MaliciousCode
Latest
Chrome extensions are now only available from the Web Store
To combat the spread of malicious code and malware through un-vetted websites, Google implemented a new rule for Windows users last year: Chrome extensions can only be hosted on the Chrome Web Store. Today, Google announced that it will expand that rule to users on all Windows channels with Mac channels following suit in July. The move comes after a staggering 75 percent drop in the number of customer support help requests to uninstall unwanted extensions, according to the Chromium Blog.
Researcher creates malicious, router-controlling website
Like having control of your connection to the internet? Don't tell Dan Kaminsky that -- the researcher has developed a method of DNS attack utilizing typical D-Link or Linksys routers that can allow hackers to gain command of your gear. The winner-takes-all maneuver, which is called a "DNS rebinding attack," functions by putting JavaScript into play that fools your browser into altering your router's configuration, thus letting the operator remotely administer the device. The concept isn't water-tight, as it takes advantage of easily-guessable router admin passwords, though Kaminsky says the enabling bug exists as a "core issue" for browsers. The attack will be showcased at tomorrow's RSA security conference, where it's hoped the demonstration will raise awareness about router security vulnerability. In the meantime, we suggest you change that default password.
