Tag: browser

Are Music CDs Dying? Best Buy Stops Selling CDs

An anonymous reader quotes Complex magazine: The future of physical music isn’t looking good. According to Billboard, consumer electronics company Best Buy will no longer carry physical CDs and Target may be following suit in the near future. Best Buy notified music suppliers that they will cease selling CDs at stores beginning July 1. The move is sure to hurt the already declining sales of CDs as consumers are switching to streaming platforms such as Spotify, Apple Music, and Tidal in large numbers. CD sales have already dropped by a sizable 18.5 percent in the past year, Billboard reports. Billboard also reports Target has given an “ultimatum” to music and video suppliers. “Currently, Target takes the inventory risk by agreeing to pay for any goods it is shipped within 60 days, and must pay to ship back unsold CDs for credit… Target has demanded to music suppliers that it wants CDs to be sold on what amounts to a consignment basis…” “If the majors don’t play ball and give in to the new sale terms, it could considerably hasten the phase down of the CD format.” Read more of this story at Slashdot.

View the original here:
Are Music CDs Dying? Best Buy Stops Selling CDs

Now Even YouTube Serves Ads With CPU-draining Cryptocurrency Miners

YouTube was recently caught displaying ads that covertly leach off visitors’ CPUs and electricity to generate digital currency on behalf of anonymous attackers, it was widely reported. From a report: Word of the abusive ads started no later than Tuesday, as people took to social media sites to complain their antivirus programs were detecting cryptocurrency mining code when they visited YouTube. The warnings came even when people changed the browser they were using, and the warnings seemed to be limited to times when users were on YouTube. On Friday, researchers with antivirus provider Trend Micro said the ads helped drive a more than three-fold spike in Web miner detections. They said the attackers behind the ads were abusing Google’s DoubleClick ad platform to display them to YouTube visitors in select countries, including Japan, France, Taiwan, Italy, and Spain. The ads contain JavaScript that mines the digital coin known as Monero. Read more of this story at Slashdot.

View article:
Now Even YouTube Serves Ads With CPU-draining Cryptocurrency Miners

Chrome Extension with 100,000 Users Caught Pushing Cryptocurrency Miner

Catalin Cimpanu, reporting for BleepingComputer: A Chrome extension with over 105, 000 users has been deploying an in-browser cryptocurrency miner to unsuspecting users for the past few weeks. The extension does not ask for user permission before hijacking their CPUs to mine Monero all the time the Chrome browser is open. Named “Archive Poster, ” the extension is advertised as a mod for Tumblr that allows users an easier way to “reblog, queue, draft, and like posts right from another blog’s archive.” According to users reviews, around the start of December the extension has incorporated the infamous Coinhive in-browser miner in its source code. Read more of this story at Slashdot.

Taken from:
Chrome Extension with 100,000 Users Caught Pushing Cryptocurrency Miner

Chrome 64 Beta Adds Sitewide Audio Muting, Pop-Up Blocker, Windows 10 HDR Video

Chrome 64 is now in beta and it has several new features over version 63. In addition to a stronger pop-up blocker and support for HDR video playback when Windows 10 is in HDR mode, Chrome 64 features sitewide audio muting to block sound when navigating to other pages within a site. 9to5Google reports: An improved pop-up blocker in Chrome 64 prevents sites with abusive experiences — like disguising links as play buttons and site controls, or transparent overlays — from opening new tabs or windows. Meanwhile, as announced in November, other security measures in Chrome will prevent malicious auto-redirects. Beginning in version 64, the browser will counter surprise redirects from third-party content embedded into pages. The browser now blocks third-party iframes unless a user has directly interacted with it. When a redirect attempt occurs, users will remain on their current page with an infobar popping up to detail the block. This version also adds a new sitewide audio muting setting. It will be accessible from the permissions dropdown by tapping the info icon or green lock in the URL bar. This version also brings support for HDR video playback when Windows 10 is in HDR mode. It requires the Windows 10 Fall Creator Update, HDR-compatible graphics card, and display. Meanwhile, on Windows, Google is currently prototyping support for an operating system’s native notification center. Other features include a new “Split view” feature available on Chrome OS. Developers will also be able to take advantage of the Resize Observer API to build responsive sites with “finger control to observe changes to sizes of elements on a page.” Read more of this story at Slashdot.

See the original post:
Chrome 64 Beta Adds Sitewide Audio Muting, Pop-Up Blocker, Windows 10 HDR Video

Keylogger Found On Nearly 5,500 WordPress Sites

An anonymous reader writes: Nearly 5, 500 WordPress sites are infected with a malicious script that logs keystrokes and sometimes loads an in-browser cryptocurrency miner. The malicious script is being loaded from the “cloudflare.solutions” domain, which is not affiliated with Cloudflare in any way, and logs anything that users type inside form fields as soon as the user switches away from an input field. The script is included on both the sites’ frontends and backends, meaning it can steal both admin account credentials and credit card data from WP sites running e-commerce stores. According to site source code search engine PublicWWW, there are 5, 496 sites running this keylogger. The attacker has been active since April. Read more of this story at Slashdot.

