HTTPS Everywhere is now available for Google Chrome

HTTPS Everywhere is a produced as a collaboration between The Tor Project and the Electronic Frontier Foundation. Many sites on the web offer some limited support for encryption over HTTPS, but make it difficult to use. For instance, they may default to unencrypted HTTP, or fill encrypted pages with links that go back to the unencrypted site. The HTTPS Everywhere extension fixes these problems by rewriting all requests to these sites to HTTPS.

Source:
https://www.eff.org/https-everywhere

Posted in Internet, Privacy, Security, Software | No Comments

Find the phone number for any AT&T customer just by using their email address

This is pretty bad.  All you need to know is the person’s email address to find out their phone number.  Thank you, AT&T.  

https://www.att.com/olam/enterEmailForgotId.myworld 

Posted in Internet, Privacy | No Comments

New Drive-By Spam Infects Those Who Open Email — No Attachment Needed

Attackers have developed a new way to infect your PC through email — without forcing you to click on an attachment. According to researchers at eleven, a German security firm, the new drive-by spam automatically downloads malware when am email is opened in the email client. The user doesn’t have to click on a link or open an attachment — just opening the email is enough. “The new generation of email-borne malware consists of HTML e-mails which contain a JavaScript which automatically downloads malware when the email is opened,” eleven says in a news release.”This is similar to so-called drive-by downloads, which infect a PC by opening an infected website in the browser.” The current wave of drive-by spam contains the subject “Banking security update“ and has a sender address with the domain fdic.com. If the email client allows HTML emails to be displayed, the HTML code is immediately activated. The user only sees the note “Loading…Please wait,” eleven says. In the meantime, the attempt is made to scan the PC and download malware. Aside from updating their anti-spam and anti-malware tools, users can fight the new attack by deactivating the display of HTML e-mails in their email client, eleven advises. They can choose the option of displaying emails in pure-text format only.

Source:
http://www.darkreading.com/security-monitoring/167901086/security/attacks-breaches/232500660/new-drive-by-spam-infects-those-who-open-email-no-attachment-needed.html

Posted in Internet, Security | No Comments

Chrome virus scanner coming

Google has released a beta version of its Chrome 17 browser that scans for malicious downloads, which may help tackle scareware threats. The browser will issue a warning to discard a file when a user attempts to download a known bad file or if the file comes from a site known to host malware.  The new features build upon Google’s Safe Browsing system which warns if a site should not be trusted, but does not have a feature to detect malicious files from the web.  The blacklist used in the beta version is small but Google will be “ramping up coverage” in the coming months, engineer Dominic Hamon wrote in a blog post.  The new security feature comes after a Google sponsored study by security firm Accuvant found that Microsoft’s SmartScreen Filter and Google’s Safe Browsing detected under 15 percent of confirmed live malware URLs [pdf].

Source:
http://www.scmagazine.com.au/News/286274,chrome-virus-scanner-coming.aspx

Posted in Internet, Security | No Comments

Bug may enable remote code execution in Google Chrome

Google Chrome contains a vulnerability that could allow an attacker to silently execute remote code on a victim’s machine outside of the browser’s built-in sandbox protections, according to researchers at Slovenia-based Acros Security.

According to Google, however, the issue is not technically a flaw, but rather a “strange behavior” that would require substantial user manipulation to exploit.

The issue, which Acros researchers disclosed to Google more than a month ago, could result in Chrome, under specific circumstances, loading an encryption configuration file from an insecure location, Mitja Kolsek, CEO of Acros Security, told SCMagazineUS.com on Monday. This could allow an attacker to execute remote code on a victim’s machine outside of the Chrome sandbox, intended to protect sensitive resources from being accessed by malicious code.

Source:
http://www.scmagazineus.com/bug-may-enable-remote-code-execution-in-chrome/article/215216/

Posted in Internet, Security | No Comments