A researcher has identified a security issue for Apple's Mac operating system, due to an older version of Git that comes bundled with OS X versions.
The problem resides in Git, a version control system (VCS) that allows developers to manage source code repositories, keeping track of code changes from version to version.
Mac versions come bundled with insecure Git versions
Rachel Kroll has discovered that El Capitan comes bundled with an older version of Git that's exposing users to two possible attacks, due to the CVE-2016-2324 and CVE-2016-2315 vulnerabilities present in all Git versions 2.7.3 and prior. El Capitan comes bundled by default with Git 2.6.4.
The two vulnerabilities, both heap-based buffer overflows, allow attackers to execute malicious code on the machine. The only condition for an attack to take place is that a Mac user forks a Git repo that contains malicious code.
The attacker can use the malicious code hidden in the repo to launch an attack on the Mac, compromise the system, and take control of the user's device.
The bundled Git version can't be updated without breaking Git support
Mrs. Kroll says that this particular instance of Git can't be upgraded, nor can users change its runtime permissions to neuter the Git binary's capabilities.
Digging around in El Capitan's backend, she discovered that the "/usr/bin/git" binary is actually a link to a version of Git included with Xcode at "/Applications/Xcode.app/Contents/Developer/usr/bin". Upgrading or changing this binary's permissions breaks Git support.
"If you rely on machines like this, I am truly sorry. I feel for you," Mrs. Kroll wrote on her blog. "I wrote this post in an attempt to goad them [Apple] into action because this is affecting lots of people who are important to me. They are basically screwed until Apple deigns to deliver a patched git unto them."


source

Microsoft's PowerShell task automation framework is becoming one of the most popular tools for coding and enhancing malware, a Carbon Black study has discovered.
Aggregating data from over 1,100 separate investigations from 20 security firms, Carbon Black says that PowerShell was used in 38 percent of all the attacks they analyzed.
Respondents said that, in 31 percent of all the situations, their clients reported not receiving any warnings about the ongoing attacks.
PowerShell, a favorite tool for targeted attacks and commodity malware
In 87 percent of cases, the PowerShell malware was part of a shotgun approach, while for the rest, the malware was part of a targeted attack, specific to hacker groups and state-sponsored actors.
By shotgun approach malware, we mean common malware such as ransomware, click fraud bots, and other threats where the attacker doesn't care whom they infect as long as they infect someone.
Carbon Black claims that over half of these incidents were related to Vawtrack, a banking trojan that heavily uses PowerShell in its source code.
Respondents said that, most of the time, the PowerShell-based malware was distributed via social engineering techniques and that it targeted mostly corporate networks and financial data, aiming to steal information or disrupt services.
Detecting PowerShell malware is as impractical as banning PowerShell
Because PowerShell is a ubiquitous technology within the Windows ecosystem, detecting PowerShell-based malware is almost impossible, since there's no technical method of distinguishing between good and malicious PowerShell source code.
For this reason, security researchers expect PowerShell to become a prevalent technology in malware design, but also because toolkits like PowerSploit, PowerShell Empire, p0wnedShell, and the Social-Engineer Toolkit are making it easier to use PowerShell exploits out of the box.
As for blocking PowerShell, security researchers say this is impractical. "Unlike other common technologies such as Java and Adobe Flash, which IT administrators can more easily remove or ban, many organizations and applications rely on PowerShell to manage their critical systems."
One of the most recent PowerShell-based malware families is the PowerWare ransomware.
More intricate details are offered in Carbon Black's 'PowerShell' Deep Dive report, available for download.




