Click-Fraud Chrome Extensions Removed from Store After 500,000 Downloads

Author: Ryan Whitwam ExtremeTechExtremeTech

This site may earn affiliate commissions from the links on this page. Terms of use.

Extensions for Google’s Chrome browser have to work within certain restrictions, but that hasn’t stopped people from sneaking in malicious features. Researchers from security firm ICEBRG report finding a cluster of scam extensions in the Google Web Store with a combined download figure of more than 500,000. Google has removed the extensions, but the creators of these extensions probably still made a mountain of cash from the scheme.

According to ICEBRG, it first became aware of the dangerous extensions after finding a suspicious spike in outbound network traffic on a client’s machine. The team tracked that to an extension called Change HTTP Request Header running a hidden a click-fraud package. As the user goes about his or her business, the extension reaches out to a control server to generate money by clicking ads. The control server actually uses the victim’s computer as a proxy to make it look like a person is clicking the ads and affiliate links that benefit the extension owners. That’s why the extensions generate so much suspicious outbound traffic.

ICEBRG eventually found three more extensions doing the same thing: Nyoogle, Stickies, and Lite Bookmarks. Of the extensions found, Nyoogle had by far the most downloads at more than 500,000 (it promised custom Google logos). The others, including the extension that tipped off ICEBRG, were very small by comparison.

By default, Chrome extensions can only run JavaScript contained within the JSON in the Web Store. That means Google’s security measures can catch malicious behavior. However, developers can enable JSON download capabilities in their extensions. In this case, the developers loaded the extension with new code to generate fake clicks. ICEBRG notes that the extensions could have been used to steal data or probe networks for other vulnerabilities. However, the goal of this scheme was apparently to go unnoticed and make as much money as possible.

Google has removed the offending extensions from the store and blocked the developer accounts. Chrome has a reputation for being one of the most secure browsers in the world. It gets frequent updates to patch security holes, and the browser processes are sandboxed from the system. The issue isn’t so much with Chrome itself as it is with extensions in general. Any browser that allows users to run third-party code will be potentially vulnerable to attack. The best course of action is to limit the extensions you run to those from Google and other developer accounts you trust.

Microsoft, aggiornamenti per evitare le schermate blu con CPU AMD dopo le patch anti Meltdown e Spectre

Author: IlSoftware.it

Microsoft, aggiornamenti per evitare le schermate blu con CPU AMD dopo le patch anti Meltdown e Spectre

L’azienda di Redmond distribuisce gli aggiornamenti che consentono di superare il problema della comparsa delle schermate blu in Windows 7 e Windows 8.1 sui sistemi basati su processore AMD.

Qualche giorno fa, dopo il rilascio delle patch anti Meltdown e Spectre da parte di Microsoft, i possessori di sistemi basati su processore AMD hanno immediatamente segnalato l’impossibilità di avviare correttamente Windows dopo l’applicazione degli aggiornamenti: Schermata blu con Windows 7 e processore AMD dopo l’installazione della patch anti Meltdown.
Il problema non ha interessato solo i sistemi Windows 7 ma anche le installazioni di Windows 8.1 e di Windows 10.

Microsoft, aggiornamenti per evitare le schermate blu con CPU AMD dopo le patch anti Meltdown e Spectre

Oggi Microsoft ha iniziato la distribuzione degli aggiornamenti KB4073576 e KB4073578 che consentono di risolvere il problema della schermata blu all’avvio di Windows.
Fino ad oggi, infatti, l’unico modo per “riportare in vita” un sistema AMD che non si avviava più dopo l’installazione degli aggiornamenti anti Meltdown e Spectre consisteva nell’effettuare un ripristino oppure seguire la procedura indicata in calce all’articolo Schermata blu con Windows 7 e processore AMD dopo l’installazione della patch anti Meltdown.Windows, infatti, non risultava avviabile neppure in modalità provvisoria. Successivamente era necessario nascondere l’aggiornamento per evitare di incorrere di nuovo nella schermata blu.

Gli aggiornamenti KB4073576 e KB4073578, l’uno destinato a Windows 8.1 e Windows Server 2012 R2; l’altro a Windows 7 e Windows Server 2008 R2 SP1, consentono di sanare il problema.
Microsoft non ha tuttavia ancora rilasciato alcun aggiornamento per risolvere il problema del BSOD sui sistemi AMD equipaggiati con Windows 10.

MSI GE63/GE67 Raider RGB, illuminazione LED anche per la scocca

Author: Le news di Hardware Upgrade

MSI GE63 Raider RGB Edition è uno degli ultimi computer portatili annunciati da MSI e si caratterizza non tanto per le soluzioni hardware, naturalmente ricercate per le versioni al top della famiglia, ma per un avanzato sistema di illuminazione LED RGB per la scocca posteriore. L’illuminazione viene gestita dal software SteelSeries GameSense, e può essere dinamicamente modificato in base a quanto avviene durante l’azione di gioco. 

