Security

Avast SafeZone Browser Lets Attackers Access Your Filesystem (softpedia.com) 37

An anonymous reader writes: Just two days after Comodo's Chromodo browser was publicly shamed by Google Project Zero security researcher Tavis Ormandy, it's now Avast's turn to be publicly scorned for failing to provide a "secure" browser for its users. Called SafeZone, and also known as Avastium, Avast's custom browser is offered as a bundled download for all who purchase or upgrade to a paid version of Avast Antivirus 2016. This poor excuse of a browser was allowing attackers to access files on the user's filesystem just by clicking on malicious links. The browser wouldn't even have to be opened, and the malicious link could be clicked in "any" browser.
Movies

The Pirate Bay Now Let You Stream Movies and TV, Not Just Download 125

An anonymous reader writes: On Tuesday, a new simple solution for streaming torrents directly in your browser showed up on the Web. By Friday, infamous torrent site The Pirate Bay had already adopted it. The Pirate Bay now features "Stream It!" links next to all its video torrents. As a result, you can play movies, TV shows, and any other video content directly in the same window you use to browse the torrent site.
Security

Anti-Malware Maker Files Lawsuit Over Bad Review (csoonline.com) 162

itwbennett writes: In a lawsuit filed January 8, 2016, Enigma Software, maker of anti-malware software SpyHunter, accuses self-help portal Bleeping Computer of making 'false, disparaging, and defamatory statements.' At issue: a bad review posted by a user in September, 2014. The lawsuit also accuses Bleeping Computer of profiting from driving traffic to competitor Malwarebytes via affiliate links: 'Bleeping has a direct financial interest in driving traffic and sales to Malwarebytes and driving traffic and sales away from ESG.' Perhaps not helping matters, one of the first donations to a fund set up by Bleeping Computer to help with legal costs came from Malwarebytes.
Open Source

Link Rot Rx: 'Amber' Add-on For WordPress and Drupal 17

David Rothman writes: If you run a WordPress or Drupal site, you can now fight link rot with Amber, a new open source add-on from Harvard's Berkman Center. If links are dead, visitors can still summon up the pages as stored on your server or, if you prefer, outside ones such as the Internet Archive. TeleRead has the details, and the Amber site is here, with download information.
United States

Former DoE Employee Ensnared By Secret-Selling Sting Pleads Guilty (washingtonpost.com) 40

mdsolar writes: A former Energy Department employee accused of attempting to infiltrate the agency's computer system to steal nuclear secrets and sell them to a foreign government pleaded guilty Tuesday to a reduced charge of attempting to damage protected government computers in an email "spear-phishing attack." Charles Harvey Eccleston, a former employee at the department and at the independent Nuclear Regulatory Commission (NRC), was arrested March 27 by Philippine authorities after an undercover FBI sting operation. Eccleston, 62, a U.S. citizen who had been living in the Philippines since 2011, was "terminated" from his job at the NRC in 2010, according to the Justice Department. In January 2015, the department said, he targeted more than 80 Energy Department employees in Washington at four national nuclear labs with emails containing what he thought were links to malicious websites that, if activated, could infect and damage computers.
Security

Chromodo Browser Disables Key Web Security (thestack.com) 54

An anonymous reader writes: A Google Security Research update has claimed that Comodo's internet browser Chromodo, based on the open-source project Chromium, contains significant security failings and puts its users at risk. This week's Google alert suggested that the Chromodo browser – available as a standalone download, as well as part of the company's Security package – is less secure than it promises. According to analysis, the browser is disabling the Same Origin policy, hijacking DNS settings, and replacing shortcuts with Chromodo links, among other security violations.
Moon

China's Chang'e 3 Lander and Yutu Rover Camera Data Released 56

AmiMoJo writes: Detailed high resolution images from the recent Chinese moon mission have been released. Links to the original Chinese sites hosting the images are available, but Emily Lakdawalla of the Planetary Society has kindly organized them in English. Images show the lander, the rover and the surface of the earth. An interactive map is also available, built from data collected by the mission.
Crime

San Francisco Bay Area In Superbowl Surveillance Mode (wired.com) 95

An anonymous reader links to Wired's description of a surveillance society in miniature assembling right now in San Francisco: Super Bowl 50 will be big in every way. A hundred million people will watch the game on TV. Over the next ten days, 1 million people are expected to descend on the San Francisco Bay Area for the festivities. And, according to the FBI, 60 federal, state, and local agencies are working together to coordinate surveillance and security at what is the biggest national security event of the year.
Previous year's Superbowl security measures have included WMD sensors, database-backed facial recognition, and gamma-ray vehicle scanners. Given the fears and cautions in the air about this year's contest, it's easy to guess that the scanning and sensing will be even more prevalent this time.
Communications