source

The USB Implementers Forum (USB-IF) has announced the creation of a new standard called USB Type-C Authentication, which aims to protect USB-C capable devices from low-end USB chargers that might end up frying your gear, but can also prove useful when fighting USB malware.
The new standard is a direct answer to a series of incidents that took place over the past year, when many users reported they had their devices destroyed by faulty USB-C cables.
This scenario might sound strange because USB cables shouldn't be able to fry devices, but USB-C cables are different because they can relay data and power at the same time.
Amazon has already taken action against low-end USB-C cables
The improper implementation of the USB-C specification by some vendors has resulted in sub-standard cables hitting the market that send more power than the standard USB-C specification implies.
A Google researcher spent a large part of his free time testing USB-C cables and posting Amazon reviews about his findings. After a series of catastrophic incidents, his actions reached Amazon's ears, who at the end of March decided to ban all non-standard USB-C cables or adapters from their store.
USB-IF division USB 3.0 Promoter Group created a new standard to protect device manufacturers from faulty USB-C cables. The new USB Type-C Authentication will be integrated within the firmware of USB-C capable devices and USB chargers and will work as a pre-connection authentication system.
When the user makes a connection via USB-C cables, their device (tablet, smartphone, laptop) will establish a pre-connection with the other device (typically a charger, but can also be another laptop, smartphone, or tablet).
In theory, the new standard can help fight malware
The two exchange information about their charging capabilities and the type of data to be transferred, also verifying if the other device is from a USB-IF authorized manufacturer.
This information is sent encrypted with a 128-bit encryption key and occurs before any data or power is sent between the two.
The new standard can prevent sending power between devices that don't adhere to the strict USB-C specification, but can also prove useful for companies that want to create their own custom-made authentication system for USB devices.
Enterprise workstations could be configured to accept connections and data transfers from only a certain class of devices, putting an end to employees connecting rogue equipment to a company's network.
Of course, this only works for USB-C capable devices and will probably take some time until the world migrates to this so-called "universal USB" standard. When this happens, users won't be able to just come with their personal malware-infested USB thumb drives and plug them in computers at work.

source

Almost a year after carrying out his attacks, the hacker behind the Hacking Team data breach has published a step-by-step explainer on how he breached the company's servers and stole all their data.
Known as Phineas Fisher (past moniker FinFisher), the hacker posted a PasteBin over the weekend, in which he reveals how the attack unfolded, the tools he used, and provided a tutorial for h@ckZ0r wannabees who want to enter the world of top-level hacking.
Since the whole exposé is quite a long read, we're going to provide a summary, but we recommend checking out Phineas Fisher's post for the finer tips on various hacking techniques and pen-testing tools.
Zero-day exploit in an embedded device was initial entry point
The hacker revealed that the entry point into Hacking Team's infrastructure was a zero-day root exploit in an embedded device deployed inside the company's corporate network. He declined to name the exact nature and purpose of the embedded device.
Phineas Fisher says he spent a lot of time scanning the company's network and even exposed a vulnerability in the Hacking Team's Joomla-based frontend website, discovered issues with their email server, a couple of routers, and some VPN appliances. Despite the large attack surface, he concluded that the zero-day exploit he identified was much more reliable for further attacks.
After writing and deploying a backdoored firmware to the vulnerable embedded device, he then waited, listening to internal traffic, scanning and mapping the local infrastructure.
MongoDB databases left without authentication strike again!
This is how he discovered a couple of vulnerable MongoDB databases that Hacking Team's admins failed to protect with a password. Here he found details about the company's backup system and the backups themselves.
The most precious backup was of the Exchange email server, from where he extracted the BES (BlackBerry Enterprise Server ) admin account password, which was still valid.
This password allowed Phineas Fisher to escalate his access by hacking the company's Domain Admin server, from where he extracted the passwords for all the company's users.



Since there was a chance he'd get caught at any point, the first thing the hacker did was to use Windows Powershell and quickly exfiltrate the data found in the company's email server, which he regularly scraped for new emails every time he came back to their network in the following weeks.
Hacker discovers secret network where the RCS source code was hosted
After reading some of the stolen emails, Phineas Fisher understood that there was another hidden network inside the company's infrastructure, where the Hacking Team kept the source code of their RCS (Remote Control System) surveillance software.
With access to everyone's computers thanks to the Domain Admin server hack, Phineas Fisher focused on one of the company's top coders, Christian Pozzi.
Scanning Pozzi's computers and email accounts, Phineas Fisher eventually found the password to the Web interface of Hacking Team's GitLab source code management system. And that was it. System compromise achieved, new bonus level unlocked, and the rest is history.
"That's all it takes to take down a company and stop their human rights abuses. That's the beauty and asymmetry of hacking: with 100 hours of work, one person can undo years of work by a multi-million dollar company," Phineas Fisher explained. "Hacking gives the underdog a chance to fight and win."
UPDATE: The article was updated to change the hacker's nickname from FinFisher to Phineas Fisher. FinFisher is an older moniker, which he does not use anymore, and coincidentally the name of Hacking Team's main rivals.

source

 
Overview:
 
Are you interested in screenshots, making demonstrations? Do you want a fast solution to save and edit your screenshots? are you recording videos?
Of course Images and videos convey information in a much more relatable, personal and succinct way than mere texts. The new Ashampoo Snap 9 is the most flexible Snap to date. It enables users to create, edit and share screenshots and videos. It can capture anything visible on your computer screen.

