The EFAIL vulnerability – why it’s OK to keep on using email

May 15, 2018 – 9:19 PM

This week’s bug of the month is the trendily-named EFAIL.

Like many groovy bugs these days, it’s both a BWAIN (bug with an impressive name) and a BWIVOL (bug with its very own logo, shown in the image at the top of this article).

The name is a pun of sorts on the word “email”, and the bug is caused by a flaw in the specifications set down for two popular standards used for email encryption, namely OpenPGP and S/MIME.

Simply put, the EFAIL vulnerabilities are a pair of security holes that a crook might be able to use to trick recipients of encrypted messages into leaking out some or all of their decrypted content.

Note that this attack only applies if you are using S/MIME or OpenPGP for end-to-end email encryption.

If you aren’t using either of these add-ons in your email client, this vulnerability doesn’t affect you – after all, if the crooks can sniff out your original messages and they’re not encrypted, they’ve got your plaintext already.

Note also that this attack doesn’t work on all messages; it doesn’t work in real time; you need a copy of the original encrypted message; it only works with some email clients; and it pretty much requires both HTML rendering and remote content download turned on in your email client.

Source:
https://nakedsecurity.sophos.com/2018/05/15/the-efail-vulnerability-why-its-ok-to-keep-on-using-email/

Cloudflare’s new DNS service

April 20, 2018 – 6:33 PM

Are you looking for a free way to speed up your internet and gain some extra privacy in the process? Keep reading, because Cloudflare (the Web Performance & Security Company) is offering a free new DNS service. And it helped me improve the speed of my DNS lookups.

What is DNS?

DNS is short for Domain Name System. It is an internet protocol that allows user systems to use domain names/URLs to identify a web server rather than inputting the actual IP address of the server.  For example, the IP address for Malwarebytes.com is 104.72.35.176, but rather than typing that into your browser, you just type ‘malwarebytes.com’ and your system reaches out to a ‘DNS Server’ which has a list of all domain names and their corresponding IP address, delivering that upon request to the user system.  Unfortunately, if a popular DNS server is taken down or in some way disrupted, many users are unable to reach their favorite websites because without the IP address of the web server, your system cannot find the site. When trying to explain the concept of DNS name resolution I think that finding a phone number for a certain person is a good analogy. There are several ways to find a person’s phone number and the same is true for resolving an IP address that belongs to a domain name.

Which DNS servers am I using now?

If you have to ask yourself that question, there’s a big chance that you are using the DNS service provided by your internet provider. And while some of those are quite good, others are deplorable. Those that have looked into changing their DNS servers have probably ended up using Google’s public DNS or if they were also interested in a web-filter they might have ended up using Cisco’s OpenDNS. IMHO those are the two most popular alternatives for the ones provided by ISPs around the globe, but many more are available.

Source:
https://blog.malwarebytes.com/101/how-tos/2018/04/cloudflares-new-dns-service/

Microsoft claims to make Chrome safer with new extension

April 18, 2018 – 4:55 PM

Chrome already provides effective protection against malicious sites: go somewhere with a poor reputation and you’ll get a big, scary red screen telling you that you’re about to do something unwise. But Microsoft believes it can do a better job than Google, and it has released a Chrome plugin, Windows Defender Browser Protection, that brings its own anti-phishing protection to Google’s browser.

Microsoft justifies the new plugin with reference to a 2017 report that claims that the company’s Edge browser blocked 99 percent of phishing attempts, compared to 87 percent by Chrome and 70 percent in Firefox. The plugin brings Edge’s protection to Chrome, so if the theory holds, it should bump the browser up to 99 percent, too.

The new extension doesn’t appear to disable Chrome’s own checking (or at least, it doesn’t seem to be doing so for me), so at the very least isn’t likely to make you less safe, and with phishing being as widespread as it is, the extra protection probably doesn’t hurt.

