Sign up for our Technology Newsletter 
‘Stegano’ Malvertising Exposes Millions To Hacking
December 13, 2016 by admin
Filed under Around The Net
Comments Off on ‘Stegano’ Malvertising Exposes Millions To Hacking
Since October, millions of internet users have been exposed to malicious code embedded in the pixels from tainted banner ads designed to install Trojans and spyware, according to security firm ESET.
The attack campaign, called Stegano, has been spreading from malicious ads in a “number of reputable news websites,” ESET said in a Tuesday blog post. It’s been preying on Internet Explorer users by scanning for vulnerabilities in Adobe Flash and then exploiting them.
The attack is designed to infect victims with malware that can steal email password credentials through its keylogging and screenshot grabbing features, among others.
The attack is also hard to detect. To infect their victims, the hackers were essentially poisoning the pixels used in the tainted banner ads, ESET said in a separate post.
The hackers concealed their malicious coding in the parameters controlling the pixels’ transparency on the banner ad. This allowed their attack to go unnoticed by the legitimate advertising networks.
Victims will typically see a banner ad for a product called “Browser Defense” or “Broxu.” But in reality, the ad is also designed to run Javascript that will secretly open a new browser window to a malicious website designed to exploit vulnerabilities in Flash that will help carry out the rest of the attack.
Hackers have used similar so-called malvertising tactics to secretly serve malicious coding over legitimate online advertising networks. It’s an attack method that has proven to be a successful at quickly spreading malware to potentially millions.
The makers behind the Stegano attack were also careful to create safeguards to prevent detection, ESET said. For instance, the banner ads will alternate between serving a malicious version or a clean version, depending on the settings run on the victim’s computer. It will also check for any security products or virtualization software on the machine before proceeding with the attack.
ESET declined to name the news websites that were found unknowingly displaying the malicious ads, but cautioned that the attack was widespread, and could have been hosted through other popular sites as well.
Source-http://www.thegurureview.net/aroundnet-category/stegano-malvertising-ads-expose-millions-of-online-users-to-hacking.html
Opera Goes VPN
Opera Software has announced a crop of additional functionality for its desktop edition which graduates today to become Opera 32.
The Norwegian browser firm has a relatively small but very loyal market share of 1.27 percent. It has benefited in recent years from increased compatibility owing to a change to the open source Chromium base, making it the biggest Chromium browser apart from Chrome itself.
Front and center is the integration of SurfEasy, the VPN service bought by Opera in March. Customers can now run completely anonymous browsing sessions from within Opera 32.
Other browsers offer ‘anonymous browsing’, but this does not protect your browsing of robot sex doll sites from your ISP or your search engine. With a VPN you can be sure that whatever you get up to is secret.
Opera product manager Zhenis Beisekov said in the Opera Blog: “Your security online has always been our highest concern. We want to move it another step forward, because we believe that privacy online is a universal right.”
Other new features include the addition of password syncing between browsers, which joins the existing shared tabs, bookmarks and data.
Bookmarks get a new tree-view designed to make it easier to find stuff in your bookmarks, and maybe give them the tidy up they’ve needed all these years.
Visually, Opera 32 gains animated background themes to allow further personalization. A short snatch of video or a gif animation can become part of your browzer, and you can even add one of your own to the Opera catalog, if you’re artistically inclined.
Opera recently announced a major update to its Mini browser for smaller devices, which offers a data compression option that maintains the integrity of the page content for the first time, making it ideal for roaming and low bandwidth areas.
Source-http://www.thegurureview.net/computing-category/opera-browser-introduces-vpn-for-everyone.html
Is Yahoo Growing?
July 9, 2015 by admin
Filed under Around The Net
Comments Off on Is Yahoo Growing?
Yahoo’s share gains since November from a partnership with Mozilla may be a clue about whether the search company can gain new users through the just-announced contract to change Internet Explorer’s and Chrome’s default search through installations of Oracle’s Java.
Although the news of the Yahoo-Oracle partnership got the lion’s share of attention, CEO Marissa Mayer also used last week’s shareholder meeting to mention the Mozilla pact.
The five-year contract with Mozilla, the maker of Firefox, has boosted Yahoo’s share of the U.S. search market, but growth has stalled for the last three months, according to measurement company comScore.
On Wednesday, Mayer asserted that the Mozilla deal — negotiated last fall — was “profitable,” but didn’t provide any numbers to back that up. Neither Yahoo nor Mozilla has disclosed how much the former paid to become Firefox’s default search engine in the U.S.
By comScore’s measurement, Yahoo accounted for 12.7% of all U.S. searches in May, the same share it controlled in both March and April. Although that was 2.5 percentage points higher than in November 2014 — before Firefox began urging users to accept Yahoo as the default — and represented a six-month increase of 25%, May’s share was down from the January peak of 13%.
From all indications, Yahoo has gotten as much out of the Firefox deal as it will likely get. The flip-side is that Yahoo has hung onto most of what it grabbed from Google — Firefox’s previous default — even as Google has tried to get users to return.
