![]() In reality, it turned out to be an obfuscated malicious logic meant to perform affiliate fraud. ![]() Supposedly, it was buggy locale processing. When I looked into this extension, I immediately discovered a strange code block. That, and the permissions: why does a translator extension need webRequest and webRequestBlocking permissions? When looking for more PCVARK extensions, I stumbled upon an inconspicuous extension called “Translator - Select to Translate.” The only unusual thing about it were its reviews, lots of raving positive reviews mixed with usability complains. We’ve also seen PCVARK’s malicious ad blockers. We’ve already seen Chrome extensions containing obfuscated malicious code. security/ privacy/ add-ons/ google 21 mins 5 comments Update (): It looks like at least the issues listed under “Secure settings” are finally going to be addressed. So far I failed to find evidence of any improvements whatsoever. So let’s take a look at whether they managed to deliver. LastPass promised to improve, both as far as their communication goes and on the technical side of things. This was not so much because of the breach itself, such things happen, but because of the many obvious ways in which LastPass made matters worse: taking months to notify users, failing to provide useful mitigation instructions, downplaying the severity of the attack, ignoring technical issues which have been publicized years ago and made the attackers’ job much easier. The criticism from the security community has been massive. In September last year, a breach at LastPass’ parent company GoTo (formerly LogMeIn) culminated in attackers siphoning out all data from their servers. Lastpass/ security/ password-managers 11 mins 14 comments
0 Comments
Leave a Reply. |
Details
AuthorWrite something about yourself. No need to be fancy, just an overview. ArchivesCategories |