Browser Security
-
New Alpha Release: Tor Browser 11.5a8 (Windows/macOS/Linux)
Tor Browser 11.5a8 is now available from the Tor Browser download page and also from our distribution directory.
This releases fixes bug tor-browser#40802 which caused some users to be unable to access client authorized onion services.
-
Scammers can now convincingly fake browser windows, including URL. You can protect against that
A security researcher found that it is possible to create a Chrome window that looks legit, including a typo-free URL. The BitB attack simulates the browser windows that pop up asking you to log in to continue. We use Google, Microsoft, Facebook, Apple, Twitter and others’ authentication services to make it easier and safer to log into different websites. It is those pop ups that are being simulated by the BitB attack.
Before the BitB attack was made public, one would have been comfortable with the pop up above. The URL looks legit, there is a padlock indicating a secure website and there are no other obvious warning signs – the page loaded up well and there are no graphic irregularities.
Now, in the age of the BitB attack, that won’t be enough. That can all be faked. So, are we doomed? Not necessarily, there are still ways to ensure we don’t fall for attacks like these.
-
BITB Phishing Technique Creates An Animated Window To Steal Your Passwords
However, a security researcher has discovered a devious technique for thwarting attempts to detect phishing by analyzing the contents of the address bar. Many websites make use of the OAuth protocol, which enables users to login using extant accounts with major tech companies like Apple, Facebook, and Google.
Once users click the “sign in” button, a new browser window opens where users can sign in. This new browser window isolates the sign in process so that the website using OAuth never sees users’ sign in credentials. Isolating the sign in process is a desirable security and privacy measure, but a security researcher has shown that bad actors can mimic this particular isolation technique to hide phishing attacks.
-
- Login or register to post comments
- Printer-friendly version
- 446 reads
- PDF version
More in Tux Machines
- Highlights
- Front Page
- Latest Headlines
- Archive
- Recent comments
- All-Time Popular Stories
- Hot Topics
- New Members
Best Linux Distributions for Scientists and IT Professionals
In the world of Linux distributions, there are categories that have served their purpose to the benefit of everyone in the open-source community. One of the bigger advantages when it comes to using Linux is the ability to choose. In this case, a designated category of distributions for Science. Some people may think that Linux is just a distribution of a single operating system. In reality, it’s a plethora of distributions all working together in harmony. Distributions as we all know, are variations in terms of flavor that are mostly using a generic base in the form of Ubuntu, Debian, or Arch with distinctions in their varying user interface and experience. The problem is that the major distributions are not sufficiently clear on what they are actually delivering. Just to name one popular distro, Linux Mint is a good example that is not very easy to choose for the specialists despite its bells and whistles. Distributions that target the related keyword will enjoy the most benefit and in such a case, we’re introducing the best Linux distributions for the science crowd/nerds out there.
Linux Training Model: What A Linux Course Should Look Like
Whether you’re an independent developer trying to design a course and sell it or need to make material to introduce employees to using Linux, the first step in making a model is understanding what it should comprise. Training models are of different types, and there’s a lot of flexibility in how you can approach teaching the material. However, it is important for any training model to solve a specific problem for the learners and present the material in the simplest manner possible. To learn more about how to build training modules, check out this guide.
IBM/Red Hat Leftovers
FOSSForce on Events
Recent comments
45 min 59 sec ago
1 hour 37 min ago
2 hours 4 min ago
7 hours 48 min ago
13 hours 54 min ago
18 hours 31 min ago
20 hours 5 min ago
20 hours 9 min ago
20 hours 27 min ago
20 hours 35 min ago