Forgot your password?
Close
typodupeerror

Submission + - Web Trackers Exploit Flaw in Browser Login Managers to Steal Usernames (bleepingcomputer.com)

Submitted by Anonymous Coward
An anonymous reader writes: Princeton privacy experts are warning that advertising and analytics firms can secretly extract site usernames from browsers using hidden login fields and tie non-authenticated users visiting a site with their profiles or emails on that domain. This type of abusive behavior is possible because of a design flaw in the login managers included with all browsers. Experts say that web trackers can embed hidden login forms on sites where the tracking scripts are loaded. Because of the way the login managers work, the browser will fill these fields with the user's login information, such as username and passwords.

The trick is an old one, known for more than a decade but until now it's only been used by hackers trying to collect login information during XSS (cross-site scripting) attacks. Princeton researchers say they recently found two web tracking services that utilize hidden login forms to collect login information. The two services are Adthink (audienceinsights.net) and OnAudience (behavioralengine.com), and Princeton researchers said they identified scripts from these two that collected login info on 1,110 sites found on the Alexa Top 1 Million sites list. A demo page has been created to show how the tracking works.

Submission + - Empirical Research Reveals Three Big Problems With How Patents Are Vetted (arstechnica.com)

Submitted by Anonymous Coward
An anonymous reader writes: If you've read our coverage of the Electronic Frontier Foundation's "Stupid Patent of the Month" series, you know America has a patent quality problem. People apply for patents on ideas that are obvious, vague, or were invented years earlier. Too often, applications get approved and low-quality patents fall into the hands of patent trolls, creating headaches for real innovators. Why don't more low-quality patents get rejected? A recent paper published by the Brookings Institution offers fascinating insights into this question. Written by legal scholars Michael Frakes and Melissa Wasserman, the paper identifies three ways the patent process encourages approval of low-quality patents:

-The United States Patent and Trademark Office (USPTO) is funded by fees—and the agency gets more fees if it approves an application.
-Unlimited opportunities to refile rejected applications means sometimes granting a patent is the only way to get rid of a persistent applicant.
-Patent examiners are given less time to review patent applications as they gain seniority, leading to less thorough reviews.

None of these observations is entirely new. But what sets Frakes and Wasserman's work apart is that they have convincing empirical evidence for all three theories. They have data showing that these features of the patent system systematically bias it in the direction of granting more patents. Which means that if we reformed the patent process in the ways they advocate, we'd likely wind up with fewer bogus patents floating around.

Submission + - Some Sonos and Bose Speakers Are Being Hijacked To Play Ghostly Sounds (theverge.com)

Submitted by Anonymous Coward
An anonymous reader writes: Researchers at Trend Micro have found that certain models of Sonos and Bose speakers have vulnerabilities that leave them open to hijacking, as reported by Wired. The accessible speakers are being exploited by hackers that are using them to play spooky sounds, Alexa commands, and Rick Astley tracks. Only a small percentage of speakers by the two companies are actually affected, including some of the Sonos Play:1, the Sonos One, and the Bose SoundTouch. All it takes is for the speaker to be connected to a misconfigured network and a simple internet scan. Once the speaker is discovered via the scan, the API it uses to talk to apps can be utilized to tell the speakers to play any audio file hosted at a specific URL. Of all the models, between 2,500 to 5,000 Sonos devices and 400 to 500 Bose devices were found by Trend Micro to be open to audio hacking.

Slashdot Top Deals

"A mind is a terrible thing to have leaking out your ears." -- The League of Sadistic Telepaths

Close