Chrome – The “HoeflerText Font wasn’t Found” Scam

February 24th, 2017

Here’s a clever new scam that disguises itself as a font error.

It is interesting from a purely scientific angle how attackers come up with new methods and schemes to distribute malicious payloads on to user systems. The “HoeflerText” font wasn’t found is a recent attack that changes website text so that it looks as if a font is missing, to get users to download and install an alleged update for Chrome that adds the font to the system.

Read the rest of this entry »

How to Force Flash Updates in Chrome

February 23rd, 2017

Even though Flash is quickly falling out of favor with many users, there are still plenty of folks who rely on Flash. Since Chrome is sometimes a bit slow about pushing Flash updates, security conscious Flash users might want to be a bit more proactive about updates.

The following guide walks you through the steps of checking the installed Flash version in Google Chrome, and forcing it to update if an outdated version is used by the browser. All versions of the Google Chrome web browser ship with Adobe Flash installed natively in the browser. While Chrome does not support classic NPAPI plugins anymore, Chrome is still supporting PPAPI plugins of which Flash is one.

Read the rest of this entry »

Microsoft Publishes Long-Awaited February 2017 Flash Update KB4010250

February 22nd, 2017

Better late than never, I guess …

Microsoft announced last week that it would not release security patches on February’s Patch Day. In fact, the February Patch Day was canceled completely by the company; a first in the Patch Day’s history. Microsoft revealed that it would delay the February Patch Day to the March Patch Day. This means that the February 2017 security patches will be released alongside the March 2017 patches by the company. This would not be a problem where it not for known unpatched security issues. A SMB security issue was revealed on February 3rd, 2017 that affects Windows 8, Windows 10 and Windows Server.

Read the rest of this entry »

Blocking Telemetry in Windows 7 and 8.1

February 21st, 2017

If you’re concerned about privacy, (and have a bit of free time on your hands,) you might want to check out this neat trick for managing Microsoft updates and controlling the sort of information that your system is allowed to share.

Microsoft pushed patches to devices running Windows 7 and 8.1 in recent time that collect information and transfer data to Microsoft regularly. One of the main issues that Windows users may have with telemetry is that Microsoft does not reveal what it is collecting, and what is included when telemetry data is transferred to the company. The following tutorial provides suggestions on limiting Windows data collecting and transferring. There is no guarantee that nothing is collected and/or submitted after making privacy related changes to the operating system, but a guarantee that data collecting is severely limited at the very least.

Read the rest of this entry »

Google Discloses Another Unpatched Windows Vulnerability

February 20th, 2017

This bug was discovered way back in November, 2016, but at present it doesn’t look like Microsoft has addressed the vulnerability yet.

Google Project Zero member Mateusz Jurczyk disclosed a gdi32.dll vulnerability in the Windows operating system to Microsoft on November 16, 2016. The report itself is quite technical and it would go too far to go into details here on the site. The following describes the turn of events however.

Read the rest of this entry »

Firefox Focus Privacy Scandal

February 15th, 2017

“Scandal” might be overstating things a bit, but it turns out that Firefox’s new, privacy-oriented mobile browser isn’t as private as one might assume.

Firefox Focus: the privacy browser, is a free mobile browser for iOS devices by Mozilla designed to protect user privacy while browsing the web. The app “improves the privacy and performance” of a user’s mobile browsing experience by “blocking analytics, social, and advertising trackers” according to the product description on Apple’s iTunes website. It furthermore enables you to erase the browsing history, passwords and cookies easily.

Read the rest of this entry »

Researchers Develop Cross-Browser Fingerprinting Technique

February 14th, 2017

So you thought you could fool the snoops by switching browsers from time to time? Think again.

Researchers have developed a cross-browser fingerprinting technique that uses operating system and hardware level features. Fingerprinting has been limited for the most part to individual web browsers in the past. If a user switched browsers regularly, fingerprinting could not be used to link the user to these browsers.

Read the rest of this entry »

Windows 10 – Group Policy Pack Privacy and Telemetry

February 13th, 2017

It sounds like the task of preventing your Windows 10 PC from phoning home is going to be a full time job.

The Group Policy pack Privacy and Telemetry, short gp-pack PaT, is a collection of 70 policies designed to disable sending data to Microsoft on Windows 10 devices. Windows 10 Pro and Enterprise administrators may use the Group Policy to modify privacy settings, and block some telemetry collecting and submitting to Microsoft. Numerous privacy tools for Windows 10 have been released that modify Registry keys directly. Several of the programs go further, for instance by removing applications that ship with Windows 10, or blocking Microsoft Telemetry servers on the system.

Read the rest of this entry »

How to Display Certificate Details in Chrome

February 10th, 2017

It bugs me to no end when software companies do this. When they move familiar tools and services to a hard-to-find location, it always feels like somebody broke into my office overnight and rearranged my desk, just for the heck of it.

Google is on a roll. After removing user control over some plugins installed in the browser, the company moved information about security certificates of sites to a place where most users may never find it. More and more sites on the Internet move to https. Doing so has advantages, but there is also a considerable amount of pressure by browser makers and search engines to get sites to migrate. Google is on the forefront of all of this. It may come as a surprise therefore that the company made the decision to move certificate information from the address bar to the browser’s Developer Tools.

Read the rest of this entry »

How to Fix “No Internet Secured” Wifi Connectivity Issues on Windows

February 9th, 2017

I haven’t run into this problem myself, (yet,) but perhaps you have …

The following guide provides you with a solution for fixing the dreaded “no Internet secured” notification that signals Wifi connectivity issues on machines running Windows. I bought a Microsoft Surface Pro 4 device back when it first came out, and liked it a lot. It is the device that I use mostly when I’m traveling as it offers all I require in a compact package. For the past year or so, I noticed a strange wireless Internet connectivity issue regularly when connecting the device using WiFi. Connections to the WiFi hotspot work, but Internet did not at times.

Read the rest of this entry »