According to multiple reports, Web of Trust, one of the top privacy and security extensions for web browsers with over 140 million downloads, collects and sells some of the data of its users — and it does without properly anonymizing it. Upon learning about this, Mozilla, Google and Opera quickly pulled the extension off their respective extension stores. From a report on The Register: A browser extension which was found to be harvesting users’ browsing histories and selling them to third parties has had its availability pulled from a number of web browsers’ add-on repositories. Last week, an investigative report by journalists at the Hamburg-based German television broadcaster, Norddeutscher Rundfunk (NDR), revealed that Web of Trust Services (WoT) had been harvesting netizens’ web browsing histories through its browser add-on and then selling them to third parties. While WoT claimed it anonymised the data that it sold, the journalists were able to identify more than 50 users from the sample data it acquired from an intermediary. NDR quoted the data protection commissioner of Hamburg, Johannes Caspar, criticising WoT for not adequately establishing whether users consented to the tracking and selling of their browsing data. Those consent issues have resulted in the browser add-on being pulled from the add-on repositories of both Mozilla Firefox and Google Chrome, although those who have already installed the extension in their browsers will need to manually uninstall it to stop their browsing being tracked. Read more of this story at Slashdot.
Tag: security
More Than 50 Percent of All Pages In Chrome Are Loaded Over HTTPS Now
Reader Trailrunner7 writes: After years of encouraging site owners to transition to HTTPS by default, Google officials say that the effort has begun to pay off. The company’s data now shows that more than half of all pages loaded by Chrome on desktop platforms are served over HTTPS. Google has been among the louder advocates for the increased use of encryption across the web in the last few years. The company has made significant changes to its own infrastructure, encrypting the links between its data center, and also has made HTTPS the default connection option on many of its main services, including Gmail and search. And Google also has been encouraging owners of sites of all shapes and sizes to move to secure connections to protect their users from eavesdropping and data theft. That effort has begun to bear fruit in a big way. New data released by Google shows that at the end of October, 68 percent of pages loaded by the Chrome browser on Chrome OS machines were over HTTPS. That’s a significant increase in just the last 10 months. At the end of 2015, just 50 percent of pages loaded by Chrome on Chrome OS were HTTPS. The numbers for the other desktop operating systems are on the rise as well, with macOS at 60 percent, Linux at 54 percent, and Windows at 53 percent. Read more of this story at Slashdot.
More:
More Than 50 Percent of All Pages In Chrome Are Loaded Over HTTPS Now
Computer Virus Attack Forces Hospitals To Cancel Operations, Shut Down Systems
A hospital system in the United Kingdom has canceled all planned operations and diverted major trauma cases to neighboring facilities citing a computer virus outbreak. From a report on ZDNet: The Northern Lincolnshire and Goole NHS Foundation Trust says a “major incident” has been caused by a “computer virus” which infected its electronic systems on Sunday. As a result of the attack, the hospital has taken the decision to shut down the majority of its computer networks in order to combat the virus. “A virus infected our electronic systems [on Sunday] and we have taken the decision, following expert advice, to shut down the majority of our systems so we can isolate and destroy it, ” said Dr Karen Dunderdale, the trust’s deputy chief executive. The use of a shared IT system also means the United Lincolnshire Hospitals Trust has been taken offline as staff attempt to combat the attack. As a result of the attack, all outpatient appointments and diagnostic procedures that were set to take place at the infected hospitals on Monday and Tuesday have been canceled, while medical emergencies involving major trauma and women in high-risk labor are being diverted to neighboring hospitals. Read more of this story at Slashdot.
Read the original post:
Computer Virus Attack Forces Hospitals To Cancel Operations, Shut Down Systems
You Can Now Use LastPass On Multiple Devices for Free
Starting today, LastPass will no longer charge extra to access your password vault from different types of devices. That means free users can now access their password vaults from their phone and their desktop at no extra cost. Read more…
Originally posted here:
You Can Now Use LastPass On Multiple Devices for Free
Google Joins Mozilla and Apple In Distrusting WoSign and StartCom Certificates
itwbennett quotes a report from CSO Online: Following similar decisions by Mozilla and Apple, Google plans to reject new digital certificates issued by certificate authorities WoSign and StartCom because they violated industry rules and best practices. The ban will go into effect in Chrome version 56, which is currently in the dev release channel, and will apply to all certificates issued by the two authorities after October 21. Browsers rely on digital certificates to verify the identity of websites and to establish encrypted connections with them. Certificates issued before October 21 will continue to be trusted as long as they’re published to the public Certificate Transparency logs or have been issued to a limited set of domains owned by known WoSign and StartCom customers. “Due to a number of technical limitations and concerns, Google Chrome is unable to trust all pre-existing certificates while ensuring our users are sufficiently protected from further misissuance, ” said Chrome security team member Andrew Whalley in a blog post Monday. “As a result of these changes, customers of WoSign and StartCom may find their certificates no longer work in Chrome 56. Sites that find themselves on the whitelist will be able to request early removal once they’ve transitioned to new certificates, ” Whalley said. “Any attempt by WoSign or StartCom to circumvent these controls will result in immediate and complete removal of trust.” Read more of this story at Slashdot.
