Wednesday, 5 September 2018

Google Chrome Will No Longer Show 'Protected' At HTTPS Sites



To celebrate the tenth anniversary of Google Chrome, a new version of the browser has appeared that does not show the word 'secured' at https sites, makes using Flash Player more difficult, introduces an improved password manager and fixes 40 security vulnerabilities.

On 2 September 2008 , Google launched its own browser, which has since become the dominant browser. According to StatCounter, Chrome has a market share of almost 68 percent on the desktop . In the Netherlands, around 54 percent of desktop users would browse with Chrome. Yesterday evening the 69th version of Chrome appeared that contains all kinds of new features and improvements.

This allows Chrome 69 to enter passwords, address details and credit card numbers more accurately. It is data stored in the user's Google account and accessible directly from the Chrome toolbar. The browser also has an improved password manager that can generate unique passwords for websites and accounts. Saved passwords are then available to users with a Google account on both the computer and mobile devices.

Furthermore, Chrome 69 does not show the word "secured" on websites with a secure connection. Only the lock icon indicates that a secure connection is being used. Eventually the lock icon will also disappear. Google decided in July to display the message "Unprotected" at all http sites. The internet giant wants https sites to be the norm and users will only see a notification at http sites.

Also, in the browser measures have been taken to make the use of Adobe Flash Player more difficult. Previously, users could whitelists websites that wanted to access the built-in Flash Player. That has now changed. Users must allow this separately each time a website wants to enable Flash content, regardless of whether they have done so in previous sessions.

In addition, Google has fixed 40 vulnerabilities in the browser that prevented an attacker from stealing or modifying data from other websites in the worst case scenario. Updating to Chrome 69.0.3497.81 will happen automatically on most systems. For Android users, Chrome 69.0.3497.76 has been made available.

MEGA Warns Against An Infected Chrome Extension That Steals Data



The popular cloud storage service MEGA has warned users of an infected version of its own Chrome extension that was distributed through the official download channel and tried to steal all kinds of user data. According to MEGA, the cloud storage service of internet entrepreneur Kim Dotcom, an attacker has gained access to the official Chrome Web Store account of the company.

Then an infected version of the MEGA Chrome extension was placed in the Web Store and automatically offered to existing users. This version required permission to read data on all websites. As soon as users granted this permission, the extension tried to steal private keys for cryptocurrency wallets and user names and passwords for Amazon, GitHub, Google and Microsoft accounts.

After five hours, the infected Chrome extension was removed from the Chrome Web Store by Google. MEGA states that it has initiated an investigation to find out how the Web Store account could be taken over. The cloud storage service also gets to Google because it does not allow developers to sign their Chrome extensions. The extensions are now automatically signed after being uploaded to the Chrome Web Store. According to MEGA, this will remove an important measure that must protect against attackers.

Before MEGA gave the warning, Jeremy Nation of MetaCert already came up with an analysis of the infected extension. It is not the first time that attackers get access to the Web Store account of an extension developer and then distribute an infected update or version. At the end of last year, eight Chrome extensions were discovered that had been hacked and adware was installed by the 4.6 million users. The attackers had been able to trace the login data for the Web Store through these phishing attacks.

Tuesday, 4 September 2018

Google Employee Hacks RFID Access System Own Office



A Google employee hacked the RFID access system of Google's own office in Sunnyvale, allowing him to open doors without an access pass and prevent other employees from gaining access. Google uses the iStar Ultra and IP-ACM systems from supplier Software House. The access system works via an RFID access pass.

Google employee David Tomaschik monitored the encrypted network traffic of the iStar Ultra and IP-ACM systems. The encrypted traffic turned out not to be random, whereas it should have been the case. Further research by Tomaschik revealed that all Software House devices used a hard-coded encryption key. This made it possible to forge commands, such as the command to open a door. He was also able to replay captured network traffic and thus open or block a door.

Furthermore, it was possible to perform these actions without creating a log. Software House has developed a solution, but organizations where the vulnerable systems are in use are still at risk, according to business magazine Forbes. Google also mentions that it has segmented its own network to provide protection against vulnerable systems.

British Man Gets 14 Months In Prison For Not Giving Up Facebook Password



A 24-year-old British man has been sentenced to 14 months in prison for not giving up his Facebook password. The man is suspected of the murder of a 13-year-old girl. The police had twice asked for his credentials for the social network site, but the Brit refused to provide it.

