DEAL: For $25 - Add A Second Phone Number To Your Smartphone for life! Use promo code SLASHDOT25. Also, Slashdot's Facebook page has a chat bot now. Message it for stories and more. Check out the new SourceForge HTML5 Internet speed test! ×
Education

EFF Says Google Chromebooks Are Still Spying On Students (softpedia.com) 84

schwit1 quotes a report from Softpedia: In the past two years since a formal complaint was made against Google, not much has changed in the way they handle this. Google still hasn't shed its "bad guy" clothes when it comes to the data it collects on underage students. In fact, the Electronic Frontier Foundation says the company continues to massively collect and store information on children without their consent or their parents'. Not even school administrators fully understand the extent of this operation, the EFF says. According to the latest status report from the EFF, Google is still up to no good, trying to eliminate students privacy without their parents notice or consent and "without a real choice to opt out." This, they say, is done via the Chromebooks Google is selling to schools across the United States.
Cloud

Leaked Document Sheds Light On Microsoft's Chromebook Rival (windowscentral.com) 91

Microsoft has announced plans to host an event next month where it is expected to unveil Windows 10 Cloud operating system. Microsoft will be positioning the new OS as a competitor to Chrome OS, according to several reports. Windows Central has obtained an internal document which sheds light on the kind of devices that will be running Windows 10 Cloud. The hardware requirement that Microsoft has set for third-party OEMs is as follows: 1. Quad-core (Celeron or better) processor.
2. 4GB of RAM.
3. 32GB of storage (64GB for 64-bit). 4. A battery larger than 40 WHr.
5. Fast eMMC or solid state drive (SSD) for storage technology.
6. Pen and touch (optional).
The report adds that Microsoft wants these laptops to offer over 10-hour of battery life, and the "cold boot" should not take longer than 20 seconds.
Security

Ambient Light Sensors Can Be Used To Steal Browser Data (bleepingcomputer.com) 37

An anonymous reader writes: "Over the past decade, ambient light sensors have become quite common in smartphones, tablets, and laptops, where they are used to detect the level of surrounding light and automatically adjust a screen's intensity to optimize battery consumption... and other stuff," reports Bleeping Computer. "The sensors have become so prevalent, that the World Wide Web Consortium (W3C) has developed a special API that allows websites (through a browser) to interact with a device's ambient light sensors. Browsers such as Chrome and Firefox have already shipped versions of this API with their products." According to two privacy and security experts, Lukasz Olejnik and Artur Janc, malicious web pages can launch attacks using this new API and collect data on users, such as URLs they visited in the past and extract QR codes displayed on the screen. This is possible because the light coming from the screen is picked up by these sensors. Mitigating such attacks is quite easy, as it only requires browser makers and the W3C to adjust the default frequency at which the sensors report their readings. Furthermore, the researcher also recommends that browser makers quantize the result by limiting the precision of the sensor output to only a few values in a preset range. The two researchers filed bug reports with both Chrome and Firefox in the hopes their recommendations will be followed.
Google

Google Earth Gets a New Home On the Web (arstechnica.com) 46

To celebrate the Earth Day, Google says it is rolling out what was a two-year in the making major update to Google Earth. From a report: V9 is designed to run in a Web browser (just Chrome for now), but there's now a standalone home for Google Earth. The Android app has been updated, too (iOS is coming soon). Version 9 puts a big focus on guided tours via the "Voyager" section, which serves as a jumping off point for YouTube videos, 360-degree content, Street View, and Google Earth landmarks. The tours are led by scientists and documentarians, with some content produced by well-known groups like the BBC's Planet Earth team. For kids, there's a Sesame Street muppet section.
Android