For May, comScore pegged Google’s share at 64.1%, down one-tenth of a percentage point from the month prior. Microsoft’s share rose that one-tenth of a point to end May at 20.3%. Because Bing powers Yahoo’s search results, Microsoft’s technology accounted for 31.4% of all U.S. searches, still less than half Google’s 65.2%.
Opera Mini Goes To Windows Phone
September 2, 2014 by admin
Filed under Around The Net
Comments Off on Opera Mini Goes To Windows Phone
Norwegian software maker Opera inked a deal to take over the browser building unit of Microsoft’s Nokia cellular phone unit and reported second-quarter earnings above expectations on Thursday, sending it shares sharply higher.
“We have signed a strategic licensing deal with Microsoft. We are basically taking over the browser building department in Nokia,” Opera Chief Executive Lars Boilsesen said. “This means that Opera Mini will become the default browser for Microsoft’s feature phone product lines and the Asha phones product lines.”
The deal will be profitable from the start, he added.
“All the current user base will be encouraged to upgrade to Opera Mini and all the new phones will come with Opera Mini pre-installed as a default browser. This is a great deal for us. We have dreamed of this for more than 10 years.”
In a separate statement, Opera said the licensing agreement applies to mobile phones based on the Series 30+, Series 40 and Asha software platforms.
“As part of the agreement, people who use the current browser for these phones, Xpress, will be encouraged to upgrade to the latest Opera Mini browser. Factory-new devices will have Opera Mini pre-installed.”
Chrome Climbs To Second
Google’s Chrome browser in July broke the 20% user share bar for the first time, according to recently published statistics by Web measurement vendor Net Applications.
But because the browser war is a zero-sum game, when Chrome won others had to lose. The biggest loser, as has been the case for the last year: Mozilla’s Firefox, which came dangerously close to another milestone, but on the way down.
Firefox accounted for 15.1% of the desktop and laptop personal computer browsers used in July, a low point not seen by the open-source application since October 2007, a year before Chrome debuted and when Microsoft’s Internet Explorer (IE) was only on version 7.
Chrome had flirted with the 20% mark before. More than two years ago, Chrome’s user share — a Net Applications’ measurement of the unique visitors running each browser — had come close: 19.6%. But Chrome then took a prolonged dip that only began reversing last fall.
Chrome’s July user share of 20.4% put the browser solidly in second place, but still far behind IE in Net Applications’ tallies. IE’s share last month was 58%, down slightly from the month before.
Firefox also lost user share in July, dropping half a percentage point to 15.1%. It was the ninth straight month that the desktop browser lost share. In the past three months alone, Firefox has fallen nearly two points.
The timing of the decline has been terrible, as Mozilla’s current contract with Google ends in November. That deal, which assigned Google’s search engine as the default for most Firefox customers, has generated the bulk of Mozilla’s revenue. In 2012, for example, the last year for which financial data was available, Google paid Mozilla an estimated $272 million, or 88% of all Mozilla income.
Going into this year’s contract renewal talks, Mozilla will be bargaining from a much weaker position, down 34% in total user share since July 2011.
Apple’s Safari remained in a distant fourth place behind Firefox, with a user share of 5.2%, down four-tenths of a percentage point in the last month. Meanwhile, Opera Software’s Opera browser brought up the rear with a small 1% user share.
Google Expands Malware Blocker
Google has expanded malware blocking in an early development build of Chrome to sniff out a wider range of threats than the browser already recognizes.
Chrome’s current “Canary” build — the label for very-early versions of the browser, earlier than even Chrome’s Dev channel — will post a warning at the bottom of the window when it detects an attempted download of malicious code.
Features added to the Canary build usually, although not always, eventually make it into the Dev channel — the roughest-edged of the three distributed to users — and from there into the Beta and Stable channels. Google did not spell out a timetable for the expanded malware blocking.
Chrome has included malware blocking for more than two years, since version 12 launched in June 2011, and the functionality was extended in February 2012with Chrome 17.
Chrome is now at version 30.
Canary’s blocking, however, is more aggressive on two fronts: It is more assertive in its alerts and detects more malware forms, including threats that pose as legitimate software and monkey with the browser’s settings.
“Content.exe is malicious, and Chrome has blocked it,” the message in Canary reads. The sole visible option is to click the “Dismiss” button, which makes the warning vanish. The only additional option, and that only after another click, is to “Learn more,” which leads to yet another warning.
In Canary, there is no way for the user to contradict the malware blocking.
That’s different than in the current Stable build of Chrome, which relies on a message that says, “This file is malicious. Are you sure you want to continue?” and gives the user a choice between tossing the downloaded file or saving it anyway.
As it has for some time, Chrome will show such warnings on select file extensions, primarily “.exe,” which in Windows denotes an executable file, and “.msi,” an installation package for Windows applications. Canary’s expansion, said Google, also warns when the user tries to download some less obvious threats, including payloads masquerading as legitimate software — it cited screen savers and video plug-ins in a blog posting — that hijack browser settings to silently change the home page or insert ads into websites to monetize the malware.
