Safari to ape Firefox, go all-in on anti-tracking

Credit to Author: Gregg Keizer| Date: Tue, 20 Aug 2019 11:53:00 -0700

The WebKit project – the open-source initiative that generates code for Apple’s Safari browser – quietly announced last week that it would follow in Mozilla’s footsteps and quash tracking technologies designed to follow users across the web.

In a short message on Aug. 14, the WebKit team pointed to its new Tracking Prevention Policy, a document that spells out its plans in detail, including what types of tracking it will create and how it will deal with any side effects.

“We have implemented or intend to implement technical protections in WebKit to prevent all tracking practices included in this policy,” the document read. “If we discover additional tracking techniques, we may expand this policy to include the new techniques and we may implement technical measures to prevent those techniques.”

To read this article in full, please click here

Read more

Chrome, Firefox to expunge Extended Validation cert signals

Credit to Author: Gregg Keizer| Date: Thu, 15 Aug 2019 03:00:00 -0700

Google and Mozilla have decided to eliminate visual signals in their Chrome and Firefox desktop browsers of special digital certificates meant to assure users that they landed at a legitimate site, not a malicious copycat.

The certificates, dubbed “Extended Validation” (EV) certificates, were a subset of the usual certificates used to encrypt browser-to-server-and-back communications. Unlike run-of-the-mill certificates, EVs can be issued only by a select group of certificate authorities (CAs); to acquire one, a company must go through a complicated process that validates its legal identity as the site owner. They’re also more expensive.

The idea behind EVs was to give web users confidence that they were at their intended destination, that the site computerworld.com, for instance, was owned by its legal proprietor, IDG, and not a fishy – and phishy – URL run by It’s Crooks All the Way Down LLC and chockablock with malware. Browsers quickly took to the concept, rewarding EV-secured sites with in-your-face visual cues, notably the verified legal identity in front of the domain in the address bar. The identity was often shaded in green as an additional tip-off. (Chrome dismissed the green in September 2018 as of Chrome 69.)

To read this article in full, please click here

Read more

Mozilla blames 'interlocking complex systems' and confusion for Firefox's May add-on outage

Credit to Author: Gregg Keizer| Date: Fri, 26 Jul 2019 03:00:00 -0700

Mozilla has issued multiple after-action reports analyzing the major mix-up in May that crippled most Firefox add-ons. The reports also made recommendations for preventing similar incidents in the future.

The fiasco started just after 8 p.m. ET on Friday, May 3, when a certificate used to digitally sign Firefox extensions expired. Because Mozilla had neglected to renew the certificate, Firefox assumed add-ons could not be trusted – that they were potentially malicious – and disabled any already installed. Add-ons could not be added to the browser for the same reason.

To read this article in full, please click here

Read more

Mozilla to add password manager, hack alert to Firefox 70

Credit to Author: Gregg Keizer| Date: Tue, 23 Jul 2019 03:00:00 -0700

Mozilla plans bake its Lockwise password manager into Firefox 70, the upgrade now set to launch Oct. 22.

At the same time, the browser will also be more tightly integrated with Firefox Monitor, which will provide warnings to users when their saved passwords have been revealed by a data hack.

According to Firefox bug reports and project documentation, Lockwise will automatically record username-and-password pairs, generate complex passwords on demand, identify victimized accounts and instruct users to change any passwords that have leaked.

To read this article in full, please click here

Read more

9 steps to lock down corporate browsers

Credit to Author: Peter Wayner| Date: Tue, 23 Jul 2019 03:00:00 -0700

Everyone in the enterprise loves the web browser when it’s delivering news, email, documentation, and sales leads. With the shift to web apps, it’s arguably the most important installed software on any corporate desktop. But the internet is filled with people who aren’t nice — sometimes even dangerous — and the same browser can also bring viruses, rootkits, and worse. Even if the browser sits on a little-used desktop in a dusty corner with no access to sensitive information, an attacker can use the seemingly unimportant machine as a stepping stone.

Keeping your users’ browsers secure is essential. The browser companies work hard to block the attackers by sealing the back doors, side doors, and cracks in between, but that isn’t always enough. Some useful features have dark sides, and enterprises can increase security dramatically by shutting down or tightly limiting access to these options.

To read this article in full, please click here

(Insider Story)

Read more

Mozilla takes swipe at Chrome with 'Track THIS' project

Credit to Author: Gregg Keizer| Date: Thu, 27 Jun 2019 04:28:00 -0700

Mozilla this week touted Firefox’s anti-ad tracking talents by urging users of other browsers to load 100 tabs to trick those trackers into offering goods and services suitable for someone in the 1%, an end-times devotee and other archetypes.

Tagged as “Track THIS,” the only-semi-tongue-in-cheek project lets users select from four personas – including “hypebeast,” “filthy rich,” “doomsday prepper,” and “influencer” – for illustrative purposes. Track THIS then opens 100 tabs “to fool trackers into thinking you’re someone else.”

To read this article in full, please click here

Read more

Google asks Chrome users for help in spotting deceptive sites

Credit to Author: Gregg Keizer| Date: Wed, 19 Jun 2019 12:46:00 -0700

Google this week asked for help in identifying suspicious websites, offering users of its Chrome browser an add-on that lets them rat out URLs.

The Suspicious Site Reporter, which can be added to desktop Chrome, places a new flag-style icon on the top bar of the browser. “By clicking the icon, you’re now able to report unsafe sites to Safe Browsing for further evaluation,” Emily Schechter, a Chrome product manager, wrote in a Tuesday post to a company blog.

Safe Browsing is the name of the technology used by Google’s search engine, Chrome, Mozilla’s Firefox, Apple’s Safari, and Android to steer users away from sites that host malicious or deceptive content. On the back end, Google uses robots to scan the web and build a list of websites that host malware, harmful downloads or deceptive ads and pages. Software developers can then plug into an API to integrate this list into their own applications, something rival browser makers have done for years.

To read this article in full, please click here

Read more

A week in security (June 3 – 9)

Credit to Author: Malwarebytes Labs| Date: Mon, 10 Jun 2019 17:30:58 +0000

A weekly roundup of security news from June 3–9, including Magecart, breaches, hyperlink auditing, Bluekeep, FTC, and facial recognition.

Categories:

Tags:

(Read more…)

The post A week in security (June 3 – 9) appeared first on Malwarebytes Labs.

Read more

Mozilla makes anti-tracking the Firefox default

Credit to Author: Gregg Keizer| Date: Thu, 06 Jun 2019 12:43:00 -0700

Mozilla this week began to switch on an aggressive anti-tracking technology in Firefox that it has touted since 2015.

With a June 4 update to Firefox 67, Mozilla turned on Enhanced Tracking Protection (ETP) by default for new users. Existing customers simply updating their browsers may enable ETP themselves. The default-of-on will be extended to those users “in the coming months,” Mozilla said, apparently activating it in stages as a last-step quality control.

Mozilla also used the update to Firefox 67.0.1 to trumpet other privacy- and security-centric enhancements, including an add-on that brings its Lockwise password manager to the desktop browser and an improved Facebook Container, an extension designed to keep the social network behemoth from tracking users elsewhere on the web.

To read this article in full, please click here

Read more