Chrome

Browser Extensions Are Undermining Privacy (vortex.com) 82

pizzutz writes: Chrome's popular Web Developer plugin was briefly hijacked on Wednesday when an attacker gained control of the author's Google account and released a new version (0.49) which injected ads into web pages of more than a million users who downloaded the update. The version was quickly replaced with an uncompromised version (0.5) and all users are urged to update immediately.
Lauren Weinstein has a broader warning: While the browser firms work extensively to build top-notch security and privacy controls into the browsers themselves, the unfortunate fact is that these can be undermined by add-ons, some of which are downright crooked, many more of which are sloppily written and poorly maintained. Ironically, some of these add-on extensions and apps claim to be providing more security, while actually undermining the intrinsic security of the browsers themselves. Others (and this is an extremely common scenario) claim to be providing additional search or shopping functionalities, while actually only existing to silently collect and sell user browsing activity data of all sorts.
Lauren also warns about sites that "push users very hard to install these privacy-invasive, data sucking extensions" -- and believes requests for permissions aren't a sufficient safeguard for most users. "Expecting them to really understand what these permissions mean is ludicrous. We're the software engineers and computer scientists -- most users aren't either of these. They have busy lives -- they expect our stuff to just work, and not to screw them over."
Games

Ask Slashdot: Are Interactive Computing Devices Addictive? 98

This question came from two things noticed by Slashdot reader dryriver:

"Myself and just about every other kid I was friends with in the 1980s were definitely addicted to computers when we were young, and stayed that way until we reached college."

"There is increasing concern about everybody from young kids to people 60+ staring into smartphone, tablet computer and laptop screens for hours and hours every day and not partaking in other activities they used to before the "glowing screen" hooked them."

His question: Are interactive computing devices, whether networked or not, addictive in nature? What kind of applications appear to be the most addictive? (AAA games? Casual games? Social media? Texting?) And could the addiction have something to do with "Neuroplasticity", the fact that doing an activity over and over again each day that you place great importance in, and pay great attention to, can actually rewire the neurons in your brain?
Nicholas Carr once argued that "We're training ourselves, through repetition, to be facile skimmers, scanners, and message-processors -- important skills, to be sure -- but, perpetually distracted and interrupted, we're not training ourselves in the quieter, more attentive modes of thought." Slashdot readers seem uniquely qualified to address this, so leave your own attentive thoughts in the comments. Are interactive computing devices addictive?
Bug

The NSA Intercepted Microsoft's Windows Bug Reports (schneier.com) 52

Bruce Schneier writes on his security blog: Back in 2013, Der Spiegel reported that the NSA intercepts and collects Windows bug reports... "When Tailored Access Operations selects a computer somewhere in the world as a target and enters its unique identifiers (an IP address, for example) into the corresponding database, intelligence agents are then automatically notified any time the operating system of that computer crashes and its user receives the prompt to report the problem to Microsoft... this passive access to error messages provides valuable insights into problems with a targeted person's computer and, thus, information on security holes that might be exploitable for planting malware or spyware on the unwitting victim's computer..."

The article talks about the (limited) value of this information with regard to specific target computers, but I have another question: how valuable would this database be for finding new zero-day Windows vulnerabilities to exploit?

Microsoft

Microsoft and PayPal Add 'Send Money' Feature To Skype (paypal.com) 49

BrianFagioli quotes BetaNews: Microsoft has partnered with PayPal for a new way to transfer funds using Skype... "Today, we're excited to announce that PayPal is now partnering with Skype to allow users in 22 countries to send money to other Skype users with PayPal via their Skype mobile app. With over one billion Skype mobile downloads to date globally, users will be able to use PayPal directly from their Skype app to seamlessly send money in the moment...across the country or internationally," says John Kunze, VP of Xoom, PayPal.
It's part of a push to make it easier to share money, PayPal writes: Over the past year, we've partnered with Apple, Slack and Microsoft to enable peer-to-peer payments with PayPal and Venmo in more places and in more contexts where people are connecting online and on mobile, such as a voice command with Siri, in chat with iMessage and Slack, and in email via Microsoft's Outlook.com.
The Courts

Volkswagen Executive Faces Jail Time After Guilty Plea (arstechnica.com) 135

An anonymous reader quotes Ars Technica: A former Volkswagen executive has pleaded guilty to two charges related to the company's diesel emissions scandal. He is the second VW Group employee to do so, following retired engineer James Liang pleading guilty last summer. The VW Group executive, Oliver Schmidt, was based outside of Detroit and was in charge of emissions compliance for Volkswagen in the years before the company was caught using illegal software to cheat on federal emissions tests.

