Listening Back Browser Add-On Tranlates Cookies Into Sound

‘Listening Back’ is an add-on for the Chrome and Firefox browsers that sonifies internet cookies in real time as one browses online. Utilising digital waveform synthesis, ‘Listening Back’ provides an audible presence for hidden infrastructures that collect personal and identifying data by storing a file on one’s computer. By directing the listener’s attention to hidden processes of online data collection, Listening Back functions to expose real-time digital surveillance and consequently the ways in which our everyday relationships to being surveilled have become normalised.

Our access to the World Wide Web is mediated by screen devices and ‘Listening Back’ enables users to go beyond the event on the screen and experience some of the algorithmic surveillance processes that underlie our Web experience. This project therefore explores how sound can help us engage with complex phenomena beyond the visual interface of our smart devices by highlighting a disconnect between the graphical interface of the Web, and the socio-political implications of background mechanisms of data capture.

By sonifying a largely invisible tracking technology ‘Listening Back’ critiques a lack of transparency inherent to online monitoring technologies and the broader context of opt in / default cultures intrinsic to contemporary modes of online connectivity. By providing a sonic experiential platform for the real-time activity of Internet cookies this project engages listening as a mode of examination and asks what is the potential of sound as a tool for transparent questioning?

👉🏼 Chrome:
https://chrome.google.com/webstore/detail/listening-back/gdkmphlncmoloepkpifnhneogcliiiah

👉🏼 Firefox:
https://addons.mozilla.org/en-GB/firefox/addon/listening-back/

💡 Read more:
https://fahrplan.events.ccc.de/congress/2019/Fahrplan/events/10855.html

#addon #chrome #firefox #CCC #36c3 #cookies #ListeningBack
📡@cRyPtHoN_INFOSEC_DE
📡@cRyPtHoN_INFOSEC_EN
📡@BlackBox_Archiv

User agent strings in Chrome will be replaced with a new mechanism called Client Hints

https://www.zdnet.com/article/google-to-phase-out-user-agent-strings-in-chrome

https://groups.google.com/a/chromium.org/forum/m/#!msg/blink-dev/-2JIRNMWJ7s/yHe4tQNLCgAJ

Comments
https://news.ycombinator.com/item?id=22044057


#ua #useragent #chrome #tracking

49 New Google Chrome Extensions Caught Hijacking Cryptocurrency Wallets

Discovering Fake Browser Extensions That Target Users of Ledger, Trezor, MEW, Metamask, and More
Using a familiar phishing method to target new brands.

The 49 browser add-ons, potentially the work of Russian threat actors, were identified (find the list here) by researchers from MyCrypto and PhishFort.

"Essentially, the extensions are phishing for secrets — mnemonic phrases, private keys, and keystore files," explained Harry Denley, director of security at MyCrypto. "Once the user has entered them, the extension sends an HTTP POST request to its backend, where the bad actors receive the secrets and empty the accounts."

Motivation and Purpose

We keep an eye on the type of attacks that come to cryptocurrency users on a daily basis and often write about our findings to help educate the community. We’ve seen various types of attacks on users, ranging from simple trust-trading scams to SIM hijacking to compromising and stealing funds from exchange accounts.

Google has ousted 49 Chrome browser extensions from its Web Store that masqueraded as cryptocurrency wallets but contained malicious code to siphon off sensitive information and empty the digital currencies.

👉🏼 Read more:
https://medium.com/mycrypto/discovering-fake-browser-extensions-that-target-users-of-ledger-trezor-mew-metamask-and-more-e281a2b80ff9

https://thehackernews.com/2020/04/chrome-cryptocurrency-extensions.html

#hijacking #cryptocurrency #wallets #google #chrome #browser #extensions
📡@cRyPtHoN_INFOSEC_DE
📡@cRyPtHoN_INFOSEC_EN
📡@BlackBox_Archiv

Google Just Gave Millions Of Users A Reason To Quit Chrome, Windows 10

Google is always improving Chrome and it recently issued a brilliant (if long overdue) upgrade. That said, there have also been some recent controversial changes, security problems and data concerns and now Google has detailed a serious new problem in Chrome which cannot be fixed. The result is users may find themselves forced to choose between Windows 10 and Chrome.

💡Edit: James Forshaw has clarified that Firefox is impacted the same way because it uses the Chromium sandbox which Mozilla confirms. The result is Forshaw's research exposes a vulnerability for the sandbox of all major browsers to updates in Windows 10. I have followed this up with Firefox, Opera, Brave and Microsoft and will update when I have more information.

In a fascinating post titled ‘You Won't Believe what this One Line Change Did to the Chrome Sandbox’, Google’s Project Zero researcher James Forshaw revealed that Chrome is entirely reliant on the code of Windows 10 to stay secure. Moreover, Forshaw explains a new Windows 10 update recently broke through Chrome’s security with just a single line of misplaced code. Given Windows 10’s appalling recent update record, that’s not reassuring for either browser or platform.

https://googleprojectzero.blogspot.com/2020/04/you-wont-believe-what-this-one-line.html

👉🏼 Read more:
https://www.forbes.com/sites/gordonkelly/2020/04/23/google-chrome-critical-security-exploit-windows-10-upgrade-warning-update-chrome-browser/

#exploit #windows #chrome #firefox #browser #sandbox
📡@cRyPtHoN_INFOSEC_DE
📡@cRyPtHoN_INFOSEC_EN
📡@BlackBox_Archiv

Ubuntu has full access to your Google Account

Beware of this security bug if you are using Chromium Browser on Ubuntu

I am not the kind of dude who's too nerdy about IT security in general but I reviewed my Google Account's security today because I happened to land there as I wanted to change some other Google setting. Now what I saw literally shocked me.

