Get HideMyAss! VPN, PC Mag's Top 10 VPNs of 2016 for 55% off for a Limited Time ×
Chrome

Ask Slashdot: Best Browser Extensions -- 2016 Edition 165

Reader LichtSpektren writes: Almost eleven years ago, Slashdot featured an Ask titled "Favorite Firefox Extensions?". I thought it might be worthwhile to ask the question again (Editor's note: we couldn't agree more!), but expand the query to all web browsers now that there's more choices available.

Right now my main browser is Firefox, which I use with uBlock Origin, Disconnect, HTTPS Everywhere, Privacy Badger, NoScript, Self-Destructing Cookies, Decentraleyes, Privacy Settings, and Clean Links. (N.B. the first four of these are also available in Chromium-based browsers.) I use Chrome as a secondary browser, with the first four of the aforementioned extensions, plus also Clear Cache and occasionally Flashcontrol.

This one has nothing to do with security or privacy, but Reedy on Chromium is a really nice tool for speed reading.

What do you use?
Let's get this going.
Censorship

Facebook Admits Blocking WikiLeaks' DNC Email Links, But Won't Say Why (thenextweb.com) 270

An anonymous reader writes: Facebook has admitted it blocked links to WikiLeaks' DNC email dump, but the company has yet to explain why. WikiLeaks has responded to the censorship via Twitter, writing: "For those facing censorship on Facebook etc when trying to post links directly to WikiLeaks #DNCLeak try using archive.is." When SwiftOnSecurity tweeted, "Facebook has an automated system for detecting spam/malicious links, that sometimes have false positives. /cc," Facebook's Chief Security Officer Alex Stamos replied with, "It's been fixed." As for why there was a problem in the first place, we don't know. Nate Swanner from The Next Web writes, "It's possible its algorithm incorrectly identified them as malicious, but it's another negative mark on the company's record nonetheless. WikiLeaks is a known entity, not some torrent dumping ground. The WikiLeaks link issue has reportedly been fixed, which is great -- but also not really the point. The fact links to the archive was blocked at all suggests there's a very tight reign on what's allowed on Facebook across the board, and that's a problem." A Facebook representative provided a statement to Gizmodo: "Like other services, our anti-spam systems briefly flagged links to these documents as unsafe. We quickly corrected this error on Saturday evening."
Communications

Tinder Scam Promises Account Verification, But Actually Sells Porn (csoonline.com) 29

itwbennett writes: Tinder users should be on the lookout for Tinder profiles asking them to get "verified" and then sending them a link to a site called "Tinder Safe Dating." The service asks for credit card information, saying this will verify the user's age. Once payment information has been captured, the user is then signed up for a free trial of porn, which will end up costing $118.76 per month unless the service is cancelled. In Tinder's safety guidelines, the company warns users to avoid messages that contain links to third-party websites or ask money for an address.
Crime

Feds Seize KickassTorrents Domains and Arrest Owner In Poland (arstechnica.com) 300

An anonymous reader quotes a report from Ars Technica: Federal authorities announced on Wednesday the arrest of the alleged mastermind of KickassTorrents (KAT), the world's largest BitTorrent distribution site. As of this writing, the site is still up. Prosecutors have formally charged Artem Vaulin, 30, of Ukraine, with one count of conspiracy to commit criminal copyright infringement, one count of conspiracy to commit money laundering, and two counts of criminal copyright infringement. Like The Pirate Bay, KAT does not host individual infringing files but rather provides links to .torrent and .magnet files so that users can download unauthorized copies of TV shows, movies, and more from various BitTorrent users. According to a Department of Justice press release sent to Ars Technica, Vaulin was arrested on Wednesday in Poland. The DOJ will shortly seek his extradition to the United States. "Vaulin is charged with running today's most visited illegal file-sharing website, responsible for unlawfully distributing well over $1 billion of copyrighted materials," Assistant Attorney General Caldwell said in the statement. "In an effort to evade law enforcement, Vaulin allegedly relied on servers located in countries around the world and moved his domains due to repeated seizures and civil lawsuits. His arrest in Poland, however, demonstrates again that cybercriminals can run, but they cannot hide from justice." KickassTorrents added a dark web address last month to make it easier for users to bypass blockades installed by ISPs.
Communications