Schmidt, a German citizen who was 48 when he was arrested in Miami in January on vacation, was originally charged with 11 felony counts. In accepting a plea deal from US federal officials, Schmidt will only plead guilty to two charges: conspiracy to defraud the US government and violate the Clean Air Act, and making a false statement under the Clean Air Act. Schmidt will be sentenced in December. He could face up to seven years in prison, as well as fines from $40,000 to $400,000, according to the plea agreement. After that, Schmidt could also be required to serve four years of supervised release.

Biotech

How Apple Is Putting Voices In Users' Heads -- Literally (wired.com) 91

schwit1 shared WIRED's report on "a life-changing technology." Steven Levy spoke with Mathias Bahnmueller as he tested a new Apple sound processor that beams digital audio directly into hearing aids. Bahnmueller suffers from hearing loss so severe that a year ago he underwent surgery to install a cochlear implant -- an electronic device in the inner ear that replaces the usual hearing mechanism. Around a million patients have undergone this increasingly mainstream form of treatment, and that's just a fraction of those who could benefit from it. (Of the 360 million people worldwide with hearing loss, about 10 percent would qualify for the surgery.) "For those who reach a point where hearing aids no longer help, this is the only solution," says Allison Biever, an audiologist in Englewood, CO who works with implant patients. "It's like restoring a signal in a radio station."

Cochlear implants bypass the usual hearing process by embedding a device in the inner ear and connecting it via electrodes to the nerve that sends audio signals to the brain... The system Bahnmueller was using came from a collaboration between Apple and Cochlear, a company that has been involved with implant technology since the treatment's early days. The firms announced last week that the first product based on this approach, Cochlear's Nucleus 7 sound processor, won FDA approval in June -- the first time that the agency has approved such a link between cochlear implants and phones or tablets. Those using the system can not only get phone calls directly routed inside their skulls, but also stream music, podcasts, audio books, movie soundtracks, and even Siri -- all straight to the implant... Apple will offer the technology free to qualified manufacturers.

Google's accessibility team for Android has no public timeline for any similar hearing aid support, though according to the article it's "on the roadmap."
Red Hat Software

Red Hat Acquires Data-Cleaning Company Permabit (fortune.com) 85

An anonymous reader quotes Fortune: Business software company Red Hat said on Monday that it is acquiring the technology assets of Permabit, a small company that specializes in cleaning up corporate data to make storage more efficient and data access faster. Terms of the deal were not disclosed but a Red Hat spokesman said 16 people from Permabit will be joining that company...

While the conventional wisdom is that data storage is cheap, it is not free. And with companies turning to more expensive flash storage, it saves money to remove redundant data, said Richard Fichera, vice president and principal analyst at Forrester Research... Red Hat, which sells a version of the Linux operating system used by many Fortune 500 companies, also offers its own storage software. And, it wants to become a more formidable challenger in data storage, a goal that can be furthered by buying Permabit's technology, Fichera said.

Slashdot reader See Attached points out that this week Red Hat also released RHEL 7.4, which introduces support for Network Bound Disk Encryption (NBDE) and system protection against intrusive USB devices.
Biotech

Could Diabetes Spread Like Mad Cow Disease? (sciencemag.org) 128

sciencehabit quotes Science magazine: Prions are insidious proteins that spread like infectious agents and trigger fatal conditions such as mad cow disease. A protein implicated in diabetes, a new study suggests, shares some similarities with these villains. Researchers transmitted diabetes from one mouse to another just by injecting the animals with this protein. The results don't indicate that diabetes is contagious like a cold, but blood transfusions, or even food, may spread the disease.

The work is "very exciting" and "well-documented" for showing that the protein has some prionlike behavior, says prion biologist Witold Surewicz of Case Western Reserve University in Cleveland, Ohio, who wasn't connected to the research. However, he cautions against jumping to the conclusion that diabetes spreads from person to person. The study raises that possibility, he says, but "it remains to be determined."

