Tag: Security
SHA-1 Certificates Will Soon Be Deemed Invalid by Google Chrome
At least the new ones.
As a part of Google’s program to get rid of the unsafe certificates and clean up the web, the search giant has announced that starting from early 2016, Google Chrome 48 will display a certificate error if the site:
– Uses the SHA-1 based certificate,
– The certificate is issued after January 1, 2016
– And it chains to a public CA
Continue Reading
FYI: AVG Sells Your Browsing History To The Third Parties
You are the product.
If you are on Windows 8 or 10 and for some reason decided not to use Security Essentials / Windows Defender and have switched to AVG anti-virus instead, then good news for advertisers: they now have your browsing and search history as well meta data, your ISP and apps that are installed on your computer.
As stated in AVG’s privacy policy:
Continue Reading
Firefox 37 Will Encrypt Non HTTPS Traffic
Grab it now.
In an effort to protect its users privacy, the developers of Firefox web browser have made some serious changes that will allow to encrypt non https (http://) traffic.
How is that even possible? You can thank opportunistic encryption, a technique, which encrypts the communication when connecting to another system. As a result, Firefox will route HTTP (port 80) requests that are usually sent in the cleartext to a port of server administrator’s choice. In addition to that, users won’t experience any delays as connections will be fully established before they are even used.
Continue Reading
Google Removes Almost 200 Extensions From The Chrome Store
Sneaky ad injecting extensions is a no go.
Good news for users and bad for developers, thanks to a recent crackdown by Google, the search giant has identified and removed a total of 192 Google Chrome extensions that have been injecting ads to millions of users.
As it turns out, more than 5% of all people that have visited Google sites have had at least one ad injector installed and all in all, it has affected a total of 14 million users.
Continue Reading
Mobile Internet Explorer Reveals Typed Passwords
Now here’s something that should definitely concern you. According to the recent report, there is a way to reveal typed in passwords in the Internet Explorer 11 (on Windows Phone 8).
All you have to do is:
– Enable Cortana if not yet enabled
– Type the password
– Highlight the password (we’re talking about ******) and then hit the search button
– Congratulations, you are now seeing a supposedly hidden password
Continue Reading
Mozilla Partners With Tor & CDT
Forms a new privacy initiative called Polaris.
In an effort to protect its user’s privacy, Mozilla has announced a new strategic initiative with the Center for Democracy & Technology (CDT) and the Tor Project, which they hope will support and advise Polaris projects that should benefit everyone.
As a result, two new experiments have been announced as well (under Polaris belt), focusing on anti-censorship technology, cross site tracking protection and anonymity. In addition to that, Mozilla will also start hosting Tor middle relays, which will make the whole Tor network more responsive.
Continue Reading
BrowserStack Gets Compromised
Tough luck.
BrowserStack, a paid service with over 25,000 customers (including eBay, Adobe and other giants) that allows you to test your web sites on more than 700 different web browser configurations, has been compromised.
The customers has since received the following email:
Continue Reading
Google Discovers Another SSL Exploit
Back in April, everyone was talking about “that Heartbleed thing”, now, it looks like the search giant has found a new exploit in the now 18 year’s old SSL 3.0 protocol, which is still supported in a lot of web browser and can also be used as a fallback in case newer protocols fail to connect.
How to fix it? Well, the server administrators could disable SSL 3.0 completely but that’s unlikely to happen anytime soon. As far as other solutions go, Google says that it can’t be fixed and there are no reasonable workarounds.
On a slightly positive note, it was discovered (and not fully revealed) by Google so no one knows how widespread it exactly is. So here you have it folks, an exploit that can’t be fixed.
Continue Reading
Microsoft Starts Blocking Old ActiveX Plugins
Good bye, ActiveX.
In an effort to improve the overall browser security and reduce user frustration, the software giant has announced that it will start blocking outdated ActiveX controls starting August 12, 2014.
According to Microsoft, “Java exploits represented 84.6% to 98.5% of exploit kit-related detections each month in 2013” and “to help avoid this situation with ActiveX controls, an update to Internet Explorer on August 12, 2014 will introduce a new security feature, called out-of-date ActiveX control blocking.”
Continue Reading
Microsoft: We Are More Secure Than Google & Mozilla
During today’s WPC 2013 Event, Kevin Turner, Chief Operating Officer at Microsoft, boasted about their achievements in the security department and compared the number of vulnerabilities versus Google and Mozilla.
The slide above is pretty self explanatory but if you are wondering where they got these statistics from, it’s from Secunia’s Vulnerability Review 2013 report, which can be requested in the following page.
Continue Reading