Facebook Pitches Laser Beams As The High-Speed Internet Of The Future (pcworld.com) 93

An anonymous reader quotes a report from PCWorld: Facebook says it has developed a laser detector that could open the airwaves to new high-speed data communications systems that don't require dedicated spectrum or licenses. The component, disclosed on Tuesday in a scientific journal, comes from the company's Connectivity Lab, which is involved in developing technology that can help spread high-speed internet to places it currently doesn't reach. At 126 square centimeters, Facebook's new laser detector is thousands of times larger. It consists of plastic optical fibers that have been "doped" so they absorb blue light. The fibers create a large flat area that serves as the detector. They luminesce, so the blue light is reemitted as green light as it travels down the fibers, which are then bundled together tightly before they meet with a photodiode. It's described in a paper published on Tuesday in the journal Optica. Facebook says there are applications for the technology both indoors and outdoors. Around the home, it could be used to transmit high-definition video to mobile devices. Outdoors, the same technology could be used to establish low-cost communications links of a kilometer or more in length. In tests, the company managed to achieve a speed of 2.1Gbps using the detector, and the company thinks it can go faster. By using materials that work closer to infrared, the speed could be increased. And using yet-to-be developed components that work at wavelengths invisible to the human eye, the speed could be increased even more. If invisible to humans, the power could also be increased without danger of harming someone, further increasing speed and distance.
Google

Google and Bing Have No Obligation To Censor Searches For Torrents (betanews.com) 62

Microsoft and Google are under no obligation to weed out 'torrent' results from their respective search engines, the High Court of Paris has ruled. BetaNews adds: French music industry group SNEP went to court on behalf of a trio of artists, requesting that Microsoft and Google automatically filter out links to pirated material. The group had called for a complete block on searches that include the word 'torrent' as well as blocking sites whose name includes the word. The court found that SNEP's request was far too broad, saying: "SNEP's requests are general, and pertain not to a specific site but to all websites accessible through the stated methods, without consideration for identifying or even determining the site's content, on the premise that the term 'Torrent' is necessarily associated with infringing content".The court added that 'torrent' is a common noun, which has a range of different meanings.
Mozilla

Mozilla Is Building Context Graph, a 'Recommender System For the Web' (venturebeat.com) 87

Mozilla is looking into ways to build a "better forward button" that helps you understand a topic, and find alternative solutions to a problem. On Wednesday, Firefox-maker announced Context Graph, which in addition also allows browsers to offer useful information without demanding input. From a VentureBeat report: Context Graph is a "recommender system for the web" that is supposed to help the company develop an understanding of browser activity at scale. By tapping into what and how people are browsing, Mozilla hopes to unlock "the next generation of web discovery on the internet." Another example is learning how to do something new, like bike repair. Context Graph should be able to help you learn bike repair based on the links others have navigated to when they attempted to learn the same thing. "This should work regardless of whom you're connected to, because your social network shouldn't be a prerequisite for getting the most from the web," Nick Nguyen, Firefox's vice president of product, said.
Music

That Digital Music Service You Love Is a Terrible Business (fortune.com) 240

An anonymous Slashdot reader quotes an article from Fortune: Rdio goes bankrupt, Pandora hangs out a 'For Sale' sign and then gets rid of its CEO, artists and labels ramp up their criticism of YouTube. Now we have Tidal in acquisition talks with Apple, while Spotify complains about Apple treating it unfairly... the digital music business is becoming an industry in which only a truly massive company with huge scale and deep pockets can hope to compete... Rdio went bankrupt last year in large part because it couldn't afford to make the licensing payments the record industry requires of streaming services. Deezer, a European service, postponed a planned initial public offering partly because its business is financially shaky for the same reason... [Rhapsody] is still racking up massive losses... Spotify has found it almost impossible to make money, primarily because of onerous licensing payments...

[A]ll the available evidence seems to show that the digital-music business, at least the way it is currently structured, simply isn't economic. The only way for anyone to even come close to making it work is to make it part of a much larger company, like Apple or Amazon or Google. That way they can absorb the losses, they have the heft to negotiate with the record industry, and they can find synergies with their other businesses. In other words, music as a standalone business appears to be dead, or at least on life support.

