Keep your browser extensions updated!

It is important to keep all software you use up to date. There are updates for a reason – most likely some of the code used was found to be vulnerable to attacks.

This past week, a popular extension was hijacked. The developer of the Web Developer for Chrome extension had his own account hijacked. The hijackers phished his Google account, then modified the code in his account and pushed it out to users. The version of Web Developer for Chrome that was pushed out is 0.4.9. You need to make sure you have the updated version 0.5 installed NOW!

The version the hijackers uploaded can force ads on pages, capture passwords, or other unreported problems. Consider changing passwords to pages visited during the time of the compromise. The date was August 2. The developer himself admits he fell for a phishing attack that started this. This effected over one million users.

The developer details the events in his blog. The bottom line is anyone can click on a bad link and it is important to have two-factor verification in place.

The Price to say “Buh-Bye Ads!”

Don’t you just love it when you go to a website and you have all these things pop up, music blaring, or you’re reading something and along comes an annoying ad blocking you. There are two sides to this. Some people make their living from these ads. But for the user, it’s no picnic.

Google has joined the Coalition for Better Ads. This coalition has guidelines that should be followed when designing ads for a website. They plan on building a new Chrome browser with this ad-blocking built in. It won’t block all ads and you may only get the most annoying ads from showing.

The up side: maybe you will see fewer annoying ads.
The down side: someone will be making money from this. On the Google post, they mention Funding Choices where publishers can show a customized messages to people who are using ad blockers on their browsers. They can either enable ads or pay for removing the ads on that site through a new Google Contributor program.

So how does Google Contributor work? You buy a $5 pass for a particular website. The site has a per-page fee of their choosing (some are $0.01 per page, some $0.03 per page.) Every time you visit a page without ads, it deducts from the pass. You can add or remove sites from your pass at any time. This is still in beta at this time. They plan the rollout some time in 2018.

Google Post about Ad Blocking
Google Contributor

New type of phishing attacks affecting browsers

The Victor crew came across an urgent matter. If your browser is Chrome or Firefox, be aware of a new phishing attack. An attacker can send you an email with a link to a malicious website. You could visit a site that will either infect your computer or make you think you are signing in with your credentials as they trick you into thinking you are accessing the correct site.

The people from Wordfence, a security plugin for WordPress found this last Friday, April 14, 2017. They set up a demo site to show what is happening. It is well worth it to check their article and see if you are affected and what to do. They have set up a demo using a medical site, epic.com, so you can test your browser and browser settings. You can visit their demo site here in Chrome or Firefox. To compare the demo site with the real site they faked for comparison, you can click here to visit the real site here.

This does not affect Windows or Safari browsers. Currently there is a fix for Firefox browsers. Here is what you do:

Open your Firefox browser
Type about:config in the address bar
Search for ‘puny’ (without quotes)
You should see network.IDN_show_punycode set for ‘false’
Double click it to make it ‘true’

Chrome currently does not have a fix for it.

Google phase-out

It seems every time you get used to something, it’s taken away! It has been announced recently that Google is going to phase out support for Chrome apps on Windows, Mac, and Linux over the next two years. They say existing apps will remain available and can still be updated. They are looking to simplify the Chrome browser. This includes both packaged and hosted apps.

Timeline:
Late 2016, newly-published Chrome apps will be available on Chrome OS. Existing Chrome apps will still be accessible.

In the second half of 2017, the Chrome Web Store will now longer show Chrome apps on Windows, Mac, and Linux. They will continue to have extensions and themes.

In early 2018, users will no longer be able to load Chrome apps.

Here are some examples of Chrome apps: https://web.appstorm.net/roundups/the-50-best-chrome-web-store-apps/

http://blog.chromium.org/2016/08/from-chrome-apps-to-web.html

The Victor crew

In the News …

The Victor crew found a few interesting articles this week:

For those who wondered why their laptops have gone through their battery so quickly, Microsoft has tested different browsers. With each browser, they browsed Facebook, YouTube, Wikipedia, and Amazon. Here’s what they found:
Microsoft Edge lasted 7 hours 22 minutes on Surface Book system
Chrome lasted 4 hours 19 minutes
Firefox lasted 5 hours 9 minutes
Opera battery-saving mode lasted 6 hours 18 minutes.

http://arstechnica.com/information-technology/2016/06/microsoft-claims-edge-can-offer-70-percent-better-battery-life-than-chrome/

There’s a new gadget that allows you to play your original Nintendo Gameboy cartridges on your phone. It costs $59 and works on Android phones now. iPhone versions will be out by December. It is made by Hyperkin.

http://www.coventrytelegraph.net/whats-on/whats-on-news/you-gameboy-new-gadget-helps-11496341

With smart home technology growing leaps and bounds, there are more entry points for hackers to try to get your information. One thing they are now attacking is smart TV sets. Most security options have been focused on computers and smartphones so TVs have been neglected thus far. This article has some steps you can take to help prevent this.

http://www.techtimes.com/articles/165859/20160620/how-to-protect-your-smart-tv-from-hackers-here-are-some-tips.htm

Do Not Track

Is “Do Not Track” being turned on in your browser helpful? That is what the Victor Crew wants to find out.