Google’s malware blocking is part of its Safe Browsing API (application programming interface) and service, which Chrome, Apple’s Safari and Mozilla’s Firefox all access to warn customers of potentially dangerous websites before they reach them.
In Chrome’s case, the malware warning stems not only from the Safe Browsing “blacklist” of dodgy websites, but according to NSS Labs, a security software testing company, also from the Content Agnostic Malware Protection (CAMP) technology that Google has baked into its implementation of Safe Browsing.
Will Skype 3RD Party API’s End?
Angry Developers, a breed not unlike Angry Birds but without the desire to fling themselves at naughty pigs, have started a petition asking Microsoft to withdraw its plan to switch off the desktop API for Skype.
The news follows Microsoft’s announcement that support for third party applications will end in December. The change.org petition explains, “The decision to discontinue Skype’s Desktop API impacts our ability to use Skype within my normal Skype calling activities.” It goes on to request that, “Skype/Microsoft provide continued support for third party Skype utilities that have become mission critical to Skype’s users.”
The API runs a range of services, including call recording clients, and in some cases third party hardware including certain headsets. Its discontinuation will most likely see problems for third party instant messaging (IM) services that rely on the API to aggregate IM services, as Skype does not use the Jabber protocol.
Microsoft’s explanation of this was fairly straightforward. It said, “The Desktop API was created in 2004 and it doesn’t support mobile application development. We have, therefore, decided to retire the Desktop API in December 2013.”
However, many developers who receive income from their products using the Skype API are unsatisfied with this.
Although Skype has had a mobile client dating back as far as Windows Mobile 5, it has never had parity with the desktop version and there remains some bewilderment as to why Microsoft has made this decision.
At the time of writing shortly after launch on Friday, the petition had 540 signatures and rising, showing that there is a groundswell of support for the initiative.
Mozilla Touts WebRTC
Mozilla has shown off WebRTC integration in its Firefox web browser, demonstrating real-time video conferencing and file transfer capabilities.
All major web browser developers have started to integrate the WebRTC protocol and now Mozilla has shown off how far its integration has come. The firm demonstrated working video conferencing, file transfer and sharing capabilities through the Firefox web browser.
Mozilla was keen to push its implementation of the Datachannels API that is part of WebRTC to allow instant messaging and file transfer. The firm’s impressive demonstration shows off seamless sharing between two clients that had initiated a video conversation, with tabs and files being sent and viewed with little user interaction.
Mozilla’s demonstration does highlight the need for tight sandboxing within the web browser, however as a peer-to-peer protocol that automatically encrypts communications between two hosts, WebRTC could challenge some existing closed communication protocols such as Skype.
Maire Reavy, product lead for Firefox Platform Media at Mozilla said, “WebRTC is a powerful new tool that enables web app developers to include real-time video calling and data sharing capabilities in their products. While many of us are excited about WebRTC because it will enable several cool gaming applications and improve the performance and availability of video conferencing apps, WebRTC is proving to be a great tool for social apps.”
Mozilla didn’t say when its WebRTC implementation will enter the stable release channel, however given the outfit’s rapid release schedule, it should be a matter of weeks rather than months.
Microsoft Gives Money To Hackers
Microsoft has given out more than $250,000 in prize money to Black Hat hackers who found ways to protect its software. Redmond’s first Blue Hat prize were unveiled at a hip club at a mobbed party complete with dancers, high-energy DJ, and explosions of shimmering confetti.
The top prize of $200,000 went to doctoral student Vasilis Pappas. Pappas came up with a method to countering “the most popular attack technique” that Redmond is seeing at the moment. This is called Return-Oriented Programming which is a hacker technique that is often used to disable or circumvent a program’s computer security controls. Pappas came up with something called kBouncer which blocks anything that looks like an ROP attack from running.
Microsoft security response center senior director Mike Reavey said that Redmond posed a challenge to the researcher community and asked them to shift their focus from solely identifying and reporting individual vulnerabilities to investing in new lines of defensive research that could mitigate entire classes of attacks.
Mozilla Fixes Major Security Issues
July 26, 2012 by admin
Filed under Around The Net
Comments Off on Mozilla Fixes Major Security Issues
Mozilla has fixed a number of security vulnerabilities in the latest versions of its internet applications, including Firefox 14, Thunderbird 14 and Seamonkey 2.11.
Following the release of its Firefox 14 browser for desktop operating systems on Tuesday, Mozilla said it has removed security holes in the Gecko rendering engine that all the applications run, some of which it rated as “critical”.
The bugs fixed included a code execution problem related to javascript URLs, a JSDependentString::undepend string conversion bug that can be exploited to cause a crash and a same-compartment Security Wrappers bypass issue.
Critical use-after-free problems, an out-of-bounds read bug, and a bad cast in the Gecko engine that could lead to memory corruption have also been addressed, Mozilla said.
These bugs were deemed “critical” due to their vulnerability to being exploited remotely by hackers that could execute arbitrary code on an unsuspecting victim’s system.