U.S. Forces Viewed Encrypted Israeli Drone Feeds (theintercept.com) 49

iceco2 links to The Intercept's report that the U.S. and UK intelligence forces have been (or at least were) intercepting positional data as well as imagery from Israeli drones and fighters, through a joint program dubbed "Anarchist," based on the island of Cyprus. Among the captured images that the Intercept has published, based on data provided by Edward Snowden, are ones that appear to show weaponized drones, something that the U.S. military is well-known for using, but that the IDF does not publicly acknowledge as part of its own arsenal. Notes iceco2: U.S. spying on allies is nothing new. It is surprising to see the ease with which encrypted Israeli communications were intercepted. As always, it wasn't the crypto which was broken -- just the lousy method it was applied. Ars Technica explains that open-source software, including ImageMagick was central to the analysis of the captured data.
Advertising

German Court: "Sharing" Your Amazon Purchases Is Spamming (reuters.com) 195

An anonymous reader writes: A court in Germany has ruled that the 'Share' links which Amazon provides to customers directly after making a purchase at the site are unlawful. The "Share" functionality provides buttons which allow the consumer to signal a new purchase via Facebook, Twitter, Pinterest, or email. The court, ratifying an earlier decision made at a lower court, declared that emails initiated via the Share function constitute "unsolicited advertising and unreasonable harassment."
Education

How Have Large Donations Affected Education Policy In New York City? 37

theodp writes: According to Chalkbeat, the expansion of charter schools, the movement to break New York City's large schools into smaller ones, and the push to teach computer science have something in common: the influence of philanthropy. Though contributions from big donors amount to only a fraction of New York City's education spending, they still have a real impact on public school policy, said Jeffrey Henig, the co-author of The New Education Philanthropy: Politics, Policy and Reform, which details how powerful individuals and organizations increasingly use donations to advance policies they support. Increasingly, Henig adds, some of those donors are paying more attention to advocacy, creating at least the appearance, if not the reality, of grassroots support.
Communications

Iran's Blogfather: Facebook, Instagram and Twitter Are Killing the Web (theguardian.com) 172

An anonymous reader writes: Iranian writer Hossein Derakhshan has a unique perspective on the internet. He got into blogging early on, and sparked the spread of blogs across the Iranian internet. In 2008, this earned him a 20-year jail sentence. Late in 2014, he was released early. Derakhshan was a major participant in the early-2000s web, but missed the social media revolution. Here are his thoughts on the change: "The hyperlink was my currency six years ago. It represented the open, interconnected spirit of the world wide web – a vision that started with its inventor, Tim Berners-Lee. The hyperlink was a way to abandon centralization – all the links, lines and hierarchies – and replace them with something more distributed, a system of nodes and networks. Since I got out of jail, though, I've realized how much the hyperlink has been devalued, almost made obsolete.

But the scariest outcome of the centralization of information in the age of social networks is something else: it is making us all much less powerful in relation to governments and corporations. Surveillance is increasingly imposed on civilized lives, and it gets worse as time goes by. ... I miss when people took time to be exposed to opinions other than their own, and bothered to read more than a paragraph or 140 characters."

Medicine

Contradicting Previous Study, Cancer Risk Has Strong Environmental Component (washingtonpost.com) 54

The Real Dr John writes: A new study published in the journal Nature provides evidence that intrinsic risk factors contribute only modestly (less than ~10–30% of lifetime risk) to cancer development in humans (abstract). An earlier study had found that the more stem-cell divisions that occurred in a given tissue over a lifetime, the more likely it was to become cancerous. They said that though some cancers clearly had strong outside links – such as liver cancers caused by hepatitis C or lung cancer resulting from smoking – there were others for which the variation was explained mainly by defects in stem-cell division. The new research shows that the correlation between stem-cell division and cancer risk does not distinguish between the effects of internal (genetic) and external (environmental) factors such as chemical toxicity and radiation. They also found that the rates of endogenous mutation accumulation by internal processes are not sufficient to account for the observed cancer risks. The authors conclude that cancer risk is heavily influenced by environmental factors.
United Kingdom

PRESTON: The UK's "Big Brother" Comprehensive National Database System (theregister.co.uk) 57

gb7djk writes: The investigative journalist Duncan Campbell has written an article at The Register claiming that the UK Government has been secretly creating a database of all telephone calls, financial and travel records for the last 15 years. From the article: "Located inside the riverside headquarters of the Security Service, MI5, in Thames House, PRESTON works alongside and links to massive databases holding telephone call records, internet use records, travel, financial, and other personal records held by the National Technical Assistance Centre (NTAC), a little known intelligence support agency set up by Tony Blair's government in a 1999 plan to combat encryption and provide a national centre for internet surveillance and domestic codebreaking."
United Kingdom