The program is full of features and tools ( such as picture in picture, timers and text recognition) which extend the feature range well beyond traditional screenshot tools.

You can easily Edit your videos live and use multiple graphical effects and symbols to create instructional materials, tutorial videos and animated GIFs.
Snap 9 stays silently in the background until you need it. You can access any feature you need through customizable shortcut keys. The program supports multiple displays and 4K resolutions and allows users to integrate external applications for file editing and saving.
 

Homepage:
https://www.ashampoo.com/en/usd/pin/1724...poo-Snap-9
 
Release date: 2016/04/18
 
Download: [54.55 Mb]
http://www.ashampoo.com/ashampoo_snap_9_sm.exe
 
Read the full Review  HERE 

I would Like to Thank Ashampoo team for sponsoring this Giveaway exclusive for our Promo2day Members.

  [Thanks to baziroll and asus73, each one offered 5 licenses for this giveaway] 

Giveaway Details:
 
Number of Licenses: 20

Validity of Licenses: Lifetime (with updates for the current version).
 
Value of each license: $49.99
 
Duration of giveaway: 10 days
 
Giveaway ends: April 28, 2016
 
Rules:
 
1. Share this giveaway post to your Facebook, Twitter or Google+ and share the links along with your comment below. Your comment must include "why you want to win a license?"
 
2. Subscribe to our newsletter RSS FeedBurner and get all the latest giveaways and contests delivered to you by email.
 
3. Winners will be selected by using Randm.org.
 
4. If you don't want to take part in this giveaway please don't put your comment it creates problems when we randomize winners.
 
5. Winners must contact Me within 5 days after giveaway ends to claim their win. If a winner does not respond within that time-frame, their win will be void.

Lawrence Abrams, a security researcher at Bleeping Computer, has stumbled upon a new type of adware that's not content with just blasting you with ads and collecting data on your system, as it also secretly takes a screenshot of your desktop and uploads it online.
Called Faster Internet, the program comes bundled with other legitimate software, but it is only when it's installed that the real damage is done.
The first thing it will do is to record details regarding each user's PC setup, a technique called fingerprinting, often used in advertising to distinguish between different users.
Faster Internet collects data such as motherboard, CPU, hard drives, network adapters serials, and other more.
Besides this highly personal information, the adware literally crosses the line and adopts a malware behavior when it takes a secret screenshot of your active desktop windows and then uploads it to an online server.
Adware could be used to steal sensitive information from users
"The problem is that when this program is installed, the user may have confidential documents, web sites, or programs open that will be now be included in the screenshot and uploaded to these scumbags," Mr. Abrams noted. "What if the victim had a password manager open to their online bank account, or their tax return showing their social security number and address, or private images that they do not want disclosed?"
Until older Windows versions die down and the Windows Store gains more traction, users will continue to be exposed to adware and the inherent threats it brings.
Besides Faster Internet, Mr. Abrams recently also discovered another sneaky program, called VNLGP Miner, which transforms your computer into a Bitcoin mining bot for the gain of an unknown attacker.
Below is an image of the application uploading a screenshot of the user's desktop to the URL "a.duofoldmortify.online/buploada.php," courtesy of Bleeping Computer.




source

 
Overview:
 
Are you interested in screenshots, making demonstrations? Do you want a fast solution to save and edit your screenshots? are you recording videos?
Of course Images and videos convey information in a much more relatable, personal and succinct way than mere texts. The new Ashampoo Snap 9 is the most flexible Snap to date. It enables users to create, edit and share screenshots and videos. It can capture anything visible on your computer screen.

The program is full of features and tools ( such as picture in picture, timers and text recognition) which extend the feature range well beyond traditional screenshot tools.

You can easily Edit your videos live and use multiple graphical effects and symbols to create instructional materials, tutorial videos and animated GIFs.
Snap 9 stays silently in the background until you need it. You can access any feature you need through customizable shortcut keys. The program supports multiple displays and 4K resolutions and allows users to integrate external applications for file editing and saving.
 

Homepage:
https://www.ashampoo.com/en/usd/pin/1724...poo-Snap-9
 
Release date: 2016/04/18
 
Download: [54.55 Mb]
http://www.ashampoo.com/ashampoo_snap_9_sm.exe
 
Installation:



 
After you download the installer, double click then go into simple installation which doesn't need any special skills. After the program is installed you will have a free trial with Full functions for 10 days which can be extended for further 30 days after email registration.
 

