Google to block Flash on Chrome, only 10 websites exempt

May 16, 2016 – 7:55 AM

The slow and inexorable slide to a world without Flash continues, with Google revealing plans to phase out support for Adobe’s Flash Player in its Chrome browser for all but a handful of websites. And the company expects the changes to roll out by the fourth quarter of 2016.

While it says Flash might have “historically” been a good way to present rich media online, Google is now much more partial to HTML5, thanks to faster load times and lower power use.

As a result, Flash will still come bundled with Chrome, but “its presence will not be advertised by default.” Where the Flash Player is the only option for viewing content on a site, users will need to actively switch it on for individual sites. Enterprise Chrome users will also have the option of switching Flash off altogether.

Source:
http://www.cnet.com/news/google-to-block-flash-on-chrome-only-10-websites-exempt/

New Windows 10 build kills controversial password-sharing Wi-Fi Sense

May 14, 2016 – 7:27 AM

When Microsoft announced Windows 10, it added a feature called Wi-Fi Sense that had previously debuted on the Windows Phone operating system. Wi-Fi Sense was a password-sharing option that allowed you to share Wi-Fi passwords with your friends and contacts in Skype, Outlook, and Facebook. Here’s how Microsoft described the feature last year:

“When you share Wi-Fi network access with Facebook friends, Outlook.com contacts, or Skype contacts, they’ll be connected to the password-protected Wi-Fi networks that you choose to share and get Internet access when they’re in range of the networks (if they use Wi-Fi Sense). Likewise, you’ll be connected to Wi-Fi networks that they share for Internet access too. Remember, you don’t get to see Wi-Fi network passwords, and you both get Internet access only. They won’t have access to other computers, devices, or files stored on your home network, and you won’t have access to these things on their network.”

There were security concerns related to Windows 10’s management of passwords and whether or not said passwords could be intercepted on the fly. To our knowledge, no security breaches or problems were associated with Wi-Fi Sense. According to Microsoft, few people actually used the feature and some were actively turning it off. “The cost of updating the code to keep this feature working combined with low usage and low demand made this not worth further investment,” said Gabe Aul, Microsoft’s Windows Insider czar.

Source:
http://www.extremetech.com/computing/228259-new-windows-10-build-kills-controversial-password-sharing-wi-fi-sense

New Security Flaw Found in Lenovo Solution Center Software

May 6, 2016 – 5:21 PM

A new vulnerability has been discovered in Lenovo’s much-maligned Lenovo Solution Center (LSC) software. The vulnerability allows attackers with local network access to a PC to execute arbitrary code, said researchers at Trustwave SpiderLabs.

The flaw allows an attacker to elevate privileges and is tied to the LSC application’s backend. It opens the door for a malicious attacker to start the LSC service and trick it in to executing arbitrary code in the local system context, said Karl Sigler, a SpiderLabs researcher at Trustwave.

LSC comes preloaded on nearly all Lenovo business and consumer desktops and laptop PCs. The software acts as a dashboard monitoring system health and security – from battery life, driver updates and firewall status. Lenovo has issued a fix for the security flaw last week. This is the second time the computer maker has had to patch LSC – the first being December 2015.

“In keeping with industry best practices, Lenovo moved rapidly to ready a fix and on April 26 it updated its security advisory disclosing this additional vulnerability and the availability of a fix that addressed it,” a Lenovo spokesperson told Threatpost.

Source:
https://threatpost.com/new-security-flaw-found-in-lenovo-solution-center-software/117896/

Google makes it mandatory for Chrome Apps to tell Users what Data they collect

April 19, 2016 – 5:09 PM

Around 40 percent of all Google Chrome users have some kind of browser extensions, plugins or add-ons installed, but how safe are they?

The company plans to enforce developers starting this summer, to “ensure transparent use of the data in a way that is consistent with the wishes and expectations of users.”

Google is making its Chrome Web Store safer for its users by forcing developers to disclose how they handle customers’ data.

Google’s new User Data Policy will now force app developers, who use the Chrome Web Store to distribute their products, to be more transparent about their data collection practices.

In other words, the company wants its Chrome users to know what’s happening when they use third-party apps and services that rely on its browser.

Source:
https://thehackernews.com/2016/04/chrome-data-security.html

ID Ransomware you have been hit with

April 16, 2016 – 1:39 PM

ID Ransomware is a new online service that allows you to upload ransom notes or encrypted file samples to identify the ransomware used to attack you.

So-called ransomware is an ever growing and evolving threat that is attacking computer systems to either hold files hostage by encrypting them, or locks access to the computer instead.

Most request Bitcoin payments promising that files or the system will be unlocked once the payment has been received. This alone can be problematic as users who are affected by a successful ransomware attack may not know how to obtain the Bitcoin needed to make the payment.

What many users affected by ransomware don’t know is that decryption or removal tools are available for certain kinds of ransomware which allow them to regain access to encrypted files or a locked computer without paying the ransom.

For that however, it is necessary to identify the ransomware first which can be a challenge in itself.

Source:
http://www.ghacks.net/2016/04/13/id-ransomware/