Connect with us

Biz & IT

Abusive add-ons aren’t just a Chrome and Firefox problem. Now it’s Edge’s turn

Published

on

Microsoft

For years, Google and Mozilla have battled to keep abusive or outright malicious browser extensions from infiltrating their official repositories. Now, Microsoft is taking up the fight.

Over the past several days, people in website forums have complained of the Google searches being redirected to oksearch[.]com when they use Edge. Often, the searches use cdn77[.]org for connectivity.

After discovering the redirections weren’t an isolated incident, participants in this Reddit discussion winnowed the list of suspects down to five. All of them are knockoffs of legitimate add-ons. That means that while the extensions bear the names of legitimate developers, they are, in fact, imposters with no relation.

They include:

NordVPN
Adguard VPN
TunnelBear VPN
The Great Suspender
Floating Player — Picture-in-Picture Mode

“I had the tunnelbear extension installed, but I removed it once I figured out it was causing the issue,” Laurence Norah, a photographer at Finding the Universe, told me by email. “It’s easy enough to see it happening—if you install one of the affected extensions in Edge, open dev tools, and press the ‘sources’ tab, you’ll see something that shouldn’t be there like ok-search.org or cdn77.”

His account was consistent with images and accounts from other forum participants. Below are two screenshots:

Microsoft officials have yet to provide a response to email seeking comment for this post. But in This Reddit comment someone identifying herself as a community manager for Microsoft Edge said the company is in the process of investigating the extensions.

“The team just updated me to let me know that anyone seeing these injections should turn off their extensions and let me know if you continue to see them at that point,” the person using the handle MSFTMissy wrote. “Once I have any news from them, I will update this thread accordingly.”

None of the five legitimate developers of the real extensions responded to a request for comment. Readers should remember, however, that legitimate developers can’t be held responsible when their apps or add-ons are spoofed.

Along with Android apps, browser extensions are one of the weak links in the online security chain. The problem is that anyone can submit them, and Google, Mozilla, and now Microsoft haven’t come up with a system that adequately vets the authenticity of the people submitting them or the safety of the code.

Search engine redirections are typically part of a scheme to generate fraudulent revenue by ginning up ad clicks, and that’s what’s likely happening here. While reports indicate that the add-ons do nothing more than hijack legitimate searches, the privileges they require provide the possibility of doing much worse. Usage rights include things like:

  • Read and change all your data on the websites you visit
  • Manage your apps, extensions, and themes
  • Change your privacy-related settings

Anyone who has installed any of the above-mentioned Edge add-ons should remove them immediately. And the oft-repeated advice about browser extensions still applies here: (1) install extensions only when they provide true value or benefit and even then (2) take time to read reviews and check the developer for any signs an extension is fraudulent.

Continue Reading

Biz & IT

Amazon to roll out tools to monitor factory workers and machines

Published

on

Amazon is rolling out cheap new tools that will allow factories everywhere to monitor their workers and machines, as the tech giant looks to boost its presence in the industrial sector.

Launched by Amazon’s cloud arm AWS, the new machine-learning-based services include hardware to monitor the health of heavy machinery and computer vision capable of detecting whether workers are complying with social distancing.

Amazon said it had created a two-inch, low-cost sensor—Monitron—that can be attached to equipment to monitor abnormal vibrations or temperatures and predict future faults.

AWS Panorama, meanwhile, is a service that uses computer vision to analyze footage gathered by cameras within facilities, automatically detecting safety and compliance issues such as workers not wearing PPE or vehicles being driven in unauthorized areas.

The new services, announced on Tuesday during the company’s annual cloud computing conference, represent a step up in the tech giant’s efforts to gather and crunch real-world data in areas it currently feels are underserved.

“If you look at manufacturing and industrial generally, it’s a space that has seen some innovations, but there’s a lot of pieces that haven’t been digitized and modernized,” said Matt Garman, AWS’s head of sales and marketing, speaking to the FT.

“Locked up in machines”

“There’s a ton of data in a factory, or manufacturing facility, or a supply chain. It’s just locked up in sensors, locked up in machines that a lot of companies could get a lot of value from.”

Amazon said it had installed 1,000 Monitron sensors at its fulfillment centers near the German city of Mönchengladbach, where they are used to monitor conveyor belts handling packages.

If successful, said analyst Brent Thill from Jefferies, the move would help Amazon cement its position as the dominant player in cloud computing, in the face of growing competition from Microsoft’s Azure and Google Cloud as well as a prolonged run of slowed segment growth.

“This idea of predictive analytics can go beyond a factory floor,” Mr. Thill said. “It can go into a car, on to a bridge, or on to an oil rig. It can cross fertilize a lot of different industries.”

A number of companies are already trialling AWS Panorama. Siemens Mobility said it would use the tech to monitor traffic flow in cities, though would not specify which. Deloitte said it was working with a major North America seaport to use the tool to monitor the movement of shipments.

“Easy for us to get worried”

However, Amazon’s own use of tools to monitor the productivity of employees has raised concerns among critics. Throughout the pandemic, the company has used computer vision to ensure employee compliance with social distancing guidelines.

