By BeauHD from Slashdot's behind-the-scenes department
"Threatpost has a link to some recent research about ways web pages can exploit browser extensions to steal information or write files," writes Slashdot reader jbmartin6. "Did we need another reason to be deeply suspicious of any browser extension? Not only do they spy on us for their makers, now other people can use them to spy on us as well. The academic paper is titled 'Empowering Web Applications with Browser Extensions' (PDF)." From the report: "An attacker [uses] a script that is present in a web application currently running in the user browser. The script either belongs to the web application or to a third party. The goal of the attacker is to interact with installed extensions, in order to access user sensitive information. It relies on extensions whose privileged capabilities can be exploited via an exchange of messages with scripts in the web application," researchers wrote. They added, "Even though content scripts, background pages and web applications run in separate execution contexts, they can establish communication channels to exchange messages with one another... APIs [are used] for sending and receiving (listening for) messages between the content scripts, background pages and web applications."
The researcher behind the paper focused on a specific class of web extension called "WebExtensions API," a cross-browser extensions system compatible with major browsers including Chrome, Firefox, Opera and Microsoft Edge. After analyzing 78,315 extensions that used the specific WebExtension API, it found 3,996 that were suspicious. While it seems voluminous, they noted that research found a small number of vulnerable extensions overall, and that concern should be measured. However, "browser vendors need to review extensions more rigorously, in particular take into consideration the use of message passing interfaces in extensions."Read Replies (0)
By BeauHD from Slashdot's speaking-in-hyperbole department
An anonymous reader quotes a report from Ars Technica: Comcast's cable division spent 3 percent less on capital expenditures last year, despite promises that the repeal of net neutrality rules would boost broadband network investment. Comcast's cable division spent $7.95 billion on capital expenditures during calendar year 2017, but that fell to $7.72 billion in the 12 months ending on December 31, 2018. Comcast's overall capital expenditures went up 2.3 percent, from $9.6 billion in 2017 to $9.8 billion in 2018. But that company-wide capital expenditure number includes the Comcast-owned NBCUniversal, which spent $1.7 billion in 2018, a 15.2 percent increase, "primarily reflecting investment at Theme Parks," Comcast said.
The cable capital expenditure statistic thus provides a more accurate picture of whether Comcast increased or decreased investment in its broadband network. Cable capital expenditures as a percentage of Comcast's cable revenue dropped from 15 percent in 2017 to 14 percent in 2018. Comcast's network spending should have risen in 2018 if predictions from Federal Communications Commission Chairman Ajit Pai and Comcast had been correct. Pai's net neutrality repeal took effect in June 2018. But the vote to repeal net neutrality rules was in December 2017, and Pai claimed in February 2018 that the repeal was already causing increased broadband investment. While Comcast's cable capital expenditures did rise year over year in the fourth quarter, from $2.15 billion to $2.32 billion, it wasn't enough to offset the full-year decline. Ars Technology also notes: "The corporate tax cut implemented as 2018 began also didn't stop job cuts at Comcast and AT&T, despite promises that the tax cut would create new jobs."Read Replies (0)
By msmash from Slashdot's perfect-match department
Google is expanding its support of Wikimedia, the parent company of Wikipedia, as the search giant chases the next billion users. From a report: At World Economic Forum this week, Google committed to offer Wikipedia an additional $3.1 million, along with providing several of its machine learning tools to the editors of Wikipedia at no cost, the companies said. Google.org, thanks in part to contributions from employees, will be giving $1.1 million to the Wikimedia Foundation and $2 million to the Wikimedia Endowment, an independent fund that supports Wikipedia and other long-term Wikimedia projects.