 
Activation:
 
After the free trial is over, you will have to purchase a license key to continue using the program. The license is available through the official website at a reasonable price of 49.99$. After purchase, simply click register and input you key to have unlimited use of the application.
 
To purchase visit here:
 
https://shop.ashampoo.com/10/purl-online...&x-mid=web  
 
Languages Supported: Languages: Belorussian, British English, Bulgarian, Chinese (simplified), Chinese (traditional), Croatian, Czech, Dutch, English, Finnish, French, German, Hungarian, Italian, Japanese, Norwegian Nynorsk, Persian, Polish, Portuguese, Portuguese (Brazilian), Rumanian, Russian, Serbian, Serbian, Slovakian, Slovenian, Spanish, Spanish (Argentina), Swedish, Turkish
 
Features:

- Screenshots and videos with up to 4K resolutions
- Precisely timed video capturing with counter, effects and pause feature
- Live video editing
- Integrate external applications for image editing and processing
- Lightning fast text recognition for websites, images and scans
- Easy content sharing through Facebook and Twitter
- Smart Microsoft Edge support
- Display keyboard input during video recordings
- Movable capture window during video recordings
- Video recordings stop automatically when no further actions occur
- Export all objects to Photoshop
- Greatly save time and effort
-Use new automatic features
-More speed, flexibility and usability

 System Requirements:
 
Operating System:
Windows 10, Windows 8.1, Windows 8, Windows 7

Computer:
Any computer that runs on one of the above operating systems at a reasonable speed.

Graphic adapter:
min.resolution1024 x 768 and 16-bit High color (32-bit recommended) and min. 64 MB RAM.

Sound Card:
none (supported audio record device and microphone recommended)

Features:
 







 
How to Control the application:
The Capture Bar (upper screen border):

Simply move the mouse cursor to the screen border above and you will make the capture bar appear. Use this technique when you want to start or stop capture process and application configuration.
 
 
The SysTray (Bottom right screen edge):

Additionally the application can be accessed by clicking on the icon in the systray in the bottom right corner of your screen.
 
Keyboard shortcuts:
You can always use various keyboard shortcuts to access different capturing tools.
 
Overview Functions:
 

 
Capture Mode:
The program has built in screenshot features. You can easily access these features using one of three ways. Simply move your mouse at the screen edge to show the capture bar. You can also access capture mode through the program symbol in the task bar or through keyboard shortcuts.
You will be able to hav capture window, object, video, capture scrolling, capture region, capture text and many options to satisfy your needs.
There are also capture style settings which can be used to specify the pattern you want screenshots to be taken. You can take snapshots once or at regular intervals. In addition; you can specify the desired time interval.
 
Edit Mode:

 
If this mode is enabled then all captures will automatically be opened in Snap's edit mode.
This mode includes; mouse tools, image tools , actions, thumbnail bar, and scroll buttons. 
The mouse tools help you highlight and annotate your screenshots. It includes scroll, crop, highlight, eraser and so on. The image tools let you perform image processing tasks such as image rotation, zoom in and out, apply watermark and many other features.
Actions allow you to save and share your recordings. The thumbnail bar displays a miniature view of all images and videos in your output folder.

 Options:
 

 
The program is highly customizable and has many options which make it easily configurable. There are general options including skin and language. Also capture settings including screenshot and output. Edit mode settings include tools, share and email. Other settings such as send to app, import and export are also present. You will be able to change the language easily using configuration, language.
 
 
Pros:
Create screenshots and videos fast and easily
Record, edit and send instantly
Use live editing and avoid post-processing
More speed, flexibility and usability
Capture multiple monitors up to 4k resolution
And many more
 
Cons:
None
 
Conclusion:
 
Ashampoo Snap 9 is the ideal screenshot and video recording solution for your PC. It is the best choice for you whether you need to explain, document or simply demonstrate.

Are you interested in recording music and albums? Do you need to save music files from online sources or digital music services or videos? Do you find it wonderful to have all song information added automatically for you (for example artist, album, song, genre, album art, lyrics?
If the answer is yes, then you can do all this with the help of Replay Music.

Replay Music is a unique audio recorder, specially optimized for music. It is designed so that you can captures song files from any source (as PC-based player, web,..etc). In addition, the program will save your music into high quality MP3 files with individual tracks.

