Category: Computer Security

Web API Notification Abuse

After years of little development World Wide Web Consortium (W3C) awoke from its slumber with the first public preview release of the all new HTML5 specification. This started to allowed web developers to do much more with webpages without requiring plugins. It wasn’t until 2014 when it was finalised, and they didn’t stop there with newer versions being developed to this day. At the same time ECMAscript (Javascript) has been hugely updated and revised. Developers have the tools to make every much more powerful and interactive websites than ever before.

One of the new features is Web API Notifications. The concept is good; however, the API is being abused at high speed. Web API notifications allow the browser to prompt you whenever there is an update from a website, whether you are on the site or not. This is handy for email, IMs and news notifications. Marketers have started to take advantage of this as well, using it to push product information offers to visitors. Marketing is annoying; however, the bad guys are using it as well to lure users to clicking and downloading malware onto their computers.

Before a site can send notifications, the user will be presented with he following box asking for permission:

Web API Notification Permission Request in Google Chrome

The problem is many users don’t fully understand what it is or think it is something to do with cookies, and then click Allow. There is little if any explanation as to what it is asking. The bottom line is it needs to be implemented better, with the user’s safety and possibly sanity in mind. Over the past couple of weeks, I’ve taken a huge number of tickets related to popups of all kinds from API notifications.

In the meantime, this is how to disable them in Chrome and Firefox:

Google Chrome

  1. Go to “Settings”
  2. Under “Privacy and security” click on “Site settings”
  3. Under “Permissions” click on “Notifications”
  4. Under “Allow” you will see all the sites with permission. Click on the 3 dots next to each site you want to stop and click on “Block”
  5. To disable all notifications, switch the toggle for “Ask before sending” to put all in blocked mode.

Mozilla Firefox

  1. Go to “Options”
  2. Under “Privacy & Security” and find “Permissions”
  3. Next to “Notifications” click on “Settings”
  4. Click on “Remove All Websites”
  5. Check the box at the bottom called “Block new requests asking to allow notifications”
  6. Click “Save Changes”

Stopping Microsoft Windows 10 and Telemetry Updates

The Problem

Windows 10, Microsoft is advertising it everywhere! “Get your free upgrade here*” they keep saying. This all started before its release in the summer when Microsoft started to try and persuade the Windows 7 and 8.x users to upgrade. The nagware was everywhere and since then it has only gotten more persistent. Now it is on almost every web page on Microsoft’s website, the first popup you see on MSN and in the Windows tray.

Why all of a sudden is Windows 10 free? Microsoft appear to be changing their business model, from one that is of making money mostly out of operating systems and office productivity suites, to one of cloud services. This has quite a large implication to the users of its products, because they are now Microsoft’s product. Their cloud solutions allow them to legally extract large amounts of personal information about their users and share that with their partners, marketing, the NSA etc. legally.

This is what Microsoft say they use some of your information for:

Microsoft may use your contact information (i) to communicate with you about your use of the Programme software and services, and (ii) to provide you with additional information, which may be personalised, about the Programme software and services, and other Microsoft and partner products and services.

Microsoft claim they are pushing out telemetry updates out to Windows 7,8.x and 10 to help further improve their software. If you are unfamiliar with telemetry read this. This also allows them to gather massive amounts of potentially personal or confidential information and share that with whoever they like.

The privacy policy for Windows 10 states:

Examples of data we may collect include your name, email address, preferences and interests; location, browsing, search and file history; phone call and SMS data; device configuration and sensor data; voice, text and writing input; and application usage.

Click here to read the full privacy policy.

Microsoft collect this information using any sensor they wish on your computer. This includes but is not limited to:

  • Keyboard (Keyboard Logger)
  • Mouse
  • Touch screen
  • Pen Input
  • Microphone
  • Webcam

For more information on files, communications and intellectual property rights see this article.

There is a lot more which can be said about Windows 10 and its intrusiveness and lack of consideration for its users. You can read all about that at places like

The Solution

If you already have Windows 10 and intend to stick with it I recommend proceeding with caution and following this tutorial:

If you currently have Windows 7,  8.x, Server 2008 R2, Server 2012 or Server 2012 R2 and would like to keep using them with out Windows 10 nonsense affecting them, remove and hide these updates:

  • KB2952664
  • KB3021917
  • KB3022345
  • KB3068708
  • KB3075249
  • KB3080149
  • KB2976978
  • KB3035583
  • KB3044374
  • KB2990214
  • KB2977759
  • KB3105885
  • KB3112343
  • KB3112336
  • KB3123862

Please note this is a growing list so keep checking. Also, not all of these updates will affect every operating system.