Google Agrees To Open Android To Other Search Engines In Russia (bgr.com) 64

Google has reached a $7.8 million antitrust settlement with Russian watchdog group FAS. According to BGR, the company will loosen restrictions on Android's built-in search engines to allow for Russian competitors to take a share of the pie. From the report: Android's heavy reliance on Google services is to be expected, but in 2015 the Russian antitrust group -- officially the Federal Antimonopoly Service -- ruled that Google was breaking the law by forcing users to lean on Google for search. The ruling was the result of a complaint filed by Yandex, a Russian competitor to Google that runs the largest search engine in the country as well as web mail, news, maps, and other services. Google's settlement of the issue comes with the condition that Android will no longer lock down the search engine to Google, and must allow users the ability to change it if they want from within the Chrome web browser. Google will also loosen its exclusivity of the default apps on Android devices sold in Russia, potentially allowing for Yandex and other regional competitors to muscle in and replace the built-in apps with their own versions, depending on user preference.
Google

Chrome 59 To Address Punycode Phishing Attack 69

Google says it will be rolling out a patch to Chrome in v59 to address a decade-old unicode vulnerability called Punycode that allowed attackers to fool people into clicking on compromised links. Engadget adds: Thanks to something called Punycode, phishers are able to register bogus domains that look identical to a real website. Take this proof-of-concept from software engineer Xudong Zheng, where apple.com won't take you to a store selling Macs, iPhones and iPads. The real website is actually https://www.xn--80ak6aa92e [dot] com. The xn-- prefix tells browsers like Chrome that the domain uses ASCII compatible encoding. It allows companies and individuals from countries with non-traditional alphabets to register a domain that contains A-Z characters but renders in their local language. The issue was first reported to Google and Mozilla on January 20th and Google has issued a fix in Chrome 59. It's currently live in the Canary (advance beta release) but the search giant will likely make it available to all Chrome users soon.
Youtube

YouTube Has a Secret 'Dark Mode' (thenextweb.com) 118

It appears Google has quietly introduced a new "dark mode" for its video portal YouTube, several people are reporting. Here's how to activate it, via The Next Web:
1. Open the Chrome developer tools tab.
2. Windows users can do this by pressing Ctrl + Shift + I.
3. Mac users can do this by pressing Option + Cmd + I.
4. Select the Console tab.
5. Once in Console, paste the following text: document.cookie="VISITOR_INFO1_LIVE=fPQ4jCL6EiE"
6. Hit enter.
7. Close the developer tools tab and refresh the page. Just a little heads-up: YouTube might look slightly different -- though still in white.
8. Click the main settings menu in the top right and find the 'Dark Mode' section.
9. Toggle 'Dark Mode' on and you're settled.

Chrome

Microsoft Edge Beats Chrome By Over Three Hours In New Battery Usage Test (bleepingcomputer.com) 236

An anonymous reader writes: With the launch of the Windows 10 Creators Update and Edge 40 (EdgeHTML 15), Microsoft has released a new battery usage test that, naturally, trashes the company's competition. This new test shows that Edge uses less power than both Chrome 57 and Firefox 52, and is bound to draw a response from its competition, especially Google, who doesn't like it when Microsoft takes a jab at Chrome's efficiency. The same thing happened last year, in June, when a similar test showcasing Edge's longer battery life was met with responses from both Google and Opera.

The most recent tests were performed for the launch of Windows 10 Creators Update. Two tests were carried out until a laptop's battery gave out. For each browser, a minimum of 16 iterations were recorded per test. The first test measured normal browsing performance and the second ran a looped Vimeo fullscreen video. In the normal browsing performance test, Microsoft claims Edge used 31% less power than Chrome 57, and 44% less power than Firefox 52. In the second test, Edge played a looped Vimeo video in fullscreen for 751 minutes (12:31:08), while Chrome lasted 557 minutes (9:17:03) and Firefox for only 424 minutes (7:04:19). That's a whopping three hours over Chrome, and five hours above Firefox.

