Researchers have developed a side-channel exploit for Apple CPUs, enabling sophisticated attackers to extract sensitive information from browsers. Side-channel attacks are usually overlooked, often physical counterparts to traditional software hacks. Rather than an unsecured password or a vulnerability in a program, they take advantage of the extra information a computer system or hardware generates —…

The U.K. competition watchdog has been investigating Google’s proposals to remove so-called third-party cookies over concerns they would undermine digital ad competition and entrench the company’s market power. To address the concerns, Google on Friday offered a set of commitments including giving the Competition and Markets Authority an oversight role as the company designs and…

Dubbed NAT Slipstreaming, the attack can be triggered when the victim visits a specially crafted website, exploiting the browser and Application Level Gateway (ALG), a connection tracking mechanism present in firewalls, NATs, and routers. According to the researcher, the attack chains “internal IP extraction via timing attack or WebRTC, automated remote MTU and IP fragmentation…

New techniques expose your browsing history to attackers

Security researchers at UC San Diego and Stanford have discovered four new ways to expose Internet users’ browsing histories. These techniques could be used by hackers to learn which websites users have visited as they surf the web. The techniques fall into the category of “history sniffing” attacks, a concept dating back to the early…

Google to Delete ‘Secure’ Label from HTTPS Sites

Google plans to remove the “secure” label from HTTPS websites starting in September 2018, a move intended to acknowledge HTTPS as the standard for browser security. Users should expect all the sites they visit to be secured with HTTPS, the company reported last week. Earlier this year, Google announced plans to mark all HTTP sites as “not…

Why phishers love HTTPS

As more and more sites switch to HTTPS, the number of phishing sites hosted on HTTPS domains is also increasing. “In the third quarter of 2017, we observed nearly a quarter of all phishing sites hosted on HTTPS domains, nearly double the percentage we saw in the second quarter. A year ago, less than three…

Chrome will tag FTP sites as “Not secure”

Google Chrome 63, expected to be released sometime around December, will label resources delivered over the FTP protocol as “Not secure”, a member of the Chrome security team has shared. This change is part of Google’s continuous effort to “accurately communicate the transport security status of a given page.” “We didn’t include FTP in our…

Firefox Focus: Private iOS browsing made easy

Mozilla has released Firefox Focus, an iOS app that lets you browse the Internet without having to worry who’s tracking your online activity. The app can be used independently, or can be integrated with the existing (installed) Firefox and Safari apps (more details about the usage can be found here).