Your Browser's Autofill Data Can Be Phished, Here's How to Stay Safe

1 Share

The autofill systems in browsers like Google Chrome, Safari, and Opera, as well as plugins like LastPass, can be easily tricked into giving away your information on web pages. Here’s how you can keep your personal information secure.

Viljami Kuosmanen, a Finnish web developer and hacker, recently discovered the exploit and shared an example of it in action on GitHub. Basically, a phishing site will have text boxes where you enter some very basic information, like an email address or first name. But when you use your browser’s autofill system to fill out those boxes, the site uses hidden text boxes to collect additional autofill information you don’t realize you’re giving away. That information could be your home address, phone number, and even your credit card info.

Here’s the phishing exploit in action via Viljami Kuosmanen.

If you want to stay safe, you should always avoid sharing personal information and using utilities like LastPass on web sites you’re not completely sure of. Or you can turn off autofill completely in your browser of choice: 

  • In Chrome, click the three-dot “More” button in the top right > Settings > Show advanced settings > then uncheck “Enable Autofill to fill out web forms in a single click” under “Passwords and forms.”
  • In Safari, go to Preferences > AutoFill > deselect all types of information you want Safari to automatically fill in.
  • In Opera, click the Opera button, go to Settings > Privacy & security > scroll down to “Autofill” > uncheck “enable auto-filling of forms on webpages.”

Mozilla Firefox is currently immune to this phishing exploit because it doesn’t have a multi-box autofill system yet. You can learn more about the exploit at the link below.

Browser Autofill Phishing | GitHub via The Guardian

Read the whole story
Share this story
Delete

This Phishing Scam Is Targeting Gmail Accounts by Posing as Your Contacts

1 Share

You might think you're tech-savvy enough to spot a fake email from a scammer pretending to be PayPal or eBay, but what about one coming from a familiar contact? And what if the message attached read just like something sent from a real person? That's exactly what a new email phishing scam is doing to unassuming Gmail users, according to Boing Boing.

The attack, which was initially reported by Wordfence, comes in the form of an email from a user who has already been compromised by this scheme. The email will come from a familiar address in your contacts, complete with an attachment (an image or link) to click on. Some of these emails are even designed to look like replies to previous emails to your contacts, making it even harder to spot the scam right away.

Once you click on this attachment, you'll be sent right back to your Gmail sign-in screen. This could all sound suspicious already, except for the fact that in the URL for the sign-in screen, you'll see "accounts.google.com." It won't be the real Google sign-in screen (there is other extraneous URL text that confirms that) but if you're in a rush, or just unfamiliar with what it should read, it's easy to assume you just have to re-input your login info. And that's where they get you.

After that login information is entered, the hackers will now have your information, and they are ready to do the whole thing over again to one of your contacts. Wordfence has an account of how this all works:



“The attackers log in to your account immediately once they get the credentials, and they use one of your actual attachments, along with one of your actual subject lines, and send it to people in your contact list.

For example, they went into one student’s account, pulled an attachment with an athletic team practice schedule, generated the screenshot, and then paired that with a subject line that was tangentially related, and emailed it to the other members of the athletic team.”

Twitter user Tom Scott posted a screenshot of what to look out for if you're ever mysteriously propositioned to log back into your Google account for no apparent reason after clicking on an attachment:

In the URL, you can see "data:text/html….." at the front, which shouldn't be there. And if you scroll (a lot) past the text in the address bar, eventually you'll come across even more funky code. At that point, get out of dodge and change your login info for good measure.

[h/t Boing Boing]

January 14, 2017 - 5:00am
Read the whole story
Share this story
Delete

Bypass Amazon's $25 Add-On Minimum With Alexa

1 Share

Amazon’s $25 minimum on their add-on items can be a bit of a bummer when you’re just trying to order something small, but How-To Geek points out you can use an Amazon Echo to get around that.

Read more...

Read the whole story
Share this story
Delete

Likely Pick For Next FCC Chair Thinks Net Neutrality’s “Days Are Numbered”

1 Comment and 3 Shares

The FCC has approved a significant number of major pro-consumer rules in the last few years. Most, however, were contentious within the Commission, and passed on a 3-2 margin. One of the two reliable dissenters, commissioner Ajit Pai, is now on deck as the likely inheritor of the Chairman’s seat when President-Elect Donald Trump’s administration comes to power in January — and he’s already hoping to do away with some of the FCC’s recent rules.

At the top of the stack is 2015’s Open Internet Rule, better known as net neutrality. The Commission voted in February, 2015 to reclassify broadband as a Title II communications service, which gave the commission authority to impose rules that all internet traffic has to be treated equally, without throttling, blocking, or charging by source or type.

Industry players, led by AT&T, filed suit almost immediately (in legal time, anyway) to have the rule overturned. However, after hearing oral arguments last December, in June of this year the U.S. Court of Appeals for the D.C. Circuit sided with the FCC, and upheld the rule — reclassification and all.

As far as commissioner Pai is concerned, however, this is a mistake.

Speaking at a luncheon before the Free State Foundation this week, Pai spoke to the need for the FCC to scale back and, essentially, stay in its lane by “[respecting] the limits that Congress has placed” on its authority.

In his remarks [PDF], Pai spoke against several specific FCC rules and also against broad regulation in general.

“In the months to come, we need to remove outdated and unnecessary regulations,” he said. “We need to fire up the weed whacker and remove those rules that are holding back investment, innovation, and job creation.”

More: Did Net Neutrality Kill Broadband Investment Like Comcast, AT&T, and Verizon Said It Would?

Net neutrality was a particular topic of concern for Pai. He quoted a member of Free State (the organization where he was speaking) on the topic of analyzing regulation: “Does the regulation address a market failure or systemic problem? If it does, how does it correct the perceived market failure? And do the benefits of the regulatory solution outweigh the costs of imposing new regulatory requirements?”

