Firefox

Ads Based On Browsing History Are Coming To All Firefox Users 95

Posted by Soulskill
from the just-what-you-wanted dept.
An anonymous reader writes: Mozilla has announced plans to launch a feature called "Suggested Tiles," which will provide sponsored recommendations to visit certain websites when other websites show up in the user's new tab page. The tiles will begin to show up for beta channel users next week, and the company is asking for feedback. For testing purposes, users will only see Suggested Tiles "promoting Firefox for Android, Firefox Marketplace, and other Mozilla causes." It's not yet known what websites will show up on the tiles when the feature launches later this summer. The company says, "With Suggested Tiles, we want to show the world that it is possible to do relevant advertising and content recommendations while still respecting users’ privacy and giving them control over their data."
Google

NSA Planned To Hijack Google App Store To Hack Smartphones 62

Posted by samzenpus
from the all-the-better-to-see-you-with dept.
Advocatus Diaboli writes: A newly released top secret document reveals that the NSA planned to hijack Google and Samsung app stores to plant spying software on smartphones. The report on the surveillance project, dubbed "IRRITANT HORN," shows the U.S. and its "Five Eyes" alliance: Canada, the United Kingdom, New Zealand and Australia, were looking at ways to hack smartphones and spy on users. According to The Intercept: "The top-secret document, obtained from NSA whistleblower Edward Snowden, was published Wednesday by CBC News in collaboration with The Intercept. The document outlines a series of tactics that the NSA and its counterparts in the Five Eyes were working on during workshops held in Australia and Canada between November 2011 and February 2012."
Security

Netgear and ZyXEL Confirm NetUSB Flaw, Are Working On Fixes 32

Posted by samzenpus
from the protect-ya-neck dept.
itwbennett writes: In follow-up to a story that appeared on Slashdot yesterday about a critical vulnerability in the NetUSB service, networking device manufacturers ZyXEL Communications and Netgear have confirmed that some of their routers are affected and said they are working on fixes. ZyXEL will begin issuing firmware updates in June, while Netgear plans to start releasing patches in the third quarter of the year.
Businesses

Security Researchers Wary of Wassenaar Rules 31

Posted by samzenpus
from the rules-of-the-game dept.
msm1267 writes: The Commerce Department's Bureau of Industry and Security today made public its proposal to implement the controversial Wassenaar Arrangement, and computer security specialists are wary of its language and vagaries. For starters, its definition of "intrusion software" that originally was meant to stem the effect of spying software such as FinFisher and Hacking Team, has also apparently snared many penetration testing tools. Also, despite the Commerce Department's insistence that vulnerability research does not fall under Wassenaar, researchers say that's up for interpretation.
Communications

Academics Build a New Tor Client Designed To Beat the NSA 54

Posted by timothy
from the non-spy-vs-spy dept.
An anonymous reader writes: In response to a slew of new research about network-level attacks against Tor, academics from the U.S. and Israel built a new Tor client called Astoria designed to beat adversaries like the NSA, GCHQ, or Chinese intelligence who can monitor a user's Tor traffic from entry to exit. Astoria differs most significantly from Tor's default client in how it selects the circuits that connect a user to the network and then to the outside Internet. The tool is an algorithm designed to more accurately predict attacks and then securely select relays that mitigate timing attack opportunities for top-tier adversaries.
Transportation

GM's Exec. Chief Engineer For Electric Vehicles Pam Fletcher Answers Your Question 96

Posted by samzenpus
from the read-all-about-it dept.
Pam Fletcher was propulsion system chief engineer on the first Chevrolet Volt plug-in hybrid and is now executive chief engineer for electrified vehicles at GM, overseeing electrified vehicles company-wide. A while ago you had a chance to ask about her work and the future of electric cars. Below you'll find her answers to your questions.
Government

US Proposes Tighter Export Rules For Computer Security Tools 120

Posted by timothy
from the we'd-like-to-inspect-that-package dept.
itwbennett writes: The U.S. Commerce Department has proposed tighter export rules for computer security tools and could prohibit the export of penetration testing tools without a license. The proposal would modify rules added to the Wassenaar Arrangement in 2013 that limit the export of technologies related to intrusion and traffic inspection. The definition of intrusion software would also encompass 'proprietary research on the vulnerabilities and exploitation of computers and network-capable devices,' the proposal said.
Security

Telstra Says Newly Acquired Pacnet Hacked, Customer Data Exposed 15

Posted by samzenpus
from the getting-to-know-all-about-you dept.
An anonymous reader writes: Telstra’s Asian-based data center and undersea cable operator Pacnet has been hacked exposing many of the telco’s customers to a massive security breach. The company said it could not determine whether personal details of customers had been stolen, but it acknowledged the possibility. The Stack reports: "Telstra said that an unauthorized third party had been able to gain access to the Pacnet business management systems through a malicious software installed via a vulnerability on an SQL server. The hack had taken place just weeks before Telstra acquired the Asian internet service provider for $550mn on 16 April this year. The telecom company confirmed that it had not been aware of the hack when it signed the deal in December 2014."
Linux

