Want to read Slashdot from your mobile device? Point it at m.slashdot.org and keep reading!

 



Forgot your password?
typodupeerror
Microsoft

Submission + - Windows 8 Tells Microsoft About Everything You Install, Not Very Securely (nadim.cc)

x0d writes: "Windows 8 has a new featured called Windows SmartScreen, which is turned on by default. Windows SmartScreen’s purpose is to “screen” every single application you try to install from the Internet in order to inform you whether it’s safe to proceed with installing it or not. There are a few serious problems here. The big problem is that Windows 8 is configured to immediately tell Microsoft about every app you download and install.
This problem can however get even more serious: It may be possible to intercept SmartScreen’s communications to Microsoft and thus learn about every single application downloaded and installed by a target."

Privacy

Submission + - Windows 8 Tells Microsoft About Everything You Install (nadim.cc)

musicon writes: "According to Nadim Kobeissi, Windows 8 is configured by default (using a new featured called Windows SmartScreen) to immediately tell Microsoft about every app you download and install. This is a very serious privacy problem, specifically because Microsoft is the central point of authority and data collection/retention here and therefore becomes vulnerable to being served judicial subpoenas or National Security Letters intended to monitor targeted users. This situation is exacerbated when Windows 8 is deployed in countries experiencing political turmoil or repressive political situations.

Additionally, it may be possible for a 3rd party to intercept SmartScreen’s communications to Microsoft and thus learn about every single application downloaded and installed by a target."

Yahoo!

Submission + - Hackers post 450K credentials apparently pilfered from Yahoo (cnet.com)

x0d writes: "Yahoo appears to have been the victim of a security breach that yielded more than 400,000 login credentials stored in plain text.
  The hacked data, posted to hacker site D33D Company, contained more than 453,000 login credentials and appears to have originated from the Web pioneer's network. The hackers, who said they used a union-based SQL injection technique to penetrate the Yahoo subdomain, intended the data dump to be a 'wake-up call.'"

Slashdot Top Deals

Today's scientific question is: What in the world is electricity? And where does it go after it leaves the toaster? -- Dave Barry, "What is Electricity?"

Working...