Chrome

Chrome Now Uses Scroll Anchoring To Prevent Those Annoying Page Jumps (techcrunch.com) 113

Google has updated its Chrome browser to fix the annoying page jumps that occur when pages are loading. While developers want pages to load the actual content of a page before additional ads and images appear, "the problem is that if you've already scrolled down, your page resets when some off-screen ad loads and you're suddenly looking at a completely different part of the page," reports TechCrunch. From the report: The latest versions of Chrome (56+) do their best to prevent these jumps with the help of a feature called scroll anchoring. Google tested scroll anchoring in the Chrome beta versions for the last year and now it's on by default. Google says the feature currently prevents almost three jumps per page view -- and, over time, that number will likely increase.
Google

Teenagers Think Google is Cool, Study By Google Finds (theguardian.com) 70

Today's teenagers think Google and Google brands are cool, research funded by Google has found. From a report: Google published "It's Lit: A guide to what teens think is cool", a "magazine" compiling the results of its research into Generation Z, characterised as those aged from 13 to 17. The Google-funded research found Generation Z relied on brands to "shape their world," and that Google was the third-most cool. Cool was defined by the researchers as "unique, impressive, interesting, amazing, or awesome." YouTube, which Google owns, came out at number one ahead of Netflix. Google's web browser Chrome placed tenth, in front of Nike.
Google

Google Plans To Alter JavaScript Popups After Abuse From Tech Support Scammers (bleepingcomputer.com) 118

An anonymous reader writes: Chromium engineers are discussing plans to change how JavaScript popups work inside Chrome and other similar browsers. In a proposal published on the Google Developers portal, the Chromium team acknowledged that JavaScript popups are consistently used to harm users.

To combat this threat, Google engineers say they plan to make JavaScript modals, like the alert(), confirm(), and dialog() methods, only work on a per-tab basis, and not per-window. This change means that popups won't block users from switching and closing the tab, putting an end to any overly-aggresive tactics on the part of the website's owner(s).

There is no timeline on Google's decision to move JavaScript popups to a per-tab model, but Chromium engineers have been debating this issue since July 2016 as part of Project OldSpice. A similar change was made to Safari 9.1, released this week. Apple's decision came after crooks used a bug in Safari to block users on malicious pages using popups. Crooks then tried to extort payment, posing as ransomware.

Android

'Samsung Dex' Is a Galaxy S8 Dock That Turns Your Phone Into a Desktop (arstechnica.com) 99

Samsung has officially launched their new Galaxy S8 smartphone today, along with several different accessories. One of the accessories is the Samsung Dex, a dock that aims to replace your desktop computer with your phone. If the idea sounds familiar, it's because Microsoft attempted to do this with its Microsoft Display Dock that requires a Windows 10 Lumia 950 or 950 XL with Continuum and a USB-C connector. Given the abysmal market share of Windows 10 Mobile, it's no wonder the dock didn't take off. Samsung, on the other hand, may have more luck convincing users to get rid of their desktop in favor of the Dex. Andrew Cunningham provides some more details in his report via Ars Technica: Samsung hasn't announced pricing or a release date, and most of what we know comes from Samsung's presentation. The dock is small and circular, includes two USB ports and an HDMI port, and it is powered via USB-C (same as the S8 itself). The Verge reports that there's a small cooling fan inside the dock that presumably keeps the phone from throttling too much, enabling more desktop-y performance. The desktop UI looks mostly straightforward: there's a lock screen, a desktop, and a Windows or Chrome OS-esque taskbar with app icons on it. You can use apps full-screen or keep them in windows -- we're still talking about Android apps, and not all of them are well-suited to running on anything other than a phone or a small, narrow window.
Software

FedEx Will Pay You $5 To Install Flash (theregister.co.uk) 90

FedEx's Office Print department is offering customers $5 to enable Adobe Flash in their browsers. Why would they do such a thing you may ask? It's because they want customers to design posters, signs, manuals, banners and promotional agents using their "web-based config-o-tronic widgets," which requires Adobe Flash. The Register reports: But the web-based config-o-tronic widgets that let you whip and order those masterpieces requires Adobe Flash, the enemy of anyone interested in security and browser stability. And by anyone we mean Google, which with Chrome 56 will only load Flash if users say they want to use it, and Microsoft which will stop supporting Flash in its Edge browser when the Windows 10 Creators Update debuts. Mozilla's Firefox will still run Flash, but not for long. The impact of all that Flash hate is clearly that people are showing up at FedEx Office Print without the putrid plug-in. But seeing as they can't use the service without it, FedEx has to make the offer depicted above or visible online here. That page offers a link to download Flash, which is both a good and a bad idea. The good is that the link goes to the latest version of Flash, which includes years' worth of bug fixes. The bad is that Flash has needed bug fixes for years and a steady drip of newly-detected problems means there's no guarantee the software's woes have ended. Scoring yourself a $5 discount could therefore cost you plenty in future.
Software