More here:
Keylogger Found On Nearly 5,500 WordPress Sites

Websites use your CPU to mine cryptocurrency even when you close your browser

Researchers have discovered a new technique that lets hackers and unscrupulous websites perform in-browser, drive-by cryptomining even after a user has closed the window for the offending site. Over the past month or two, drive-by cryptomining has emerged as a way to generate the cryptocurrency known as Monero. Hackers harness the electricity and CPU resources of millions of unsuspecting people as they visit hacked or deceitful websites. One researcher recently documented 2,500 sites actively running cryptomining code in visitors’ browsers , a figure that, over time, could generate significant revenue. Until now, however, the covert mining has come with a major disadvantage for the attacker or website operator: the mining stops as soon as the visitor leaves the page or closes the page window. Now, researchers from anti-malware provider Malwarebytes have identified a technique that allows the leaching to continue even after a user has closed the browser window. It works by opening a pop-under window that fits behind the Microsoft Windows taskbar and hides behind the clock. The window remains open indefinitely until a user takes special actions to close it. During that time, it continues to run code that generates Monero on behalf of the person controlling the Website. Read 4 remaining paragraphs | Comments

Original post:
Websites use your CPU to mine cryptocurrency even when you close your browser

Over 400 of the World’s Most Popular Websites Record Your Every Keystroke

An anonymous reader quotes a report from Motherboard: The idea of websites tracking users isn’t new, but research from Princeton University released last week indicates that online tracking is far more invasive than most users understand. In the first installment of a series titled “No Boundaries, ” three researchers from Princeton’s Center for Information Technology Policy (CITP) explain how third-party scripts that run on many of the world’s most popular websites track your every keystroke and then send that information to a third-party server. Some highly-trafficked sites run software that records every time you click and every word you type. If you go to a website, begin to fill out a form, and then abandon it, every letter you entered in is still recorded, according to the researchers’ findings. If you accidentally paste something into a form that was copied to your clipboard, it’s also recorded. These scripts, or bits of code that websites run, are called “session replay” scripts. Session replay scripts are used by companies to gain insight into how their customers are using their sites and to identify confusing webpages. But the scripts don’t just aggregate general statistics, they record and are capable of playing back individual browsing sessions. The scripts don’t run on every page, but are often placed on pages where users input sensitive information, like passwords and medical conditions. Most troubling is that the information session replay scripts collect can’t “reasonably be expected to be kept anonymous, ” according to the researchers. Read more of this story at Slashdot.

Read More:
Over 400 of the World’s Most Popular Websites Record Your Every Keystroke

Yup, Google Docs went down, but it’s coming back

If you’ve had trouble loading Google Docs this afternoon, you’re not alone. The company said that an outage has been “affecting a significant subset of users” who were unable to access it since about 3:48 PM ET. As of 4:55 PM ET the status had been updated to say “Google Docs service has already been restored for some users, and we expect a resolution for all users in the near future, ” and at 5:10, that ” The problem with Google Docs should be resolved.” So, yeah, get up and stretch before getting back to work, study or your obsessive spreadsheet of fantasy sports stats, but don’t go too far — things should be back to normal in about the time it takes for your browser to refresh. We’re actively investigating an issue with Docs not loading. Thanks for your patience as we look into it. — Google Docs (@googledocs) November 15, 2017 Docs is back up for most users, and we expect a full resolution for all users shortly. Sorry for this disruption and thanks again for your patience with us. — Google Docs (@googledocs) November 15, 2017 Source: Google Docs – Service Details

View the original here:
Yup, Google Docs went down, but it’s coming back

Firefox’s major Quantum upgrade now rolling out to everyone

Firefox is fast now. (credit: Mozilla) Mozilla is working on a major overhaul of its Firefox browser, and with the general release of Firefox 57 today, has reached a major milestone. The version of the browser coming out today has a sleek new interface and, under the hood, major performance enhancements, with Mozilla claiming that it’s as much as twice as fast as it was a year ago. Not only should it be faster to load and render pages, but its user interface should remain quick and responsive even under heavy load with hundreds of tabs. Collectively, the performance work being done to modernize Firefox is called Project Quantum . We took a closer look at Quantum back when Firefox 57 hit the developer channel in September , but the short version is, Mozilla is rebuilding core parts of the browser, such as how it handles CSS stylesheets, how it draws pages on screen, and how it uses the GPU. This work is being motivated by a few things. First, the Web has changed since many parts of Firefox were initially designed and developed; pages are more dynamic in structure, and applications are richer and more graphically intensive, JavaScript is more complex and difficult to debug. Second, computers now have many cores and simultaneous threads, giving them much greater scope to work in parallel. And security remains a pressing concern, prompting the use of new techniques to protect against exploitation. Some of the rebuilt portions are even using Mozilla’s new Rust programming language, which is designed to offer improved security compared to C++. Read 1 remaining paragraphs | Comments

View original post here:
Firefox’s major Quantum upgrade now rolling out to everyone

WeWork Employees Caught Spying on Competition

An anonymous reader shares a report: The battle in the red-hot co-working space business is heating up. WeWork, the No. 1 player in the sector, allegedly sent two spies to infiltrate rival Knotel — to steal info and some customers, Knotel claimed. The spies showed up at seven Knotel properties in Manhattan last month in a “systematic attempt to pilfer Knotel’s proprietary information and trade secrets, ” according to a cease-and-desist letter the smaller company sent to WeWork. The Post has obtained a copy of the letter. The corporate espionage rookies may have pulled off the caper except, in a totally random happening, a Knotel employee recognized one of them as a friend of a friend, according to sources close to Knotel. While the pair used fake names to gain entry, according to the letter, a call to the Knotel worker’s pal got the spy’s real name — and a couple of social media inquiries turned up the fact that he worked for rival WeWork, sources said. The letter to WeWork asks for a reply by Oct. 13 — but so far Knotel hasn’t heard a peep from its rival, according to CEO Amol Sarva. While inside the Knotel offices, visited Sept. 12-14, the luckless spies posed “as the founders of a fast-growing startup” and said they needed space for their six-person company, according to the letter. Read more of this story at Slashdot.

See more here:
WeWork Employees Caught Spying on Competition