15,000 Hoverboards Seized As Unsafe In United Kingdom (nationaltradingstandards.uk) 178

puddingebola writes: National Trading Standards and trading standards services in Scotland have released figures that 15,000 of 17,000 hoverboards have been seized at ports of entry in the UK because of safety concerns. The boards were seized "due to a range of concerns, such as safety issues with the plug, cabling, charger, battery or the cut-off switch within the board, which often fails." Are we pushing hoverboard technology too far too quickly, or are there just a group of criminal sociopaths manufacturing unsafe devices at Christmastime and pumping them into the market? Mashable has a story summary with links to video of a man in Alabama with his hoverboard on fire. The government of New York City isn't so hot on hoverboards, either.
The Internet

Ask Slashdot: Is There a Bookmark Manager That Actually Manages Bookmarks? 100

hackwrench writes: Most reviews of so-called bookmark managers focus on the fact that they can share bookmarks across browsers and devices and whether or not they can make your bookmarks public or not. Sometimes they mention that you can annotate bookmarks. Little is said about real management features like making certain bookmarks exclusive to one or a set of browsers or devices, checking for dead links and maybe even looking them up on archive.org. I'm sure this isn't an exhaustive list of features that would be good to have. What bookmarks managers do you use and why, and what features would you like to see in a bookmark manager?
The Almighty Buck

'No Such Thing As a Free Gift' Casts a Critical Eye At Gates Foundation (theintercept.com) 156

theodp writes: The Intercept's Michael Massing takes a look at "How the Gates Foundation Reflects the Good and the Bad of 'Hacker Philanthropy." He writes, "Despite its impact, few book-length assessments of the foundation's work have appeared. Now Linsey McGoey, a sociologist at the University of Essex, is seeking to fill the gap. 'Just how efficient is Gates's philanthropic spending?' she asks in No Such Thing as a Free Gift. 'Are the billions he has spent on U.S. primary and secondary schools improving education outcomes? Are global health grants directed at the largest health killers? Is the Gates Foundation improving access to affordable medicines, or are patent rights taking priority over human rights?' As the title of her book suggests, McGoey answers all of these questions in the negative. The good the foundation has done, she believes, is far outweighed by the harm." Massing adds, "Bill and Melinda Gates answer to no electorate, board, or shareholders; they are accountable mainly to themselves. What's more, the many millions of dollars the foundation has bestowed on nonprofits and news organizations has led to a natural reluctance on their part to criticize it. There's even a name for it: the 'Bill Chill' effect."
Privacy

File Says NSA Found Way To Replace Email Program (nytimes.com) 93

schwit1 writes: Newly disclosed documents show that the NSA had found a way to create the functional equivalent of programs that had been shut down. The shift has permitted the agency to continue analyzing social links revealed by Americans' email patterns, but without collecting the data in bulk from American telecommunications companies — and with less oversight by the Foreign Intelligence Surveillance Court.

The disclosure comes as a sister program that collects Americans' phone records in bulk is set to end this month. Under a law enacted in June, known as the USA Freedom Act, the program will be replaced with a system in which the NSA can still gain access to the data to hunt for associates of terrorism suspects, but the bulk logs will stay in the hands of phone companies.

The newly disclosed information about the email records program is contained in a report by the NSA's inspector general that was obtained through a lawsuit under the Freedom of Information Act. One passage lists four reasons the NSA decided to end the email program and purge previously collected data. Three were redacted, but the fourth was uncensored. It said that "other authorities can satisfy certain foreign intelligence requirements" that the bulk email records program "had been designed to meet."

Security

Nation-backed Hackers Using Evercookie and Web Analytics To Profile Targets (securityledger.com) 47

chicksdaddy writes: There's such a fine line between clever and criminal. That's the unmistakable subtext of the latest FireEye report on a new "APT" style campaign that's using methods and tools that are pretty much indistinguishable from those used by media websites and online advertisers. The difference? This time the information gathered from individuals is being used to soften up specific individuals with links to international diplomacy, the Russian government, and the energy sector.

The company released a report this week that presented evidence of a widespread campaign (PDF) that combines so-called "watering hole" web sites with a tracking script dubbed "WITCHCOVEN" and Samy Kamkar's Evercookie, the super persistent web tracking cookie. The tools are used to assemble detailed profiles on specific users including the kind of computer they use, the applications and web browsers they have installed, and what web sites they visit.

While the aims of those behind the campaign aren't known, FireEye said the use of compromised web sites and surreptitious tracking scripts doesn't bode well. "While many sites engage in profiling and tracking for legitimate purposes, those activities are typically conducted using normal third-party browser-based cookies and commercial ad services and analytics tools," FireEye wrote in its report. "In this case, while the individuals behind the activity used publicly available tools, those tools had very specific purposes....This goes beyond 'normal' web analytics," the company said.

Slashdot Top Deals