Send a Message
to seowbryan481

Comments

3

Joined

Jun 5, 2013

seowbryan481 Profile

Forums Owned

Recent Posts

Malicious browser extensions pose a serious threat by Mic...

http://www.compute rworld.co.nz/artic le/527577/maliciou s_browser_extensio ns_pose_serious_th reat_defenses_lack ing/?fp=16&fpi d=1 Malicious browser extensions pose a serious threat and defenses are lacking Although the number of malicious browser extensions has significantly increased in the past year many security products fail to offer adequate protection against them, while others are simply not designed to do so, according to a security researcher. Attackers have already used such extensions to perform click fraud by inserting rogue advertisements into websites or by hijacking search queries, but research has shown that this type of malware has the potential to cause much more damage. Last year Zoltan Balazs, an IT security consultant with professional services firm Deloitte in Hungary, created a proof-of-concept malicious extension that could be controlled remotely by an attacker and could steal authentication credentials, hijack accounts, modify locally displayed Web pages, take screenshots through the computer's webcam, bypass two-factor authentication systems and even download and execute malicious files on a victim's computer. And last week the European Union Agency for Network and Information Security (ENISA) warned in its midyear report: "An increase in malicious browser extensions has been registered, aimed at taking over social network accounts." Earlier this year Balazs investigated how various security products protect users against malicious browser extensions and presented his findings at the OHM2013 security conference near Amsterdam in August. He performed tests against browser security extensions, sandboxing software, Internet security suites, anti-keylogging applications and financial fraud prevention programs recommended by some banks. Many of these products either don't detect and block malicious extensions at all, or their protection can be bypassed, sometimes very easily, he found. Not all of the tested products claim to protect against malicious extensions, but Balazs said he tested them because some users might believe they do. For example, the NoScript security extension for Mozilla Firefox is designed to block plug-in content from executing without user authorization, and also blocks some Web-based attacks such as cross-site scripting or clickjacking. However, it doesn't protect against malicious browser extensions or local malware, Balazs said. BrowserProtect, another Firefox extension, claims to protect the browser against "homepage, search provider, extension, add-on, BHO and other hijacks." This extension also fails to protect against malicious extensions, the researcher said. Browser security extensions are not really trying to protect against malicious extensions and they wouldn't be able to because by design they run with the same privileges as those extensions, Balazs said. Balazs also tested Internet security suites from five top antivirus vendors that he declined to name. The level of protection they offered against malicious browser extensions varied from none to good. One of the tested products detected and removed the researcher's malicious Firefox extension, but he was able to bypass the detection signature by adding a single space character at a specific location in the extension's code.  (Sep 27, 2013 | post #1)

Micron Associates article code 85230508839

http://www.japanti mes.co.jp/opinion/ 2013/09/15/comment ary/chinas-net-cra ckdown-shows-fear- trumps-reform/#.Uj Y4uj_cNtg China’s Net crackdown shows fear trumps reform Say you are a Shanghai-based economist and doubt the veracity of China’s latest trade data. You put out a research report to that effect, one that creates buzz on the Internet and exposes you to something far worse than making a bad call: prison. Or say you are a photographer in Chongqing and circulate images of a politician who loves Rolexes. Bloggers begin buzzing about how a modestly compensated public official could afford a stable of $7,000 watches. You, too, may end up in handcuffs. What if overworked and underpaid Foxconn Technology Group workers churning out iPhones they can’t afford choose to vent online? How about an environmentally minded graduate student who questions the accuracy of Beijing’s air-pollution readings? Or a mother who lost a child in the 2008 Sichuan earthquake who complains in a blog post that repairs still look shoddy? Could all of these people get arrested? Yes, according to a new threat from Xi Jinping’s government: three-year jail terms for Web comments deemed defamatory. This isn’t happening in a place of George Orwell’s imagination, but in a country many still think is destined for world domination. China’s escalating war on free expression is unfolding in ways even the author of the classic 1949 novel “Nineteen Eighty-Four” couldn’t have dreamed up. It’s clear evidence that hopes Xi’s government would be serious about economic reforms are also fiction. Few expected Xi to be China’s Mikhail Gorbachev, but the president’s crackdown is particularly poorly timed. Markets are looking for Beijing to roll out a raft of reforms in November and were hoping for them to be bold — a big bang that would set the Chinese economy on a more sustainable growth path. Instead, the latest Internet rules signal timidity rather than strength: The government has clearly been taken aback by the explosion in online commentary on microblogging services such as Sina Weibo and is desperately trying to reassert its control however it can. A similar fear has resulted in a rollback of the campaign to clamp down on runaway credit growth — a refreshing sign of discipline that economists had cheered this summer. Li Keqiang, China’s reform-minded premier, can only go as far as Xi permits him, and the leash appears rather short. Despite Li’s pledge to rein in excesses, the broadest measure of new credit nearly doubled in August. The longer Xi and Li keep the loan spigot open, the longer state-owned enterprises will dominate. Their primacy is the biggest barrier both to China switching focus away from sweatshops toward services and to ending corruption. Similarly, policing the shadow-banking industry is key to avoiding a Japan-like debt crisis. Yet too many Communist Party power brokers are making tens of millions of dollars off state-dominated China Inc. Beijing lacks the political will to irk these cronies, let alone inflict pain on a restive population. Nothing would end this corrosive dynamic faster than a freer media and Internet. In May, a vice chairman of China’s economic planning agency lost his job after allegations of improper business dealings made the rounds among bloggers. This month, another official, Yang Dacai, got 14 years in jail after online photos of his pricey watches inspired a crowdsourcing investigation. That won’t be possible now that local cadres can aim politically motivated lawsuits at anyone with a camera and an IP address.  (Sep 15, 2013 | post #1)