The Almighty Buck

'World of Warcraft' Game Currency Now Worth More Than Venezuelan Money (theblaze.com) 189

schwit1 quotes TheBlaze: Digital gold from Blizzard's massive multiplayer online game "World of Warcraft" is worth more than actual Venezuelan currency, the bolivar, according to new data. Venezuelan resident and Twitter user @KalebPrime first made the discovery July 14 and tweeted at the time that on the Venezuela's black market -- now the most-used method of currency exchange within Venezuela according to NPR -- you can get $1 for 8493.97 bolivars. Meanwhile, a "WoW" token, which can be bought for $20 from the in-game auction house, is worth 8385 gold per dollar. According to sites that track the value of both currencies, KalebPrime's math is outdated, and WoW gold is now worth even more than the bolivar.
That tweet has since gone viral, prompting @KalebPrime to joke that "At this rate when I publish my novel the quotes will read 'FROM THE GUY THAT MADE THE WOW GOLD > VENEZUELAN BOLIVAR TWEET.'"
Businesses

Wells Fargo Sued Again For Misbilling Car Owners And Veterans (reuters.com) 75

UnknowingFool writes: A new class action lawsuit from a former Wells Fargo customer claimed the bank charged loan customers for auto insurance they did not need. With auto loans, the bank often requires that full coverage auto insurance be bought when the loan is made. However, lead plaintiff Paul Hancock says that Wells Fargo charged him for auto insurance even though he informed them he already had an insurance policy with another company. Wells Fargo also charged him a late fee when he disputed the charge. Wells Fargo does not dispute that it did this to customers and has offered to refund $80 million to 570,000 customers who were charged for insurance. The lawsuit however is to recoup late fees, delinquency charges, and other fees that the refund would not cover.
NPR describes Wells Fargo actually repossessing the car of a man who was "marked as delinquent for not paying this insurance -- which he didn't want or need or even know about." Friday the bank also revealed the number of "potentially unauthorized accounts" from its earlier fake accounts scandal could be much higher than previous estimates -- and that they're now expecting their legal costs to exceed the $3.3 billion they'd already set aside.

And Reuters reports that the bank will also be paying $108 million "to settle a whistleblower lawsuit claiming it charged military veterans hidden fees to refinance their mortgages, and concealed the fees when applying for federal loan guarantees."
Communications

Is Microsoft Hustling Us With 'White Spaces'? (wired.com) 65

rgh02 writes: Microsoft recently announced their plan to deploy unused television airwaves to solve the digital divide in America. And while the media painted this effort as a noble one, at Backchannel, Susan Crawford reveals the truth: "Microsoft's plans aren't really about consumer internet access, don't actually focus on rural areas, and aren't targeted at the US -- except for political purposes." So what is Microsoft really up to?
The article's author believes Microsoft's real game is "to be the soup-to-nuts provider of Internet of Things devices, software, and consulting services to zillions of local and national governments around the world. Need to use energy more efficiently, manage your traffic lights, target preventative maintenance, and optimize your public transport -- but you're a local government with limited resources and competence? Call Microsoft."

The article argues Microsoft wants to bypass mobile data carriers who "will want a pound of flesh -- a percentage -- in exchange for shipping data generated by Microsoft devices from Point A to Point B... [I]n many places, they are the only ones allowed to use airwave frequencies -- spectrum -- under licenses from local governments for which they have paid hundreds of millions of dollars."
GNOME

GNOME's Text Editor gedit 'No Longer Maintained', Needs New Developers (gnome.org) 239

AmiMoJo brings news about gedit, the default text editor for GNOME: In a post to the gedit mailing list, Sébastien Wilmet states that gedit is no longer maintained and asks "any developer interested to take over the maintenance of gedit?" Just in case you were considering it, he warns "BTW while the gedit core is written in C (with a bit of Objective-C for Mac OS X support), some plugins are written in Vala or Python. If you take over gedit maintenance, you'll need to deal with four programming languages (without counting the build system). The Python code is not compiled, so when doing refactorings in gedit core, good luck to port all the plugins (the Python code is also less "greppable" than C). At least with Vala there is a compiler, even if I would not recommend Vala."
Sébastien's comments were surrounded by a <rant-on-languages> tag, but they're still crying out for some serious discussion. Any Slashdot readers want to share their own insights on Python, some fond thoughts on gedit, or suggestions for maintaining a great piece of open source software?
Social Networks

