Researcher published a dangerous Windows 10 zero-day exploit
infosec

Researcher published a dangerous Windows 10 zero-day exploit

A security researcher today revealed at GitHub the existence of a zero-day vulnerability in Windows 10. Zero-day vulnerabilities are often called ...
Read More
infosec

School in Ohio fell victim to attack hacking with Trickbot

On Friday, a school in Ohio discovered he was hacked. In particular, malicious software infected systems and so ...
Read More
infosec

AMSA alerts users to phone frauds

AMSA has warned that it has received reports that its phone number has been used to make phishing via telephone ...
Read More
inet infosec

Does industrial robots increase the risk of cyber attacks?

The use of robots in industrial environments has greatly changed the conditions under which the various jobs are being done in the last ...
Read More
infosec

Cyber ​​warfare: What is it and which domains it affects?

The term cyber warfare refers to online warfare between governments by performing complex internet attacks. These carriers ...
Read More
Latest Posts

Banning links from embedded browsers for security reasons

embeddedΗ Google has decided to go ahead with a ban on logins from "embedded browsers" since June of 2019. But why did the company take this decision? For reasons security. In particular, to reduce the likelihood of man-in-the-middle attacks, which have been increasing lately.

When someone connects to applications through an embedded browser, they are more likely to fall victim to man-in-the-middle attack. For example, the Chromium embedded framework or CEF, is such a browser and is used by many people to connect to the Steam client, Evernote and Amazon music.

Unfortunately, finding a MITM attack when users are connected via an embedded browser is not possible.

For this reason, Google has decided to completely prohibit the connections made by such a browser. In fact, he will add him OAuth authentication. Whenever users want to connect somewhere, they will be transferred to another browser, such as Safari, Chrome, and others.

With this process, Google will be sure there is no risk of an attack. Also, the user will be able to get more information as the full login URL will be revealed.

OAuth authentication involves three parts. The first part is the OAuth Client, ie application to which you want to connect. The second part is the OAuth provider, e.g. Facebook, Twitter, Instagram. Finally, the third party is the owner himself.

This control system allows OAuth clients to access user data safely without the risk of password leaks.

Since many people do not use two-factor authentication, Google has suggested this method for greater security and protection.

Google had to act as man-in-the-middle attacks have increased. The company has long been trying to deal with them. Recently, he did information in Gmail, adding the MTA-STS standard. With this update, hackers can not access emails sent to and from Gmail.

Man-in-the-middle attacks can cause many problems. A hacker can steal credentials, which is the most common, but also install malicious programs and illegal certificates on the victims' computers.

Installing false certificates is done to "deceive" the anti-virus and allow the installation of a malicious program, considering it harmless.

Whatever the case, either the risk of an attack is large or small, everyone should take as many steps as possible to be safe on the internet.

Do you have an opinion? Leave your comment.

The author allows you to copy his / her text only if you report the source (SecNews.gr), as an e-mail address (Live URL) of the article.
Updated on by

Reader Interactions

Leave a reply

Your email address is not published. Τα υποχρεωτικά πεδία σημειώνονται με *