Catch up on stories from the past week (and beyond) at the Slashdot story archive

 


Forgot your password?
Close
typodupeerror
×

Submission + - Chrome Extension Developers Under a Barrage of Phishing Attacks (bleepingcomputer.com)

Submitted by Anonymous Coward
An anonymous reader writes: Google's security team has sent out warnings via email to Chrome extension developers after many of them have been the targets of phishing attacks, some of which have been successful and resulted in crooks taking over extensions. These phishing attacks have come into the limelight this past week when phishers managed to compromise the developer accounts for two very popular Chrome extensions — Copyfish and Web Developer.

The phishers used access to these developer accounts to insert adware code inside the extensions and push out a malicious update that overlaid ads on top of web pages users were navigating. Initially, this looked like a passing problem, but new evidence reveals these attacks have been going on for the past 2 months, since mid-June. Last week, after the hijacking of the Web Developer Chrome extension, Google's security team sent warnings via email to all Chrome extension developers to be on the lookout for this new tactic.

Submission + - US retailers just can't catch a break. (zerohedge.com)

Submitted by DataDivision
DataDivision writes: Zero Hedge reports:

In a bid to undercut US-based brands, “fast fashion” purveyor Uniqlo announced this week that it will begin selling its clothes in vending machines, a common practice in Japan, where Uniqlo’s owner, Fast Retailing Co., is based. All told, the company plans to open 10 machines in and around New York City, Oakland and Houston, according to MarketWatch’s Ali Malito, who reported that brands are increasingly selling consumer goods like clothing out of vending machines as part of a “growing trend” as they “look for new ways to sell their goods" amid a flood of brick-and-mortar bankruptcies.
“There’s no hassle,” consumer shopping expert Andrea Woroch told Malito. “You get what you want.”
However, this latest wave of innovation in the retail space threatens to leave US firms flat-footed if the fail to quickly adapt, just like many now-dead companies who failed to anticipate the rise of Amazon.com and e-commerce more broadly.

Submission + - Microsoft Will Not Patch SMBLoris Vulnerability (bleepingcomputer.com)

Submitted by Anonymous Coward
An anonymous reader writes: Microsoft has declined to patch a vulnerability in the Server Message Block (SMB) file sharing protocol that affects all versions of the Windows operating system released in the past two decades, since Windows 2000. The vulnerability is named SMBLoris and was discovered by two RiskSense security researchers while exploring the NSA's EternalBlue SMB exploit back in June.

The vulnerability allows an attacker to open a connection to a remote computer via the SMB protocol and instruct that system to allocate RAM to handle the connection. The attacker doesn't have to be authenticated. The SMBLoris flaw is dangerous because it allows an attacker to open tens of thousands of connections to the same machine, exhausting its RAM and potentially crashing the target's computer. All three versions — SMBv1, SMBv2, and SMBv3 — are affected, as well as Samba implementations. Surprisingly, Microsoft declined the patch the issue, saying this was not a security bug. Researchers recommend putting SMB-enabled computers behind firewalls that can block inbound connections or at least limit the number to a smaller value.

Security researcher Hector Martin released proof-of-concept code [1, 2] for exploiting SMBLoris. This YouTube video shows a demo of SMBLoris in action.

Comment Re:MPC-BE (Score 4, Informative) 139

MPC-BE is still under active development, you can see some minor updates from 15 hours ago (new version of libpng)
https://sourceforge.net/p/mpcb...

The Doom9 support thread is still active
https://forum.doom9.org/showth...

V0lt is still active on the MPC-BE support forum (need google translate unless you can read Russian):
http://mpc-be.org/forum/index....

Submission + - Who is the bully now? CNN finds and threatens a Trump-supporter with doxing (dailycaller.com)

Submitted by mi
mi writes: Shortly after expressing "outrage" over Trump "encouraging violence" against reporters with a mocking video CNN has tracked down the creator of the clip and threatened to deanonymize him.

Because the man took down his other "offensive" posts, the threat is on hold...

The network is, of course, denying accusations of blackmail.

Submission + - CNN critic who posted on Reddit may have been threated with revealing identity (theintercept.com) 16

Submitted by evolutionary
evolutionary writes: CNN appears to be giving veiled threats at a Reddit user who posted critical comments about the media giant. After an apology was given by the Reddit user (possibly under fear upon discovering CNN had his identity) CNN stated "CNN reserves the right to publish his identity should any of that change."

Comment Vanity Sizing - now in men's clothes (Score 2) 105

by jbridges (#54654899) Attached to: Amazon Will Now Let You Try On Clothes Before You Buy Them

Used to be Vanity Sizing only messed up the woman's clothing market. But now it's infected men's clothing as well.
Phrases like "relaxed fit" are only the first clue. There are now all kinds of tricks to telling what the actual size will be. If you see any kind of adjustments or elastic you can be sure they will be super oversized to make men feel better about their growing girth.

All this makes it brutally hard to buy clothes that fit based on measurements!

The sad part is, I don't think we can turn back. Consumers love the idea of wearing a smaller size than their real measurement, so like the marching morons with their speedometers that lie, we keep buying the vanity sizing.

Submission + - Microsoft Suspending "Patch Tuesday" emails?

Submitted by outofluck70
outofluck70 writes: Got an email today from Microsoft, text is below. They are no longer going to send out emails regarding patches, you have to use RSS or keep visiting their security sites. They blame "governmental policies" as the reason. What could the real reason be? Anybody in the know?

From the email:

********************************************************************
Title: Microsoft Security Notifications
Issued: June 27, 2014
********************************************************************

Notice to IT professionals:

As of July 1, 2014, due to changing governmental policies concerning the issuance of automated electronic messaging, Microsoft is suspending the use of email notifications that announce the
following:

* Security bulletin advance notifications
* Security bulletin summaries
* New security advisories and bulletins
* Major and minor revisions to security advisories and bulletins

In lieu of email notifications, you can subscribe to one or more of the RSS feeds described on the Security TechCenter website.

For more information, or to sign up for an RSS feed, visit the Microsoft Technical Security Notifications webpage at http://technet.microsoft.com/s....
Advertising

Anti-Product Placement For Negative Branding 130

Posted by samzenpus from the touch-of-death dept.
An anonymous reader writes "Product placement to promote your brand just isn't enough any more. These days, apparently, some companies are resorting to anti-product placement in order to get competitors' products in the hands of 'anti-stars.' The key example being Snooki from Jersey Shore, who supposedly is being sent handbags by companies... but the bags being sent are of competitors' handbags as a way to avoid Snooki carrying their own handbag, and thus potentially damaging their brand."

Slashdot Top Deals

An authority is a person who can tell you more about something than you really care to know.

Close