javascript
Latest
Chrome update may extend your laptop's battery life by up to 2 hours
Google is experimenting with a Chrome feature that could extend your laptop's battery life by up to two hours.
Hackers are hiding virtual credit card skimmers in image file metadata
Sites using WooCommerce are being targeted by hackers as a way to steal credit card information.
Three weeks in, Quibi has its first privacy scandal
An internet security research revealed that several popular companies have leaked personal email addresses to advertisers and trackers.
Sphero Mini Activity Kit offers a mini-bot and 15 lessons for $80
For years, Sphero has pushed to bring robotics into the classroom. Now, the company wants to bring robotics and coding lessons to the living room, too. Today, the company unveiled the Sphero Mini Activity Kit: 15 step-by-step activities that can be done at home, as well as app updates aimed at budding coders.
Google's Area 120 made a free, drag-and-drop 3D game builder
Google's in-house incubator, Area 120, has produced things like an app that teaches coding and tools to boost literacy. Now it wants to help gamers create their own 3D games, no experience necessary. Today, it launched Game Builder, a free platform that aims to "make building a game feel like playing a game."
Card skimming hack targets 201 campus stores in North America
The infamous Magecart card skimming hack has been used to make life miserable for college students. Trend Micro has discovered that a hacking group, currently nicknamed Mirrorthief, relied on the scripting technique to steal card data from 201 online campus stores across the US and Canada on April 14th. The team slipped its scripts into the checkout pages of the sites (all created by a common developer, PrismRBS) to harvest full card details, names, addresses and phone numbers. The number of people affected by the heist isn't yet clear.
Microsoft marks Mixer's first year with improved eSports streams
In the past year since changing names from Beam to Mixer, Microsoft's game-broadcasting app has gone through a slew of updates and brought forth a number of innovations. Redmond says last December, the app had over 10 million active monthly users, and that the service keeps growing. The next year promises even more.
Intel details fourth Spectre-style CPU security flaw
Intel said it was expanding its bug bounty program to help find more Spectre-like processor security flaws, and unfortunately it just found one. The company (along with Google and Microsoft) has disclosed a fourth exploit (simply titled Variant 4) that once again uses speculative execution to expose some data through a side channel. The attack is so far known to work in a "language-based runtime environment" like the sort you'd see in a web browser (say, JavaScript), although Intel hadn't seen evidence of successful browser-based exploits.
Your Facebook data can be snatched by JavaScript trackers
Facebook is looking into a security report that reveals Facebook user data can be snatched by JavaScript trackers if they're planted in websites that let users log in with their Facebook credentials. Not just their name and email address, either: The exploit catches age range, gender, locale and possibly a profile photo too, depending on how much access the user allowed said website. Once someone logs in, any third-party JavaScript can supposedly retrieve their info at will.
Google’s Grasshopper app teaches you how to code
Google's incubator for employees' "20 percent time" side projects, Area 120, typically produces fun things like an app to make YouTube more social and expanding Smart Replies. Now the workshop has released an app to help beginners learn to code in Javascript, which could be helpful for novices who want to build websites.
Karlie Kloss' coding camp covers more cities and languages this year
Kode with Klossy, Karlie Kloss' coding camp for girls, is expanding this year. Last year, the program offered 15 camps in 12 cities, but this summer, it's running 50 camps in 25 cities and will teach 1,000 young women between the ages of 13 and 18 about coding. Founded by Kloss in 2015, the free, two-week camp instructs attendees on front-end and back-end software engineering and covers Ruby, Javascript, HTML and CSS coding languages. This year, the camp is also adding Swift to its curriculum. "This year, we've also got a really exciting new track on Swift, so the girls at our camps not only learn the ABCs of code, but real-world examples of tech that touches our lives today," Kloss told Mashable. "They're learning what a loop is or how to interpolate using concepts or ideas that touch their lives, like Instagram, Twitter or Postmates."
Flash was useful, but developers are glad it’s on the death march
Earlier this week, Adobe announced it would cease support and development of Flash at the end of 2020, a decision that had many people saying, "Finally." The "Flash is dead" rhetoric has been around for years, and people like Facebook's chief security officer, Alex Stamos, have called for Adobe to set an end-of-life date for some time. Well, it finally has, and Adobe tells Engadget that the transition out has been planned for several years.
