Want to read Slashdot from your mobile device? Point it at m.slashdot.org and keep reading!

 



Forgot your password?
typodupeerror

+ - Is Google Chrome Browser backdoored by extensions?

Submitted by blackest_k
blackest_k (761565) writes "I've been playing around with html5 and javascript and put up a couple of pages on my webhost while using chrome on osx i had a strange tab open saying chrome was out of date and offering to let me download an updated version "setup.exe" the page was on an info site. So i asked myself why did that open? and I made a curious discovery. when i viewed my page source it was as i wrote it. A simple page to play a mp4 video with html5. however when i chose to download the page as webpage complete i found an extra js file app.js also the page header had this line added.

script type="text/javascript" src="./End Credits_files/app.js">script type="text/javascript" src="http://www.youradexchange.com/ad/display.php?r=32796">link rel="stylesheet" type="text/css" href="chrome-extension://pkehgijcmpdhfbdbbnkijodmdjhbjlgp/skin/socialwidgets.css"> The extension part directed me to privacy badger. uninstalling the privacybadger extension resulted in

script type="text/javascript" src="./End Credits-b_files/app.js">script type="text/javascript" src="http://www.youradexchange.com/ad/display.php?r=32796">/script>/head> So that had removed part of the problem but not the part that was trying to get me to download (presumably malware). I tried the same exercise in linux and got the same result in google chrome. however in firefox my page was as I had written it. there was no app.js in the complete webpage or on my server. Anyway this seems to be an issue from google chrome or an extension. Has anyone any light to shine on this issue? I wouldn't normally post an ask slashdot but as this appears to be modifying normal web pages i'm quite concerned."

+ - Android 5.0 Makes SD Cards Great Again->

Submitted by Anonymous Coward
An anonymous reader writes "Over the past couple of years, Google has implemented some changes to how Android handles SD cards that aren't very beneficial to users or developers. After listening to many rounds of complaints, this seems to have changed in Android 5.0 Lollipop. Google's Jeff Sharkey wrote, "[I]n Lollipop we added the new ACTION_OPEN_DOCUMENT_TREE intent. Apps can launch this intent to pick and return a directory from any supported DocumentProvider, including any of the shared storage supported by the device. Apps can then create, update, and delete files and directories anywhere under the picked tree without any additional user interaction. Just like the other document intents, apps can persist this access across reboots." Android Police adds, "All put together, this should be enough to alleviate most of the stress related to SD cards after the release of KitKat. Power users will no longer have to deal with crippled file managers, media apps will have convenient access to everything they should regardless of storage location, and developers won't have to rely on messy hacks to work around the restrictions.""
Link to Original Source

+ - After criticizing it, Cisco joins Open Compute->

Submitted by alphadogg
alphadogg (971356) writes "Cisco has joined the Open Compute Project, a Facebook-driven effort to develop open source servers and switches, 16 months after criticizing it. At that time, Cisco CEO John Chambers said OCP has “weaknesses” that Cisco can exploit. Chambers said efforts like Facebook’s to commoditize and wring cost out of hardware purchases will open up opportunities for Cisco to provide solutions that are better tailored to specific customer needs."
Link to Original Source

+ - CBI NTNU->

Submitted by jupiter126
jupiter126 (2471462) writes "Born on the 14th of September at CERN, CBI NTNU is an awesome group of students dedicated to solve the problems that no one else can manage. We are a collaboration of students from several disiplines at NTNU, which gives us the advantages that is needed to succeed. We aim to push on forward and bridge the gap between science and society. We will give you the solutions of tomorrow, today. No matter how hard the task is, no matter how tired we are, one thing is for certain......we will succeed! Please check the webpage!

Dear slashdotters, we need your help, as enough likes of the page will unlock university grants for our projects! — thanks for slahsdotting our page ;p"

Link to Original Source

+ - Chinese State Media Declares iPhone A Threat To National Security->

Submitted by MojoKid
MojoKid (1002251) writes "When NSA whistleblower Edward Snowden came forth last year with US government spying secrets, it didn't take long to realize that some of the information revealed could bring on serious repercussions — not just for the US government, but also for US-based companies. The latest to feel the hit? None other than Apple, and in a region the company has been working hard to increase market share: China. China, via state media, has today declared that Apple's iPhone is a threat to national security — all because of its thorough tracking capabilities. It has the ability to keep track of user locations, and to the country, this could potentially reveal "state secrets" somehow. It's being noted that the iPhone will continue to track the user to some extent even if the overall feature is disabled. China's iPhone ousting comes hot on the heels of Russia's industry and trade deeming AMD and Intel processors to be untrustworthy. The nation will instead be building its own ARM-based "Baikal" processor."
Link to Original Source

Comment: Expect a new internet by 2020! (Score 1) 305

by jupiter126 (#47233345) Attached to: When will large-scale IPv6 deployment happen?
With net neutrality, piracy and privacy issues... we should indeed expect a "new" internet by 2020.

IPv6 will be the rule of law of course, for one base reason:
IPV4 can not support the growth in emerging markets

and two (interconnected) reasons
- it allows more consumers to connect with more devices
- it allows better tracking - which is a crucial pillar of today's internet sponsorship

Finally, it is the only "partially working" solution today, commercial routers support it, and there is no other protocol that meet today's need and is implemented in most vendors next gen solutions: it has already been tested and accepted by the network's core infrastructure suppliers.