The article links to an essay by a former eMusic CEO arguing high royalty rates make it impossible to have a profitable business, and the music industry "buried more than 150 startups -- now they are left to dance with the giants."
Government

Guccifer 2.0 Calls DNC Hack His "Personal Project," Mocks Security Firms (computerworld.com) 114

An anonymous reader writes: The notorious hacker most recently in the news for releasing Clinton Foundation documents has said on Thursday in a blog post that the stolen confidential files from the DNC was his "personal project." Guccifer 2.0, as he identifies himself as, added that security firms and the DNC may be trying to blame the attack on Russia, but "they can prove nothing! All I hear is blah-blah-blah, unfounded theories, and somebody's estimates," he wrote. He claims to be Romanian and says he acted alone, pouring water on the theory that he may be a "smokescreen" to divert attention away from the real culprits, that may have been expert hacking teams based in Russia. "I'd like to reveal a secret to all those cool IT-specialists: All the hackers in the world use almost the same tools," he said. "You can buy them or simply find them on the web." He broke into the network using a little-known vulnerability found in the DNC's software, he added. "The DNC used Windows on their server, so it made my work much easier," he said. "I installed my trojan-like virus on their PCs. I just modified the platform that I bought on the hacking forums for about $1.5k." Guccifer 2.0 also disputed the idea that the DNC breach was an intelligence gathering operation for Russia, saying it was hacktivism.
Databases

2 Million-Person Terror Database Leaked Online (thestack.com) 165

An anonymous reader writes from a report via The Stack: A 2014 version of the World-Check database containing more than 2.2 million records of people with suspected terrorist, organized crime, and corruption links has been leaked online. The World-Check database is administered by Thomson-Reuters and is used by 4,500 institutions, 49 of the world's 50 largest banks and by over 300 government and intelligence agencies. The unregulated database is intended for use as "an early warning system for hidden risk" and combines records from hundreds of terror and crime suspects and watch-lists into a searchable resource. Most of the individuals in the database are unlikely to know that they are included, even though it may have a negative impact on their ability to use banking services and operate a business. A Reddit user named Chris Vickery says he obtained a copy of the database, saying he won't reveal how until "a later time." To access the database, customers must pay an annual subscription charge, that can reach up to $1 million, according to Vice, with potential subscribers then vetted before approval. Vickery says he understands that the "original location of the leak is still exposed to the public internet" and that "Thomas Reuters is working feverishly to get it secured." He told The Register that he alerted the company to the leak, but is still considering whether to publish the information contained in it.
Google

Google's 'FASTER' 9000km, 60Tbps Transpacific Fiber Optics Cable Completed (9to5google.com) 73

An anonymous reader writes from a report via 9to5Google: Google and an association of telecom providers have announced that the FASTER broadband cable system that links Japan and the United States is now complete. The system is the fastest of its kind and stretches nearly 9,000 km across the bottom of the Pacific Ocean, starting in Oregon and ending in two landing spots in Japan. The association consists of Google, China Mobile International, China Telecom Global, Global Transit, KDDI, Singtel, and supplier NEC Corporation. The estimated construction cost of the project was $300 million in 2014. At 60 terabits per second, FASTER will help "support the expected four-fold increase in broadband traffic demand between Asia and North America." The system uses a six-fiber pair cable and the latest 100Gbps digital coherent optical transmission technology. The service is scheduled to start on June 30, 2016, and will help increase the connectivity between Google's data centers scattered around the globe.
Security

Google Found Disastrous Symantec and Norton Vulnerabilities That Are 'As Bad As It Gets' (fortune.com) 113

Google's Project Zero team has discovered a heap of critical vulnerabilities in Symantec and Norton security products. The flaws, the team says, allow hackers to completely compromise people's machines by simply sending them malicious self-replicating code through unopened emails or un-clicked links. According to a Fortune report, the vulnerabilities affect millions of people who run the company's endpoint security and antivirus software -- all 17 enterprise products (Symantec brand) and eight consumer and small business products (Norton brand). Dan Goodin, reporting for Ars Technica:The flaws reside in the engine the products use to reverse the compression tools malware developers use to conceal their malicious payloads. The unpackers work by parsing code contained in files before they're allowed to be downloaded or executed. Because Symantec runs the unpackers directly in the operating system kernel, errors can allow attackers to gain complete control over the vulnerable machine. Tavis Ormandy, a researcher with Google's Project Zero, said a better design would be for unpackers to run in a security "sandbox," which isolates untrusted code from sensitive parts of an operating system.
AI

