Categories
Anicyber News

Goodbye AdBlock– Google to ‘Deprecate Chrome Apps’ June 2020

Global chaos; Pandemic, market crashes, and now… this? According to several pages and indications from Google, as of June 2020 Chrome will “End support for Chrome Apps on Windows, Mac, and Linux.” What does that mean for you and me? No more ad blockers (uBlock matrix, AdBlock Plus), no more dark extensions, and much, much more!

Somehow this wide-impacting decision has not yet made it to the masses. It looks like in all the buzz, this little indicator went mostly unnoticed…

A warning found by logging into https://chrome.google.com/webstore/devconsole/ (must have an account! costs $5! not worth!)

This is the post that says it all.

A screenshot of the post — just incase ūüėČ

While the post appears benign (it’s only on the chromium blog after all) the change is not exclusive to the purported “Google-free” version of chrome. All versions of Chrome will be impacted, including those on ChromeOS (though at a later date).

What’s next for the advertising giant’s browser? How will we keep doing the things we’ve come to know and love on the web?

Not so subtle suggestion. Yes it’s slower, but you can make a difference! And hey, free speech.

Guess we’ll have to find out ūüėČ

Thanks for reading!

Categories
Educational

Hiding the Header (title of your page/post) on WordPress

It’s pretty simple. Just add the following CSS…

.page-id-7 .entry-header {
display: none;
}

Where .page-id-7 is the ID# of the page you want to hide it on. You can get this by going to edit view of a post/page and looking at the URL.

As an example for this post we would use…

 .postid-687 .entry-header {
display: none;
}

I’ve also seen:

 #post-713 .entry-header {
     display: none;
 } 

Don’t ask why there’s no hyphen for posts. Seems pretty arbitrary if you ask me.

There you have it!

Categories
Shared

Are Tesla’s Cameras a Threat To Our Privacy?

“I love that my car recorded a hit-and-run on my behalf,” writes a technology columnist at the Washington Post. “Yet I’m scared we’re not ready for the ways cameras pointed inside and outside vehicles will change the open road…”

Long-time Slashdot reader Strudelkugel shared the Post’s report:

It’s not just crashes that will be different. Once governments, companies and parents get their hands on car video, it could become evidence, an insurance liability and even a form of control… [I]t’s not just the bad guys my car records. I’ve got clips of countless people’s behinds scooching by in tight parking lots, because Sentry Mode activates any time something gets close. It’s also recording my family: With another function called Dash Cam that records the road, Tesla has saved hours and hours of my travels — the good driving and the not-so-good alike.

We’ve been down this road before with connected cameras. Amazon’s Ring doorbells and Nest cams also seemed like a good idea, until hackers, stalkers and police tried to get their hands on the video feed… Applied to a car, the questions multiply: Can you just peer in on your teen driver — or spouse? Do I have to share my footage with the authorities? Should my car be allowed to kick me off the road if it thinks I’m sleepy? How long until insurance companies offer “discounts” for direct video access? And is any of this actually making cars safer or less expensive to own? Your data can and will be used against you. Can we do anything to make our cars remain private spaces…?

Their design choices may well determine our future privacy. It’s important to remember: Automakers can change how their cameras work with as little as a software update. Sentry mode arrived out of thin air last year on cars made as early as 2017… Tesla is already recording gobs. Living in a dense city, my Sentry Mode starts recording between five and seven times per day — capturing lots of people, the vast majority of whom are not committing any crime. (This actually drains the car’s precious battery. Some owners estimate it sips about a mile’s worth of the car’s 322-mile potential range for every hour it runs.) Same with the Dash Cam that runs while I’m on the road: It’s recording not just my driving, but all the other cars and people on the road, too. The recordings stick around on a memory card until you delete them or the card fills up, and it writes over the old footage… Now imagine what Google or Facebook might want to do with that data on everywhere you drive…

Without Sentry Mode, I wouldn’t have known what hit me. The city’s response to my hit-and-run report was that it didn’t even need my video file. Officials had evidence of their own: That bus had cameras running, too.


“Thank You St. Tesla,” jokes Slashdot reader DenverTech, linking to a story in which a Tesla owner shared the video it recorded of another car struck in a hit-and-run accident in the parking lot of a Colorado Olive Garden. “It just makes me really thankful that there are cars out there, that can prove what happened so justice can happen,” that car’s owner told a local news station — though the Tesla owner had also already written down the license number of the truck which struck her vehicle.

The news station also links to another story in which a man accused of dragging a knife across a parked Tesla “was also captured on the vehicle’s built-in camera.”

As read on Slashdot.

Categories
Shared

The Department of Defense agency responsible for securing the communications of President Trump has suffered a data breach

An anonymous reader quotes a report from Forbes:

The Department of Defense agency responsible for securing the communications of President Trump has suffered a data breach. Here’s what is known so far. The U.S. Defense Information Systems Agency (DISA) describes itself as a combat support agency of the Department of Defense (DoD) and is tasked with the responsibility for supporting secure White House communications, including those of President Trump. As well as overseeing Trump’s secure calls technology, DISA also establishes and supports communications networks in combat zones and takes care of military cyber-security issues. It has also confirmed a data breach of its network, which exposed data affecting as many as 200,000 users.