Read More:
Google Joins Mozilla and Apple In Distrusting WoSign and StartCom Certificates
Some hacked e-mails, documents from Putin advisor confirmed as genuine
Enlarge Recently a cache of 2,337 e-mails from the office of a high-ranking advisor to Russian president Vladimir Putin was dumped on the Internet after purportedly being obtained by a Ukrainian hacking group calling itself CyberHunta . The cache shows that the Putin government communicated with separatist forces in Eastern Ukraine, receiving lists of casualties and expense reports while even apparently approving government members of the self-proclaimed Donetsk People’s Republic. And if one particular document is to be believed, the Putin government was formulating plans to destabilize the Ukrainian government as early as next month in order to force an end to the standoff over the region, known as Donbass. Based on reporting by the Associated Press’s Howard Amos and analysis by the Atlantic Council’s Digital Forensic Research Lab , at least some of the e-mails—dumped in a 1-gigabyte Outlook .PST mailbox file—are genuine. Amos showed e-mails in the cache to a Russian journalist, Svetlana Babaeva, who identified e-mails she had sent to Surkov’s office. E-mail addresses and phone numbers in some of the e-mails were also confirmed. And among the documents in the trove of e-mails is a scan of Surkov’s passport (above), as well as those of his wife and children. A Kremlin spokesperson denied the legitimacy of the e-mails, saying that Surkov did not have an e-mail address. However, the account appears to have been used by Surkov’s assistants, and the dump contains e-mails with reports from Surkov’s assistants. The breach, if ultimately proven genuine, would appear to be the first major publicized hack of a Russian political figure. And in that instance, perhaps this could be a response to the hacking of US political figures attributed to Russia. Read 6 remaining paragraphs | Comments
Read More:
Some hacked e-mails, documents from Putin advisor confirmed as genuine
AI-Powered Body Scanners Could Soon Speed Up Your Airport Check-in
An anonymous reader shares a report on the Guardian:A startup bankrolled by Bill Gates is about to conduct the first public trials of high-speed body scanners powered by artificial intelligence (AI), the Guardian can reveal. According to documents filed with the US Federal Communications Commission (FCC), Boston-based Evolv Technology is planning to test its system at Union Station in Washington DC, in Los Angeles’s Union Station metro and at Denver international airport. Evolv uses the same millimetre-wave radio frequencies as the controversial, and painfully slow, body scanners now found at many airport security checkpoints. However, the new device can complete its scan in a fraction of second, using computer vision and machine learning to spot guns and bombs. This means passengers can simply walk through a scanning gate without stopping or even slowing down — like the hi-tech scanners seen in the 1990 sci-fi film Total Recall. A nearby security guard with a tablet is then shown either an “all-clear” sign, or a photo of the person with suspicious areas highlighted. Evolv says the system can scan 800 people an hour, without anyone having to remove their keys, coins or cellphones. Read more of this story at Slashdot.
See more here:
AI-Powered Body Scanners Could Soon Speed Up Your Airport Check-in
Using Rowhammer bitflips to root Android phones is now a thing
Enlarge / An LG Nexus 5 at the moment it is rooted using Rowhammer-induced bit flips. (credit: van der Veen et al.) Researchers have devised an attack that gains unfettered “root” access to a large number of Android phones by exploiting a relatively new type of bug that allows adversaries to manipulate data stored in memory chips. The breakthrough has the potential to make millions of Android phones vulnerable, at least until a security fix is available, to a new form of attack that seizes control of core parts of the operating system and neuters key security defenses. Equally important, it demonstrates that the new class of exploit dubbed Rowhammer can have malicious and far-reaching effects on a much wider base of devices than was previously known, including those running ARM chips. Previously, some experts believed Rowhammer attacks that altered specific pieces of security-sensitive data weren’t reliable enough to pose a viable threat because exploits depended on chance hardware faults or advanced memory-management features that could be easily adapted to repel the attacks. Now, an international team of academic researchers is challenging those assumptions by demonstrating a Rowhammer exploit that alters crucial bits of data in a way that completely roots name brand Android devices from LG, Motorola, Samsung, OnePlus, and possibly other manufacturers. An app containing the researchers’ rooting exploit requires no user permissions and doesn’t rely on any vulnerability in Android to work. Read 17 remaining paragraphs | Comments
See original article:
Using Rowhammer bitflips to root Android phones is now a thing
Feds Walk Into a Building, Demand Everyone’s Fingerprints To Open Phones
An anonymous Slashdot reader quotes the Daily Herald: Investigators in Lancaster, California, were granted a search warrant last May with a scope that allowed them to force anyone inside the premises at the time of search to open up their phones via fingerprint recognition, Forbes reported Sunday. The government argued that this did not violate the citizens’ Fifth Amendment protection against self incrimination because no actual passcode was handed over to authorities… “I was frankly a bit shocked, ” said Andrew Crocker, a staff attorney at the Electronic Frontier Foundation, when he learned about the scope of search warrant. “As far as I know, this warrant application was unprecedented”… He also described requiring phones to be unlocked via fingerprint, which does not technically count as handing over a self-incriminating password, as a “clever end-run” around constitutional rights. Read more of this story at Slashdot.
More:
Feds Walk Into a Building, Demand Everyone’s Fingerprints To Open Phones
Feds seized 50TB of data from NSA contractor suspected of theft
The National Security Operations Center at NSA, photographed in 2012—the nerve center of the NSA’s “signals intelligence” monitoring. (credit: National Security Agency ) In a new Thursday court filing , federal prosecutors expanded their accusations against a former National Security Agency contractor. Federal investigators seized at least 50 terabytes of data from Harold Thomas Martin III, at least some of which was “national defense information.” If all of this data was indeed classified, it would be the largest such heist from the NSA, far larger than what former contractor Edward Snowden took. Prosecutors also said that Martin should remain locked up and noted that he will soon be charged with violations of the Espionage Act . That law, which dates back nearly a century, is the same law that was used to charge Chelsea Manning and Snowden, among others. If convicted, violators can face the death penalty. United States Attorney Rod Rosenstein and two other prosecutors laid out new details in the case against Martin, whose arrest only became public earlier this month . Martin had been a contractor with Booz Allen Hamilton and possessed a top-secret clearance. Read 10 remaining paragraphs | Comments
Visit site:
Feds seized 50TB of data from NSA contractor suspected of theft