soghoian pointed to an internal memo of India's Military Intelligence that has been liberated by hackers and posted on the Net. The memo suggests that, "in exchange for the Indian market presence" mobile device manufacturers, including RIM, Nokia, and Apple (collectively defined in the document as "RINOA") have agreed to provide backdoor access on their devices. The Indian government then "utilized backdoors provided by RINOA" to intercept internal emails of the U.S.-China Economic and Security Review Commission, a U.S. government body with a mandate to monitor, investigate and report to Congress on 'the national security implications of the bilateral trade and economic relationship' between the U.S. and China. Manan Kakkar, an Indian blogger for ZDNet, has also picked up the story and writes that it may be the fruits of an earlier hack of Symantec. If Apple is providing governments with a backdoor to iOS, can we assume that they have also done so with Mac OS X?"

How To Stop the Next WikiLeaks 191

Hugh Pickens writes "Eli Lake reports that the U.S.'s 16 intelligence agencies are using a program called SureView that makes it easier to spy on the spies and catch whistleblowers early in the act. SureView is a type of auditing software that specializes in 'behavior-based internal monitoring' that monitors the intelligence officer's computer activity. If the officer acts like a potential leaker, sending an encrypted email or using an unregistered thumb drive, the analyst might push a button and watch a screen video of the officer's last hour of work. Once a case is made that a leak might be imminent, it is checkmate: the agent is thwarted. 'Had SureView been on Bradley Manning's machine, no one would know who Bradley Manning is today,' says Ryan Szedelo, manager for Raytheon's SureView software. The intelligence community has had auditing software for years. SureView came on the market in 2002. But the programs were buggy and often prone to false positives, alerting a network administrator too often to routine behavior. 'The technology has gotten substantially better in the last year,' says Jeffrey Harris, a former head of the National Reconnaissance Office. 'The problem with audit files was it took an army of people to understand them. Now we have rule-driven systems and expert systems that help us reason through the data.'"

Security Consultants Warn About PROTECT-IP Act 298

epee1221 writes "Several security professionals released a paper raising objections to the DNS filtering(PDF) mandated by the proposed PROTECT-IP Act. The measure allows courts to require Internet service providers to redirect or block queries for a domain deemed to be infringing on IP laws. ISPs will not be able to improve DNS security using DNSSEC, a system for cryptographically signing DNS records to ensure their authenticity, as the sort of manipulation mandated by PROTECT-IP is the type of interference DNSSEC is meant to prevent. The paper notes that a DNS server which has been compromised by a cracker would be indistinguishable from one operating under a court order to alter its DNS responses. The measure also points to a possible fragmenting of the DNS system, effectively making domain names non-universal, and the DNS manipulation may lead to collateral damage (i.e. filtering an infringing domain may block access to non-infringing content). It is also pointed out that DNS filtering does not actually keep determined users from accessing content, as they can still access non-filtered DNS servers or directly enter the blocked site's IP address if it is known. A statement by the MPAA disputes these claims, arguing that typical users lack the expertise to select a different DNS server and that the Internet must not be allowed to 'decay into a lawless Wild West.' Paul Vixie, a coauthor of the paper, elaborates in his blog."

Poisoned Google Image Searches Becoming a Problem 262

Orome1 writes "If you are a regular user of Google's image search, you might have noticed that poisoned search results have practically become a common occurrence. Google has, of course, noticed this and does its best to mark the offending links as such, but they still have trouble when it comes to cleaning up its image search results."

MS Removes HTTPS From Hotmail For Troubled Nations 147

An anonymous reader writes "Microsoft has removed HTTPS from Hotmail for many US-embargoed or otherwise troubled countries. The current list of countries for which they no longer enable HTTPS is known to include Bahrain, Morocco, Algeria, Syria, Sudan, Iran, Lebanon, Jordan, Congo, Myanmar, Nigeria, Kazakhstan, Uzbekistan, Turkmenistan, Tajikistan, and Kyrgyzstan. Journalists and others whose lives may be in danger due oppressive net monitoring in those countries may wish to use HTTPS everywhere and are also encouraged to migrate to non-Microsoft email providers, like Yahoo and Google." Update: 03/26 17:08 GMT by T : Reader Steve Gula adds the caveat that "Yahoo! only does HTTPS for authentication unless you're a paying member."