First picked up by Reuters, disclosure letters dated February 11 have been sent out to those whose personal data may have been compromised. Although it is not clear which specific servers have been breached, nor the nature of the users to whom the letters have been sent, that an agency with a vision to “connect and protect the war-fighter in cyberspace” should suffer such an incident is concerning, to say the least. While many of the details surrounding this breach are likely to remain, understandably, confidential, given the nature of the DISA work, the letter itself has already been published on Twitter by one recipient. Signed by Roger S. Greenwell, the chief information officer at DISA, the letter revealed the breach took place between May and July last year, and information including social security numbers may have been compromised as a result. It also stated that there is no evidence that any personally identifiable information (PII) has been misused as a result. The letter does, however, confirm that DISA will be offering free credit monitoring services to those who want it.

Categories
Shared

Google Hands Feds 1,500 Phone Locations In Unprecedented ‘Geofence’ Search

According to Forbes, Google has¬†sent 1,494 device identifiers to the Bureau of Alcohol, Tobacco, Firearms and Explosives¬†(ATF) to help them investigate arsons carried out across Milwaukee, Wisconsin, throughout 2018 and 2019. “The requests, outlined in two search warrants obtained by Forbes, demanded to know which specific Google customers were located in areas covering 29,387 square meters (or 3 hectares) during a total of nine hours for the four separate incidents,” the report says. “Unbeknownst to many Google users, if they have ‘location history’ turned on, their whereabouts are¬†stored by the tech giant in a database called SensorVault.” From the report:

To investigators, this kind of “geofence” demand is useful, allowing them to go through the data trove provided by Google, look for devices of interest such as a known suspect’s phone and ask for more personal information on the user of that mobile. But it’s also the kind of search that’s been making pro-privacy folk anxious over the last year. Such data grabs, also referred to as “reverse location searches,” see the police give Google a timeframe and an area on Google Maps within which to find every Google user within. Google then looks through its SensorVault database of user locations, taken from devices running the tech giant’s services like Google Maps or anything that requires the “location history” feature be turned on. The police then look through the list, decide which devices are of interest to the investigation and ask for subscriber information that includes more detailed data such as name, email address, when they signed up to Google services and which ones they used.

It’s unclear whether or not Google handed over any identifying information, but to Jerome Greco, a public defender in the Digital Forensics Unit of the Legal Aid Society, it’s a sign that geofence warrants are overly broad and endanger user privacy. “The number of phones identified in that area shows two key points,” he tells Forbes. “One, it demonstrates a sample of how many people’s minute-by-minute movements Google is precisely tracking. “Two, it shows the unconstitutional nature of reverse location search warrants because they inherently invade the privacy of numerous people, who everyone agrees are unconnected to the crime being investigated, for the mere possibility that it may help identify a suspect.”For what it’s worth, Forbes did obtain a search warrant that indicates Google is trying to fight back against overly broad government requests, “but still appears to be handing over innocent people’s information as well as legitimate suspect data.”

As found on: https://tech.slashdot.org/story/19/12/12/2139212/google-hands-feds-1500-phone-locations-in-unprecedented-geofence-search

Categories
Shared

Russian Police Raid NGINX Moscow Office

Today, Russian police have raided the Moscow offices of NGINX, Inc., a subsidiary of F5 Networks and the company behind the internet’s most popular web server technology. From a report:

Equipment was seized and employees were detained for questioning. Moscow police executed the raid after last week the Rambler Group filed a copyright violation against NGINX Inc., claiming full ownership of the NGINX web server code. The Rambler Group is the parent company of rambler.ru, one of Russia’s biggest search engines and internet portals. According to copies of the search warrant posted on Twitter today, Rambler claims that Igor Sysoev developed NGINX while he was working as a system administrator for the company, hence they are the rightful owner of the project. Sysoev created NGINX in the early 2000s and open-sourced the NGINX code in 2004. In 2009, he founded NGINX, Inc., a US company, to provide adjacent tools and support services for NGINX deployments. The company is based in San Francisco, but has offices all over the world, including Moscow. The NGINX server’s source code is still free and managed through an open-source model, although a large chunk of the project’s primary contributors are NGINX, Inc. employees, who have a firm grip on the project’s stewardship.

As found at: https://m.slashdot.org/story/364574

Categories
Shared

Vulnerability In Fully Patched Android Phones Under Active Attack By Bank Thieves

An anonymous reader quotes a report from Ars Technica:

A vulnerability in millions of fully patched Android phones is¬†being actively exploited by malware that’s designed to drain the bank accounts of infected users, researchers said on Monday. The vulnerability allows malicious apps to masquerade as legitimate apps that targets have already installed and come to trust, researchers from security firm Promon¬†reported in a post. Running under the guise of trusted apps already installed, the malicious apps can then request permissions to carry out sensitive tasks, such as recording audio or video, taking photos, reading text messages or phishing login credentials. Targets who click yes to the request are then compromised.