Apple Won't Collect Your Data For Its AI Services Unless You Let It (recode.net) 36

Apple doesn't like collecting your data. This is one of iPhone maker's biggest selling points. But this approach has arguably acted as a major roadblock for Apple in its AI and bots efforts. With iOS 10, the latest version of company's mobile operating system, Apple announced that it will begin collecting a range of new information as it seeks to make Siri and iPhone as well as other apps and services better at predicting the information its owner might want at a given time. Apple announced that it will be collecting data employing something called differential privacy. The company wasn't very clear at the event, which caused confusion among many as to what data Apple is exactly collecting. But now it is offering more explanation. Recode reports:As for what data is being collected, Apple says that differential privacy will initially be limited to four specific use cases: New words that users add to their local dictionaries, emojis typed by the user (so that Apple can suggest emoji replacements), deep links used inside apps (provided they are marked for public indexing) and lookup hints within notes. Apple will also continue to do a lot of its predictive work on the device, something it started with the proactive features in iOS 9. This work doesn't tap the cloud for analysis, nor is the data shared using differential privacy.Additionally, Recode adds that Apple hasn't yet begun collecting data, and it will ask for a user's consent before doing so. The company adds that it is not using a users' cloud-stored photos to power its image recognition feature.
Bug

BadTunnel Bug Hijacks Network Traffic, Affects All Windows Versions (softpedia.com) 105

An anonymous reader writes: Microsoft has just patched a vulnerability that affects all Windows versions ever released. Called BadTunnel, the security flaw allows attackers to pass as a WAPD or ISATAP server and intercept all network traffic. Exploitation is trivial and firewalls are natively designed to open the port through which the attack is carried out. BadTunnel can be triggered whenever the user clicks URI or UNC links/paths in Office files, IE, Edge, or other applications that support the URI/VNC scheme (and most do). Additionally, an attacker can carry out his attack from the other side of the world, and does not need to have a foothold on the victim's network. While recent Windows OS versions received patches, exploitation points remain open for non-supported Windows operating systems such as XP, Windows Server 2003, and others. For these operating systems, and for those that can't be updated just yet, system administrators should disable NetBIOS.
Facebook

Instagram Ads Now Include Mobile Banners (adweek.com) 37

More ads are coming to Instagram. The Facebook-owned photo and video sharing network has begun rolling out a feature that links ads to profile pages. When someone clicks on a profile, for instance, they will see a banner at the bottom, reports AdWeek. The banner prompts the user to either visit a website or download an app. From the report: According to an Instagram rep, so-called "profile taps" will be included in click reporting for advertisers and are rolling out internationally. In a statement, Instagram said, "We found that Instagrammers were routinely tapping on a company's name from a direct response ad to learn more. Now when that happens, the call-to-action button from that same ad extends to the company's profile page to make it easier for people to discover a business they care about."
Security

Facebook Developers Can See Private Links Shared Through Messenger (theverge.com) 22

Earlier this week, security researchers at Checkpoint reported about vulnerabilities in Facebook Chat and Messenger that, if exploited, could allow anyone to essentially take control of any message sent by Chat or Messenger. Now a developer named Inti De Ceukelaire is pointing out another flaw in how Facebook deals with URLs. The Verge reports: Through the right API call, De Ceukelaire was able to summon links shared by specific users in private messages. The links were collected by the Facebook crawler, where De Ceukelaire discovered they were easily accessible to anyone running a Facebook app. Those links could be anything from a popular news story to directions to an abortion clinic. As long as they're shared in private messages, they're logged in Facebook's database, and accessible to API calls. It would be hard to exploit that bug at scale for a few different reasons. De Ceukelaire was only able to make the API call because he's registered as a Facebook developer, and if he started pulling those links en masse, Facebook would quickly catch on and pull his credentials. Still, the bug points to a number of lingering problems with the conflicting way web services treat URLs, and how those conflicts can put private information into public view.
Bitcoin