Rate These 53 Sub-$200 Hacker SBCs, Win 1 of 20 44

Posted by samzenpus
from the pick-your-favorite dept.
DeviceGuru writes: LinuxGizmos and Linux.com have just launched their annual 2-minute survey asking folks to rate their favorite hacker SBCs from a list of 53 single board computers that are priced below $200, supported by open documentation and Linux or Android OSes, and will ship before July. As usual, the survey's data will be made available publicly, but one big change this year is that participants can register for a random drawing that will give away 20 hacker SBCs, split equally among the BeagleBone Black, Imagination Creator CI20, Intel Edison Kit for Arduino, and Qualcomm DragonBoard 410c. (Emails submitted will only be used for selecting and notifying SBC drawing winners, say the sites.)
Privacy

Simple Flaw Exposed Data On Millions of Charter Internet Customers 29

Posted by samzenpus
from the protect-ya-neck dept.
Daniel_Stuckey writes: A security flaw discovered in the website of Charter Communications, a cable and Internet provider active in 28 states, may have exposed the personal account details of millions of its customers. Security researcher Eric Taylor discovered the internet service provider's vulnerability as part of his research, and demonstrated how a simple header modification performed with a browser plug-in could reveal details of Charter subscriber accounts. After Fast Company notified Charter of the issue, the company said it had installed a fix within hours.
Power

Hydrogen-Powered Drone Can Fly For 4 Hours at a Time 112

Posted by samzenpus
from the different-way-to-fly dept.
stowie writes: The Hycopter uses its frame to store energy in the form of hydrogen instead of air. With less lift power required, its fuel cell turns the hydrogen in its frame into electricity to power its rotors. The drone can fly for four hours at a time and 2.5 hours when carrying a 2.2-pound payload. “By removing the design silos that typically separate the energy storage component from UAV frame development - we opened up a whole new category in the drone market, in-between battery and combustion engine systems,” says CEO Taras Wankewycz.
Chrome

New Chrome Extension Uses Sound To Share URLs Between Devices 73

Posted by samzenpus
from the sound-of-malware dept.
itwbennett writes: Google Tone is an experimental feature that could be used to easily and instantly share browser pages, search results, videos and other pages among devices, according to Google Research. "The initial prototype used an efficient audio transmission scheme that sounded terrible, so we played it beyond the range of human hearing," researcher Alex Kauffmann and software engineer Boris Smus wrote in a post on the Google Research blog.
China

Huawei's LiteOS Internet of Things Operating System Is a Minuscule 10KB 160

Posted by samzenpus
from the in-the-future dept.
Mark Wilson writes: Chinese firm Huawei today announces its IoT OS at an event in Beijing. The company predicts that within a decade there will be 100 billion connected devices and it is keen for its ultra-lightweight operating system to be at the heart of the infrastructure. Based on Linux, LiteOS weighs in at a mere 10KB — smaller than a Word document — but manages to pack in support for zero configuration, auto-discovery, and auto-networking. The operating system will be open for developers to tinker with, and is destined for use in smart homes, wearables, and connected vehicles. LiteOS will run on Huawei's newly announced Agile Network 3.0 Architecture and the company hopes that by promoting a standard infrastructure, it will be able to push the development of internet and IoT applications
Security

How 1990s Encryption Backdoors Put Today's Internet In Jeopardy 42

Posted by samzenpus
from the grunge-net dept.
An anonymous reader writes: While debate swirls in Washington D.C. about new encryption laws, the consequences of the last crypto war is still being felt. Logjam vulnerabilities making headlines today is "a direct result of weakening cryptography legislation in the 1990s," researcher J. Alex Halderman said. "Thanks to Moore's law and improvements in cryptanalysis, the ability to break that crypto is something really anyone can do with open-source software. The backdoor might have seemed like a good idea at the time. Maybe the arguments 20 years ago convinced people this was going to be safe. History has shown otherwise. This is the second time in two months we've seen 90s era crypto blow up and put the safety of everyone on the internet in jeopardy."
Government

Do Russian Uranium Deals Threaten World Supply Security? 95

Posted by samzenpus
from the plenty-to-go-around dept.
Lasrick writes: A recent article in the New York Times notes that the Russian state nuclear corporation Rosatom and associated firms are gaining control of a growing number of uranium resources and mining operations. The article, headlined Cash Flowed to Clinton Foundation Amid Russian Uranium Deal focuses on donations to charities connected to former US President Bill Clinton and his family, made by businessmen who stood to profit from the sale of Uranium One, a Canadian company with worldwide uranium-mining interests. But a major premise of the article is that Russian uranium control threatens the security of the global uranium supply. Steve Fetter and Erich Schneider demolish the idea that Russian control of uranium stocks is a threat to global security.
Firefox