Click here for help removing and hiding updates.

Possibly the best solution of all, but not always possible for some, use Linux Mint Cinnamon! It is user friendly and works great; it even comes with a free version of office. WINE and Play on Linux can be used to run some Windows programs. For help doing this check these out:

The Malware Paradox

VirusWhat is Malware?

Malware is short for “malicious software”. It is any type of software with a malicious intent. This includes computer viruses, spyware/trojan horses, worms, some online scripts and some tracking cookies. We tend to use the term “computer virus” to mean all of these things, but technically this is incorrect.


Image courtesy of Salvatore Vuono /

Those Involved

There are two parties who have an interest in the development of malware, both of which would lose their jobs if it was to go away. They are the malware developers and the security package developers; they are both, in most cases, after your cash. I shall point out here, there will always be those out there to cause damage, meaning we need some “good guys and girls” to help prevent and repair that damage.

The Anti Malware Problem

The problem occurs when there is so much money to be made in security products and too many people using insecure computers. This makes it easier for programmers to write more malware with increased scales of damage. These “bigger” and “worse” malware programs then reach the media, where they are hyped up out of proportion, in many cases. The “experts” then recommend everyone updates their anti virus software and make sure it is from a “decent” provider.

Image courtesy of Stuart Miles /

Image courtesy of Stuart Miles /

Securing Your Computer

The fact is there is so much more to securing a computer than just installing anti virus software and a firewall; they are simply the easiest things to do. Additionally the internet is a constant threat and there is no time to be spent with your feet up. Whether it is topical in the news or not, you should have good computer practices, which ensure that your computer is in the best possible state to fend off malicious software and attackers.

Some good practices are:

  • Keeping all your software and drivers up-to-date
  • Running up-to-date quality anti virus / malware software, free or paid – good free ones for include Avast and AVG – good paid ones include Bit Defender and my personal favourite ESET NOD32
  • Running a well configured firewall on your computer and network
  • Turning off unnecessary features
  • Using strong passwords
  • Being careful when opening email attachments – how to spot a phishing email
  • Don’t click on anything that looks suspicious – check with someone else if you’re not sure
  • Keep regular backups

Remember if you are running Windows, Mac OS or Linux/Unix, any computer to be precise, it can get malware/viruses.  The chances are if you aren’t running Windows you won’t get any, yet it is important to remember they are out there and it is wise to take steps to prevent them. For those not running Windows you probably don’t need anti virus, but a firewall is very much advised as well as adhering to good practices will probably keep you safe.

What if You Get Malware?

If you suspect you have malware/viruses on your computer, I advise you get it checked out ASAP and don’t use the computer until you’re sure it’s safe. A really good free program for finding a removing malware is Malware Bytes. It has a good track record dealing with most occurrences of malware and it is easy-to-use.


All in all I’d consider malware to be the fourth biggest threat to IT. It’s important to take steps to prevent it, but more fuss is made about it than there needs to be. So keep calm, take steps to prevent malware and carry on!

Creating and Remembering Strong Passwords

Password CrackerWith crackers becoming more and more cunning in their methods and attempts to steal your data, it is more important than ever to use “secure passwords” that make it difficult for crackers to break. Not only that, it is imperative that you use a range of different secure passwords for different sites. This is because in the event of one of your passwords being compromised, the others will remain safe.

What makes a password “secure”?

Secure Password LockThere a variety of things that make a password secure, these are some of them:

  • 8 or more characters long
  • Use of both upper and lower cases
  • Use of letters, numbers and symbols
  • Passwords not made of dictionary words, names and dates, etc.

How can I make a secure password that is also easy to remember?

This video from Sophos explains a very good way of creating secure passwords that you’ll remember and briefly covers a solution to managing lots of different passwords.

Sophos is UK computer security company who have been making security software for industry for decades. Find out more about Sophos here.

How can I test my password?

KeysThere are now a variety of tools available which try and guess how long it might take to crack your password. Why not test it and see how your new “secure” password compares to your old one.

How to Keep Using Windows After April the 8th 2014

For many people upgrading from Windows XP is just not an option for a variety of reasons, others may just choose to keep it. Microsoft will end support on April the 8th 2014 which means there will be no more security patches available. If your staying loyal to Windows XP and intend to keep using it after April the 8th 2014, these YouTube videos will help to improve your security after that time:

Securing Windows XP Part 1

Securing Windows XP Part 2

Securing Windows XP Part 3

Securing Windows XP Part 4