Thursday, 7 December 2017

Chrome for business isolates websites for added security

Google handed more security controls to G Suite admins in July, now it's bolstering its browser's defenses for business users too. Today's Chrome 63 rollout brings with it site isolation, Transport Layer Security (TLS) 1.3 for Gmail, and granular settings for extensions.

Last year, Microsoft claimed that Edge leapfrogged rivals in terms of protections by adding Virtualization Based Security (VBS) -- which basically keeps the browser within a virtual "PC" and separate from other processes, among them the Windows 10 kernel. Google, on the other hand, is sticking with its sandbox tech.

With site isolation, Chrome can now render content for open websites in an individual process that is kept separate from other pages. If you don't want a blanket approach, you can create a preset list of sites you want to isolate instead -- Google suggests using it for your company intranet. The cost of the extra layer of protection is 10 to 20 percent increased memory usage.

Google's browser already lets all-powerful admins blacklist specific extensions. Chrome 63 takes things a step further by allowing IT admins to restrict access to extensions based on the permissions required (like the use of webcam or microphone).

Chrome's latest version also heralds the arrival of TLS 1.3 for Gmail: a protocol for secure communications on the internet. Google claims the previous version, standardized in 2008, is in need of an overhaul. And TLS 1.3 makes for a faster and more secure experience, with plans to bring it to the entire web in 2018. Google is recommending admins check its feedback forum to ensure your system is interoperable with it.

Looking ahead, there's news that the next update (Chrome 64) will include support for the NTLMv2 authentication protocol, which is already the default in the Windows browser. It will become the default NTLM protocol in Chrome 65.

Source: Google



Read the full article here by Engadget

Monday, 4 December 2017

Volunteers Around the World Build Surveillance-Free Cellular Network Called 'Sopranica'

dmoberhaus writes: Motherboard's Daniel Oberhaus spoke to Denver Gingerich, the programmer behind Sopranica, a DIY, community-oriented cell phone network. "Sopranica is a project intended to replace all aspects of the existing cell phone network with their freedom-respecting equivalents," says Gingerich. "Taking out all the basement firmware on the cellphone, the towers that track your location, the payment methods that track who you are and who owns the number, and replacing it so we can have the same functionality without having to give up all the privacy that we have to give up right now. At a high level, it's about running community networks instead of having companies control the cell towers that we connect to." Motherboard interviews Gingerich and shows you how to use the network to avoid cell surveillance. According to Motherboard, all you need to do to join Sopranica is "create a free and anonymous Jabber ID, which is like an email address." Jabber is slang for a secure instant messaging protocol called XMPP that let's you communicate over voice and text from an anonymous phone number. "Next, you need to install a Jabber app on your phone," reports Motherboard. "You'll also need to install a Session Initiation Protocol (SIP) app, which allows your phone to make calls and send texts over the internet instead of the regular cellular network." Lastly, you need to get your phone number, which you can do by navigating to Sopranica's JMP website. (JMP is the code, which was published by Gingerich in January, and "first part of Sopranica.") "These phone numbers are generated by Sopranica's Voice Over IP (VOIP) provider which provides talk and text services over the internet. Click whichever number you want to be your new number on the Sopranica network and enter your Jabber ID. A confirmation code should be sent to your phone and will appear in your Jabber app." As for how JMP protects against surveillance, Gingerich says, "If you're communicating with someone using your JMP number, your cell carrier doesn't actually know what your JMP number is because that's going over data and it's encrypted. So they don't know that that communication is happening."
Share on Google+

Read more of this story at Slashdot.



Read the full article here by Slashdot

Dell Begins Offering Laptops With Intel's 'Management Engine' Disabled

An anonymous reader quotes Liliputing.com Linux computer vendor System76 announced this week that it will roll out a firmware update to disable Intel Management Engine on laptops sold in the past few years. Purism will also disable Intel Management Engine on computers it sells moving forward. Those two computer companies are pretty small players in the multi-billion dollar PC industry. But it turns out one of the world's largest PC companies is also offering customers the option of buying a computer with Intel Management Engine disabled. At least three Dell computers can be configured with an "Intel vPro -- ME Inoperable, Custom Order" option, although you'll have to pay a little extra for those configurations... While Intel doesn't officially provide an option to disable its Management Engine, independent security researchers have discovered methods for doing that and we're starting to see PC makers make use of those methods. The option appears to be available on most of Dell's Latitude laptops (from the 12- to 15-inch screens), including the 7480, 5480, and 5580 and the Latitude 14 5000 Series (as well as several "Rugged" and "Rugged Extreme" models). Dell is charging anywhere from $20.92 to $40 to disable Intel's Management Engine.
Share on Google+

Read more of this story at Slashdot.



Read the full article here by Slashdot

Friday, 1 December 2017

Google Will Block Third-Party Software From Injecting Code Into Chrome

Catalin Cimpanu, writing for BleepingComputer: Google has laid out a plan for blocking third-party applications from injecting code into the Chrome browser. The most impacted by this change are antivirus and other security products that often inject code into the user's local browser process to intercept and scan for malware, phishing pages, and other threats. Google says these changes will take place in three main phases over the next 14 months. Phase 1: In April 2018, Chrome 66 will begin showing affected users a warning after a crash, alerting them that other software is injecting code into Chrome and guiding them to update or remove that software. Phase 2: In July 2018, Chrome 68 will begin blocking third-party software from injecting into Chrome processes. If this blocking prevents Chrome from starting, Chrome will restart and allow the injection, but also show a warning that guides the user to remove the software. Phase 3: In January 2019, Chrome 72 will remove this accommodation and always block code injection.
Share on Google+

Read more of this story at Slashdot.



Read the full article here by Slashdot

Fernando Alonso is the first F1 driver with an eSports team

You've seen basketball and soccer (aka football) teams dive into eSports, and now it's the turn for individual Formula One drivers to get in on the action. McLaren Honda driver Fernando Alonso has launched an eSports team in partnership with Logitech, with Alonso serving as a team principal. The FA Racing G2 Logitech G team -- yes, it's a mouthful -- will compete in a slew of games across multiple platforms, and has already enlisted F1 eSports league finalist Cem Bolukbasi.

The team creation came shortly after McLaren appointed Rudy van Buren as an official sim driver following a "World's Fastest Gamer" competition. McLaren is also the first racing team with its own eSports director.

Alonso explained the move as a logical extension. Each F1 driver is a "gamer at heart," he said, and virtual racing opens doors for a younger audience that might not get a chance to race in the real world. There's also the simple matter of marketing: virtual racing serves as a promotional tool that can get fans excited and might even lead to some taking up motorsport as a career.

The next question is whether or not other teams follow suit. The jury's still out on whether or not eSports teams ultimately help, but it's hard to see other F1 drivers and teams sitting by the wayside. If there's even a hint of success, don't be surprised if a large chunk of F1 eventually fields eSports outfits.

Via: Reuters

Source: G2 eSports (Twitter)



Read the full article here by Engadget

Google’s New Files Go App: Everything You Need to Know

Running With Epilepsy

Katie Cooke is a 20-year-old competitive runner from Dublin. Due to an aggressive form of epilepsy, she experiences up to 14 seizures a day. Despite her condition, Cooke hasn’t let anything stand in the way of her love for running. With the help of her neurologist, who doubles as her running partner, Cooke is never steered off course. With each seizure, she is able to bounce back and keep on going...(Read...)



Read the full article here by Likecool

Qt 3D Studio 1.0 Released, Powered By NVIDIA's Open-Source Code

The Qt Company is today shipping Qt 3D Studio, its new 3D user-interface authoring system for both developers and designers.

Qt 3D Studio 1.0 has a Studio Editor for creating interactive 3D presentations and applications, the Qt 3D Studio Viewer for testing new 3D designs in action, and is supported across Windows / macOS / Linux.

Of course, this new 3D Studio is powered by the Qt5 tool-kit. This new software package is made possible and based upon

NVIDIA's huge code contribution

to Qt earlier this year of opening the NVIDIA DRIVE Design Studio that became the basis for Qt 3D Studio.

Looking ahead to next year, The Qt Company has already been

planning greater improvements to Qt 3D Studio

including the replacement of NVIDIA's renderer/runtime with a new Qt 3D renderer, better hardware/OS support, and more.

More details on today's Qt 3D Studio 1.0 release via

The Qt Blog

.



Read the full article here by Phoronix

Thursday, 30 November 2017

Google launches Datally for Android, a tool to monitor and control mobile data usage

For many people -- particularly in certain parts of the world -- mobile data is an expensive commodity. If you're someone who likes to keep an eye on exactly what's using up all of your allowance -- and take control of it -- Google's new Android app, Datally, can help. Datally has been designed to not only reveal which apps are using up data, but to provide a way to rein it in. Formerly known as Triangle whilst in beta, the app lets you block background data usage on a per-app basis, and makesit much easier to access data-related settings.… [Continue Reading]


