NEWS - December 24, 2012

Google blocks silent Chrome extension installation

Google has announced that when Google Chrome 25 for Windows arrives, attempts by third party applications to silently install extensions will now trigger a dialog window to be displayed and, until the user confirms the extension is legitimate, the extension will remain disabled. The company says the technique, known as sideloading extensions, was originally designed to make it easier for applications to add appropriate extensions to Chrome by modifying the registry when being installed.

The feature has, however, been "widely abused by third parties" say the company. The abuse of the extension or add-on system is nothing new; over a year ago Firefox 8 introduced similar features that slowed the install of add-ons, Mozilla's version of extensions. Another change in Chrome 25 which is similar to Firefox's solution is the disabling of all previously installed third-party extensions. The idea behind this change is to ensure that users audit their installed extensions and are aware of what has already been added to their browser's configuration.

Continued :

Also: Chrome 25 blocks sneaky add-ons
Discussion is locked
Reply to: NEWS - December 24, 2012
PLEASE NOTE: Do not post advertisements, offensive materials, profanity, or personal attacks. Please remember to be considerate of other members. If you are new to the CNET Forums, please read our CNET Forums FAQ. All submitted content is subject to our Terms of Use.
Reporting: NEWS - December 24, 2012
This post has been flagged and will be reviewed by our staff. Thank you for helping us maintain CNET's great community.
Sorry, there was a problem flagging this post. Please try again now or at a later time.
If you believe this post is offensive or violates the CNET Forums' Usage policies, you can report it below (this will not automatically remove the post). Once reported, our moderators will be notified and the post will be reviewed.
- Collapse -
Mozilla compromises on x64 Firefox after user backlash

Mozilla on Friday backtracked from a decision to suspend all work on a 64-bit version of Firefox for Windows, acknowledging that user criticism had changed its mind.

"After I announced my decision to disable 64-bit Windows nightlies, there was significant negative feedback," admitted Benjamin Smedberg, a contributor to the open-source browser, in a message to a Mozilla planning discussion group. "After reviewing that feedback, and consulting with Release Engineering, I believe that we can keep a set of users happy by making a modification to the original plan."

In November, after months of debate, Mozilla suspended development of 64-bit (x64) Firefox for Windows, citing add-on incompatibilities, problems deciphering crash reports, and a low priority for the project.

At the time, Smedberg said that Mozilla had already decided not to ship an x64 Windows Firefox in the first half of 2013, and perhaps not at all during the year.

Continued :

- Collapse -
Hacker, Verizon duel over customer record claims

" A hacker said he has acquired more than 3 million Verizon customer records -- but leaks only 10 percent of them, after the phone and broadband giant fails to fix a security flaw. Verizon disagrees."

Updated on December 22 at 8:00 p.m. ET: Verizon spokesperson Alberto Canal told ZDNet in an emailed statement: "We have examined the posted data and we have confirmed that it is not Verizon Wireless customer data. Our systems have not been hacked."

The hacker said in a later tweet the data likely belongs to Verizon FiOS fiber customers, rather than Verizon Wireless cellular customers. We've updated the post to reflect these changes. We've put in more questions to Verizon and will update again once we hear back.

A hacker has posted around 300,000 database entries of Verizon customers to the Web, after exploiting a vulnerability in the cellular giant's network.

The hacker, going by the name @TibitXimer on Twitter, told ZDNet earlier this evening that the hack was carried out earlier this year on July 12, which allowed him to gain root access to the server holding the customer data. Tibit gained access to a server with little difficulty after working with another hacker to identify the security flaw.

Continued :

After hacker disappears from Twitter, Verizon reveals customer data was leaked by a marketing firm
After claiming Verizon attack, hacker and the spoils disappear

- Collapse -
Security experts warn of 'January Effect' cyberattacks

The world didn't end with the Mayan calendar. But it still might be a good idea for those in the information security business to be wary of this time of year.

Jeffrey Carr, an author on cyberwarfare and founder and CEO of Taia Global, noted in a post on Infosec Island this week that he has noticed a major breach or act of cyber warfare that kicks off the New Year—every year since 2009.

Carr calls it "The January Effect," a well-established term in the investment world that refers to an expected price rise in securities after the first of the year. The effect, he said, is viewed as an opportunity for the bad guys.

He listed four major events as evidence:

Continued :

CNET Forums