Chrome, Firefox, Internet Explorer, Privacy, Security

Web browsers can reveal browsing history

Leave a comment

Chrome, Firefox and Internet Explorer can be tricked into revealing your browsing history by unscrupulous web site owners.

The new vulnerability is similar to one that was discovered, then patched, in the major browsers several years ago. The new technique uses a different approach to accomplish the same thing.

Browser developers are working on fixes for this vulnerability, but in the meantime, anyone concerned about their browser history potentially being revealed should get into the habit of clearing their history frequently. Alternatively, you could switch to a privacy-oriented browsing solution such as the Tor Browser Bundle.

Internet crime, Malware, Security, Spam and scams

Gameover botnet targeted in takedown effort

Leave a comment

An international law enforcement project to disrupt the Gameover botnet is underway.

Gameover, aka Gameover Zeus or GOZ, is currently installed on up to a million computers worldwide. The botnet is rented out for malicious purposes, including harvesting private information, sending spam email, denial of service (DoS) attacks, extortion, and distribution of various kinds of malware, including the awful CryptoLocker [1,2] ransomware.

This effort to disrupt GOZ has already been very successful: the botnet’s owners are no longer able to control clients. As for Cryptolocker, newly-infected machines can no longer communicate with their controlling servers, which means they are safe, at least for now. Infected machines that are already encrypted are not affected and must still pay the decryption ransom or lose all encrypted information.

Brian Krebs provides additional details on his Krebs on Security blog.

Update 2014Jun09: Brian Krebs has a behind-the-scenes look at what went into this takeover. To this point, the takeover seems to have been 100% effective, but the botnet developers may have more moves left.

Opera, Patches and updates

Opera 22 released

1 Comment

Yesterday another new version of the Webkit-based Opera browser was announced.

Opera 22.0.1471.50 introduces a new update process (on Windows computers) that is apparently completely silent: it updates Opera without any interaction from the user. A variety of stability and other issues were also fixed in the new version. For a complete list of what’s changed since version 21, see the official change log.

Sadly, there’s still no sidebar in Opera 22.

Microsoft, Patches and updates, Windows XP

Not recommended: tricky way to obtain Windows XP updates

Leave a comment

Someone recently discovered that it’s possible to trick Windows Update into providing updates for Windows XP.

Recall that even though Microsoft has stopped issuing updates for Windows XP to the general public, they are actually still developing updates – for paying customers.

The trick for obtaining updates for Windows XP involves changing a setting in Windows that makes Windows Update think that it’s actually running a variant of Windows XP that’s still supported, namely ‘POSReady 2009’.

There are all kinds of problems with this, starting with the likelihood that Microsoft will find a way to stop it. In short, if you’re desperate to keep running Windows XP and you want to install the available updates, and you’re willing to take the risk of totally messing up your system, it might be worth a try. But I seriously cannot recommend it.

Update 2014Jun04: For those of you who can’t resist the temptation to try this, the procedure is outlined in this betanews.com blog post.

Internet, Privacy, Security, Tools

Tools to reduce browser-based tracking

Leave a comment

The search engine DuckDuckGo has received a lot of attention because of its attitude towards user privacy. Unlike Google, DuckDuckGo doesn’t store your search queries. Their motto is ‘The search engine that doesn’t track you.’

Not everyone cares whether their online activities are tracked. But for those who do, DuckDuckGo’s Fix Tracking! page is an excellent source of information. Once you’ve selected your web browser, you’ll be presented with a list of tools and techniques that can help to reduce the amount of tracking that is done when you use that browser.

The Fix Tracking! page also contains a section describing Common Tracking Methods. Recommended reading.

Microsoft, Patches and updates, Security

New service from Microsoft: myBulletins

Leave a comment

On Wednesday, Microsoft announced myBulletins: a new web-based service that allows users to keep track of updates.

The service provides a centralized view of all Microsoft bulletins that can be customized to show only products in which you are interested. The resulting list can be further searched, filtered, and sorted. Once you customize myBulletins, it’s a handy way to see all Microsoft bulletins in one place without a lot of clutter.

To use myBulletins, you need a free Microsoft account.

Privacy, Security, Windows

Stop using TrueCrypt

Leave a comment

Before Microsoft started including whole-disk encryption in Windows (with Bitlocker in Vista), the best solution was TrueCrypt.

Now, according to its developers, TrueCrypt is no longer secure and should not be used. Development has been shut down and users are being instructed to use something else.

There is a lot of speculation about what’s going on. Recent revelations about security solutions being compromised by the NSA led one group to undertake a complete audit of TrueCrypt. It’s not much of a stretch to imagine that this audit prompted TrueCrypt’s shutdown. If the NSA inserted a back door into TrueCrypt, the software’s developers might want to keep that a secret. On the other hand, the audit continues, regardless of TrueCrypt’s status.

Anyone using TrueCrypt is strongly encouraged to switch to something else, like Bitlocker.

Internet

Atos still using email, despite CEO’s bluster

Leave a comment

Back in 2011, the CEO of Atos expressed his frustration with the amount of time his employees were spending on email, and promised to eliminate email from the company within three years.

Fast-forward three years, and the Contact page on the Atos web site still sports email addresses. Not as easy as you thought, right? Maybe that’s because email has distinct advantages over other forms of online communication. In particular, email is far less likely to be overlooked by the recipient, than, say, a Facebook post.

Update 2022Oct14: Atos is still using email.

Rants and musings on topics of interest. Sometimes about Windows, Linux, security and cool software.

Close

Ad-blocker not detected

Consider installing a browser extension that blocks ads and other malicious scripts in your browser to protect your privacy and security. Learn more.