Topics - app103 [ switch to compact view ]

Pages: prev1 2 3 4 5 6 [7] 8 9 10 11 12 ... 89next
31
General Software Discussion / Ad blocking add-ons in Pale Moon 25
« on: October 16, 2014, 04:29 PM »
Users of the Pale Moon browser recently discovered, upon upgrading to Pale Moon 25, that 2 popular add-ons for blocking ads (Adblock Plus & Adblock Edge) no longer worked properly. The main complaint was the disappearance of the toolbar icon.

This issue was the result of a decision of the Pale Moon developers to stop identifying the browser as Firefox variant, and for Pale Moon to have its own unique application GUID.

In most cases this caused no issues with regards to add-on compatibility, since Pale Moon does accept add-ons with a Firefox GUID, as well as those with a Pale Moon GUID.

But with regards to Adblock Plus and Adblock Edge, there will be a need going forward for both add-ons to officially support Pale Moon, or they will not work.

You can read more about it here:


Unless and/or until both add-ons begin officially supporting Pale Moon, you will either have to find other means for blocking ads, or use this edited Adblock Plus add-on, from the Pale Moon site. Please be sure to remove Adblock Plus/Adblock Edge from your browser before installing this version:


After installing this version you will notice the return of your toolbar icon and that the add-on functions as it should.


32
Living Room / SSL broken, again, in POODLE attack
« on: October 15, 2014, 05:30 PM »
From the researchers that brought you BEAST and CRIME comes another attack against Secure Sockets Layer (SSL), one of the protocols that's used to secure Internet traffic from eavesdroppers both government and criminal.

Calling the new attack POODLE—that's "Padding Oracle On Downgraded Legacy Encryption"—the attack allows a man-in-the-middle, such as a malicious Wi-Fi hotspot or a compromised ISP, to extract data from secure HTTP connections. This in turn could let that attacker do things such as access online banking or e-mail systems. The flaw was documented by Bodo Möller, Thai Duong, and Krzysztof Kotowicz, all of whom work at Google. Thai Duong, working with Juliano Rizzo, described the similar BEAST attack in 2011 and the CRIME attack in 2012.

The attack depends on the fact that most Web servers and Web browsers allow the use of the ancient SSL version 3 protocol to secure their communications. Although SSL has been superseded by Transport Layer Security, it's still widely supported on both servers and clients alike and is still required for compatibility with Internet Explorer 6. SSLv3, unlike TLS 1.0 or newer, omits validation of certain pieces of data that accompany each message. Attackers can use this weakness to decipher an individual byte and time of the encrypted data, and in so doing, extract the plain text of the message byte by byte.

As with previous attacks of this kind against SSL, the most vulnerable application is HTTP. An example attack scenario would work something like this. An adversary (typically in cryptography literature known as Mallory) sets up a malicious Wi-Fi hotspot. That Wi-Fi hotspot does two things. On non-secure HTTP connections, it injects a piece of JavaScript. And on secure HTTP connections, it intercepts the outgoing messages and reorganizes them.

Screenshot - 10_15_2014 , 6_26_56 PM.png
http://arstechnica.com/security/2014/10/ssl-broken-again-in-poodle-attack/

33
Living Room / DRM in your coffee maker, to stop you from brewing unlicensed coffees
« on: October 12, 2014, 07:42 AM »
As you may have heard, Keurig is engaged in a battle with a host of companies that aspire to provide consumers with ‘pirate’ coffee pods. And who is losing this battle? The consumer.

For those of you who aren’t familiar with it, Keurig’s business model is pretty much the same as the business model used by most producers of desktop printers. Desktop printers have become almost trivially cheap — you can buy a laser printer for under a hundred bucks now — but the cartridges cost a bundle. That’s where they make their money. Likewise, Keurig sells its popular single-cup coffee makers at astonishingly reasonable prices, and makes its money on the coffee pods. Naturally, given that the pods are lucrative and easy to make, there have been imitators. A large number of companies have sold, over the last few years, their own “K-cups,” pods of coffee designed specifically to work in Keurig’s machines. Consumers love this, both because competition lowers prices and because it expands the range of roasts and flavours available.

To fight the onslaught of packagers of (perfectly legal) pirate K-cups, Keurig recently starting selling its “Keurig 2.0″ line of coffee makers. The 2.0 machines incorporate a digital rights management (DRM) system, designed to ensure that Keurig machines work only with Keurig branded and Keurig licensed pods, effectively shutting out the competition, at least temporarily. The result is that all those non-licensed Keurig imitators won’t work in the new 2.0 machines.

Screenshot - 10_12_2014 , 8_38_13 AM.png
http://www.canadianbusiness.com/blogs-and-comment/keurig-coffee-piracy-obsolescence-ethics/

34
Developer's Corner / Sitepoint is giving away 5 annual Learnable memberships
« on: October 08, 2014, 09:38 PM »
Sitepoint is having a drawing, giving away 5 annual Learnable memberships. (That a full year of Learnable, with unlimited online access and unlimited downloads)

To enter, visit this link: http://www.sitepoint.com/competition/

You will have to complete a number of actions to earn entries. The more actions you complete, the more entries you will have in the drawing.


Disclosure: I work for Sitepoint/Learnable, but was not encouraged or compensated in any way, to make this post.

35
Living Room / Kevin Mitnick Is Now Selling Zero-Day Exploits
« on: September 26, 2014, 08:44 AM »
This gave me a really sick feeling in my stomach.  :sick:

As a young man, Kevin Mitnick became the world’s most notorious black hat hacker, breaking into the networks of companies like IBM, Nokia, Motorola, and other targets. After a stint in prison, he reinvented himself as a white hat hacker, selling his skills as a penetration tester and security consultant.

With his latest business venture, Mitnick has switched hats again: This time to an ambiguous shade of gray.

Late last week, Mitnick revealed a new branch of his security consultancy business he calls Mitnick’s Absolute Zero Day Exploit Exchange. Since its quiet inception six months ago, he says the service has offered to sell corporate and government clients high-end “zero-day” exploits, hacking tools that take advantage of secret bugs in software for which no patch yet exists. Mitnick says he’s offering exploits developed both by his own in-house researchers and by outside hackers, guaranteed to be exclusive and priced at no less than $100,000 each, including his own fee.

And what will his clients do with those exploits? “When we have a client that wants a zero-day vulnerability for whatever reason, we don’t ask, and in fact they wouldn’t tell us,” Mitnick tells WIRED in an interview. “Researchers find them, they sell them to us for X, we sell them to clients for Y and make the margin in between.”

Mitnick declined to name any of his customers, and wouldn’t say how many, if any, exploits his exchange has brokered so far. But the website he launched to reveal the project last week offers to use his company’s “unique positioning among security researchers and the hacker community” to connect exploit developers with “discerning government and corporate buyers.”

Screenshot - 9_26_2014 , 9_38_19 AM.png
http://www.wired.com/2014/09/kevin-mitnick-selling-zero-day-exploits/



from Versioning

Pages: prev1 2 3 4 5 6 [7] 8 9 10 11 12 ... 89next
Go to full version