Swami Sivasubramanian, AWS’s head of machine learning and AI, said none of the services announced would include “pre-packaged” facial recognition capabilities, and he said AWS would block clients who abused its terms of service on data privacy and surveillance.

“When you look at this technology, sometimes it’s very easy for us to get worried about how they can be abused,” he told the FT.

“But the same technology can be used to ensure worker safety. Are people walking in spaces where they shouldn’t be? Is there an oil spill? Are they not wearing hard hats? These are real-world problems.”

© 2020 The Financial Times Ltd. All rights reserved Not to be redistributed, copied, or modified in any way.

Continue Reading

Biz & IT

Oracle vulnerability that executes malicious code is under active attack

Published

on

Attackers are targeting a recently patched Oracle WebLogic vulnerability that allows them to execute code of their choice, including malware that makes servers part of a botnet that steals passwords and other sensitive information.

WebLogic is a Java enterprise application that supports a variety of databases. WebLogic servers are a coveted prize for hackers, who often use them to mine cryptocurrency, install ransomware, or as an inroad to access other parts of a corporate network. Shodan, a service that scans the Internet for various hardware or software platforms, found about 3,000 servers running the middleware application.

CVE-2020-14882, as the vulnerability is tracked, is a critical vulnerability that Oracle patched in October. It allows attackers to execute malicious code over the Internet with little effort or skill and no authentication. Working exploit code became publicly available eight days after Oracle issued the patch.

According to Paul Kimayong, a researcher at Juniper Networks, hackers are actively using five different attack variations to exploit servers that remain vulnerable to CVE-2020-14882. Among the variations is one that installs the DarkIRC bot. Once infected, servers become part of a botnet that can install malware of its choice, mine cryptocurrency, steal passwords, and perform denial-of-service attacks. DarkIRC malware was available for purchase in underground markets for $75 in October, and it is likely still being sold now.

Other exploit variants install the following other payloads:

  • Cobalt Strike
  • Perlbot
  • Meterpreter
  • Mirai

The attacks are only the latest to target this easy-to-exploit vulnerability. A day after the exploit code was posted online, researchers from Sans and Rapid 7 said they were seeing hackers attempting to opportunistically exploit CVE-2020-14882. At the time, however, the attackers weren’t actually trying to exploit the vulnerability to install malware but instead only to test if a server was vulnerable.

CVE-2020-14882 affects WebLogic versions 10.3.6.0.0, 12.1.3.0.0, 12.2.1.3.0, 12.2.1.4.0, and 14.1.1.0.0. Anyone using one of these versions should immediately install the patch Oracle issued in October. People should also patch CVE-2020-14750, a separate but related vulnerability that Oracle fixed in an emergency update two weeks after issuing a patch for CVE-2020-14882.

Continue Reading

Biz & IT

Does Tor provide more benefit or harm? New paper says it depends

Published

on

The Tor anonymity network has generated controversy almost constantly since its inception almost two decades ago. Supporters say it’s a vital service for protecting online privacy and circumventing censorship, particularly in countries with poor human rights records. Critics, meanwhile, argue that Tor shields criminals distributing child-abuse images, trafficking in illegal drugs, and engaging in other illicit activities.

Researchers on Monday unveiled new estimates that attempt to measure the potential harms and benefits of Tor. They found that, worldwide, almost 7 percent of Tor users connect to hidden services, which the researchers contend are disproportionately more likely to offer illicit services or content compared with normal Internet sites. Connections to hidden services were significantly higher in countries rated as more politically “free” relative to those that are “partially free” or “not free.”

Licit versus illicit

Specifically, the fraction of Tor users globally accessing hidden sites is 6.7, a relatively small proportion. Those users, however, aren’t evenly distributed geographically. In countries with regimes rated “not free” by this scoring from an organization called Freedom House, access to hidden services was just 4.8 percent. In “free” countries, the proportion jumped to 7.8 percent.

Here’s a graph of the breakdown:

More politically “free” countries have higher proportions of Hidden Services traffic than is present in either “partially free” or “not free” nations. Each point indicates the average daily percentage of anonymous services accessed in a given country. The white regions represent the kernel density distributions for each ordinal category of political freedom (“free,” “partially free,” and “not free”
Enlarge / More politically “free” countries have higher proportions of Hidden Services traffic than is present in either “partially free” or “not free” nations. Each point indicates the average daily percentage of anonymous services accessed in a given country. The white regions represent the kernel density distributions for each ordinal category of political freedom (“free,” “partially free,” and “not free”

In a paper, the researchers wrote:

The Tor anonymity network can be used for both licit and illicit purposes. Our results provide a clear, if probabilistic, estimation of the extent to which users of Tor engage in either form of activity. Generally, users of Tor in politically “free” countries are significantly more likely to be using the network in likely illicit ways. A host of additional questions remain, given the anonymous nature of Tor and other similar systems such as I2P and Freenet. Our results narrowly suggest, however, users of Tor in more repressive “not free” regimes tend to be far more likely to venture via the Tor network to Clear Web content and so are comparatively less likely to be engaged in activities that would be widely deemed malicious.

