Silensec Newsletter

Friday, 28 August 2015

Google makes it official: Chrome will freeze Flash ads on sight from Sept 1

Google is making good on its promise to strangle Adobe Flash's ability to auto-play in Chrome. The web giant has set September 1, 2015 as the date from which non-important Flash files will be click-to-play in the browser by default – effectively freezing out "many" Flash ads in the process.

Netizens can right-click over the security-challenged plugin and select "Run this" if they want to unfreeze an ad. Otherwise, the Flash files will remain suspended in a grey box, unable to cause any harm nor any annoyance. Back in June, Google warned that, in cooperation with Adobe, it would change the way Flash material is shown on websites. Read more...

Ashley Madison: 'Suicides' over website hack

Two individuals associated with the leak of Ashley Madison customer details are reported to have taken their lives, according to police in Canada. The police in Toronto gave no further information about the deaths. Ashley Madison's Canadian parent company Avid Life Media is offering a C$500,000 (£240,000) reward for information on the hackers, they added.

Details of more than 33m accounts were stolen from the website, which offers users the chance to have an affair. Read more...

Hackers Finally Post Stolen Ashley Madison Data

Hackers who stole sensitive customer information from the cheating site AshleyMadison.com appear to have made good on their threat to post the data online.

A data dump, 9.7 gigabytes in size, was posted on Tuesday to the dark web using an Onion address accessible only through the Tor browser. The files appear to include account details and log-ins for some 32 million users of the social networking site, touted as the premier site for married individuals seeking partners for affairs. One analysis of email addresses found in the data dump also shows that some 15,000 are .mil. or .gov addresses. Read more...

Jeb Bush: encryption makes it too hard to catch "evildoers"

You can count Republican presidential candidate Jeb Bush on the side of the FBI and the NSA, and against strong encryption.

Bush, the former governor of Florida, said Tuesday that "If you create encryption, it makes it harder for the American government to do its job - while protecting civil liberties - to make sure that evildoers aren't in our midst." Read more...

Facebook hands hackers $100k for breaking browsers

Four researchers have scored US$100,000 from Facebook for revealing 11 bugs affecting platforms including the Chrome and Firefox browsers using novel vulnerability discovery methods.

"We all benefit from this kind of work—a large part of why Facebook has been successful in serving nearly 1.5 billion people is because we have been quick to introduce and adopt categories of systems and frameworks that prevent whole classes of vulnerabilities at once," Papagiannis says in a statement. The hacks are detailed in the paper Type Casting Verification: Stopping an Emerging Attack Vector (PDF) in which the quartet offered a #tool to help detect the bad-casting and type-confusion holes. Read more...

Lenovo Caught Using Rootkit to Secretly Install Unremovable Software

Two years ago Chinese firm Lenovo got banned from supplying equipment for networks of the intelligence and defense services various countries due to hacking and spying concerns. Earlier this year, Lenovo was caught red-handed for selling laptops pre-installed with Superfish malware. One of the most popular Chinese computer manufacturers ‘Lenovo’ has been caught once again using a hidden Windows feature to preinstall unwanted and unremovable rootkit software on certain Lenovo laptop and desktop systems it sells. The feature is known as "Lenovo Service Engine" (LSE) – a piece of code presents into the firmware on the computer's motherboard. Read more...

Silensec Newsletter