Blinking Cursor Devours CPU Cycles in Visual Studio Code Editor (theregister.co.uk) 236

An anonymous reader shares a report on The Register: Microsoft describes Visual Studio Code as a source code editor that's "optimized for building and debugging modern web and cloud applications." In fact, VSC turns out to be rather inefficient when it comes to CPU resources. Developer Jo Liss has found that the software, when in focus and idle, uses 13 percent of CPU capacity just to render its blinking cursor. Liss explains that the issue can be reproduced by closing all VSC windows, opening a new window, opening a new tab with an empty untitled file, then checking CPU activity. For other macOS applications that present a blinking cursor, like Chrome or TextEdit, Liss said, the CPU usage isn't nearly as excessive. The issue is a consequence of rendering the cursor every 16.67ms (60 fps) rather than every 500ms.
Chrome

Google Reducing Trust In Symantec Certificates Following Numerous Slip-Ups (bleepingcomputer.com) 78

An anonymous Slashdot reader writes from a report via BleepingComputer: Google Chrome engineers announced plans to gradually remove trust in old Symantec SSL certificates and intent to reduce the accepted validity period of newly issued Symantec certificates, following repeated slip-ups on the part of Symantec. Google's decision comes after the conclusion of an investigation that started on January 19, which unearthed several problems with Symantec's certificate issuance process, such as 30,000 misused certificates. In September 2015, Google also discovered that Symantec issued SSL certificates for Google.com without authorization. Symantec blamed the incident on three rogue employees, whom it later fired. This move from Google will force all owners of older Symantec certificates to request a new one. Google hopes that by that point, Symantec would have revamped its infrastructure and will be following the rules agreed upon by all the other CAs and browser makers.
Microsoft

Microsoft's OneDrive Web App Crippled With Performance Issues On Linux and Chrome OS (theregister.co.uk) 114

Iain Thomson, reporting for The Register: Plenty of Linux users are up in arms about the performance of the OneDrive web app. They say that when accessing Microsoft's cloudy storage system in a browser on a non-Windows system -- such as on Linux or ChromeOS -- the service grinds to a barely usable crawl. But when they use a Windows machine on the same internet connection, speedy access resumes. Crucially, when they change their browser's user-agent string -- a snippet of text the browser sends to websites describing itself -- to Internet Explorer or Edge, magically their OneDrive access speeds up to normal on their non-Windows PCs. In other words, Microsoft's OneDrive web app slows down seemingly deliberately when it appears you're using Linux or some other Windows rival. This has been going on for months, and complaints flared up again this week after netizens decided enough is enough. When gripes about this suspicious slowdown have cropped up previously, Microsoft has coldly reminded people that OneDrive for Business is not supported on Linux, thus the crap performance is to be expected. But when you change the user-agent string of your browser on Linux to match IE or Edge, suddenly OneDrive's web code runs fine. The original headline of the story is, "Microsoft loves Linux so much, its OneDrive web app runs like a dog on Windows OS rivals".
Bug

LastPass Bugs Allow Malicious Websites To Steal Passwords (bleepingcomputer.com) 126

Earlier this month, a Slashdot reader asked fellow Slashdotters what they recommended regarding the use of password managers. In their post, they voiced their uncertainty with password managers as they have been hacked in the past, citing an incident in early 2016 where LastPass was hacked due to a bug that allowed users to extract passwords stored in the autofill feature. Flash forward to present time and we now have news that three separate bugs "would have allowed a third-party to extract passwords from users visiting a malicious website." An anonymous Slashdot reader writes via BleepingComputer: LastPass patched three bugs that affected the Chrome and Firefox browser extensions, which if exploited, would have allowed a third-party to extract passwords from users visiting a malicious website. All bugs were reported by Google security researcher Tavis Ormandy, and all allowed the theft of user credentials, one bug affecting the LastPass Chrome extension, while two impacted the LastPass Firefox extension [1, 2]. The exploitation vector was malicious JavaScript code that could be very well hidden in any online website, owned by the attacker or via a compromised legitimate site.
Chrome