While making Windows users that extra bit safer is good for the Windows platform as a whole, this release does ever so slightly erode one of the purported benefits of the Edge browser. Microsoft has struggled to get people using its browser—while the core engine and security features are solid, the interface still has frustrating shortcomings—but one of its virtues was that it has different, and arguably better, defense-in-depth protection against phishing and malicious exploitation. In bringing that protection to Chrome, there’s one less reason to pick the Microsoft browser.

Source:
https://arstechnica.com/gadgets/2018/04/microsoft-claims-to-make-chrome-safer-with-new-extension/

Rogue extensions that hijack Chrome & Firefox are near impossible to remove

January 20, 2018 – 11:05 AM

As discovered by Malwarebytes researcher Pieter Arntz, a new pair of extensions plaguing Google’s Chrome and Mozilla’s Firefox can hijack the browsers in order to push technical support scams at you and potentially even spy on your browsing activities.

Called “Tiempo en colombia en vivo” on the Chrome Web Store, the rogue extension can be installed on a machine when the user visits certain sites; trying to leave a malicious site results in an infinite loop of dialog boxes cautioning the user that they can’t leave the page until they install the extension. If they try to leave still, and choose the option to “Prevent this page from creating additional dialogs,” the tab will go into full screen mode and offer the ‘Add extension’ dialog popup that shows up when installing a Chrome extension.

If the user ends up installing the extension, it will proceed by hijacking their browser searches and redirect them to certain pages or YouTube videos in order to increase their views.

Interestingly, the extension is designed to also make its removal a difficult procedure; the first measure taken to ensure this is to redirect users from the ‘chrome://extensions/’ page where they could manage and delete the extension to ‘chrome://apps/?r=extensions’, which simply lists the various Chrome apps and extensions that they have installed.

With the normal path to deleting an extension now unavailable, most casual users will likely not be able to remove the extension. In his efforts, Arntz even tried more advanced methods such as disabling JavaScript, starting Chrome with all extensions disabled, and renaming the file path for where extensions are saved, but to no avail.

The only means of successfully removing the extension at this point is, per Artnz, to install Malwarebytes and let the anti-malware program do it for you. Alternatively, you may also try and manually browse to the extension’s folder and rename ‘1499654451774.js’, which is the JavaScript file the extension relies on. You can then restart Chrome and will be able to access the browser’s extension settings as normal, with the offending extension shown as being corrupted – and unable to work its nefarious magic as it can’t find the files it’s looking for. You can then proceed to delete it as you normally would.

Source:
https://www.neowin.net/news/rogue-extensions-that-hijack-chrome–firefox-are-near-impossible-to-remove

A flaw in Intel AMT can leave your laptop exposed to attackers

January 12, 2018 – 8:44 PM

Following on the heels of the revelations of the Meltdown and Spectre vulnerabilities plaguing decades of Intel’s processors, a new flaw in the Active Management Technology (AMT) has left Intel in even more hot water among the cybersecurity community.

The new flaw targets laptops, especially those powered by Intel’s enterprise-focused vPro processors, and exploits the remote access monitoring and maintenance tools provided by AMT to gain total control over the machine. Relatively easy to implement, the attack is also not impeded in any way by BIOS or BitLocker passwords, TPM pins, or login credentials.

In order to carry out the attack, an individual would need physical access to the machine. The way it works is by rebooting the machine and entering the boot menu. While you would normally need the BIOS password in order to perform any hijinks at this point, using Intel’s Managment Engine BIOS Extension (MEBx) can allow an attacker to login in with a simple ‘admin’ login that is the default.

The attacker can then proceed by, “changing the default password, enabling remote access and setting AMT’s user opt-in to ‘None'” to effectively compromise the machine, according to F-Security researcher Harry Sintonen. He continues, “Now the attacker can gain access to the system remotely, as long as they’re able to insert themselves onto the same network segment with the victim (enabling wireless access requires a few extra steps).”

Source:
https://www.neowin.net/news/a-flaw-in-intel-amt-can-leave-your-laptop-exposed-to-attackers

Page 2 of 35312345...102030...Last »