As part of the announcement, the companies said they will be expanding Project Tiger, a joint initiative they launched in 2017 to increase the number of articles in underrepresented languages in India. They intend to provide editors with resources and insights to create new Wikipedia articles across 10 languages in India, Indonesia, Mexico, Nigeria, and the Middle East and North Africa (MENA) region. The initiative is being rebranded as GLOW, which is supposed to stand for Growing Local Language Content on Wikipedia.Read Replies (0)
By msmash from Slashdot's how-about-that department
Richard Stallman recently visited Mandya, a small town about 60 miles from Bengaluru, India, to give a talk. On the sidelines, Indian news outlet FactorDaily caught up with Stallman for an interview. In the wide-ranging interview, Stallman talked about companies that spy on users, popular Android apps, media streaming and transportation apps, smart devices, DRM, software backdoors, subscription software, and Apple and censorship. An excerpt from the interview: If you are carrying a mobile phone, it is always tracking your movements and it could have been modified to listen to the conversations around you. I call this product Stalin's dream. What would Stalin have wanted to hand out to every inhabitant of the former Soviet Union? Something to track that person's movements and listen to the person's conservations. Fortunately, Stalin could not do it because the technology didn't exist. Unfortunately for us, now it does exist and most people have been pressured or lured into carrying around such a Stalin's dream device, but not me.
< article continued at Slashdot's how-about-that department
>Read Replies (0)
By msmash from Slashdot's closer-look department
A new strain of ransomware has been observed targeting Bitcoin mining rigs. ZDNet reports: At the time of writing, most of the infections have been reported in China, the country where most of the world's cryptocurrency mining farms are located. Named hAnt, this new ransomware strain was first seen in August of last year, but a new wave of infections has been reported hitting mining farms earlier this month. Most of the infected mining rigs are Antminer S9 and T9 devices, used for Bitcoin mining, but there have also been reports of hAnt infecting Antminer L3 rigs, used for mining Litecoin. In rare instances, Avalon Miner equipment (used for Bitcoin), were also reported as infected, but in much smaller numbers.Read Replies (0)
By msmash from Slashdot's who-asked-for-this department
Phone maker Meizu has announced a new phone called "Zero," which doesn't have a headphone jack, or a charging port, or a physical SIM card slot, or any buttons, or a speaker grill. From a report: It doesn't even come with a SIM card slot and buttons you'd usually see on a phone -- the only elements that disturb the surface of its all-display, 7.8mm-thick ceramic unibody are its 12MP and 20MP rear cameras and two pinholes. One is a microphone, while the other is for hard resets. To make up for the lack of ports, Meizu Zero will support Bluetooth 5.0 and a wireless USB connectivity that will reportedly be able to transfer files as fast as the USB 3.0 standard can.
Zero's 5.99-inch QHD OLED screen will act as some sort of a giant speaker and earpiece replacement. It does have a big enough bezel for a 20MP front camera, but its fingerprint reader is completely on-screen. The device, which is powered by a Snapdragon 845 processor, relies on 18W wireless charging due to the lack of a charger port. And it may not have the usual physical buttons, but it does have pressure-sensing ones with haptic feedback on its borders.Read Replies (0)
By msmash from Slashdot's shape-of-things-to-come department
What does the future of getting a job in the tech industry look like? According to the CEO of IBM, Ginni Rometty, it's important that tech companies focus on hiring people with valuable skills, not just people with college degrees. From a report: Rometty made the comments yesterday at the World Economic Forum in Davos, Switzerland. The CEO said that technology's fast-moving pace here in the 21st century makes it harder for people to find jobs and has led to disillusionment with the future. "With the new technologies that are out there, I think there is a huge inclusion problem, meaning there's a large part of society that does not feel this is going to be good for their future," Rometty said. "Forget about whether it is or it isn't or what we believe. Therefore they feel very disenfranchised."