Researchers with Lookout, a mobile security provider and a Promon partner,¬†reported last week¬†that they found 36 apps exploiting the spoofing vulnerability. The malicious apps included variants of the BankBot banking trojan. BankBot has been active since 2017, and apps from the malware family have been¬†caught repeatedly infiltrating the Google Play Market. The vulnerability is most serious in versions 6 through 10, which¬†account for about 80% of Android phones worldwide. Attacks against those versions allow malicious apps to ask for permissions while posing as legitimate apps. There’s no limit to the permissions these malicious apps can seek. Access to text messages, photos, the microphone, camera, and GPS are some of the permissions that are possible. A user’s only defense is to click “no” to the requests.”The vulnerability is found in a function known as¬†TaskAffinity, a multitasking feature that allows apps to assume the identity of other apps or tasks running in the multitasking environment,” reports Ars Technica. While Google has removed the [unnamed] malicious apps from its Play Store, according to Promon, the vulnerability is still unfixed in all versions of Android.

“Promon is calling the vulnerability ‘StrandHogg,’ an old Norse term for the Viking tactic of raiding coastal areas to plunder and hold people for ransom,” the report adds. “Promon researchers said they identified StrandHogg after learning from an unnamed Eastern European security company for financial institutions that several banks in the Czech Republic reported money disappearing from customer accounts.”

As seen on: https://it.slashdot.org/story/19/12/02/230254/vulnerability-in-fully-patched-android-phones-under-active-attack-by-bank-thieves

Categories
Shared

It’s Way Too Easy To Get a .gov Domain Name

Brian Krebs:

Many readers probably believe they can trust links and emails coming from U.S. federal government domain names, or else assume there are at least more stringent verification requirements involved in obtaining a .gov domain versus a commercial one ending in .com or .org. But a recent experience suggests this trust may be severely misplaced, and that it is¬†relatively straightforward for anyone to obtain their very own .gov domain. Earlier this month, KrebsOnSecurity received an email from a researcher who said he got a .gov domain simply by filling out and emailing an online form, grabbing some letterhead off the homepage of a small U.S. town that only has a “.us” domain name, and impersonating the town’s mayor in the application.

“I used a fake Google Voice number and fake Gmail address,” said the source, who asked to remain anonymous for this story but who said he did it mainly as a thought experiment. “The only thing that was real was the mayor’s name.” The email from this source was sent from exeterri[.]gov, a domain registered on Nov. 14 that at the time displayed the same content as the .us domain it was impersonating — town.exeter.ri.us — which belongs to the town of Exeter, Rhode Island (the impostor domain is no longer resolving). “I had to [fill out] ‘an official authorization form,’ which basically just lists your admin, tech guy, and billing guy,” the source continued. “Also, it needs to be printed on ‘official letterhead,’ which of course can be easily forged just by Googling a document from said municipality. Then you either mail or fax it in. After that, they send account creation links to all the contacts.”

As found on Slashdot

Categories
Shared

Democrats Propose Sweeping Online Privacy Laws

mspohr quotes a report from The Guardian:

Top Democrats on Tuesday¬†proposed tough new privacy laws to rein in the U.S.’s tech companies¬†after a series of scandals that have shaken confidence in the companies and exposed the personal data of millions of consumers. The effort, led by Senator Maria Cantwell, the top Democrat on the Senate commerce, science and transportation committee, aims to “provide consumers with foundational data privacy rights, create strong oversight mechanisms, and establish meaningful enforcement.” The¬†Consumer Online Privacy Rights Act¬†(Copra) comes after a series of failed attempts to rein in the tech giants in the U.S.

The act resembles Europe’s sweeping General Data Protection Regulation (GDPR) legislation, passed in 2016. It would force tech companies to disclose the personal information they have collected, delete or correct inaccurate or incomplete information and allow consumers to block the sale of their information. The bill’s sponsors are all Democrats and include presidential candidate Senator Amy Klobuchar. “Companies continue to profit off of the personal data they collect from Americans, but they leave consumers completely in the dark about how their personal information is being used,” she said. “It’s time for Congress to pass comprehensive privacy legislation.”

Categories
Shared

Apple Changes Crimea Map To Meet Russian Demands

ardmhacha writes:

Apple has complied with Russian demands to¬†show the annexed Crimean peninsula as part of Russian territory on its apps. Russian forces annexed Crimea from Ukraine in March 2014, drawing international condemnation. The region, which has a Russian-speaking majority, is now shown as Russian territory on Apple Maps and its Weather app, when viewed from Russia. But the apps do not show it as part of any country when viewed elsewhere. The State Duma, the Russian parliament’s lower house, said in a statement: “Crimea and Sevastopol now appear on Apple devices as Russian territory.” Russia treats the naval port city of Sevastopol as a separate region. The BBC tested several iPhones in Moscow and it appears the change affects devices set up to use the Russian edition of Apple’s App Store. Apple had been in talks with Russia for several months over what the State Duma described as “inaccuracy” in the way Crimea was labelled.

Further readingApple Has No Backbone.