Took us five years to figure that out.
Now here’s something that you wouldn’t expect from the 1st class software. According to Elliott Kember, the software develoepr and director at Riot, Google does an absolutely horrible job at protecting your sensitive data.
As it turns out, extracting your Google Chrome passwords is so easy, it’s actually mind boggling. All you have to do is type chrome://settings/passwords in the URL bar and that’s it. There are no master passwords, security prompts or anything of that nature.
Time to switch or is it?
It’s been a while since the last NSS Labs report and as it turns out, instead of comparing malware block rates like they always do, the guys have decided to do something different: find out which browser has the best built in privacy protection.
As it turns out, Safari and Internet Explorer users are protected better than those of Chrome and Firefox (if we ignore 3rd party extensions and NSA) and here is why:
During today’s WPC 2013 Event, Kevin Turner, Chief Operating Officer at Microsoft, boasted about their achievements in the security department and compared the number of vulnerabilities versus Google and Mozilla.
The slide above is pretty self explanatory but if you are wondering where they got these statistics from, it’s from Secunia’s Vulnerability Review 2013 report, which can be requested in the following page.
Takes one week to notify its users.
Now here is something that is not pleasant for any company or its product(s) users. Opera Software has just informed everyone about a network breach (that was uncovered on June 19th), which has grave consequences for those that were affected.
According to the blog post, attackers have stolen the Opera code signing certificate and used it to sign and distribute some malware distinguished as Opera browser.
The power of the web.
Now here’s an interesting take on leaking private data. Researchers in Germany are working on a new, ad based platform that would allow whistleblowers to share the information without compromising their positions.
And here is how it works: a web site will embed AdLeaks ad, which contains a code capable of encrypting an empty message with the AdLeaks public key and sending it back to their servers.
Well, now you know why Google and Microsoft are so eager for you to signup when using their services and what they do with that data.
Fortunately, organizations like Mozilla, Reddit, DuckDuckGo and many more have a better idea and care about your privacy. Thanks to the recently leaked data about PRISM, these companies are asking the Congress to end NSA surveillance.
Mozilla isn’t too happy about it.
According to a report by Citizen Lab, Gamma International, a UK based firm that produces surveillance software (FinFisher), is tricking people into installing their spyware on their machines, which is later masked as Firefox.exe.
As noted in the Mozilla’s blog post, “when a user examines the installed spyware on his/her machine by viewing its properties, Gamma misrepresents its program as “Firefox.exe” and includes the properties associated with Firefox along with a version number and copyright and trademark claims attributed to “Firefox and Mozilla Developers.”
Time to go back to IE?
Now here is something you won’t hear that often. Despite the common hate for Adobe’s Flash and Oracle’s Java plugins, it looks like they are not the major offenders when it comes to the actual number of vulnerabilities.
According to the latest report by security firm Secunia, Google Chrome, Firefox and iTunes are responsible for the majority of Windows security issues. As it turns out, 86% of all Windows vulnerabilities in 2012 (up from 78% last year) come from non-Microsoft applications and here is the actual list (vulnerabilities – product name):
No one cared about Safari.
With the Pwn2Own hacking contest coming to an end, it was revealed that every major web browser was hacked.
Google Chrome exploit allowed for a full breakout from its invincible sandbox resulting in a $100,000 reward, while both Firefox and Internet Explorer were exploited by a security firm VUPEN, resulting in a total of $160,000 in bounty payments ($60,000 and $100,000 respectively).
What about Safari? As it turns out, no one even pre-registered for Apple’s web browser this year despite the $75,000 prize.
Now here is an issue you haven’t heard about: as it turns out, both Firefox and Opera (to a lesser extent) are “leaking” your sensitive data, at least according to some reports.
The issue appears to be related to Speed Dial, which generates thumbnails of your favorite or most frequently visited web pages. As web browser takes a screenshot of the site, it does little to protect user’s privacy, especially when data is served over the SSL connection.