Is Samsung Blocking Updates To Froyo? 459

jfruhlinger writes "One of the complaints about Android is its fragmentation; many different versions of the OS are out there in the wild, and often users are held back from upgrading by their hardware or their carrier. But now a disturbing rumor has it that Samsung is strong-arming T-Mobile to prevent an over-the-air upgrade to Android 2.2 (Froyo) for Samsung Vibrant owners. The reason? Samsung wants people to shell out for the new Vibrant 4G — which, other than the fact that it ships running Froyo, is largely identical to the Vibrant." Reader CWmike contributes an informative link if you'd like to know which Android vendors are actually delivering timely upgrades.

Windows Phone 7 Marketplace Hack Demonstrated 89

broggyr writes "Seems it didn't take long to hack the Windows Phone 7 marketplace. Quoting WPCentral: 'For developers, the weakness in Microsoft's DRM for Windows Phone 7 applications has been well known for quite some time, and there have been calls for Microsoft to address these concerns ... Since then, a "white hat" developer has provided WPCentral with a proof-of-concept program that can successfully pull any application from the Marketplace, remove the security and deploy to an unlocked Windows Phone with literally a push of a button. Alternatively, you could just save the cracked XAP file to your hard drive. Neither the app nor the methodology is public, and it will NOT be released ... It is important to note that this was all done within six hours by one developer.'"

Hacker Sends Out Fake Tsunami Warning On Twitter 100

An anonymous reader writes "A Twitter account belonging to an official adviser of the Indonesian president has been broken into by a hacker who posted a warning that a tsunami was heading for Jakarta. Andi Arief is Indonesian president Susilo Bambang Yudhoyono's disaster management adviser and a frequent user of Twitter. But when he lost control of his account, a tsunami warning was sent out to Twitter users."

Amtrak Photo Contestant Arrested By Amtrak Police 675

Photographer Duane Kerzic was standing on the public platform in New York's Penn Station, taking pictures of trains in hopes of winning the annual photo contest that Amtrak had been running since 2003. Amtrak police arrested him for refusing to delete the photos when asked, though they later charged him with trespassing. "Obviously, there is a lack of communication between Amtrak's marketing department, which promotes the annual contest, called Picture Our Trains, and its police department, which has a history of harassing photographers for photographing these same trains. Not much different than the JetBlue incident from earlier this year where JetBlue flight attendants had a woman arrested for refusing to delete a video she filmed in flight while the JetBlue marketing department hosted a contest encouraging passengers to take photos in flight." Kerzic's blog has an account of the arrest on Dec. 21 and the aftermath.

MS Giving Exploit Writers Clues To Flaws 63

In the IT trench writes "How's this for a new twist on the old responsible disclosure debate? Hackers are using clues from Microsoft's pre-patch security advisories to create and publish proof-of-concept exploits. The latest zero-day flaw in the Windows DNS Server RPC interface implementation is a perfect example of the tug-o-war within the Microsoft Security Response Center about how much information should be included in the pre-patch advisory."

Ex-judge Gets 27 Months on Evidence From Hacked PC 610

netbsd_fan writes "A former California judge has been sentenced to 27 months in prison for possession of illegal pornography, based entirely on evidence gathered by an anonymous vigilante script kiddie in Canada. At any given time he was monitoring over 3,000 innocent people. The anonymous hacker says, "I would stay up late at night to see what I could drag out of their computers, which turned out to be more than I expected. I could read all of their e-mails without them knowing. As far as they were concerned, they didn't know their e-mails had even been opened. I could see who they were chatting with and read what they were saying as they typed."

"Very Severe Hole" In Vista UAC Design 813

Cuts and bruises writes "Hacker Joanna Rutkowska has flagged a "very severe hole" in the design of Windows Vista's User Account Controls (UAC) feature. The issue is that Vista automatically assumes that all setup programs (application installers) should be run with administrator privileges — and gives the user no option to let them run without elevated privileges. This means that a freeware Tetris installer would be allowed to load kernel drivers. Microsoft's Mark Russinovich acknowledges the risk factor but says it was a 'design choice' to balance security with ease of use."

Anything cut to length will be too short.