Chrome, Google, Security

Google clamping down on malicious Chrome extensions

Leave a comment

If you use Google’s web browser Chrome, and you’ve noticed that some extensions are causing problems, take heart. Google recently discovered that about 200 Chrome extensions are injecting ads in deceptive ways, often leading users to malware. These extensions have been killed by Google, and measures taken to prevent this type of abuse in the future. Note that Google doesn’t explicitly bar ad-injection extensions; however, such extensions are subject to certain limitations.

If you suspect that your installation of Chrome is running one or more of these rogue extensions, your best bet is to uninstall Chrome completely and reinstall it.

Update 2015Apr09: Google’s efforts to identify and remove problematic extensions are ongoing. More announcements of this type are expected. For example: the extension ‘Webpage Screenshot’ was found to be collecting user data inappropriately, and was also killed.

Internet crime, Security, Spam and scams, WordPress and other CMS

WordPress sites targeted by pro-ISIL hacks

Leave a comment

An active campaign pushing the agenda of ISIL is being perpetrated mainly via hacked WordPress sites. The FBI has issued a related warning.

Anyone who runs a WordPress site should immediately ensure that it is up to date with all WordPress and plugin updates. Of course this won’t help if your site has already been hacked, so if you have any doubt, please scan your site with one (or preferably all) of the following web-based site scanners:

Meanwhile, yet another popular WordPress plugin has been found to contain a serious vulnerability. The site caching plugin WP-Super-Cache has a nasty cross-site scripting bug. Anyone using this plugin on a WordPress site needs to update it to the fixed version (1.4.4) immediately.

Firefox, Patches and updates, Security

Firefox 37.0.1 fixes crashing and security issues in 37.0

Leave a comment

Some of us never really had a chance to try Firefox 37.0, and that’s probably a good thing. Version 37.0 tends to crash when started, and it includes at least one new security vulnerability.

Mozilla pulled Firefox 37.0 from the auto-update queue after learning of these issues, and yesterday released 37.0.1 to resolve them.

Unfortunately, despite the fact that this would have been a really good time for some kind of announcement of what was going on, Mozilla has said exactly nothing about this. The release notes for Firefox 37.0.1 don’t provide any insight, and although the security advisories page has been updated for 37.0.1, it still doesn’t say much.

It does appear that Mozilla’s attempt to enable Opportunistic Encryption in Firefox 37.0 didn’t work out as expected, because the HTTP Alternative Services feature is disabled in Firefox 37.0.1.

Firefox, Patches and updates, Security

Firefox 37 released

Leave a comment

A new version of Firefox was announced yesterday by Mozilla. Yes, you read that correctly: a post on the Mozilla blog announced new versions of Firefox for all platforms. Of course, the announcement doesn’t mention the new version number, and it doesn’t provide any details, it just points to the release notes. Still, it’s progress!

According to the release notes for Firefox 37.0, the new version includes several changes related to security, including ‘improved protection against site impersonation’, and several fixes related to recently-discovered TLS vulnerabilities. WebGL rendering performance on Windows was improved. HTML5 support was also enhanced.

According to the Firefox Security Advisories page, at least 13 security vulnerabilities were fixed in Firefox 37.0.

Update: As of April 1 at 6:53am PST, the version of Firefox I’m currently using (36.0.4) is telling me that ‘Firefox is up to date’. It looks like someone may have forgotten a step when publishing version 37.0. Presumably this will be resolved shortly. If I visit the main Firefox download page, it tells me I’m using an older version of Firefox, and the download link definitely goes to Firefox 37.0.

Update 2015Apr02: According to sources on the official Firefox IRC channel, auto-updates for version 37 have been suspended while the developers look into a crashing problem being reported by some Windows 8 users.

Microsoft, Windows

More fun with names from Microsoft

Leave a comment

Microsoft sure likes to keep people confused, don’t they? Most recently, they decided to designate the next version of Windows ’10’ instead of the otherwise completely sensible ‘9’ (being as it comes after 8).

Now, there’s a new chapter in the saga of ‘what the heck should we call applications that use the goofy new Start screen in Windows?’ Originally these applications were called ‘Metro apps’, to match the name of the new UI, Metro. Then they started calling them ‘Windows 8-style apps’. Then ‘Modern apps’. Then ‘Windows Store apps’. And then ‘Universal apps’. As of today, Microsoft has changed their collective minds once again, and now these Windows applications will be known as: ‘Windows apps’.

It would be fun to tally up what is has cost Microsoft to come up with the idea of calling Windows applications ‘Windows apps’.

Internet, Internet crime, Malware, Security

Malvertising is a growing threat

1 Comment

If you’re not familiar with the term, you should be. ‘Malvertising‘ refers to the increasingly common tactic whereby malicious persons include exploit code within what otherwise appears to be legitimate, web-based advertising.

Over on eWEEK, a recent post (Why ‘Malvertising’ Has Become a Pervasive Security Risk) explains why Malvertising is a real and growing threat.

Organizations that provide advertising platforms – including Google – need to deal with this threat quickly. If they don’t, there’s likely to be a surge in users installing ad-blocking software in their browsers. I personally use and recommend NoScript, a browser plugin that blocks all Javascript (and Malvertising) by default.

Chrome, Google, Patches and updates

Chrome 41.0.2272.101 released

Leave a comment

On March 19, Google announced version 41.0.2272.101 of its Chrome web browser. The announcement doesn’t describe any changes, and only says that a ‘partial list of changes is available in the log’. The log is derived from the Git version control system used by Google to manage Chrome’s source code. As such, it’s difficult to parse for significant changes. It appears that only minor changes were made in Chrome 41.0.2272.101.

Firefox, Patches and updates, Security

Firefox 36.0.3 fixes two security bugs

Leave a comment

Two security vulnerabilities, discovered at the HP Zero Day Initiative Pwn2Own contest, have been fixed in Firefox 36.0.3.

As usual, there was no proper announcement for the new version. The release notes for 36.0.3 include changes made in previous versions, as you can see by comparing them to the release notes for 36.0.1. At least the changes specific to 36.0.3 are flagged as such.

The Security Advisories (aka Known Vulnerabilities) page now has a section for each version; the most recent changes are listed under the heading ‘Fixed in Firefox 36.0.3’.

Rants and musings on topics of interest. Sometimes about Windows, Linux, security and cool software.

Close

Ad-blocker not detected

Consider installing a browser extension that blocks ads and other malicious scripts in your browser to protect your privacy and security. Learn more.