Anonymous “Anonymous Cowards” are, for now, not welcome on Slashdot

Enlarge / What’s to come of Slashdot’s Anonymous Coward feature? It was down, then it came back with a change; will it get changed once more? (credit: Aurich Lawson)
On August 9, tech news aggregator Slashdot quietly removed one of its earliest features, which had been available to all visitors since its founding in 1997: the ability to post comments as an “Anonymous Coward.” And while the feature returned within five days, it returned in a largely nerfed format.
Users can now only access the “Anonymous Coward” feature if they are logged in with a valid account, thus attaching some form of tracked use for anybody on the site. Slashdot administrators say this change is currently “temporary.”
“Absolutely, only” meant to combat spam
The decision comes after a surge of public pressure against anonymous imageboard services—particularly 8chan, where a deadly shooter’s manifesto was apparently posted. That pressure prompted cloud provider Cloudflare (and other


Original URL: https://arstechnica.com/?p=1553595

Original article

A look at LibreOffice’s new 6.3.0 “fresh” release

An Ubuntu Xenial LTS system, showing the system base version of LibreOffice (5.1.6) as well as the newly snap-installed 6.3.0. [credit:
Jim Salter ]

The open source office suite LibreOffice released its version 6.3.0 last week. This was a major release which added many new features, as well as interoperability enhancements (read: better import and export of Microsoft Office documents) and performance increases. LibreOffice 6.3.0 is a “fresh” (not long-term support) release which may be downloaded directly—or, if you’re a Linux user, you might choose to install it from the Snap Store instead. Ubuntu (and probably most Linux users) will get a separate installation of LibreOffice 6.3.0 regardless of whether users install natively from download or install from snaps; Windows users who download the new version will have their existing LibreOffice version (if any) completely replaced upon installation.
The release notes for 6.3.0 boast


Original URL: https://arstechnica.com/?p=1549901

Original article

Now you can use Android phones, rather than passwords, to log in to Google*

Enlarge
It could soon become easier for Android users to securely log in to Web accounts. Starting today, Google is rolling out a service that lets people on version 7 and later of Google’s mobile operating system use their device’s fingerprint or screen lock instead of a password when visiting certain Google services.
For now, the service is available only for Google’s Password Manager property, and even then it’s only when people are using select Android models. Over the next few days, the feature will be available to all Android 7 and above devices. Google has no timeline for when people will be able to use the feature when signing in to Gmail, other Google properties, or for non-Google sites.
The new sign-in method uses the industry-wide FIDO2, W3C WebAuthn, and FIDO CTAP standards jointly developed over the past few years by a long list of companies. The standards are designed to


Original URL: https://arstechnica.com/?p=1549981

Original article

Ryuk, Ryuk, Ryuk: Georgia’s courts hit by ransomware

Enlarge / Court systems in Georgia are down due to a ransomware attack. Surprise. (credit: Rivers Langley / SaveRivers / Wikimedia)
Georgia’s Judicial Council and Administrative Office of the Courts is the victim of the latest ransomware attack against state and local agencies. And this looks like the same type of attack that took down the systems of at least two Florida municipal governments in June.
Administrative Office of the Courts spokesman Bruce Shaw confirmed the ransomware attack to Atlanta’s Channel 11 News. The Administrative Office of the Courts’ website is currently offline.
Shaw told 11 News that some systems had not been affected by the ransomware but that all systems connected to the network had been taken offline to prevent the ransomware from spreading. The Courts’ IT department was in contact with “external agencies” to coordinate a response to the attack, Shaw said.
Read 4 remaining paragraphs | Comments


Original URL: https://arstechnica.com/?p=1530113

Original article

Before Netscape: The forgotten Web browsers of the early 1990s

Browsers of the world, unite! (credit: Photograph by Computer History Museum) Update: It’s Memorial Day weekend here in the US, and the Ars staff has a long weekend accordingly. 2019 marks 30 years since Tim Berners-Lee worked at CERN and came up with a little idea known as the World Wide Web. As all of us do a little Web browsing this weekend, we thought resurfacing this piece outlining those early browsers might make all of us even appreciate Internet Explorer today. This story originally ran on Oct 11, 2011, and it appears unchanged below.