Read the full article here by Betanews

Monday, 27 November 2017

Why ESR Hates C++, Respects Java, and Thinks Go (But Not Rust) Will Replace C

Open source guru Eric S. Raymond followed up his post on alternatives to C by explaining why he won't touch C++ any more, calling the story "a launch point for a disquisition on the economics of computer-language design, why some truly unfortunate choices got made and baked into our infrastructure, and how we're probably going to fix them." My problem with [C++] is that it piles complexity on complexity upon chrome upon gingerbread in an attempt to address problems that cannot actually be solved because the foundational abstractions are leaky. It's all very well to say "well, don't do that" about things like bare pointers, and for small-scale single-developer projects (like my eqn upgrade) it is realistic to expect the discipline can be enforced. Not so on projects with larger scale or multiple devs at varying skill levels (the case I normally deal with)... C is flawed, but it does have one immensely valuable property that C++ didn't keep -- if you can mentally model the hardware it's running on, you can easily see all the way down. If C++ had actually eliminated C's flaws (that is, been type-safe and memory-safe) giving away that transparency might be a trade worth making. As it is, nope. He calls Java a better attempt at fixing C's leaky abstractions, but believes it "left a huge hole in the options for systems programming that wouldn't be properly addressed for another 15 years, until Rust and Go." He delves into a history of programming languages, touching on Lisp, Python, and programmer-centric languages (versus machine-centric languages), identifying one of the biggest differentiators as "the presence or absence of automatic memory management." Falling machine-resource costs led to the rise of scripting languages and Node.js, but Raymond still sees Rust and Go as a response to the increasing scale of projects. Eventually we will have garbage collection techniques with low enough latency overhead to be usable in kernels and low-level firmware, and those will ship in language implementations. Those are the languages that will truly end C's long reign. There are broad hints in the working papers from the Go development group that they're headed in this direction... Sorry, Rustaceans -- you've got a plausible future in kernels and deep firmware, but too many strikes against you to beat Go over most of C's range. No garbage collection, plus Rust is a harder transition from C because of the borrow checker, plus the standardized part of the API is still seriously incomplete (where's my select(2), again?). The only consolation you get, if it is one, is that the C++ fans are screwed worse than you are. At least Rust has a real prospect of dramatically lowering downstream defect rates relative to C anywhere it's not crowded out by Go; C++ doesn't have that.
Share on Google+

Read more of this story at Slashdot.



Read the full article here by Slashdot

Sunday, 26 November 2017

Intel: We've Found Severe Bugs in Secretive Management Engine, Affecting Millions

Liam Tung, writing for ZDNet: Thanks to an investigation by third-party researchers into Intel's hidden firmware in certain chips, Intel decided to audit its firmware and on Monday confirmed it had found 11 severe bugs that affect millions of computers and servers. The flaws affect Management Engine (ME), Trusted Execution Engine (TXE), and Server Platform Services (SPS). Intel discovered the bugs after Maxim Goryachy and Mark Ermolov from security firm Positive Technologies found a critical vulnerability in the ME firmware that Intel now says would allow an attacker with local access to execute arbitrary code. The researchers in August published details about a secret avenue that the US government can use to disable ME, which is not available to the public. Intel ME has been a source of concern for security-minded users, in part because only Intel can inspect the firmware, yet many researchers suspected the powerful subsystem had bugs that were ripe for abuse by attackers.
Share on Google+

Read more of this story at Slashdot.



Read the full article here by Slashdot

140° - SSD Samsung Série 850 EVO, 500 Go, SATA III

SSD externe Samsung 500gb
129,18e au lieu de 189,90e avec le code : BLACKSALES

Fdp gratuit en relais colis.

SSD - C...

Read the full article here by Dealabs

Google adds Fuchsia support to Apple's Swift

Google's in-development operating system, named 'Fuchsia,' first appeared over a year ago. It's quite different from Android and Chrome OS, as it runs on top of the real-time 'Magenta' kernel instead of Linux. According to recent code commits, Google is working on Fuchsia OS support for the Swift programming language. There's a tiny error in this summary form AndroidPolice - Fuchsia's kernel has been renamed to Zircon. All this has been playing out late last week and over the weekend - Google is now working on Swift, and some took this to mean Google forked Apple's programming language, while in reality, it just created a staging ground for Google to work on Swift, pushing changes upstream to the official Swift project when necessary - as confirmed by Chris Lattner, creator of Swift, who used to work at Apple, but now works at Google. Zac Bowling, a Google engineer working on Fuchsia, then highlighted a pull request that Google pushed to the main Swift repository: Swift support for Fuchsia. He also mentioned a few upcoming pull requests: FYI, in the pipeline after this we will have some PRs related to: adding ARM64 support for the Fuchsia SDK fixing cross-compiling issues for targeting BSD, Linux and Fuchsia targets from a Darwin toolchain adding support for using lld for linking specific SDK stdlibs (part of getting a Darwin toolchain capable of cross compiling to other targets) supporting unit tests on Fuchsia Regarding Fuchsia's purpose, this is yet another little puff of smoke. Sadly, we still haven't found the fire.

Read the full article here by OSNews

The Last of the Iron Lungs