Russian Hacker Selling Information of 32 Million Twitter Accounts, Report Says (zdnet.com) 54

An anonymous reader writes: The hacker who has links to the recent Myspace, LinkedIn, and Tumblr data breaches, is claiming to have obtained a database of millions of Twitter accounts. The data reportedly includes addresses, usernames, and plain-text passwords of 379 million Twitter accounts. The hacker, Tessa88, wants 10 bitcoins, or about $5,820 for the cache. On Wednesday, LeakedSource claimed that the real number of accounts was just under 33 million, which is more than 10 percent of Twitter's monthly active accounts. This follows the hacking of Mark Zuckerberg's Twitter and Pinterest accounts.
Facebook

Tech Firms Say FBI Wants Browsing History Without Warrant (engadget.com) 145

Aaron Souppouris, reporting for Engadget: Tech companies and privacy advocates are warning against new legislation that would give the FBI the ability to access "electronic communication transactional records" (ECTRs) without a warrant in spy and terrorism cases. ECTRs include high-level information on what sites a person visited, the time spent on those sites, email metadata, location information and IP addresses. To gain access to this data, a special agent in charge of a bureau field office need only write a "national security letter" (NSL) that doesn't require a judge's approval. It's worth noting that ECTRs don't amount to a full browsing history. If a suspected terrorist were reading this article, the FBI would only see they read "engadget.com" and how long for, rather than the specific page links. Additionally, the ECTRs won't include the content of emails, search queries, or form content, but will feature metadata, so the FBI would know who someone is messaging and when.
Power

Future Phones May Use Vacuum Tube Chips As Silicon Hits Moore's Law Extremes (inverse.com) 147

An anonymous reader writes: A team of researchers want to replace transistors with vacuum tubes. Vacuum tubes are nothing new, however the ones in development at Caltech's Nanofabrication Group are a million times smaller than the ones in use 100 years ago. "Computer technologies seem to work in cycles," Alan Huang, a former electrical engineer for Bell Laboratories, told the New York Times. "Some of the same algorithms that were developed for the last generation can sometimes be used for the next generation." Dr. Axel Scherer, head of the Nanofabrication Group, said to the New York Times on Sunday, "Ten years ago, silicon transistors could meet all our demands. In the next decade, that will no longer be true." He argues silicon transistors can only take us so far. Vacuum tubes, for comparison, use tiny metal tubes that can control the flow of electricity. They're especially intriguing to researchers as they can provide a better solution to silicon transistors as they can consume less power and take-up a much smaller footprint. The report mentions they have the potential to bring an end to Moore's Law, even if silicon transistors show no signs of disappearing. For example, Lockheed Martin published new cooling methods in March that could help cool chips with tiny drops of water. With that said, Boeing has invested in researching vacuum tube chips. They may appear in the aviation industry before 2020, but it's unlikely we'll see Caltech's research appear in smartphones anytime soon.
Security

Hackers Find Bugs, Extort Ransom, Call It a Public Service (threatpost.com) 76

Reader msm1267 shares a report on ThreatPost about an ongoing security trend: Crooks breaking into enterprise networks are holding data they steal for ransom under the guise they are doing the company a favor by exposing a flaw. The criminal act is described as bug poaching and is becoming a growing new threat to businesses vulnerable to attacks.
Hackers are extorting companies for as much as $30,000 in exchange for details on how hackers broke into their network and stole data. Researchers say once the intruders steal the data, there's no explicit threat that they will break in again or release data if companies don't pay. Instead, attackers release a simple statement demanding payment in exchange for details on how to fix the vulnerability
Typical bug poaching incidents start with criminals breaking into a network and stealing as much sensitive data as they can. Next, they post the data to a third-party cloud storage service. Lastly, the attackers email the company links to the data as proof the information was stolen and ask for a wire transfer of money in exchange for how the data was stolen.
During the attack, victims are not threatened with the public release of their data, instead attackers simply send a message that reads: "Please rest assured that the data is safe with me. It was extracted for proof only. Honestly, I do this job for a living, not for fun."

Slashdot Top Deals