add-ons – Page 2 – WindowsTechs.com

All the Badges of DEF CON 26 (vol 2)

Posted on August 21, 2018 by Mike Szczys

There were so many amazing unofficial badges at DEF CON this year that I can’t possibly cover them all in one shot. I tried to see every badge and speak with every badge maker — like a hardware safari. Join me after the jump for about fourteen more badges that I saw at DEF CON 26!

If you missed the first batch, check those badges out too — there’s even a Badgelife Documentary that you need to add to your watch list. Okay, let’s dig in.

DC Furs Badge

With so many creative hardware badges it’s pretty impossible to narrow …read more

Continue reading All the Badges of DEF CON 26 (vol 2)→

Researchers reveal new online user tracking techniques

Posted on August 20, 2018 by Zeljka Zorz

Researchers have identified a number of online user tracking techniques that can’t be blocked by browsers’ built-in anti-tracking defenses and existing anti-tracking and ad-blocking extensions. The good news is that they’ve also scann… Continue reading Researchers reveal new online user tracking techniques→

Firefox axes add-ons, developer pushes back

Posted on August 20, 2018 by Danny Bradbury

Mozilla has wiped 23 extensions from its directory of Firefox browser add-ons after finding what it says were inappropriate functions in the code. Continue reading Firefox axes add-ons, developer pushes back→

All the Badges of DEF CON 26 (vol 1)

Posted on August 14, 2018 by Mike Szczys

Two or three years back you would see a handful of really interesting unofficial badges at DEF CON. Now, there’s a deluge of clever, beautiful, and well executed badges. Last weekend I tried to see every badge and meet every badge maker. Normally, I would publish one megapost to show off everything I had seen, but this year I’m splitting it into volumes. Join me after the break for the first upload of the incredible badges of DC26!

Telephreak Eleven Badge

The Telephreak party at DEF CON is a gathering of a tight knit group of phone phreakers who spend …read more

Continue reading All the Badges of DEF CON 26 (vol 1)→

Flaw in Grammarly’s extensions opened user accounts to compromise

Posted on February 6, 2018 by Zeljka Zorz

A vulnerability in the Grammarly Chrome and Firefox extensions allowed websites to read users’ authentication tokes and use to them to log in to the users’ Grammarly accounts and access all the (potentially sensitive) information held in th… Continue reading Flaw in Grammarly’s extensions opened user accounts to compromise→

Another popular Chrome extension hijacked through phishing

Posted on August 3, 2017 by Zeljka Zorz

Chris Pederick, the creator and maintainer of the Web Developer for Chrome extension, is the latest victim of attackers who hijack popular Chrome add-ons in order to push ads onto users. The method the attackers used to compromise the extension’s account is the same one that was so successful a few days ago against the developers of the Copyfish Chrome extension: a phishing email impersonating the Chrome Web Store team, with a link that points … More → Continue reading Another popular Chrome extension hijacked through phishing→

Backdoored Firefox extension checks Instagram for C&C info

Posted on June 7, 2017 by Zeljka Zorz

Turla, an APT cyberespionage group that has been targeting corporations, intelligence and other government agencies for years, is using a malicious Firefox extension to backdoor targets’ systems. The extension Named “HTML5 Encoding 0.3.7”, the extension has a backdoor component that can gather information about the targeted system, send it encrypted to the C&C, upload and download files from the C&C, execute files, and read directory content. It was delivered through the compromised website of an … More → Continue reading Backdoored Firefox extension checks Instagram for C&C info→

LastPass is working on fixing latest code execution bug

Posted on March 28, 2017 by Zeljka Zorz

It’s been an eventful couple of weeks for LastPass developers, as they’ve scrambled to fix a couple of serious flaws in the popular password manager’s extensions, which would allow attackers to get at users’ passwords and even execute code on the users’ machines. The flaws were flagged by Google Project Zero researcher Tavis Ormandy, and responsibly disclosed to the company. To their credit, LastPass has been doing a great job at responding to the vulnerability … More → Continue reading LastPass is working on fixing latest code execution bug→

LastPass extensions can be made to cough up passwords, deliver malware

Posted on March 22, 2017 by Zeljka Zorz

LastPass Chrome and Firefox extensions contain flaws that could allow malicious websites to steal victims’ passwords or execute commands on their computer. The flaws were discovered by Google Project Zero researcher Tavis Ormandy, and responsibly disclosed to LastPass. But while the company has pushed out what seems to be a slapdash and incomplete fix in the latest version of the Chrome extension (4.1.42, dated March 14, 2017), a fixed version of the Firefox plug-in has … More → Continue reading LastPass extensions can be made to cough up passwords, deliver malware→

Ubuntu Forums hacked again, 2 million users exposed

Posted on July 18, 2016 by Zeljka Zorz

Canonical’s Ubuntu Forums have been hacked, and the attacker has managed to access and download part of the Forums database, containing usernames, email addresses and IPs for 2 million users. “No active passwords were accessed; the passwords stored in this table were random strings as the Ubuntu Forums rely on Ubuntu Single Sign On for logins. The attacker did download these random strings (which were hashed and salted),” Canonical CEO Jane Silber explained on Friday. … More → Continue reading Ubuntu Forums hacked again, 2 million users exposed→