Under the British Regulation of Investigatory Powers Act (Ripa), the man was subsequently charged with not providing 'access codes to an electronic device'. The Ripa legislation gives UK investigative authorities the power to force people to give their password, encryption key or other log-in details to investigate an electronic device such as a telephone or computer, according to The Independent . The Ripa legislation was originally intended as an anti-terrorist measure, but the police can use it much more broadly, according to a British law firm. A maximum term of imprisonment of 5 years is imposed on not giving up a password.

The Briton told the judge that relinquishing his password would reveal information about cannabis. The judge called the defense "entirely inadequate" and stated that the man had thwarted the police investigation into the murder through his actions. The British police are trying to get access to the man's Facebook account through the US Department of Justice, the Daily Mail and The Sun report . In the past, people in the United Kingdom have more often been sentenced to prison terms for not relinquishing their login details.

Mozilla's New VP Will Focus On Privacy & Security



Mozilla has a new security chief who will focus on privacy and security. Alan Davidson is the new vice president for "Policy, Trust and Security" with the open source developer. He will be responsible for promoting an open internet and a 'healthy web'.

He will also lead a 'trust and security' team that will focus on promoting innovative privacy and security features in Mozilla products. Previously, Davidson worked at the US Department of Commerce and in 2011 he was the policy leader at Google. "I am very happy to work for an organization that is so dedicated to putting the user first", Davidson said.

Thursday, 15 March 2018

DuckDuckGo Starts Privacy Contest With $ 500,000 Prize Money



Privacy search engine DuckDuckGo has started a contest with which organizations that use privacy can win all sorts of cash prizes. The competition will be held on the crowdfunding platform CrowdRise. The organization that gets the most money between 13 March and 10 April will receive the top prize of 50,000 dollars. A total of 253,000 dollars was reserved for the sixteen best participants.

In addition, there is 247,000 dollars that is distributed through the weekly bonus challenges . A total of 20 organizations participate in the competition, including the Freedom of the Press Foundation, the Tor Project , Let's Encrypt, Tails and Bits of Freedom. Since the start of the game yesterday, a total of $ 4219 in donations has been raised and the Center for Democracy and Technology has topped $ 1130.

Google Removed 3.2 Billion Malicious Ads In 2017



Last year, Google removed more than 3.2 billion malicious ads because they tried to infect Internet users with malware, went to phishing sites, committed advertising fraud, or for other reasons - more than 100 ads removed per second.

For example, 79 million advertisements were removed because they sent internet users to websites with malware. Google removed another 48 million ads because they let users install unwanted software. Furthermore, 66 million "trick-to-click" ads were removed. In addition to advertising, 320,000 of the advertising network were also banned and Google decided to blacklist 90,000 websites and 700,000 mobile apps.

Registry Key No Longer Required For Windows 10 Updates


Users of Windows 10 no longer need a specific registry key to receive security updates, Microsoft announced. The reason for the mandatory registry key was a compatibility problem with various anti-virus products that can provide a blue screen of death (BSOD).

To stop these problems from incompatible anti-virus products, Microsoft security updates from January 3 and beyond were only offered to systems that had a compatible virus scanner. Anti-virus vendors had to confirm to Microsoft that their software was compatible with January and beyond security updates, which was added to the Windows Registry by adding a special registry key. In case the virus scanner did not enter this registry key, users no longer received updates and were vulnerable to attack. When users did not run a virus scanner, Microsoft advised to manually enter the registry key to receive the January and after updates.

Now Microsoft's John Cable reports that there is no longer a check on the compatibility of anti-virus programs. All Windows 10 machines will therefore receive the March security updates as well as the previously released updates for the Spectre and Meltdown attacks, regardless of whether they have the previously required registry key. In the coming weeks, Microsoft will provide more information about the compatibility of anti-virus software on older Windows versions.

Meltdown Update For 32-Bit Versions Windows 7 and 8.1


Microsoft released two months after the unveiling of the Spectre and Meltdown attacks , which should protect users of the 32-bit versions of Windows 7 and Windows 8.1 against Meltdown. In addition, Intel microcode updates for various Intel processors have been rolled out.