Adblock Plus Launches Adblock Browser: a Fork of Firefox For Android 108

Posted by Soulskill
from the unblocking-the-blocked-blocker dept.
An anonymous reader writes: Adblock Plus has launched Adblock Browser for Android. Currently in beta, the company's first browser was created by taking the open source Firefox for Android and including Adblock Plus out-of-the-box. The Firefox Sync functionality is disabled, as is the ability to use other addons. "Adblock Plus for Android got kicked out of Google Play along with other ad blocking apps in March 2013, because Google’s developer distribution agreement states apps cannot interfere with the functionality of other apps. Williams thus believes Adblock Browser “should be fine” as it only blocks ads that are shown as you browse the Web."
Networking

Ask Slashdot: Best Way To Solve a Unique Networking Issue? 360

Posted by timothy
from the that-seems-like-a-decent-way dept.
New submitter petro-tech writes: I work as a service technician, maintaining and repairing gas pumps and POS equipment. In my day to day activities, one that consumes a ton of time and is relatively regular is the process of upgrading the software on pumps. This is done by connecting to the pump via direct ethernet from my laptop, then running a manufacturer-provided program that connects to the device and pushes the new software. Some sites have 8+ pumps with 2 devices in each, and at 20-30 minutes apiece this can be quite time consuming. Unfortunately the devices are not actually on a network, and as such cannot be updated remotely, also since they are not on a network, they are all configured with the same IP address. Additionally the software doesn't allow you to specify the adapter to use. I would like to be able to get to a site, connect a cable to each pump, and load them all at the same time. The only way I can figure to accomplish this with the software we've been provided is to do this: Get a 16-port powered USB hub, with a usb-ethernet adaptor in each port; Set up 16 VM's with extremely stripped down XP running on each, with only one USB-ethernet adaptor assigned to each VM; Set XP to boot the application for loading software as its shell; and load each device that way at the same time. Is there a better way to accomplish this?
Networking

Critical Vulnerability In NetUSB Driver Exposes Millions of Routers To Hacking 69

Posted by Soulskill
from the it's-not-even-another-day-yet dept.
itwbennett writes: NetUSB, a service that lets devices connected over USB to a computer be shared with other machines on a local network or the Internet, is implemented in Linux-based embedded systems, such as routers, as a kernel driver. Once enabled, it opens a server that listens on TCP port 20005 for connecting clients. Security researchers from a company called Sec Consult found that if a connecting computer has a name longer than 64 characters, a stack buffer overflow is triggered in the NetUSB service. The advisory notice has a list of affected routers.
Transportation

Oregon Testing Pay-Per-Mile Driving Fee To Replace Gas Tax 803

Posted by Soulskill
from the their-way-or-the-highway dept.
schwit1 tips news that Oregon will become the first U.S. state to test a program to replace their gas tax with a fee for each mile citizens drive on public roads. The 5,000 people voluntarily participating in the test will be charged 1.5 cents per mile. Revenue from gas tax has been on the decline as vehicles get more fuel efficient and as hybrids and electric cars become more popular. This measure is an attempt to raise the amount of money the state takes in to pay for infrastructure projects. Many owners of those hybrid and electric vehicles are upset, saying it specifically targets them and discourages environmentally-friendly transportation. Others point out that those who drive electric vehicles need the roads maintained just as much as people still driving gas-powered cars.
China

US Levels Espionage Charges Against 6 Chinese Nationals 100

Posted by Soulskill
from the coveting-our-baconnaise-technology dept.
Taco Cowboy writes: The U.S. government has indicted five Chinese citizens and arrested a Chinese professor on charges of economic espionage. The government alleges that they took jobs at two small, American chipmakers — Avago Technologies and Skyworks Solutions — in order to steal microelectronics designs. "All of them worked, the indictment contends, to steal trade secrets for a type of chip popularly known as a “filter” that is used for acoustics in mobile telephones, among other purposes. They took the technology back to Tianjin University, created a joint venture company with the university to produce the chips, and soon were selling them to both the Chinese military and to commercial customers."

It's interesting to note that the Reuters article keeps mentioning how this technology — used commonly as an acoustic filter — has "military applications." It's also interesting to look at another recent case involving Shirrey Chen, a hydrologist who was mysteriously arrested on suspicion of espionage, but then abruptly cleared five months later. One can't help but wonder what's driving the U.S.'s new strategy for tackling economic espionage.