If you use Firefox, you will see under the privacy tab that there is checkbox to “Request that sites not track you”. When you click on Learn more, it will take you to this page: https://www.mozilla.org/en-US/firefox/dnt/

They qualify it by saying they offer a Do Not Track feature “that lets you express a preference not to be tracked by websites.” They go on to explain that it tells them you want to opt-out of behavioral advertising. This does not block ads, but it may change the type of ads you see. It may affect certain ways you view sites, like maybe the need to enter your zip code on a weather site.
Firefox do not track

In Chrome you can go to Settings and scroll down to click Show advanced settings and find it under Privacy there.
Chrome do not track

In Edge you will go to settings and go to Advanced settings and find it under the Privacy settings there.
Edge do not track

There are many sites that will honor this request, but there are many others that will choose to ignore it. We hardly think they will be honored by the likes of Facebook, Google, YouTube, Pandora, Netflix, LinkedIn for some.

The FCC has chosen not to enforce the requests in a major blow to Internet privacy for users in the past week as per a the Consumer Watchdog Petition to require the requests be enforced. http://transition.fcc.gov/Daily_Releases/Daily_Business/2015/db1106/DA-15-1266A1.pdf

Chrome OS and Android

Last week several sites reported that Chrome OS was merging with Android to make one system that will run on Chromebooks and Android devices.

Examples of the reports:
http://www.theverge.com/2015/10/29/9639950/google-combining-android-chromeos-report
http://www.engadget.com/2015/10/29/android-chrome-os-merger-coming-next-year/
http://www.wsj.com/articles/alphabets-google-to-fold-chrome-operating-system-into-android-1446151134

These rumors are not true. At least not to the extent they’ve been reported. Chrome OS will always be Chrome OS according to Google’s Chrome blog. In the article they say that Chromebooks are listed as the best-selling laptop computer on Amazon.com. They say they will keep developing Chromebooks and they will only get better over time.

Extra protection on your computer

The Victor crew found a program you can download to help protect you from exploits. There is a free version and a paid version from Malwarebytes called Malewarebytes Anti-Exploit. Once you download and install it, it will add some layers of protection to your browsers, browser add-ons and Java. The paid version will also shield some Microsoft Office programs (Word, Excel, and Powerpoint) and Media Players, and allow you to add and manage custom shields. The paid version costs $24.95/year and will cover 3 PCs.

This is not an anti-virus program, but will give real-time protection against vulnerable sites. It will protect Microsoft Internet Explorer, Mozilla Firefox, Google Chrome, Opera and others.

Malwarebytes Anti-exploit

Joe Victor

Apple Watches are too easy to steal and other news

What makes the Apple Watch so easy to steal? It doesn’t come with enough security. If a pick-pocket were to grab it, he can easily reset it and you’re dumb out of luck. There is no activation lock to keep someone from a major reset and taking it over.

Other News:

There were also reports of people easily drawing funds from bank accounts through refillable Starbucks accounts. Starbucks claims they weren’t hacked but rather hackers figured out users credentials and got into their accounts that way. Just another reason not to use public wi-fi.

If you are a Chrome user, there is a new plugin you can add to help you gain some more of your memory. In your browser that is. It is called The Great Suspender. I twill automatically suspend unused tabs. How many times do you have a bunch of tabs open? You can only look at one at a time. You can configure when it will suspend a tab or do it manually. All you have to do is click to reload a suspended tab. It’s worth checking out.

Tech news tidbits: FiOS, Chrome, Toyota

Jody‘s crew likes to stay up to date on some of the latest news in tech out there. Here are a few interesting finds:

Verizon FiOS – Upload speeds will now match download speeds. If you have 75mps download speed, you will now have 75mps upload speed as well. If you are enrolled in the MyRewards+ program, you will get your equalizing speeds sooner than those not enrolled. This will continue through the fall. Read about it here.

Google Chrome – Google is finally addressing a bug in its Chrome browser that eats up system resources. It seems to show more on laptops where resources are more noticeably affected by it. Rather than changing the rate of usage by what it’s doing, it stays clocked at the highest possible rate as long as it is open. Solution for laptop users – use a different browser.

Toyota – The newest Toyota Sienna minivan has an optional built-in microphone to amplify the driver’s voice through the speakers. It only works one way. It is called “Driver Speak Easy.” So “stop fighting or I’ll pull the car over” will be heard more readily! There are a some other new features on this minivan like a pull-down mirror so the driver can check on the kids without turning around, a Blue-ray entertainment system in the back.

Passwords and Chrome

If you are using Chrome and haven’t signed out of the browser, and you share your computer or your computer is stolen, then you have shared any passwords you have saved in the browser. Anyone can simply go to chrome://settings/passwords to view the passwords you have saved. There is no other security applied.

Unlike Firefox. You can set a master password that you have to enter before you can see the saved password. This adds a layer in Firefox’s security.

IE encrypts passwords and you can’t easily view them. You can download IE Passview to see them.

The bottom line is, if you share a computer or travel with your laptop, make sure you are logged out of all your browsers and logged out of the operating system. Make sure all user accounts are password protected.

~ Jody Victor