By timothy from Slashdot's if-you-watch-everything-you-lose-perspective department
writes with this excerpt: A security researcher has developed a method–actually two methods–for defeating the new Chrome Password Alert extension that Google released earlier this week.
The Password Alert extension is designed to warn users when they're about to enter their Google passwords into a fraudulent site. The extension is meant as a defense against phishing attacks, which remain a serious threat to consumers despite more than a decade of research and warnings about the way the attacks work.
However, Moore then began looking more closely at the code for the extension, and Chrome itself, and discovered another way to get around the extension. He said this one likely will be more difficult to repair.
"The second exploit will prove quite difficult (if not near impossible) to resolve, as it leverages a race condition in Chrome which I doubt any single extension can remedy. The extension works by detecting each key press and comparing it against a stored, hashed version. When you've entered the correct password, Password Alert throws a warning advising the user to change their password," Moore said.Read Replies (0)
By timothy from Slashdot's all-things-in-time department
An anonymous reader writes: Arguably the biggest news out of Microsoft's Build 2015 conference was that developers will be able to bring Web apps, Windows desktop apps (Win32), as well as Android and iOS mobile apps to the Windows Store. Yet each of these work differently, and there are a lot of nuances, so we talked to Todd Brix, general manager of Windows apps and store, to get some more detail. First and foremost, upon Windows 10's launch, developers will only be able to bring Web apps to the Windows Store. The Win32, Android, and iOS app toolkits will not be ready in time. That said, with Microsoft's Windows as a service strategy, they will arrive as part of later updatesRead Replies (0)
By Soulskill from Slashdot's anti-cheating-baseball-bats department
An anonymous reader writes: Cheating is a real problem in today's most popular online multiplayer games, and not just on public servers. Some of the world's top Counter-Strike: Global Offensive players have been banned by Valve's Anti-Cheat System (VACS) in recent months too, bringing a nascent eSport into disrepute. But one gamer is taking a different approach, creating a hardware solution called Game:ref to tackle the problem. Simple in design — Game:ref, which the creator hopes to fund on Kickstarter soon, compares on screen movement with your inputs — but powerful in potential, the device has the potential to catch out illegal macro users both on and offline. It's already attracting interest in the top flight too.
"I've had some people from [eSports teams] Complexity, SK Gaming, and a few high-profile streamers reach out. I would say everyone seems onboard with making online PC gaming a more enjoyable experience," says inventor David Titarenco, a former Counter-Strike pro himself. "After all, most cheating on consoles has been eradicated, why should PC be so far behind?"Read Replies (0)