I happen to use a handful of apps where I use my Google account but the permissions are limited to what they do (for example, the Car Driving Simulator app can only access the Google Play Service and nothing else). However, this app called "Ubuntu" has full access to my Google account which I thought was odd.

Though I happen to use an Ubuntu OS (18.04 LTS to be precise), they don't seem to be the kind who will hijack permissions to their users' Google accounts. Further research led me to this and this which are eye opening posts in this regard, and then it stuck me that I also use the Chromium Browser installed right from the Ubuntu repos using apt!

I also remember signing into Chromium browser so as to sync my bookmarks, etc. with my Android phone. Just to verify, I removed the access to Ubuntu and for sure, the sync feature on my browser suddenly stopped and I was temporarily signed out. So, I signed into Chromium again and that permission (Ubuntu Has full access!) came up again at its place. Now, I understand that its Chromium and not Ubuntu who is given permissions here, but there are a few problems (or rather a bug) with this workflow:

👉🏼 Read more:
https://techtudor.blogspot.com/2020/05/ubuntu-has-full-access-to-your-google.html

#ubuntu #linux #google #DeleteGoogle #privacy #security #chrome #browser
📡@cRyPtHoN_INFOSEC_DE
📡@cRyPtHoN_INFOSEC_EN
📡@BlackBox_Archiv

Exclusive: Massive spying on users of Google's Chrome shows new security weakness


A newly discovered spyware effort attacked users through 32 million downloads of extensions to Google’s market-leading Chrome web browser, researchers at Awake Security told Reuters, highlighting the tech industry’s failure to protect browsers as they are used more for email, payroll and other sensitive functions.

Alphabet Inc’s (GOOGL.O) Google said it removed more than 70 of the malicious add-ons from its official Chrome Web Store after being alerted by the researchers last month.

“When we are alerted of extensions in the Web Store that violate our policies, we take action and use those incidents as training material to improve our automated and manual analyses,” Google spokesman Scott Westover told Reuters.

Most of the free extensions purported to warn users about questionable websites or convert files from one format to another. Instead, they siphoned off browsing history and data that provided credentials for access to internal business tools.

https://www.reuters.com/article/us-alphabet-google-chrome-exclusive/exclusive-massive-spying-on-users-of-googles-chrome-shows-new-security-weakness-idUSKBN23P0JO

#spyware #google #chrome

Netmarketshare: Chrome now officially has more than 70% of the desktop browser market.

Netmarketshare has released its market share report for June 2020.

In this month’s report, Windows 10’s share is 58.93%, up from last month’s 57.83%. Windows 7 share continues to decline from 24.28% to 23.35%. Windows overall maintained its share at 86.69%.

macOS share dropped from 9.68% share to 9.22%, while Linux share continued its mysterious increase from 3.17% to 3.61%. ChromeOS only has 0.41% share.

https://mspoweruser.com/netmarketshare-chrome-now-officially-has-more-than-70-of-the-desktop-browser-market/

#google #chrome

Google Chrome is working on biometric authentication for payment autofill

No more digging through your wallet to find that CVC number for authentication

A few months ago, we spotted Chrome working on Windows Hello integration for payment autofill authentication, sparing you from digging out your physical card to enter your CVC over and over. We've now found out that Windows isn't the only place where Google wants to make access to payment cards easier and more tightly integrated. The company is also working on system-wide authentication for Android (and possibly Chrome OS, Linux, and macOS). Sadly, the feature isn't fully live on any iteration of Chrome for Android yet.

https://www.androidpolice.com/2020/07/06/google-chrome-is-working-on-biometric-authentication-for-payment-autofill/

#google #chrome.#biometric #privacy

Cluster of 295 Chrome extensions caught hijacking Google and Bing search results

The malicious Chrome extensions have been installed by more than 80 million users.

More than 80 million Chrome users have installed one of 295 Chrome extensions that hijack and insert ads inside Google and Bing search results.

The malicious extensions were discovered by AdGuard, a company that provides ad-blocking solutions, while the company's staff was looking into a series of fake ad-blocking extensions that were available on the official Chrome Web Store.

A subsequent investigation into the fake ad blockers unearthed a larger group of malicious activity spreading across 295 extensions.

https://www.zdnet.com/article/cluster-of-295-chrome-extensions-caught-hijacking-google-and-bing-search-results

#google #chrome #bing #extensions #hijack

Chrome for Android may soon send notifications reminding you to use Chrome

For years now, Google Chrome has been an absolute dominant force in the world of web browsers, but since the relaunch of Microsoft Edge based on Google’s Chromium, that position has been challenged. Now, Google is preparing to drive more Android owners back to using Chrome through targeted notifications.

Over the admittedly brief history of the Internet, there have been a number of fierce competitions, commonly called “browser wars,” between companies, in an effort to get more people to use their particular web browser. Mozilla and Netscape waged war against Internet Explorer, and Chrome fought and won against Firefox. Most recently, Microsoft Edge and Samsung Internet have begun to wage war against Chrome on desktop and Android respectively.

https://9to5google.com/2020/08/04/chrome-android-notifications-reminding-use-chrome/

#google #chrome