All posts in “hacking”

Here’s what every Chrome user should do in the wake of #Spectre

The new year kicked off with a bang on Jan. 3 when security researchers revealed two major software vulnerabilities that affect, to some extent, most types of computer processors on the planet. Laptops, desktops, Chromebooks, smartphones, and enterprise machines are all potentially at risk, theoretically allowing attackers exploiting what have been dubbed Meltdown and Spectre to steal your passwords and other sensitive data. 

And while the ultimate fix may be a costly hardware one, there are steps you can take today to at least mitigate your risk. If you’re a Chrome user in particular, Google has one very specific recommendation for protecting against Spectre.

Now here’s the rare dash of good news: It’s super easy to implement. 

Buried within Google’s lengthy (and informative!) blog post on its response to Spectre (Variant 1 and 2) and Meltdown (Variant 3) is a link to a page listing the “mitigation status” of affected products. Essentially, this page lists out all the Google services that are at risk, and what steps the company has taken to address that risk. In some cases, it includes stuff you have to do yourself.

Notably, this doesn’t mean that doing these things will 100 percent protect you, but, taken in the aggregate, they represent a line of defense against some seriously big security holes. 

This is where we come back to Chrome, and a little something called Site Isolation. According to The Chromium Projects, and this gets technical pretty quickly, “[Site Isolation] makes it harder for untrusted websites to access or steal information from your accounts on other websites.”

That sounds good, especially considering that a Google spokesperson told Mashable via email that “Variant 1 (Spectre) can be used in Javascript to pull secrets from a user’s browser, by attacking the process memory of the browser.”

[embedded content]

“The Site Isolation protection loads each individual remote website in a separate process,” continued the spokesperson. “By doing so, if a user runs into an attack from a bad site, the process memory for the site the user is trying to reach is unavailable to be attacked. That way, your login secrets for one site cannot be stolen by another.”

This is definitely a welcome additional layer of security. So, how to enable it? In Chrome, go to chrome://flags/#enable-site-per-process and click “enable” on “Strict site isolation.” You’ll need to restart your browser, but otherwise that’s it.

Pretty simple, right?

We also reached out to Google to determine if this will have any adverse affects on your browsing experience — say, reduced speeds — and were pleased to hear that we shouldn’t really worry about that. 

“The performance loss for Chrome specifically should be negligible,” the spokesperson assured us. 

So, yeah, download all your patches and enable Site Isolation on Chrome. Your data will thank you. 

This story has been updated with additional comment from Google. 

Https%3a%2f%2fvdist.aws.mashable.com%2fcms%2f2017%2f12%2fe76fcdc4 ed41 036e%2fthumb%2f00001

Google says it’s got your back on major CPU vulnerability

On it.
On it.

Image: NurPhoto/Getty Images

Two newly disclosed processor vulnerabilities threaten the security of devices around the globe, but Google is here to tell you that it totally has your back. Well, for one of them, at least. 

The Mountain View-based company explained Wednesday on its security blog that it’s been aware of the risks posed by the “speculative execution” vulnerability for some time now, and has been working to fix potentially at-risk systems.

“As soon as we learned of this new class of attack, our security and product development teams mobilized to defend Google’s systems and our users’ data,” Google explained in the blog post. “We have updated our systems and affected products to protect against this new type of attack.”

Someone exploiting this bug could theoretically steal passwords and other sensitive data off a computer. In other words, it’s bad. 

Importantly, it appears the Google blog post specifically addresses the vulnerability dubbed Spectre, and not necessarily Meltdown. Thankfully, however, Meltdown patches do exist — Microsoft, for example, already issued one. 

[embedded content]

Google helpfully published a detailed list noting “affected Google products and their current status of mitigation against CPU speculative execution attack methods.” It includes steps that the company has already taken, and has suggestions for users of various products like Chrome (and you should probably heed the company’s security advice).

A few of the highlights: Updated Android devices (because this threatens mobile too) are protected, as are fully updated and supported Nexus and Pixel devices. You also don’t need to stress about Gmail or G Suite.

If you use the Google Cloud Platform, though, you might have some work to do on your end. 

Either way, Google clearly wants you to know that even if everything is totally messed up in the world of cybersecurity, it’s still looking out for you.  

Https%3a%2f%2fblueprint api production.s3.amazonaws.com%2fuploads%2fvideo uploaders%2fdistribution thumb%2fimage%2f82586%2ff7a1eda3 f82d 475d 9236 4c64b475f4c8

Russian hacking group Fancy Bear targets hundreds of journalists

The "Kyiv Post"newsroom has been targeted by Russian hacking group Fancy Bear.
The “Kyiv Post”newsroom has been targeted by Russian hacking group Fancy Bear.

Image: Volodymyr Petrov/AP/REX/Shutterstock

The Russian hackers behind Hillary Clinton’s leaked emails are still at it. This time, Fancy Bear is being accused of targeting hundreds of journalists

The Associated Press found at least 200 journalists have been part of a long-term attack dating back to at least mid-2014. The most recent hacks happened just months ago.

The list AP obtained from cybersecurity firm Secureworks included 50 New York Times journalists, a Washington Post columnist, and a Daily Beast reporter. Along with U.S. journalists, other major hack attempts were focused on the Kyiv Post and other media members in Ukraine and Russia.

After diplomats and U.S. Democrats, journalists were the largest group targeted.

Fancy Bear is accused of hacking the Democratic National Committee, which led to the leaking of Hillary Clinton’s emails. 

The aim of the recently exposed hacking campaign was to discredit the media with compromising information found via email. 

Journalists globally told the AP how phishing emails had been coming in for years in an attempt to break into networks and gain access to sources and information. It’s believed the hacks came from Fancy Bear.

President Donald Trump was hesitant to blame the Russians for the DNC hack. Let’s see what he says when they attack the news media. 

Https%3a%2f%2fvdist.aws.mashable.com%2fcms%2f2017%2f12%2fe76fcdc4 ed41 036e%2fthumb%2f00001

Learn how to use hacking techniques for good by taking this online class

Image: Pexels

Breeched security, fraudulent charges, and compromised data — let’s face it: Hacking doesn’t have a good reputation.

But what you probably didn’t know is people can use their knack for slipping through the web’s tiniest cracks for good, not evil. Ethical hacking exists, whether you’re beefing up a site’s security or detecting foul play on the deep web. 

Want to learn how to hack — ethically, of course? You might want to give this online course about hacking a try.

In order to know how to ethically hack, you need to understand how these smooth criminals infiltrate seemingly secure sites — and this bundle can get you started. With eight courses and more than 67 hours of content, The Ultimate White Hat Hacker 2018 Bundle teaches you how hackers worm their way into Wi-Fi networks, phones, apps, and more.

Once you’ve mastered the hacking basics, you’ll learn how to use those skills for good with platforms like WAPTP v3.1 and Kali Linux, as well as tools like Wireshark, Tcpdump, and Syslog to patrol your network. By the end of the bundle, you’ll know how to monitor your networks, detect hackers, and keep vital information safe from unwanted eyes. 

We love a good deal as much as the next person, but we have to admit picking your own price is far better than any discount. For the next few days, you’ll be able to pay what you want for this bundle. If you beat the average price, you’ll gain lifetime access to all eight courses. Want to pay less? You’ll still walk away with a few great courses from the bundle for a little as a $1. Either way, this deal should not be missed.