The program will do everything you need, it will automatically add tag and song information. The built in advanced audio recording eliminates background noises and system sounds so that you will have high quality recording.



Homepage:

http://applian.com/replay-music

System Requirements:

It can be installed on any windows version from windows XP to windows 10 both 32 and 64 Bit

Download:

It can be easily installed from the official website here:

http://applian.com/replay-music/download

You can download any previous version of the program from the official website
Windows XP users download the program using this direct link:

http://applian.com.s3.amazonaws.com/prev/RMSetup-7.0.0.44.exe

Read The full Review ----- HERE

I would like to thank Applian Technologies for sponsoring this Giveaway Exclusive for our members

I would like to thank Mike for Arrangement of this Giveaway

Giveaway Details:
 
Number of Licenses: 10

Validity of Licenses: Lifetime (with updates for the current version)
 
Value of each license: $29.95
 
Duration of giveaway: 10 days
 
Giveaway ends: April 28, 2016
 
Rules:
 
1. Share this giveaway post to your Facebook, Twitter or Google+ and share the links along with your comment below.
 
2. Subscribe to our newsletter RSS FeedBurner and get all the latest giveaways and contests delivered to you by email.
 
3. Winners will be selected by using Randm.org.
 
4. If you don't want to take part in this giveaway please don't put your comment it creates problems when we randomize winners.
 
5. Winners must contact Mike within 5 days after giveaway ends to claim their win. If a winner does not respond within that time-frame, their win will be void.

Ashampoo Snap 9 - 10 licenses - Go down the page

Rules & Regulations:
1.The contest closes on May 7, 2016.

2.The contest is managed by Rafflecopter, and the winner would be picked randomly by the same. The result provided by Rafflecopter, would be final and binding.

3.Each entry of the winner would be checked manually, to confirm if he has completed the steps properly. In case of any irregularity with the entry, another winner would be picked up. No gaming the system, no cheating! We’ll be monitoring the entries.

4.Winner would be notified by eMail.

5.The contest is open to all geographic locations

Quote:Ashampoo Snap 9 Review

Sothink Blu-ray Copy is all-inclusive Blu-ray copy software that copies any unprotected Blu-rays to blank Blu-ray/DVD/AVCHD discs, or onto computer HDDs as ISO files or folders. It has 5 copy modes, Full Disc, Main Movie, Customize, Clone/Burn and Merge. Customers can choose whatever that meets their requirements. The most eye-catching feature is its compatibility with 3D Blu-rays, which lets users to output 3D Blu-rays to genuine 3D format, Side-by-Side 3D format, even to regular 2D format.

Giveaway page:
https://www.giveawayoftheday.com/sothink...-copy-1-0/

Quote:Icecream Ebook Reader is one of the best ebook readers for PC. It supports all most popular ebook formats including comic book formats (EPUB, MOBI, FB2, PDF, CBR, CBZ). The main advantage of the program is that it is really easy to use but still has all the features needed for comfortable reading: full screen mode, 2­page mode, night mode, book search, tracking reading progress etc. You can organize your ebook library efficiently creating categories you need and editing books' meta data (title, author etc).

is a feature-riched application to do several tasks on a single click. Since PDF files could be accessed at no cost, the popularity and the essential features of PDF has made people to make use of PDF files in a very broad manner. In some cases, users may be in need of several strategies to merge, split and to extract pages from the PDF files. For this purpose, people are provided with the Combo PDF Tools. This tool has got several advanced features and options for,

• Editing the PDF files and documents.
  
  
• Split PDF documents into single and multiple pages as well as into a set of pages as per the requirement and desire.
  
  
• Merge PDF documents and pages.
  
  
• Remove worthless or unwanted pages from document.
  
  
• Extract or retrieve valuable pages from document.
  
  

• Resize PDF page orientation, layout or size as per demand.
  
  
• Secure important document with password protection and restrictions.
  
  
• PDF watermarking to protect your ownership of document.
  
  
• PDF bookmarking for proper page indexing.
  
  
• Support batch mode processing.
  
  
• Providing support for all kinds of protected and unprotected PDF documents.
  
  

Ashampoo Snap 9 - 10 licenses

Giveaway Rules:
- We are giving 10 free license(s).
- You need to register and login to enter into the Giveaway contest.
- Winner(s) will be published after the giveaway ends!