Google Contemplating Removing Chrome 'Close Other Tabs' and 'Close Tabs to the Right' Options (bleepingcomputer.com) 266

An anonymous reader shares a report: Chrome engineers are planning to remove two options from Chrome that allow users to quickly close a large number of tabs with just a few clicks. The options, named "Close other tabs" and "Close tabs to the right" reside in the menu that appears when a user right-clicks on a Chrome tab. According to an issue on the Chromium project spotted yesterday by a Reddit user, Google engineers planned to remove to menu options for many years even before opening the Chromium issue, dated itself to July 31, 2015. After several years of inactivity and no decision, things started to move again in September 2016, when usage statistics confirmed that Chrome users rarely used the two options they initially wanted to remove. Seeing no new discussions past this point, Chromium engineers assigned the issue in February, meaning engineers are getting ready to remove the two menu options it in future Chromium builds.
Firefox

Firefox for Linux is Now Netflix Compatible (betanews.com) 71

Brian Fagioli, writing for BetaNews: For a while, Netflix was not available for traditional Linux-based operating systems, meaning users were unable to enjoy the popular streaming service without booting into Windows. This was due to the company's reliance on Microsoft Silverlight. Since then, Netflix adopted HTML5, and it made Google Chrome and Chromium for Linux capable of playing the videos. Unfortunately, Firefox -- the open source browser choice for many Linux users -- was not compatible. Today this changes, however, as Mozilla's offering is now compatible with Netflix!
Microsoft

Microsoft's Edge Was Most Hacked Browser At Pwn2Own 2017, While Chrome Remained Unhackable (tomshardware.com) 147

At the Pwn2Own 2017 hacking event, Microsoft's Edge browser proved itself to be the least secure browser at the event, after it was hacked no less than five times. Google's Chrome browser, on the other hand, remained unhackable during the contest. Tom's Hardware reports: On the first day, Team Ether (Tencent Security) was the first to hack Edge through an arbitrary write in the Chakra JavaScript engine. The team also used a logic bug in the sandbox to escape that, as well. The team got an $80,000 prize for this exploit. On the second day, the Edge browser was attacked fast and furious by multiple teams. However, one was disqualified for using a vulnerability that was disclosed the previous day. (The teams at Pwn2Own are supposed to only use zero-day vulnerabilities that are unknown to the vendor. Two other teams withdrew their entries against Edge. However, Team Lance (Tencent Security) successfully exploited Microsoft's browser using a use-after-free (UAF) vulnerability in Chakra, and then another UAF bug in the Windows kernel to elevate system privileges. The exploit got the team $55,000. Team Sniper (Tencent Security) also exploited Edge and the Windows kernel using similar techniques, which gained this team the same amount of money, as well. The most impressive exploit by far, and also a first for Pwn2Own, was a virtual machine escape through an Edge flaw by a security team from "360 Security." The team leveraged a heap overflow bug in Edge, a type confusion in the Windows kernel, and an uninitialized buffer in VMware Workstation for a complete virtual machine escape. The team hacked its way in via the Edge browser, through the guest Windows OS, through the VM, all the way to the host operating system. This impressive chained-exploit gained the 360 Security team $105,000. The fifth exploit against Edge was done by Richard Zhu, who used two UAF bugs--one in Edge and one in a Windows kernel buffer overflow--to complete the hack. The attack gained Zhu $55,000. At last year's Pwn2Own 2016, Edge proved to be more secure than Internet Explorer and Safari, but it still ended up getting hacked twice. Chrome was only partially hacked once, notes Tom's Hardware.

Slashdot Top Deals