Monthly Archives: April 2016

Fake Support Scams Continue

I’ve covered before the subject of social engineering. It’s important as it relates to you and the subject of computer security, and it’s still very prevalent as a main intrusion method used by the bad guys. They basically fool and make the user help them infect their own computer or allow access to it. That’s all social engineering is.

One of the latest most notorious methods are fake support pages that actually play a recorded message that can be heard through the computer speakers. Nothing to worry about – as long as you don’t follow any of the suggested instructions. Additionally, sometimes these pages that open in your browser are hard to close – they don’t respond to the normal methods to do so. So what do you do?

If you’re somewhat familiar with Task Manager in Windows computers, you can use it to end the application (in this case the web browser: Internet Explorer or Firefox or Chrome or Edge, etc.), although this method might make cause all tabs in the opened web browser to close as well. Nonetheless you might have to resort to that.

A more extreme method of handling this webpages that resist arrest is simply to shut down or restart your computer.

A malware check, just in case, might be in order after that.

Old Attack Method Revived to Steal Information

About 4 years ago, an attack method to reveal encrypted data that could be used, for example, to decrypt chat messages in Gmail or Facebook and many other “secure” connections on the internet, was uncovered. It was labeled CRIME (an acronym for Compression Ratio info-leak Made Easy). An offshoot of it was revealed in 2013, called BREACH (Browser Reconnaissance and Exfiltration via Adaptive Compression of Hypertext).

Those 2 attack methods have since been mitigated with subsequent updates on how encrypted traffic is handled by your browser, and a percentage of websites. But recently the BREACH attack method was revived. This was made possible because certain popular websites, like Facebook, have not really closed the door on the vulnerabilities that make the attack possible.

So careful with what you say in a Facebook or Google chat.

A chat application that doesn’t suffer from the above shortcomings? Wickr.