WTF is GDPR?

 Within a matter of months, the General Data Protection Regulation will apply across the EU and business processing citizens’ data will need to be sure they’re compliant. We explain the major changes incoming and take a look at some possible impacts… Read More

Malicious Chrome extension is next to impossible to manually remove

Proving once again that Google Chrome extensions are the Achilles heel of what’s arguably the Internet’s most secure browser, a researcher has documented a malicious add-on that tricks users into installing it and then, he said, is nearly impossible for most to manually uninstall. It was available for download on Google servers until Wednesday, 19 days after it was privately reported to Google security officials, a researcher said.

Once installed, an app called “Tiempo en colombia en vivo” prevents users from accessing the list of installed Chrome extensions by redirecting requests to chrome://apps/?r=extensions instead of chrome://extensions/, the page that lists all installed extensions and provides an interface for temporarily disabling or uninstalling them. Malwarebytes researcher Pieter Arntz said he experimented with a variety of hacks—including disabling JavaScript in the browser, starting Chrome with all extensions disabled, and renaming the folder where extensions are stored—none of them worked. Removing the extension proved so difficult that he ultimately advised users to run the free version of Malwarebytes and let it automatically remove the add-on.

When Arntz installed the extension on a test machine, Chrome spontaneously clicked on dozens of YouTube videos, an indication that inflating the number of views was among the things it did. The researcher hasn’t ruled out the possibility that the add-on did more malicious things because the amount of obfuscated JavaScript it contained made a comprehensive analysis too time consuming. The researcher provided additional details in a blog post published Thursday.

Read 11 remaining paragraphs | Comments

SEC cools traders’ hot plans for cryptocurrency-based exchange traded funds

 The U.S. Securities and Exchange Commission has serious concerns about the securities industry’s plans to create exchange traded funds around cryptocurrency.
In a strongly worded letter to the heads of the Securities Industry and Financial Markets Association and the Investment Company Institute, the director of the division of investment management, Dalia Blass said that there were… Read More

Okta teams up with ServiceNow to bring identity layer to breach containment

 Okta and fellow cloud company ServiceNow got together to build an app that helps ServiceNow customers using their security operations tools find security issues related to identity and take action immediately.
The company launched the Okta Identity Cloud for Security Operations app today. It’s available in the ServiceNow app store and has been designed for customers who are using both… Read More

Spectre and Meltdown patches causing trouble as realistic attacks get closer

Applications, operating systems, and firmware all need to be updated to defeat Meltdown and protect against Spectre, two attacks that exploit features of high-performance processors to leak information and undermine system security. The computing industry has been scrambling to respond after news of the problem broke early a few days into the new year.

But that patching is proving problematic. The Meltdown protection is revealing bugs or otherwise undesirable behavior in various drivers, and Intel is currently recommending that people cease installing a microcode update it issued to help tackle the Spectre problem. This comes as researchers are digging into the papers describing the issues and getting closer to weaponizing the research to turn it into a practical attack. With the bad guys sure to be doing the same, real-world attacks using this research are sure to follow soon.

Back when initially releasing its Windows patch, Microsoft acknowledged incompatibilities with some anti-virus software. To receive the Meltdown and Spectre fixes, anti-virus software on Windows is required to create a special registry entry indicating that it’s compatible. Without this entry, not only are these patches blocked, but so too are all future Windows patches. Most anti-virus vendors should now have compatible versions of their products, but users with stale anti-virus software—expired trials or end-of-lifed products—are at this point much better off removing the third-party software entirely and using the built-in protection in Windows 8.1 and Windows 10.

Read 8 remaining paragraphs | Comments

Intel tried desperately to change the subject from Spectre and Meltdown at CES

 Intel had a bad week last week. It was so bad that the chip maker has to be thrilled to have CES, the massive consumer technology show going on this week in Las Vegas, as a way to change the subject and focus on the other work they are doing. For starters, CEO Brian Krzanich had to deal with the elephant in the room at the company keynote on Monday. Spectre and Meltdown patches were coming to… Read More

Russian hackers are targeting U.S. Senate email accounts

 According to a new report, the same group that hacked the Democratic National Committee actively targeted the U.S. Senate through the latter half of 2017. The revelation comes out of a new report from Trend Micro, a Japanese firm that has revealed similar phishing schemes taking aim at foreign governments in the past. Read More

Here’s how, and why, the Spectre and Meltdown patches will hurt performance

As the industry continues to grapple with the Meltdown and Spectre attacks, operating system and browser developers in particular are continuing to develop and test schemes to protect against the problems. Simultaneously, microcode updates to alter processor behavior are also starting to ship.

Since news of these attacks first broke, it has been clear that resolving them is going to have some performance impact. Meltdown was presumed to have a substantial impact, at least for some workloads, but Spectre was more of an unknown due to its greater complexity. With patches and microcode now available (at least for some systems), that impact is now starting to become clearer. The situation is, as we should expect with these twin attacks, complex.

To recap: modern high-performance processors perform what is called speculative execution. They will make assumptions about which way branches in the code are taken and speculatively compute results accordingly. If they guess correctly, they win some extra performance; if they guess wrong, they throw away their speculatively calculated results. This is meant to be transparent to programs, but it turns out that this speculation slightly changes the state of the processor. These small changes can be measured, disclosing information about the data and instructions that were used speculatively.

Read 47 remaining paragraphs | Comments