Category: Computer Security

Web API Notification Abuse

After years of little development World Wide Web Consortium (W3C) awoke from its slumber with the first public preview release of the all new HTML5 specification. This started to allowed web developers to do much more with webpages without requiring plugins. It wasn’t until 2014 when it was finalised, and they didn’t stop there with newer versions being developed to this day. At the same time ECMAscript (Javascript) has been hugely updated and revised. Developers have the tools to make every much more powerful and interactive websites than ever before.

One of the new features is Web API Notifications. The concept is good; however, the API is being abused at high speed. Web API notifications allow the browser to prompt you whenever there is an update from a website, whether you are on the site or not. This is handy for email, IMs and news notifications. Marketers have started to take advantage of this as well, using it to push product information offers to visitors. Marketing is annoying; however, the bad guys are using it as well to lure users to clicking and downloading malware onto their computers.

Before a site can send notifications, the user will be presented with he following box asking for permission:

Web API Notification Permission Request in Google Chrome

The problem is many users don’t fully understand what it is or think it is something to do with cookies, and then click Allow. There is little if any explanation as to what it is asking. The bottom line is it needs to be implemented better, with the user’s safety and possibly sanity in mind. Over the past couple of weeks, I’ve taken a huge number of tickets related to popups of all kinds from API notifications.

In the meantime, this is how to disable them in Chrome and Firefox:

Google Chrome

  1. Go to “Settings”
  2. Under “Privacy and security” click on “Site settings”
  3. Under “Permissions” click on “Notifications”
  4. Under “Allow” you will see all the sites with permission. Click on the 3 dots next to each site you want to stop and click on “Block”
  5. To disable all notifications, switch the toggle for “Ask before sending” to put all in blocked mode.

Mozilla Firefox

  1. Go to “Options”
  2. Under “Privacy & Security” and find “Permissions”
  3. Next to “Notifications” click on “Settings”
  4. Click on “Remove All Websites”
  5. Check the box at the bottom called “Block new requests asking to allow notifications”
  6. Click “Save Changes”

The Malware Paradox

VirusWhat is Malware?

Malware is short for “malicious software”. It is any type of software with a malicious intent. This includes computer viruses, spyware/trojan horses, worms, some online scripts and some tracking cookies. We tend to use the term “computer virus” to mean all of these things, but technically this is incorrect.

Hacker

Image courtesy of Salvatore Vuono / FreeDigitalPhotos.net

Those Involved

There are two parties who have an interest in the development of malware, both of which would lose their jobs if it was to go away. They are the malware developers and the security package developers; they are both, in most cases, after your cash. I shall point out here, there will always be those out there to cause damage, meaning we need some “good guys and girls” to help prevent and repair that damage.

The Anti Malware Problem

The problem occurs when there is so much money to be made in security products and too many people using insecure computers. This makes it easier for programmers to write more malware with increased scales of damage. These “bigger” and “worse” malware programs then reach the media, where they are hyped up out of proportion, in many cases. The “experts” then recommend everyone updates their anti virus software and make sure it is from a “decent” provider.

Image courtesy of Stuart Miles / FreeDigitalPhotos.net

Image courtesy of Stuart Miles / FreeDigitalPhotos.net

Securing Your Computer

The fact is there is so much more to securing a computer than just installing anti virus software and a firewall; they are simply the easiest things to do. Additionally the internet is a constant threat and there is no time to be spent with your feet up. Whether it is topical in the news or not, you should have good computer practices, which ensure that your computer is in the best possible state to fend off malicious software and attackers.

Some good practices are:

  • Keeping all your software and drivers up-to-date
  • Running up-to-date quality anti virus / malware software, free or paid – good free ones for include Avast and AVG – good paid ones include Bit Defender and my personal favourite ESET NOD32
  • Running a well configured firewall on your computer and network
  • Turning off unnecessary features
  • Using strong passwords
  • Being careful when opening email attachments – how to spot a phishing email
  • Don’t click on anything that looks suspicious – check with someone else if you’re not sure
  • Keep regular backups

Remember if you are running Windows, Mac OS or Linux/Unix, any computer to be precise, it can get malware/viruses.  The chances are if you aren’t running Windows you won’t get any, yet it is important to remember they are out there and it is wise to take steps to prevent them. For those not running Windows you probably don’t need anti virus, but a firewall is very much advised as well as adhering to good practices will probably keep you safe.

What if You Get Malware?

If you suspect you have malware/viruses on your computer, I advise you get it checked out ASAP and don’t use the computer until you’re sure it’s safe. A really good free program for finding a removing malware is Malware Bytes. It has a good track record dealing with most occurrences of malware and it is easy-to-use.

Overall

All in all I’d consider malware to be the fourth biggest threat to IT. It’s important to take steps to prevent it, but more fuss is made about it than there needs to be. So keep calm, take steps to prevent malware and carry on!

Creating and Remembering Strong Passwords

Password CrackerWith crackers becoming more and more cunning in their methods and attempts to steal your data, it is more important than ever to use “secure passwords” that make it difficult for crackers to break. Not only that, it is imperative that you use a range of different secure passwords for different sites. This is because in the event of one of your passwords being compromised, the others will remain safe.

What makes a password “secure”?

Secure Password LockThere a variety of things that make a password secure, these are some of them:

  • 8 or more characters long
  • Use of both upper and lower cases
  • Use of letters, numbers and symbols
  • Passwords not made of dictionary words, names and dates, etc.

How can I make a secure password that is also easy to remember?

This video from Sophos explains a very good way of creating secure passwords that you’ll remember and briefly covers a solution to managing lots of different passwords.

Sophos is UK computer security company who have been making security software for industry for decades. Find out more about Sophos here.

How can I test my password?

KeysThere are now a variety of tools available which try and guess how long it might take to crack your password. Why not test it and see how your new “secure” password compares to your old one.

https://howsecureismypassword.net/

How to Keep Using Windows After April the 8th 2014

For many people upgrading from Windows XP is just not an option for a variety of reasons, others may just choose to keep it. Microsoft will end support on April the 8th 2014 which means there will be no more security patches available. If your staying loyal to Windows XP and intend to keep using it after April the 8th 2014, these YouTube videos will help to improve your security after that time:

Securing Windows XP Part 1

Securing Windows XP Part 2

Securing Windows XP Part 3

Securing Windows XP Part 4