Javascript creator's browser raises $35 million in 30 seconds
You may remember Brendan Eich, the former CEO of Mozilla who stepped down amid political backlash surrounding his support for an anti-gay marriage bill in California. Well, he's back, and he has cash to burn: His new browser startup, Brave, raised $35 million in under 30 seconds, reports TechCrunch. He was able to accomplish such a dramatic feat because of initial coin offerings, or ICOs. It's similar to an IPO (initial public offering) that occurs when a private company sells stock to the public for the first time. An ICO fundraises for a company but uses cryptocurrency rather than traditional cash.
Gmail will start blocking JavaScript attachments in February
If you want to email a .js file to somebody for any reason, you only have a few more days to do so through Gmail. The service will start blocking JavaScript file attachments starting on February 13th, adding it to its list of restricted file types, which includes .exe, .msc and .bat. If you try to attach a .js file on or after the 13th, you'll get a notification that says it's blocked "because its content presents a potential security issue."
Malware infects computers by hiding in browser ad GIFs
Unless you still use Internet Explorer (and please don't do that), you probably don't have to worry about new malware discovered by Eset researchers. However, the Stegano exploit kit shows how adept hackers have become at slipping infected ads past major networks and then hiding the malware from discovery. It's been operating stealthily for the last two years and specifically targeting corporate payment and banking services.
Teen arrested for sharing exploit that almost brought down 911
An Arizona teen is discovering why you should think very carefully about sharing exploits online: you don't know what people will do with them... or in some cases, that you're sharing the right exploits. Phoenix police have arrested 18-year-old Meetkumar Hitesbhai Desai on computer tampering charges after he publicly posted a version of iOS-based JavaScript attack that he thought would only deliver annoying pop-ups, but actually made bogus 911 calls. In the Phoenix region, there were so many hang-up calls (there were 1,849 link clicks in total) that there was the "potential danger" of emergency phone services going down, the Maricopa County Sheriff's Office says. California and Texas police saw call spikes, too.
Exploit can attack secure websites through ads
Some web-based exploits are more dangerous than others... and unfortunately, this is one of the nasty ones. Security researchers at KU Leuven have discovered an attack technique, HEIST (HTTP Encrypted Information can be Stolen Through TCP-Windows), that helps compromise an encrypted website using only a JavaScript file hidden in a maliciously-crafted ad or page. Unlike many similar attacks, you don't need a man-in-the-middle spot to make this work -- it can gauge the size of an encrypted response (and thus enable an attack) all on its own. Combine it with another technique and it's relatively easy to pluck sensitive info from encrypted data traffic, such as email addresses and banking details.
OS X update fixed 'simple' bug that could leak your iMessages
Researchers explained one large security hole in Apple's iMessage app that received a patch last month, but until now we didn't have details on another vulnerability fixed at the same time. By tricking users into clicking a specially-crafted link, hackers could gain access to the usually encrypted communications in OS X El Capitan's Messages. "You don't need a graduate degree in mathematics to exploit it, nor does it require advanced knowledge of memory management, shellcode or ROP chains," according to security researchers at Bishop Fox -- just knowledge of basic JavaScript.
Web code hints at what it's like to read with dyslexia
People with dyslexia can tell you about their frustrations with reading, but it's hard to really understand their condition without witnessing it first-hand. Well, you now have a quick and easy way to empathize with their situation: a developer has posted a web-based approximation of dyslexic reading (based on a friend's description) that uses little more than JavaScript to generate the effect. Letters constantly jump around, forcing you to concentrate on each word to make sense of what you're reading -- you can't just skim over it like you would otherwise. The source code is readily available, so you can implement it yourself if you want to see how the effect applies on other websites or within apps.
'Operator' is a font designed to make coding easier
While many of us bristle at the sight of Comic Sans (this writer included), coders have an altogether different view of typefaces and how they're presented. Thus, Operator Mono, the new font from one of the highest-regarded typeface-creators that was forged to make life easier for the folks who build the websites you visit. "In developing Operator, we found ourselves talking about Javascript and CSS," founder Jonathan Hoefler writes. While the blog post about typography and font faces can come off as a bit pretentious, it's clear that the team paid attention to how the likes of brackets, commas and semicolons are spaced and how they appear in back-end coding environments.
