security

Google has revealed a security flaw with the Microsoft Edge browser before Microsoft released a patch. It's a controversial move with arguments across both the tech and security industries. The flaw in question is somewhat complicated. In very ... simplified terms, the flaw is to do with how Microsoft Edge converts website code into what users see on their computer screen when visiting a website. Google realized that it could work out precisely when the browser would access part of the computer's memory and use this knowledge to effectively set a booby trap. That could then force the computer to ... (view more)

A security firm says four malicious extensions for Google Chrome were downloaded a total of more than half a million times. It's asking why Google's vetting process didn't weed the malware earlier. Extensions in Chrome are similar to add-ons for ... other browsers - namely, third-party tools that improve the web browsing experience. Common examples include ad-blockers, password managers and tools for downloading videos from web pages (such as Youtube). Because extensions have some level of access to a user's Internet data (and even some control over their browsing), Google has some security ... (view more)

A security company has released its list of the worst passwords of 2017. As always with this annual survey, it tells us more about culture than security practices. The list comes from SplashData, which compiles the rankings based on how many times ... particular passwords appears in leaked lists of user databases (mainly among English language users). The survey this year totaled more than five million passwords, though it's worth noting the company deliberately excluded leaks of passwords from adult sites. (Source: cnet.com ) The most common are hardly any surprise with "123456" beating out " ... (view more)

Infopackets Reader Jerry K. writes: " Dear Dennis, I've read that the Windows 10 free upgrade ends at the end of this year. I have Windows 7 on my main PC and and my wife has Windows 8 on her laptop. In all, I find Windows 7 easier to use. Can we ... continue using Windows 7 and 8 indefinitely? Can you give me a few good reasons why I should get the free upgrade? " My response: I have been receiving a lot of questions lately similar to this, so I will try and answer this as best I can. First let's address your first question: no, you cannot continue using Windows 7 or 8 indefinitely (at least, ... (view more)

Three Americans have plead guilty to hijacking more than 100,000 internet-connected devices. The group of infected machines (known as a "botnet") was then used to attack websites using a distributed denial of service attack (DDoS) to make websites ... unavailable. While most DDoS attacks are carried out on PCs, this attack in particular targeted weaknesses in smaller devices that use the Internet. This included routers, digital video recorders and wireless cameras. That's a significant point, as the tech security community has generally treated security flaws in such devices as a lower ... (view more)

A key security feature in Windows doesn't work as planned. It's not a vulnerability in itself, but means that hackers who find bugs in software are much more likely to be able to do damage. The problem is with Address Space Layout Randomization ... (ASLR). It deals with the way a computer organizes different programs in memory. As an analogy, it's like organizing vehicles of different sizes and makes in a parking lot. Most operating systems support ASLR, which means that when a program starts up and needs to use the computer's memory, it's assigned a random location. In the analogy, think of cars ... (view more)

More than 400 leading websites could be compromising user security by collecting everything the user types - whether or not the user is aware. A Princeton University study also found the collected information was not always adequately protected and ... anonymized. The problem highlighted by the study was the use of third-party tools that website owners can use to find out more about how people navigate their site. These tools often track precisely where the user moves a mouse cursor along with information they type in, even if they then delete it. In principle these "session replay" tools can be ... (view more)

One of the key security protections in WiFi has a serious vulnerability, a researcher has revealed. The exploit has to do with the protocol "WPA2" - currently considered the most secure protocol commonly used on WiFi routers and hotspots. Here's ... what you need to know about the WPA2 exploit. What's the problem and what does it affect? Security researcher Mathy Vanhoef has published a demonstration for what he's called "KRACKs," short for key reinstallation attacks. That's a way of exploiting a weakness in WPA2 (WiFi Protected Access II), the security system that is most ... (view more)

Yahoo has admitted that a hacking incident in 2013 affected three billion user accounts. That's three times more than it originally disclosed and means every account was affected. The incident was one of two Yahoo hacks revealed last year. The ... first, announced in September, involved 500,000 accounts being hacked in 2014 . The second, announced in December, was said to have involved a hack of a billion accounts in 2013 . It's the 2013 attack that Yahoo now says it believes "all Yahoo user accounts were affected." It's keen to stress that it only recently discovered that the number was bigger ... (view more)

Around 465,000 pacemakers have been 'recalled' over hacking fears. However, the St Jude Medical brand devices will be patched with a software update rather than removed and replaced. The pacemakers are radio controlled to allow doctors to alter the ... specific rhythm they aim for when regulating a heart beat. This radio control means doctors can adjust to the patients changing needs without the need to remove the pacemaker for alterations. That's important as the surgery for such a removal is inherently risky. No Signs Of Hack Attacks While the precise details haven't been revealed for obvious ... (view more)