[...] "So when it comes to education and skills, I think the government can't solve it alone," Rometty said. "I think businesses have to believe I'll hire for skills, not just their degrees or their diplomas. Because otherwise we'll never bridge this gap." "All of us are full of companies with university degrees, PhDs, you've got to make room for everyone in society in these jobs," Rometty said as other business leaders on the panel nodded their heads. She added, "We have a very serious duty about this. Because these technologies are changing faster with times than their skills are going to change. So it is causing this skill crisis. [...] We have to have a new paradigm. You would have to have new pathways that don't all include college education and you would have to have respect for that job -- not blue collar or white collar, I call it new collar."Read Replies (0)
By BeauHD from Slashdot's welcome-to-the-club department
An anonymous reader quotes a report from Hollywood Reporter: Netflix has joined the membership ranks of the Motion Picture Association of America alongside the six major Hollywood studios, the top lobbying group said Tuesday, The unprecedented move -- coming on the same day that the streamer landed its first Oscar nomination for best picture -- was endorsed by Disney, Fox, Paramount, Sony, Universal and Warner Bros. It is the first time in history that a non-studio has been granted entry. It also is a defining moment for MPAA chairman-CEO Charles Rivkin 18 months into his tenure. The Netflix-MPAA union coincides with the streamer becoming a card-carrying member of the Oscar race after securing an unprecedented 15 nominations on Tuesday morning. Netflix CEO Reed Hastings and Sarandos are intent on upping the company's profile as a legitimate force in the movie business, and joining the MPAA will further that goal. Additionally, once Fox is merged with Disney, the MPAA will have one less member, meaning a loss of as much as $10 million to $12 million in annual dues. Sources say the MPAA is courting other new members as well (Amazon could be a candidate). Prior to joining the MPAA, Netflix "departed from the Internet Association -- a major industry trade group representing tech companies including Google, Amazon, and Facebook," Engadget notes. "Netflix had been a member of the internet association since 2013."Read Replies (0)
By BeauHD from Slashdot's case-closed department
The U.S. Supreme Court has declined to hear a case regarding whether Yelp is culpable for removing defamatory reviews from its site, resolving a case that could have affected web platforms' legal protections. Today's list of Supreme Court orders denies a complaint brought by Dawn Hassell, an attorney who requested that Yelp take down false, negative reviews about her practice. This means that a California Supreme Court decision will stand, and Yelp isn't liable for the reviews. The Verge reports: Hassell v. Bird was filed in 2016 as a complaint against one of Hassell's former clients, not Yelp. However, Yelp protested a court order to remove the reviews, arguing that it was protected by Section 230 of the Communications Decency Act. (Yelp has said it independently removes reviews it finds to be defamatory since they violate its terms of service.) Lower courts disagreed, but in mid-2018, the California Supreme Court ruled in Yelp's favor. Then, the firm of Charles Harder -- a member of President Donald Trump's legal team who's known for high-profile defamation lawsuits -- petitioned the Supreme Court to hear a complaint against Yelp.
Yelp praised the California Supreme Court's decision last year, calling it a win for "those of us who value sharing one another's opinions and experiences" on the internet. It commended today's decision as well. "We are happy to see the Supreme Court has ended Hassell's efforts to sidestep the law to compel Yelp to remove online reviews. This takes away a tool that could have been easily abused by litigants to obtain easy removal of entirely truthful consumer opinions," a spokesperson told The Verge.Read Replies (0)
By BeauHD from Slashdot's new-and-improved department
Researchers at Ulsan National Institute of Science and Technology (UNIST) and Georgia Tech have developed a new system that absorbs carbon dioxide and produces electricity and useable hydrogen fuel. New Atlas reports: The new device, which the team calls a Hybrid Na-CO2 System, is basically a big liquid battery. A sodium metal anode is placed in an organic electrolyte, while the cathode is contained in an aqueous solution. The two liquids are separated by a sodium Super Ionic Conductor (NASICON) membrane. When CO2 is injected into the aqueous electrolyte, it reacts with the cathode, turning the solution more acidic, which in turn generates electricity and creates hydrogen. In tests, the team reported a CO2 conversion efficiency of 50 percent, and the system was stable enough to run for over 1,000 hours without causing any damage to the electrodes. Unlike other designs, it doesn't release any CO2 as a gas during normal operation -- instead, the remaining half of the CO2 was recovered from the electrolyte as plain old baking soda. The research was published in the journal iScience.Read Replies (0)