You can crash the latest version of Google Chrome with a simple tiny URL. Just rolling your mouse over it in a page, launching it from another app such as an email client, or pasting it into the address bar, will kill either that tab or the whole browser.
It's perfect for pranking friends by sending it to them in emails and messages. What's cool about this bug is that it triggers a fatal exception rather than the usual memory access violation error caused by an overrun buffer, heap corruption, or similar – even in released code. This means some part of the executable was reached that the programmers never expected normal users to hit.Read more
A vulnerability in Android's default Web browser lets attackers spoof the URL shown in the address bar, allowing for more credible phishing attacks. Google released patches for the flaw in April, but many phones are likely still affected, because manufacturers and carriers typically are slow to develop and distribute Android patches.
The vulnerability was discovered on Android 5.0 Lollipop, which uses Chrome as its default browser, but then also confirmed it in the stock browser in older Android versions. Android 4.4 users should avoid using the stock browser to access sites that require authentication.Read more
Phishing is a type of attack on personal data that comes in the form of a fake email or wesbsite, which is made to look like it comes from a reputable site – but does not.
A user might get an email that has all of the themes and imagery of a typical message from Facebook, except this email will tell the user they need to reset their password and will offer that user a login prompt to do so. The user clicks on the prompt, is directed to a fake webpage that looks like Facebook, and then the user enters their login and password. There are several ways to avoid phishing attacks. The common theme in each is to be highly suspicious of any online request for your personal information.Read more
One out of three of the top one million websites ranked by Alexa are “risky,” meaning the site is compromised, or is running vulnerable software that puts it at risk of being compromised, according to new findings by Menlo Security.
For its “State of the Web 2015: Vulnerability Report,” Menlo Security scanned more than 1.75 million URLs representing more than 750,000 unique domains. Researchers checked if URLs appeared on lists of known malicious sites, if IP addresses were linked to spam networks and botnets, and if the sites were running vulnerable and unpatched software.Read more
Researchers have uncovered an extremely stealthy trojan for Linux systems that attackers have been using to siphon sensitive data from governments and pharmaceutical companies around the world.
The previously undiscovered malware represents a missing puzzle piece tied to Turla, a so-called advanced persistent threat disclosed in August. For at least four years, the campaign targeted government institutions, embassies, military, education, research, and pharmaceutical companies in more than 45 countries. The unknown attackers have infected several hundred Windows-based computers by exploiting a variety of vulnerabilities.Read more
If you’ve ever typed anything into a Google Doc, you can now play it back as if it were a movie — like traveling through time to look over your own shoulder as you write.
This is possible because every document written in Google Docs since about May 2010 has a revision history that tracks every change, by every user, with timestamps accurate to the microsecond; these histories are available to anyone with “Edit” permissions; and I have written a piece of software that can find, decode, and rebuild the history for any given document. It’s like a video player, but made especially for writing.Read more