Submission + - Unstoppable JavaScript Attack Helps Ad Fraud, Tech Support Scams, 0-Day Attacks (bleepingcomputer.com)
In an interview, the researcher who found these flaws explains that this flaw is an attacker's dream, as it could be used for: ad fraud (by continuing to load ads even when the user is navigating other sites), zero-day attacks (by downloading exploit code even after the user has left the page), tech support scams (by showing errors and popups on legitimate and reputable sites), and malvertising (by redirecting users later on, from other sites, even if they leave the malicious site too quickly).
This severe flaw in the browser security model affects only Internet Explorer 11, which unfortunately is the second most used browser version, after Chrome 55, with a market share of over 10%. Even worse for IE11 users, there's no fix available for this issue because the researcher has decided to stop reporting bugs to Microsoft after they've ignored many of his previous reports.
For IE11 users, a demo page is available here.
Submission + - Holding Shift + F10 During Windows 10 Updates Opens Root CLI, Bypasses BitLocker (bleepingcomputer.com)
The most obvious exploitation scenario is when a user leaves his computer unattended during the update procedure. A malicious insider can open the CLI debugger and perform malicious operations under a root user, despite BitLocker's presence. But there are other scenarios where Laiho's SHIFT + F10 trick can come in handy. For example when police have seized computers from users who deployed BitLocker or when someone steals your laptop. Windows 10 defaults help police/thieves in this case because these defaults forcibly update computers, even if the user hasn't logged on for weeks or months.
Submission + - It Will Soon Be Illegal To Punish Customers Who Criticize Businesses Online (arstechnica.com)
Submission + - What's the best Linux Laptop?
I'm currently looking into replacing my 10 year old Toshiba Satellite with a newer laptop. I'm looking to run some flavor of Linux (probably KDE based UI, but not mandatory) while using a VM to run Win 7 (for stuff needed for work).
For me, personally, battery life and weight are more important than raw power. I'm not going to be running games on this.
I've been considering an XPS 13 Developer Edition, or something from System76, ZaReason or Emperor Linux.
What laptop do you use? Do you have any suggestions?
Submission + - China passes law requiring full access to customer data (deepdotweb.com) 1
Companies are also required to give government investigators complete access to their data if there is suspected wrong-doing, and Internet operators must cooperate in any national security or crime-related investigation.
Note that China has an extremely flexible definition of "national security".
Additionally computer equipment will need to undergo mandatory certification, that could involve giving up source code, encryption keys, or even proprietary intellectual data, as Microsoft has been doing for some time.
Submission + - Germany's Justice Minister Says Facebook Should Be Treated As a Media Company (reuters.com)
Submission + - According to Snopes, Fake News Is Not the Problem (backchannel.com)
Comment Singles' Day (Score 1) 41
Singles' Day was invented by college students in the 1990s as a counter to Valentine's Day according to the Communist Party-owned People's Daily. Written numerically, Nov. 11 is reminiscent of "bare branches," a local expression for bachelors and spinsters.
Submission + - Google To Untrust WoSign and StartCom Certificates (csoonline.com)
Submission + - Firefox purging functionality citing privacy concerns (theguardian.com)
Submission + - Microsoft Stops Selling Windows 7 And Windows 8.1 To Computer Makers
Submission + - Every LTE call, text, can be intercepted, blacked out, hacker finds (theregister.co.uk)
It exploits LTE fall-back mechanisms designed to ensure continuity of phone services in the event of emergency situations that trigger base station overloads.
Comment Re:Ping pongged (Score 1) 16
To those that do not know, CorrectTheRecord.org is a company that's paid 7 figures to patrol social media to promote Slithery and drown out anything negative about her. They were very active in the primary and now.