Quote:

Ashampoo Snap 9 is the ideal screenshot and video recording solution for your PC. Capture anything you see on your screen as images or videos and add additional information, e.g. texts or arrows. A picture is worth a thousand words - if it is done well! Use the integrated text recognition to copy entire pages of text or share your processed images with friends and family. Whether you need to explain, document or simply demonstrate - Snap 9 is always the best choice!

CyberLink PowerDVD 16 Ultra

Quote:Recreate the atmosphere of cinema in your own home.

I came across this on youtube which I thought would be useful for those who are concerned about our own health
and the health of our loved ones especially about the dreaded topic of cancer.

The Truth About Cancer – A Global Quest

Episode 6: The NOCEBO Effect, Healing Vaccines, Advanced Detoxing & Going Inside A German Cancer Clinic

Did you know that certain mushrooms can actually fight cancer?

 In fact, there’s specific mushrooms that can boost your immune system and help you heal from all sorts of things.

 In tonight’s sixth episode (that airs at 9:00pm Eastern) we’re going to go deep into understanding which mushrooms
to eat and exactly how they work.

The link is up only for a short duration possibly a day.

https://www.youtube.com/watch?v=hgiHTMuiAmk

I wish all in the forum and the guests who visit our forum good health!

Free Ebook - French Basics in a Week!: The Ultimate French Learning Course for Beginners Kindle Edition

In case you want to pick a new language or want to visit France here is a free ebook
that give you a headstart.

Whatever your reason is for learning the language, you will certainly learn the basics here.
Complete with pronunciation and basic grammar tips covering the most practical of situations,
you will certainly learn a lot in a matter of a week.

Can hardly wait? Let’s get started!

Here Is A Preview Of What You’ll Learn...

    French Pronunciation
    Numbers, Date and Time
    French Greetings!
    Going Out and Getting Around
    Touring, Shopping and Eating Out
    Much, much more!

If you want to go to: http://www.amazon.com/French-Basics-Week...B01E45NFIA

BetterDesktopTool

Window-Overview arranges all windows in a non-overlapping layout. In this configuration you can select an arbitrary window and make it the foreground window. Window-Overview is also capable of showing and restoring minimized windows. While being in Window-Overview mode you get live preview of your Window content. 

Features Standard Edition - for non comercial use.

- Arranges all windows in a non overlapping layout. Allows selection of an arbitrary window to bring it to the foreground.
- Can be applied to minimized, non-minimized and foreground application windows.
- Supports Multi-Monitor setups.

Desktop - overview

- Moves all windows away from your desktop to give you access to Desktop-Shortcuts and Sidebar-Gadgets.
- Supports Multi-Monitor setups.

Configuration of Mouse and Keyboard shortcuts for all functions.



Configuration of Hot-Corners all functions.


Demo:


Requirements:
Microsoft Windows Vista SP2 (32/64 bit), Windows 7 SP1 (32/64 bit), Windows 8 (32/64 bit), Windows 10 (32/64 bit),
Windows Aero Glass and sufficient Graphics Card: http://www.betterdesktoptool.com/aero.html
Microsoft .NET Framework 4.0

Homesite:
http://www.betterdesktoptool.com/index.html

Download:
http://www.betterdesktoptool.com/BetterDesktopTool.exe

Version 1.4.0.623 - April 14, 2016


Change log:

Fixed: compatible with Windows Explorer replacement software.
Fixed: compatible with Emsisoft Internet Security.
Fixed: Some minor bugs.



Home: http://www.shadowdefender.com

Download: http://www.shadowdefender.com/download/S..._Setup.exe

Google is looking to take steps that will enables Chrome users to make more informed decisions about the extensions they install. Specifically, developers will have to provide more information about data collections in the interests of transparency.
In addition, developers will have to produce a privacy policy for their extensions, and must ask for permission before collecting data about users. Google's new User Data Policy introduces these extra requirements in the wake of increased demands from users for more information about what is going on in the background.

Google is introducing some restrictions as a well as new requirements. If the collection of data is not integral to the functioning of an extension, it will be prohibited. The new User Data Policy comes into force from July 14, and after this date Google will purge from the Web Store any non-compliant extensions.
Developers will be expected to:

• Be transparent about the handling of user data and disclose privacy practices
  
• Post a privacy policy and use encryption, when handling personal or sensitive information, and
  
• Ask users to consent to the collection of personal or sensitive data via a prominent disclosure, when the use of the data isn’t related to a prominent feature.