Google Chrome 42 Stomps A LOT Of Bugs & Disables Java By Default

Ah finally, the end of NPAPI is coming – a relic from the Netscape era the Netscape Plugin API causes a lot of instability in Chrome and security issues. It means Java is now disabled by default along with other NPAPI based plugins in Google Chrome 42. Chrome will be removing support for NPAPI totally [...] The post Google Chrome 42 Stomps...

Read the full post at darknet.org.uk

Google Revoking Trust In CNNIC Issued Certificates

So another digital certificate fiasco, once again involving China from CNNIC (no surprise there) – this time via Egypt. Google is going to remove all CNNIC and EV CAs from their products, probably with the next version of Chrome that gets pushed out. As of yet, no action has been taken by Firefox – or [...] The post Google Revoking...

Read the full post at darknet.org.uk

Chrome Web Store Apps Now Automatically Scanned

Google has started to scan newly uploaded applications and extensions in its Chrome Web Store, similar to what they already do in the Android Play Market.

We have written about quite a few cases where malicious extensions were pushed on social network users. Usually they claim to add a new functionality to the social network, like seeing who visited your profile. Not all of them are hosted on the official Chrome Web Store, so the new process will not stop all malicious extensions finding their way to the user. That being said, Symantec welcomes Google’s effort to remove malicious Chrome extensions as soon as possible and the improvements that were made to their automated system to help them detect items containing malware.

Malicious extensions for browsers are quite powerful. Once the user installs an extension and grants it permission, it can perform malicious tasks from within the browser. This can lead to man-in-the-browser (MITB) attacks with financial Trojans such as Zeus, swapping Web content, stealing passwords from login forms, or performing click-fraud in the background. At the moment, these malicious extensions are very popular with social networks scams. We wrote about the danger of malware in Firefox extensions in 2009 and this can also apply to Chrome extensions.

Chrome1.jpg

Figure 1. Malicious browser extension claiming additional feature

Regarding the malicious extensions that are being pushed on social media, be cautious when you see offers for free products on social networks, especially products that are highly sought after. If a feature is not currently available on a social network, chances are there is a reason that it is not available. Do not install browser extensions from unverified sources, even if they offer free products or access to an unavailable feature, and be especially suspicious of anything that is promoted aggressively on your social networks.

The secret to online safety: Lies, random characters, and a password manager

Aurich Lawson / Thinkstock

It's time to ask yourself an uncomfortable question: how many of your passwords are so absurdly weak that they might as well provide no security at all? Those of you using "123456," "abc123," or even just "password" might already know it's time to make some changes. And using pets' names, birth dates, your favorite sports teams, or adding a number or capital letter to a weak password isn't going to be enough.

Don’t worry, we're here to help. We’re going to focus on how to use a password manager, software that can help you go from passwords like "111111" to "6WKBTSkQq8Zn4PtAjmz7" without making you want to pull out all your hair. For good measure, we'll talk about how creating fictitious answers to password reset questions (e.g. mother's maiden name) can make you even more resistant to hacking.

Why you can’t just wing it anymore

A password manager helps you create long, complicated passwords for websites and integrates into your browser, automatically filling in your usernames and passwords. Instead of typing a different password into each site you visit, you only have to remember one master password.

Read 83 remaining paragraphs | Comments