Of course, some custom industrial solutions might need more time to be replaced, but "on the shelf" solutions will be IPV6 before 2020!

SO YES... IPv6 will be mostly integrated (for consumers) before 2020...
In corporations, IPV4 will remain a compatibility issue for a long time, in a similar way that system admins still have to deal with coax cables and VAX or SPARC systems today.

+ - iOS Apps on Android (natively!)

Submitted by Schranz
Schranz (3646499) writes "Columbia University PhD students managed to run iOS apps natively on Android:
http://systems.cs.columbia.edu...
They built a compatibility layer (iOS-"kernel" XNU is open source) on top of Androids kernel that lets you run unmodified (no legal issues) iOS libraries and therefore iOS apps.
Apps have only little overhead, it's pretty efficient.
Paper was released in march '14 and it didn't get the attention it deserves."

Comment: I do not agree at all (Score 1) 1

by jupiter126 (#46923551) Attached to: 11 Reasons Encryption Is (Almost) Dead
While all these threads apply to today's public standards, it is still very possible for a motivated person to send strongly coded messages on internet, there are three simple rules to respect:
- Use a secured host which is not connected to any network (try openbsd for example)
- Use many encryption layers, and one passworded key (like I did in https://github.com/jupiter126/... )
- Send the pass and archives by secure ways... (ex: the pass on paper, and the key split in 128 different messages)

Encryption is not dead... it is the future, but it is one step behind decryption at this very moment.

+ - OpenSSH no longer has to depend on OpenSSL->

Submitted by ConstantineM
ConstantineM (965345) writes "What has been planned for a long time now, prior to the infamous heartbleed fiasco of OpenSSL (which does not affect SSH at all), is now officially a reality — with the help of some recently adopted crypto from DJ Bernstein, OpenSSH now finally has a compile-time option to no longer depend on OpenSSL — `make OPENSSL=no` has now been introduced for a reduced configuration OpenSSH to be built without OpenSSL, which would leave you with no legacy SSH-1 baggage at all, and on the SSH-2 front with only AES-CTR and chacha20+poly1305 ciphers, ECDH/curve25519 key exchange and Ed25519 public keys."
Link to Original Source

Comment: More spendings (Score 1) 217

by jupiter126 (#46851809) Attached to: How the FCC Plans To Save the Internet By Destroying It
Net neutrality can be approached with two purposes:
- Be neutral about what is allowed on internet (Block specific content)
- Be neutral about who is allowed on internet (Block specific sites)
Content distributors are interested in blocking specific content (MCAA, RIAA, ...), infrastructure providers are interested in blocking specific sites (netflix, ...): it is a battle for money.

Human nature dictates us to be creative to reach our objectives.
These laws will thus only accelerate the birth and growth of new networks, which their creators might surprisingly base on the shortcomings of what they miss in the existing one.
As users will be motivated to search for alternatives, demand will be raising, and while TOR is only a "first generation" secure network and its use remains marginal, these laws will help these kind of networks to go mainstream.
They will then try to block these networks, triggering further evolution, back to the chicken and the egg.

On the meantime, illegal organisations will benefit from those new mainstream technologies, and our dear agencies might need to gear up a bit ^^
Now for the funding: Taxes.

And this is how you lost the war for money, even if you did not buy their content or bypass their architecture \o/

+ - One week of OpenSSL cleanup ->

Submitted by CrAlt
CrAlt (3208) writes "After the news of heartbleed broke early last week, the OpenBSD team dove in and started axing it up into shape. Leading this effort are Ted Unangst (tedu@) and Miod Vallat (miod@), who are head-to-head on a pure commit count basis with both having around 50 commits in this part of the tree in the week since Ted's first commit in this area. They are followed closely by Joel Sing (jsing@) who is systematically going through every nook and cranny and applying some basic KNF. Next in line are Theo de Raadt (deraadt@) and Bob Beck (beck@) who've been both doing a lot of cleanup, ripping out weird layers of abstraction for standard system or library calls.

Then Jonathan Grey (jsg@) and Reyk Flöter (reyk@) come next, followed by a group of late starters. Also, an honorable mention for Christian Weisgerber (naddy@), who has been fixing issues in ports related to this work.

All combined, there've been over 250 commits cleaning up OpenSSL. In one week. Some of these are simple or small changes, while other commits carry more weight. Of course, occasionally mistakes get made but these are also quickly fixed again, but the general direction is clear: move the tree forward towards a better, more readable, less buggy crypto library.

Check them out at http://anoncvs.estpak.ee/cgi-b..."

Link to Original Source

Comment: Solution (Score 1) 1

by jupiter126 (#46280621) Attached to: The RSA/NSA Controversy And What We Can Do About It
I asked myself the same question a few months ago, and came up with a homemade solution. The solution I adopted to make up for the lack of trust of vendors and algorithms, has been to layer many implementations of many algorithms to encrypt my files... this result is much more intensive encryption procedures, but the data feels safer - as long as we believe at least one vendor or one algoritm were not compromised. I scripted the method in bash: https://github.com/jupiter126/...

"Life sucks, but it's better than the alternative." -- Peter da Silva

Working...