{"id":6529,"date":"2017-02-06T20:30:32","date_gmt":"2017-02-07T04:30:32","guid":{"rendered":"http:\/\/www.palada.net\/index.php\/2017\/02\/06\/news-336\/"},"modified":"2017-02-06T20:30:32","modified_gmt":"2017-02-07T04:30:32","slug":"news-336","status":"publish","type":"post","link":"http:\/\/www.palada.net\/index.php\/2017\/02\/06\/news-336\/","title":{"rendered":"President Bannon Chrome Extension is a security problem, not a joke"},"content":{"rendered":"

Credit to Author: Michael Horowitz | Date: Mon, 06 Feb 2017 20:05:00 -0800<\/strong><\/p>\n

Pretending that Steve Bannon is really<\/em> the President was funny when Saturday Night Live did it on their opening bit. Then today, Business Insider wrote about a Google Chrome extension<\/a> that replaces every mention of “Trump” with “Steve Bannon” on all web pages. Funny? Not from a Defensive Computing perspective.<\/p>\n

Any extension that can change a specific word on every web page<\/strong> is inherently dangerous. Almost by definition, such an extension is spyware.<\/p>\n

Installing the President Bannon extension to the Chrome browser<\/p>\n

Sure enough, when you install the President Bannon extension<\/a> (above) it needs permission to “read and change all your data on the websites you visit.”<\/em> This is exactly what I wrote about last time (see Spyware on a Chromebook<\/a>).<\/p>\n

I am not claiming that the President Bannon extension is malicious. I have not looked at the source code or sniffed any traffic it may be sending. It’s dangerous nonetheless.<\/p>\n

First off, no software should have this much power. And, even if its merely a joke today<\/strong>, since Chrome extensions are automatically and silently updated, nothing stops it from becoming spyware tomorrow<\/strong>.\u00a0<\/p>\n

You might as well have someone from American Bridge (“A major Democratic-aligned super PAC” according to Business Insider) standing over your shoulder watching everything you do in the Chrome browser.<\/p>\n

The President Bannon Chrome browser extension<\/p>\n

It doesn’t help that the website of the software developer<\/a> says nothing at all about the extension and appears to have been abandoned.\u00a0<\/p>\n

Or, that the description of the extension, shown below, says nothing about what it actually does.<\/p>\n

Exposing Steve Bannon’s role in some of the most dangerous and unconstitutional actions taken by Trump’s Administration. A white supremacist is calling the shots in Donald Trump’s White House. This extension exposes Steve Bannon’s role in some of the most dangerous and unconstitutional actions taken by Trump’s Administration.<\/p>\n

Business Insider should stick to business and leave computers to us nerds.\u00a0<\/p>\n

http:\/\/www.computerworld.com\/category\/security\/index.rss<\/a><\/p>\n","protected":false},"excerpt":{"rendered":"

\n
\n

Pretending that Steve Bannon is really<\/em> the President was funny when Saturday Night Live did it on their opening bit. Then today, Business Insider wrote about a Google Chrome extension<\/a> that replaces every mention of “Trump” with “Steve Bannon” on all web pages. Funny? Not from a Defensive Computing perspective.<\/p>\n

Any extension that can change a specific word on every web page<\/strong> is inherently dangerous. Almost by definition, such an extension is spyware.<\/p>\n

\"presidentbannon.permissions\" Michael Horowitz<\/small>
\n

Installing the President Bannon extension to the Chrome browser<\/p>\n

To read this article in full or to leave a comment, please click here<\/a><\/p>\n<\/section>\n<\/article>\n","protected":false},"author":4,"featured_media":0,"comment_status":"closed","ping_status":"closed","sticky":false,"template":"","format":"standard","meta":{"colormag_page_container_layout":"default_layout","colormag_page_sidebar_layout":"default_layout","footnotes":""},"categories":[11062,10643],"tags":[4314,714],"class_list":["post-6529","post","type-post","status-publish","format-standard","hentry","category-computerworld","category-independent","tag-internet","tag-security"],"_links":{"self":[{"href":"http:\/\/www.palada.net\/index.php\/wp-json\/wp\/v2\/posts\/6529","targetHints":{"allow":["GET"]}}],"collection":[{"href":"http:\/\/www.palada.net\/index.php\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"http:\/\/www.palada.net\/index.php\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"http:\/\/www.palada.net\/index.php\/wp-json\/wp\/v2\/users\/4"}],"replies":[{"embeddable":true,"href":"http:\/\/www.palada.net\/index.php\/wp-json\/wp\/v2\/comments?post=6529"}],"version-history":[{"count":0,"href":"http:\/\/www.palada.net\/index.php\/wp-json\/wp\/v2\/posts\/6529\/revisions"}],"wp:attachment":[{"href":"http:\/\/www.palada.net\/index.php\/wp-json\/wp\/v2\/media?parent=6529"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"http:\/\/www.palada.net\/index.php\/wp-json\/wp\/v2\/categories?post=6529"},{"taxonomy":"post_tag","embeddable":true,"href":"http:\/\/www.palada.net\/index.php\/wp-json\/wp\/v2\/tags?post=6529"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}