At the beginning of January, the software giant already released security updates for the 64-bit versions of Windows. A Meltdown update for the 32-bit versions of Windows 10 followed on 18 January. Microsoft now announced that security updates for the 32-bit versions of Windows 7 and Windows 8.1 have also been made available to protect users from the Meltdown attack.

To be fully protected against Spectre and Meltdown attacks, systems require both software and firmware (microcode) updates, Microsoft said. That is why in early March it started to offer microcode updates from Intel via the Microsoft Update Catalog . Initially, it concerned updates for systems that have a Skylake processor and run the Windows 10 Fall Creators Update. Now, Microsoft has also made updates for Kaby Lake and Coffee Lake processors on the same platform.

Microsoft: Shift From Ransomware To Cryptominers



Millions of computers have come into contact with cryptominers in recent months, while the number of cases of ransomware has declined, according to Microsoft today. From September last year to January of this year, an average of 644,000 unique Windows computers were detected each month and encountered a cryptominer.

This involves malware that can be installed on the computer in various ways and allows the system to mine cryptocurrency. While there is a clear increase in the number of cryptominers, the number of computers encountered by ransomware is decreasing. A possible reason is that cryptominers are now also distributed via exploit kits, as well as via malicious e-mail attachments.


"It is unlikely that cyber criminals will completely abandon ransomware in the short term, but the increase in trojanised cryptominers shows that attackers are exploring the possibilities of illegally earning money with this newer method," said Eric Avena of Microsoft. Because cyber criminals now choose more for cryptominers, this malware will also take over the behavior of already known threats, according to Avena. As an example, he points to the NeksMiner, who places a copy of himself in shared network folders and on USB sticks to propagate further, like all kinds of other malware.

Mozilla Is Considering Blocking In-Page Pop-Ups In Firefox



Mozilla is collecting a dataset of in-page pop-ups in order to automatically block them in Firefox. In-page pop-ups are pop-ups that show pages at different times, such as when loading the website, scrolling, inactivity or opening a tab.

Experiments are now being done with a pop-up blocker to close these pop-ups automatically. For this Mozilla is working on a collection of such pop-ups. Internet users can report this via this page . The dataset is only needed to train the pop-up blocker. The plan is to be able to block them automatically without having a complete blocklist. Whether the feature also comes is still unclear. Firefox developer Ehsan Akhgari says on Twitter that Mozilla is exploring it as a possible Firefox feature.

Wednesday, 14 March 2018

Researchers Let Malware Send Data Via Loudspeakers



Researchers at Ben-Gurion University have developed malware that can steal data from systems that are not connected to the internet via passive loudspeakers. Because of the risk of attacks, it is a lot of advice to not connect computers with confidential data to the internet.

This is also called an air gap. An offline computer can still be infected, for example via USB sticks or a malicious employee. In order to steal data from an infected offline computer, Ben-Gurion University researchers have developed various methods in the past, such as the use of speakers , air conditioning , sound from the hard disk , fans , radio waves , infrared cameras , scanners , heat emitted. , usb radiation , mobile phones , hard drive lights and router lights to return the data directly to the attacker or via an infected computer or smartphone connected to the Internet.


The researchers are now demonstrating a new method called Mosquito ( pdf ) in which "speaker-to-speaker" communication is used to steal data from a computer that is not connected to the internet. The scenario that the researchers sketch consists of a room with two computers, one of which is and one is not connected to the internet. Both computers are infected with malware and have passive speakers or headphones. The malware then exploits a feature of the audio chip that changes the connected speakers of output device into an input device (microphone).

Malware on one computer can then transmit information via the speakers and the use of ultrasonic waves that are collected by the speakers of the other computer, which have in fact become a microphone. In this way it is possible to send data at a speed of 10 - 166 bits / sec at a distance of 9 meters between the computers. If headphones are used instead of loudspeakers, a distance of 3 meters is possible.

The researchers state that in heavily guarded settings it is common to ban both active and passive loudspeakers, in order to create an air gap. Less stringent rules prohibit the use of microphones, but allow the use of "one-way" speakers. In many cases, the policy and security measures do not apply to modern headphones, which are basically non-powered and unenhanced loudspeakers. Mosquito could be effective in these situations.

To prevent such attacks, organizations can take various measures, such as prohibiting the use of speakers, headphones or earphones, using active speakers, disabling the audio codec in the bios, detecting ultrasonic transmissions, and using low-pass filters.