FBI Tracked 'Fake News' Believed To Be From Russia On Election Day (cnn.com) 352

An anonymous reader quotes a report from CNN: The FBI monitored social media on Election Day last year in an effort to track a suspected Russian disinformation campaign utilizing "fake news," CNN has learned. In the months leading up to Election Day, Twitter and Facebook were the feeding grounds for viral "news" stories floating conspiracies and hoaxes, many aimed at spreading negative false claims about Hillary Clinton. On Election Day, dozens of agents and analysts huddled at a command center arrayed with large monitoring screens at the FBI headquarters in Washington watching for security threats, according to multiple sources. That included analysts monitoring cyber threats, after months of mounting Russian intrusions targeting every part of the US political system, from political parties to policy think-tanks to state election systems. On this day, there was also a group of FBI cyber and counterintelligence analysts and investigators watching social media. FBI analysts had identified social media user accounts behind stories, some based overseas, and the suspicion was that at least some were part of a Russian disinformation campaign, according to two sources familiar with the investigation.
Open Source

Linux Kernel Hardeners Grsecurity Sue Open Source's Bruce Perens (theregister.co.uk) 307

An anonymous reader shares a report from The Register: In late June, noted open-source programmer Bruce Perens [a longtime Slashdot reader] warned that using Grsecurity's Linux kernel security could invite legal trouble. "As a customer, it's my opinion that you would be subject to both contributory infringement and breach of contract by employing this product in conjunction with the Linux kernel under the no-redistribution policy currently employed by Grsecurity," Perens wrote on his blog. The following month, Perens was invited to court. Grsecurity sued the open-source doyen, his web host, and as-yet-unidentified defendants who may have helped him draft that post, for defamation and business interference. Grsecurity offers Linux kernel security patches on a paid-for subscription basis. The software hardens kernel defenses through checks for common errors like memory overflows. Perens, meanwhile, is known for using the Debian Free Software Guidelines to draft the Open Source Definition, with the help of others.

Grsecurity used to allow others to redistribute its patches, but the biz ended that practice for stable releases two years ago and for test patches in April this year. It offers its GPLv2 licensed software through a subscription agreement. The agreement says that customers who redistribute the code -- a right under the GPLv2 license -- will no longer be customers and will lose the right to distribute subsequent versions of the software. According to Perens, "GPL version 2 section 6 explicitly prohibits the addition of terms such as this redistribution prohibition." A legal complaint (PDF) filed on behalf of Grsecurity in San Francisco, California, insists the company's software complies with the GPLv2. Grsecurity's agreement, the lawsuit states, only applies to future patches, which have yet to be developed. Perens isn't arguing that the GPLv2 applies to unreleased software. Rather, he asserts the GPLv2, under section 6, specifically forbids the addition of contractual terms.

Robotics

MegaBots Is Finally Going To Take On Japan In the World's First Giant Robot Duel (qz.com) 38

A company called MegaBots released a video two years ago challenging a Japanese collective to a giant robot fight. About a week later, the Japanese group, Suidobashi Heavy Industry, agreed. Now, according to MegaBots co-founderes, Matt Oehrlein and Gui Cavalcanti, the battle is set to take place in September. Quartz reports: The battle would have happened a bit sooner, but apparently there have been "logistical issues at the originally-chosen venue," according to a release shared with Quartz by MegaBots. Unfortunately for fans hoping to see the battle in action -- presumably including those who backed the Kickstarter project to the tune of $550,000 to bring this robot to life -- the event will be closed to the public and recorded, for fears over the teams' ability to keep spectators safe. (One of the earliest conversations MegaBots had with Suidobashi was trying to figure out how the human pilots inside the robots would themselves "figure out how to not die.") Fans will be able to watch the fight on MegaBots' Facebook and YouTube sites, but it's not clear whether the fight will be live.

Slashdot Top Deals