The estimates are based on a sample comprising 1 percent of Tor entry nodes, which the researchers monitored from December 31, 2018, to August 18, 2019, with an interruption to data collection from May 4 to May 13. By analyzing directory lookups and other unique signatures in the traffic, the researchers distinguished when a Tor client was visiting normal Internet websites or anonymous (or Dark Web) services.

The researchers—from Virginia Tech in Blacksburg, Virginia; Skidmore College in Saratoga Springs, New York; and Cyber Espion in Portsmouth, United Kingdom—acknowledged that the estimates aren’t perfect, In part, that’s because the estimates are based on the unprovable assumption that the overwhelming majority of Dark Web sites provide illicit content or services.

The paper, however, argues that the findings can be useful for policymakers who are trying to gauge the benefits of Tor relative to the harms it creates. The researchers view the results through the lenses of the 2015 paper titled The Dark Web Dilemma: Tor, Anonymity and Online Policing and On Liberty, the essay published by English philosopher John Stuart Mill in 1859.

Dark Web dilemma

The researchers in Monday’s paper wrote:

These results have a number of consequences for research and policy. First, the results suggest that anonymity-granting technologies such as Tor present a clear public policy challenge and include clear political context and geographical components. This policy challenge is referred to in the literature as the “Dark Web dilemma.” At the root of the dilemma is the so-called “harm principle” proposed in On Liberty by John Stuart Mill. In this principle, it is morally permissible to undertake any action so long as it does not cause someone else harm.

The challenge of the Tor anonymity network, as intimated by its dual use nature, is that maximal policy solutions all promise to cause harm to some party. Leaving the Tor network up and free from law enforcement investigation is likely to lead to direct and indirect harms that result from the system being used by those engaged in child exploitation, drug exchange, and the sale of firearms, although these harms are of course highly heterogeneous in terms of their potential negative social impacts and some, such as personal drug use, might also have predominantly individual costs in some cases.

Conversely, simply working to shut down Tor would cause harm to dissidents and human rights activists, particularly, our results suggest, in more repressive, less politically free regimes where technological protections are often needed the most.

Our results showing the uneven distribution of likely licit and illicit users of Tor across countries also suggest that there may be a looming public policy conflagration on the horizon. The Tor network, for example, runs on ∼6,000–6,500 volunteer nodes. While these nodes are distributed across a number of countries, it is plausible that many of these infrastructural points cluster in politically free liberal democratic countries. Additionally, the Tor Project, which manages the code behind the network, is an incorporated not for profit in the United States and traces both its intellectual origins and a large portion of its financial resources to the US government.

In other words, much of the physical and protocol infrastructure of the Tor anonymity network is clustered disproportionately in free regimes, especially the United States. Linking this trend with a strict interpretation of our current results suggests that the harms from the Tor anonymity network cluster in free countries hosting the infrastructure of Tor and that the benefits cluster in disproportionately highly repressive regimes.

A “flawed” assumption

It didn’t take long for people behind the Tor Project to question the findings and the assumptions that led to them. In an email, Isabela Bagueros, executive director of the Tor Project, wrote:

The authors of this research paper have chosen to categorize all .onion sites and all traffic to these sites as “illicit” and all traffic on the “Clear Web” as ‘licit.’

This assumption is flawed. Many popular websites, tools, and services use onion services to offer privacy and censorship-circumvention benefits to their users. For example, Facebook offers an onion service. Global news organizations, including The New York Times, BBC, Deutsche Welle, Mada Masr, and Buzzfeed, offer onion services.

Whistleblowing platforms, filesharing tools, messaging apps, VPNs, browsers, email services, and free software projects also use onion services to offer privacy protections to their users, including Riseup, OnionShare, SecureDrop, GlobaLeaks, ProtonMail, Debian, Mullvad VPN, Ricochet Refresh, Briar, and Qubes OS.

(For even more examples, and quotes from website admins that use onion services on why they use Tor: https://blog.torproject.org/more-onions-end-of-campaign)

Writing off traffic to these widely-used sites and services as “illicit” is a generalization that demonizes people and organizations who choose technology that allows them to protect their privacy and circumvent censorship. In a world of increasing surveillance capitalism and internet censorship, online privacy is necessary for many of us to exercise our human rights to freely access information, share our ideas, and communicate with one another. Incorrectly identifying all onion service traffic as “illicit” harms the fight to protect encryption and benefits the powers that be that are trying to weaken or entirely outlaw strong privacy technology.

Secondly, we look forward to hearing the researchers describe their methodology in more detail, so the scientific community has the possibility to assess whether their approach is accurate and safe. The copy of the paper provided does not outline their methodology, so there is no way for the Tor Project or other researchers to assess the accuracy of their findings.

The paper is unlikely to convert Tor supporters to critics or vice versa. It does, however, provide a timely estimate of overall Tor usage and geographic breakdown that will be of interest to many policymakers.

Continue Reading

Trending