Surecloud, a cybersecurity firm has released a report about a Google Chrome, Chromium, Opera, Vivaldi and other Blink-engine based browsers’ unpatched flaw that enables cybercriminals to penetrate the home wifi networks of unsuspecting users. Eliot Thompson, a Surecloud researcher, upon checking Chrome’s behavior as found a flaw on how the browser implements its saved password feature and the user’s bad habit of using the same password across many services, including the password for the Wi-Fi router’s configuration page. Google-based browsers have an inherent flaw of offering users to save passwords for sites, which include wi-fi configuration page, which is normally using an unencrypted http:// URL.
The password manager that came with Chrome saves not only passwords but also other information submitted in a web form. This can include anything from a name, address, birthdate and any personally identifiable information as demanded by a sign-up form. At the moment the home routers affected by the flaw include known mainstream brands like Belkin, Asus, and Netgear. Routers from other vendors are still being checked for the existence of the vulnerability to the Google Chrome exploit, but the common understanding is any router that uses plain http unencrypted wi-fi configuration page is affected. There is no way to change the behavior unless the router vendor issues a new firmware that will change the wi-fi configuration page to a TLS-encrypted URL.
I actually get to work with people who create these things.
Check out this article:
The trio acted on an idea from Kevin Mitnick, who saw it put in practice by someone using the Twitter handle MG. He told Bleeping Computer that he asked MG if he could build a cable for him to use in a keynote speech to demonstrate new attack methods, but nothing happened.
The money misspent on the Iraq War—a war for oil, let’s not forget— could have purchased the planetary conversion to renewable energy. Just sit with that a moment.
In 2018. When you can't even have a meaningful conversation with someone. Where they understand you. Or hear you even. LISTEN/READ && Understand...
A simple conversation:
Me: Okay we're only about 40 yards out.
D: Okay I want you to put up a lay up and park it.
Me: Well, it was my drive/disc. Which makes it your shot, partner. -- Don't necessarily care how you play the shot. We both get one.
D: Oh, it's going to be like that?
Tampering with two lines of code unveiled a serious bug which could lead to full system compromise.
Synthetic events are when attackers can virtually "click" objects in order to load code without user consent. If a threat actor is able to "click" a security prompt and load a kernel extension, this could lead to the full compromise of an operating system. -- Read more at the link above.
Competition... Are you flipping kidding me.
ON THE COAST -- I"M NOT BAD MOUTHING -- I blacked things out, I'm just disgusted these people do business. -- I haven't even price MATCHED yet, & i'm mobile. -- It's 2018 -- And a computer company hasn't been to their own website to update prices // EVER do a SPELL CHECK?!? Ugh. Bad spelling is the worst.