Il notebook può integrare, nella soluzione più avanzata, un display 4K da 15,6 pollici, una GPU NVIDIA GeForce GTX 1070 e processori Intel Core i7 supportati da un massimo di 32 GB di RAM. Per quanto riguarda le dimensioni e l’aspetto esteriore, le differenze con l’attuale GE63VR Raider si contano con il contagocce: lo spessore è di 2,74 centimetri e il peso di circa 2,20 chilogrammi. Ad impreziosire il tutto però c’è il sistema di illuminazione a 24 zone con milioni di colori.

E, se non bastasse, anche le porte USB sono illuminate. L’illuminazione è dinamica e può variare in base a quello che succede durante l’azione di gioco, anche per quanto riguarda la tastiera: se si viene colpiti su CS:Go una parte della tastiera può simulare la barra degli HP, e lo stesso può essere fatto con le munizioni rimanenti o gli obiettivi del team. Il tutto grazie alla gestione di GameSense, che verrà aggiornato – stando a MSI – per supportare un vasto numero di giochi.

Il portatile integra due porte USB 3.1, una porta USB 3.1 su form factor di Tipo C, uscite HDMI e DisplayPort, una Ethernet e due jack audio da 3,5 millimetri. Si tratta di un portatile specificatamente progettato per gli amanti degli e-sport, ma ovviamente interessante anche per chi ama giocare a qualsiasi tipologia di videogioco. La compagnia non ha ancora dichiarato il prezzo di MSI GE63 RGB Edition che dovrebbe arrivare sul mercato fra aprile e giugno di quest’anno.

Oltre i modelli GE63/73 Raider RGB, MSI ha mostrato anche GT75VR Titan Pro, il primo computer portatile sviluppato in collaborazione con Intel e dotato di adattatore Wi-Fi Killer Wireless-AC 1550, fra i più veloci al mondo in ambito mobile.

Four horsemen of the Apocalypse rescue chip market

Author: mike [DOT] magee [AT] btinternet [DOT] com (Mike Magee) Fudzilla.com – Home

Things are getting better

A chief analyst at freethinking semiconductor firm Future Horizons has warned that an upswing in the market has caught the industry by surprise because of the swift nature of the recovery.

Malcolm Penn, chief analyst at Future Horizons, said, in effect, that 2017 left the semiconductor industry gob smacked.

According to Penn, the four “horsemen” (painting by Viktor Vasnetov) –  are economy, unit demand, capacity and average selling prices (ASPs).

He said: “Industry capacity was caught completely unprepared for this, with production run rates and inventory levels all ‘finely tuned’ to the past several years of below average unit and economic growth.”

Penn added that the upswing “hit home with a vengeance” last April because a combination of unit demand and lack of capacity caused a so-called perfect storm.

He said that ASPs started to recover and now all four “horsemen” are going in the same direction. Penn has been predicting this upswing for several years, despite doom laden forecasts.

So the growth rate in 2017 was 22 percent, and he reckons that 2018 will be close to that at 21 percent. Sort of the “lamb of recovery”.

Which is good news for both the industry and its myriad customers, we reckon as the semi industry realised it needed more capacity – and fast.

Google’s AutoML Creates Machine Learning Models Without Programming Experience

Author: Ryan Whitwam ExtremeTechExtremeTech

This site may earn affiliate commissions from the links on this page. Terms of use.

Interest in machine learning has exploded in recent years as companies realize it has applications in photography, self-driving cars, games, and more. We’ve reached a point that there aren’t enough experienced programmers and data scientists with the necessary expertise to build these systems. Google’s solution is Cloud AutoML, a point-and-click system for building machine learning models without any coding experience.

Google has long offered pre-trained neural networks accessible via APIs that can perform certain tasks, but that’s only useful if you need exactly what that model does. The gist of Cloud AutoML is that almost anyone can bring a catalog of images, import tags for the images, and create a functional machine learning model based on that. Google does all the heavy lifting behind the scenes, so the customer doesn’t need to know anything about the intricacies of neural network design.

AutoML won’t compete with the cutting edge, highly tuned AI systems an experienced engineer could build, but few businesses have the money or resources to support the development of completely custom machine learning models. AutoML uses a simple graphical interface, allowing the user to drag in a set of images. Then, the platform needs to know how to describe those images. Google does its magic, and you end up with a model running in the cloud that can identify the specified terms in photos. AutoML provides stats on the strength of the model, so you can train it with more data or test with new images.

The end result is a machine learning model that runs on Google’s servers, accessible via an API. Users can reach out to that model via the Google cloud API and get predictions on new images. For example, both Disney and Urban Outfitters have tested AutoML to identify objects in their online stores so users can search and filter with more terms. Thus, you could search for “blue backpack” on Urban Outfitters and see all the blue backpacks, even if the items were not tagged that way in the system.

Google’s Cloud AutoML is currently limited to images, and it’s is alpha. You need to apply for access to the alpha version, and there’s no guarantee you’ll get in right now. The vision part of AutoML is just the first part of several features planned for the product. Google did not mention cost, but it’s likely businesses will have to pay for API access to the models they create in AutoML.