If the harms are not already proven to have occurred, Pai argued, then the FCC has no business regulating — even if it seems to reasonable observers that they could, might, or probably will occur.

“Proof of market failure,” Pai said, “should guide the next Commission’s consideration of new regulations. And the FCC should only adopt a regulation if it determines that its benefits outweigh its costs.”

At the time the FCC voted to adopt the measure, Pai prophesied that “its days are numbered.” And although the appeals court didn’t make that happen, a still-hypothetical Pai tenure at the FCC could.

“Today, I am more confident than ever that this prediction will come true,” Pai said. “And I’m hopeful that beginning next year, our general regulatory approach will be a more sober one that is guided by evidence, sound economic analysis, and a good dose of humility.”

Pai did not specify in this speech what might be able to count as “evidence,” however.

He also hopped on his favorite hobby horse, process reform. Pai has frequently — in both FCC proceedings and Congressional review hearings — voiced his displeasure with the method by which the FCC proposes and votes on regulation.

“It is time to bring more openness and transparency, to the FCC,” Pai said. “We also need to let the American people have more information about our agency’s operations. From publicly releasing the text of documents we vote on at public meetings to establishing an FCC Dashboard with key performance metrics, we can better enable to the public to know what and how we are doing.”

Commissioner Michael O’Rielly, the other reliable dissenter on the FCC’s recent pro-consumer rules, also spoke at the event.

He, too, put a bullseye on net neutrality in his remarks [PDF].

At the top of O’Rielly’s agenda under the new administration? “Undoing harmful policies,” and, you guessed it, net neutrality is the top of his list of agenda items that were “wrongheaded, harmful to consumers and the industry, costly, and ultimately unworthy of continuation.”

O’Rielly also called the commission’s year-long investigation into zero-rating “one last gift to be left under the tree for net neutrality activists” before the commission can “act quickly to reverse any damaging policies put into place over the last eight years and in the last few weeks of the Administration.”

Whether or not he steps down from the Commission entirely (D.C. scuttlebutt goes back and forth on the matter), current chair Tom Wheeler will lose his leadership role after Inauguration Day. Wheeler has publicly asked his successor — whoever that may be — to consider the public good first and foremost.

“When so-called controversy is the result of choosing between the broader common good or those incumbents preferring the status quo, I believe the public interest should prevail,” Wheeler said in November. “I think it’s an important thing to remember that taking a fast, fair and open internet away from the public and away from those who use it to offer innovative new services to the public would be a real mistake.”





Read the whole story
Share this story
Delete
1 public comment
sjk
39 days ago
reply
Thank you, President Trump, for allowing corporations to decide what content I am allowed to access, allowing only websites and services that pay a fee to the be allowed to be accessed by customers. Of course, most people are stuck with the monopoly broadband ISP, so one corporation can control an entire geographic region's access to the Internet.
Florida

Some Crohn’s genes make cells deaf to messages from good gut bacteria

1 Share

Good gut bacteria might not help people with Crohn’s disease.

Protective microbial messages go unread in mice and in human immune cells with certain defective genes, researchers report online May 5 in Science.

The findings are the first to tie together the roles of genes and beneficial microbes in the inflammatory bowel disease, says biologist Brett Finlay of the University of British Columbia in Vancouver, who was not involved in the new work.

“This is a major step forward in this area,” he says. Human genes and friendly microbes work together to control inflammation, he says. “And when you muck that up, things can go awry.”

In Crohn’s disease, the immune system riles up too easily, trigging chronic inflammation. Scientists don’t know why exactly people’s immune systems go haywire. But researchers have linked the disease to glitches in nearly 200 genes, including ATG16L1 and NOD2, which typically help kill bad bacteria in the gut.

Researchers have also reported that people with Crohn’s have a different collection of gut microbes compared with that of healthy people, says study coauthor and Caltech microbiologist Sarkis Mazmanian.But though “there’s a huge body of literature on the genome and on the microbiome,” he says, “no one knew what the interplay was between the two.”

So his team explored a potential link using a friendly gut microbe called Bacteroides fragilis. The bacteria send out calming messages that tell the immune system to tone down inflammation. Like letters inside envelopes, these messages travel in protective pouches called outer membrane vesicles, or OMVs.

Feeding OMVs to mice typically protects them from developing inflamed colons, or colitis — but not mice lacking the Crohn’s-linked genes ATG16L1 and NOD2. When researchers treated those mice with a colitis-causing chemical, they succumbed to the disease, even after eating OMVs.

Mice with defective versions of ATG16L1 and NOD2 “can’t reap the benefits of the beneficial microbiota,” Mazmanian says.Immune cells from human patients with the defective genes didn’t respond to OMVs either.

The findings suggest that the genes that kill bad bacteria also work with good bacteria to keep people’s immune systems from going out of control, says gastroenterologist Balfour Sartor of the University of North Carolina School of Medicine in Chapel Hill. The work “opens up a new mechanism for protection,” he says.

Mazmanian says B. fragilis’ messages could potentially serve as a new treatment option for patients. That’s because patients’ cells dosed with just the contents of the OMVs (and not the protective pouch itself) actually got the message, his team found. The treatment could have fewer side effects than other therapies, because it doesn’t hamper the immune system, he says. 

Finlay cautions that more work is needed. “It’s early days,” he says. But, thenew work “gives us a whole different way of thinking about inflammatory bowel disease.”

Read the whole story
Share this story
Delete

11 Easy Ways to Get Your Home Ready for Winter

1 Share

(Banner image courtesy of iStock)

December 1, 2016 - 2:00am
Read the whole story
Share this story
Delete
Next Page of Stories