When Tim Berners-Lee arrived at CERN, Geneva’s celebrated European Particle Physics Laboratory in 1980, the enterprise had hired him to upgrade the control systems for several of the lab’s particle accelerators. But almost immediately, the inventor of the modern webpage noticed a problem: thousands of people were floating in and out of the famous research


Original URL: http://arstechnica.com/business/2011/10/before-netscape-forgotten-web-browsers-of-the-early-1990s/

Original article

Millions of websites threatened by highly critical code-execution bug in Drupal

Enlarge (credit: Victorgrigas)
Millions of sites that run the Drupal content management system run the risk of being hijacked until they’re patched against a vulnerability that allows hackers to remotely execute malicious code, managers of the open source project warned Wednesday.
CVE-2019-6340, as the flaw is tracked, stems from a failure to sufficiently validate user input, managers said in an advisory. Hackers who exploited the vulnerability could, in some cases, run code of their choice on vulnerable websites. The flaw is rated highly critical.
“Some field types do not properly sanitize data from non-form sources,” the advisory stated. “This can lead to arbitrary PHP code execution in some cases.”
Read 5 remaining paragraphs | Comments


Original URL: https://arstechnica.com/?p=1462289

Original article

Amazon caught selling counterfeits of publisher’s computer books—again

Enlarge / At left, a counterfeited No Starch book. At right, the real deal. (credit: left, Bill Pollock; right, Jon Sawyer (@jcase))
Bill Pollock, the founder of the tech how-to book publisher No Starch Press, called out Amazon on February 13 for selling what he says are counterfeit copies of his company’s book, The Art of Assembly Language—copies that Amazon apparently printed.

Just discovered today a new case of copyright infringement directly by AMAZON’S CREATESPACE. Not the first time! This is obviously NOT printed by No Starch. Kindly report any other cases to us. Please RT and share. @amazon @nostarch pic.twitter.com/ayjebwTiOI
— Bill Pollock (@billpollock) February 2, 2019

One of the Amazon printed fakes. Note the poor spine wrapping. @nostarch pic.twitter.com/3pcm0BYVHN
— Bill Pollock (@billpollock) February 12, 2019

Even the photo for the book’s main listing on the Amazon marketplace is of a fake, showing a misaligned spine image.

After Pollock’s post on Twitter on


Original URL: https://arstechnica.com/?p=1456467

Original article

“Catastrophic” hack on email provider destroys almost two decades of data

Enlarge / Toshiba MK1403MAV – broken glass platter (credit: Raimond Spekking)
Email provider VFEmail said it has suffered a catastrophic destruction of all of its servers by an unknown assailant who wiped out almost two decades’ worth of data and backups in a matter of hours.
“Yes, @VFEmail is effectively gone,” VFEmail founder Rick Romero wrote on Twitter Tuesday morning after watching someone methodically reformat hard drives of the service he started in 2001. “It will likely not return. I never thought anyone would care about my labor of love so much that they’d want to completely and thoroughly destroy it.”

Yes, @VFEmail is effectively gone. It will likely not return.
I never thought anyone would care about my labor of love so much that they’d want to completely and thoroughly destroy it.
— Havokmon (@Havokmon) February 12, 2019

The ordeal started on Monday when he noticed all the servers for his service were down.


Original URL: https://arstechnica.com/?p=1455129

Original article

GoDaddy weakness let bomb threat scammers hijack thousands of big-name domains

(credit: Alejandro Mejía Greene (flickr user: ·júbilo·haku·))
Remember the December 13 email blast that threatened to blow up buildings and schools unless recipients paid a $20,000 ransom? It triggered mass evacuations, closures, and lockdowns in the US, Canada, and elsewhere around the world.
An investigation shows the spam run worked by abusing a weakness at GoDaddy that allowed the scammers to hijack at least 78 domains belonging to Expedia, Mozilla, Yelp, and other legitimate people or organizations. The same exploit allowed the scammers to hijack thousands of other domains belonging to a long list of other well-known organizations for use in other malicious email campaigns. Some of those other campaigns likely included ones that threatened to publish embarrassing sex videos unless targets paid ransoms.
Distributing the malicious emails across such a broad swath of reputable domains belonging to well-recognized organizations was a major coup. The technique, known as snowshoe spamming, drastically increased


Original URL: https://arstechnica.com/?p=1445083

Original article

Proudly powered by WordPress | Theme: Baskerville 2 by Anders Noren.

Up ↑

%d bloggers like this: