The Hacker News Logo
Subscribe to Newsletter

The Hacker News — Cyber Security and Hacking News Website: Internet Security

Kaspersky Antivirus Flaw Exposed Users to Cross-Site Tracking Online

Kaspersky Antivirus Flaw Exposed Users to Cross-Site Tracking Online

August 15, 2019Swati Khandelwal
In this digital era, the success of almost every marketing, advertising, and analytics company drives through tracking users across the Internet to identify them and learn their interests to provide targeted ads. Most of these solutions rely on 3rd-party cookies, a cookie set on a domain other than the one you are browsing, which allows companies including Google and Facebook to fingerprint you in order to track your every move across multiple sites. However, if you're using Kaspersky Antivirus, a vulnerability in the security software had exposed a unique identifier associated with you to every website you visited in the past 4 years, which might have allowed those sites and other third-party services to track you across the web even if you have blocked or erased third-party cookies timely. The vulnerability, identified as CVE-2019-8286 and discovered by independent security researcher Ronald Eikenberg, resides in the way a URL scanning module integrated into the antivir
Facebook to Pay $5 Billion Fine to Settle FTC Privacy Investigation

Facebook to Pay $5 Billion Fine to Settle FTC Privacy Investigation

July 13, 2019Swati Khandelwal
After months of negotiations, the United States Federal Trade Commission (FTC) has approved a record $5 billion settlement with Facebook over its privacy investigation into the Cambridge Analytica scandal . The settlement will put an end to a wide-ranging probe that began more than a year ago and centers around the violation of a 2011 agreement Facebook made with the FTC that required Facebook to gain explicit consent from users to share their personal data. The FTC launched an investigation into the social media giant last year after it was revealed that the company allowed Cambridge Analytica access to the personal data of around  87 million Facebook users without their explicit consent. Now, according to a new report published by the Wall Street Journal, the FTC commissioners this week finally voted to approve a $5 billion settlement, with three Republicans voting to approve the deal and two Democrats against it. Facebook anticipated the fine to between $3 billion and
Google DNS Service (8.8.8.8) Now Supports DNS-over-TLS Security

Google DNS Service (8.8.8.8) Now Supports DNS-over-TLS Security

January 10, 2019Swati Khandelwal
Almost every activity on the Internet starts with a DNS query, a key function of the Internet that works as an Internet's directory where your device looks up for the server IP addresses after you enter a human-readable web address (e.g., thehackernews.com). Since DNS queries are sent in clear text over UDP or TCP without encryption, the information can reveal not only what websites an individual visits but is also vulnerable to spoofing attacks. To address these problems, Google announced Wednesday that its Public DNS (Domain Name System) service finally supports DNS-over-TLS security protocol, which means that the DNS queries and responses will be communicated over TLS-encrypted TCP connections. The DNS-over-TLS has been designed to make it harder for man-in-the-middle attackers to manipulate the DNS query or eavesdrop on your Internet connection. Launched over eight years ago, Google Public DNS, at IP addresses 8.8.8.8 and 8.8.4.4, is world's largest public Domai
Robert W. Taylor, Who Helped Create the Internet, Dies at 85

Robert W. Taylor, Who Helped Create the Internet, Dies at 85

April 17, 2017Wang Wei
Image by New York Times The Internet just lost one of its most prominent innovators. Robert W Taylor, a computer scientist who was instrumental in creating the Internet as well as the modern personal computer, has died at the age of 85. Mr. Taylor, who is best known as the mastermind of ARPAnet (precursor of the Internet), had Parkinson's disease and died on Thursday at his home in Woodside, California, his son Kurt Kurt Taylor told US media . While the creation of the Internet was work of many hands, Mr. Taylor made many contributions. As a researcher for the US military's Advanced Research Projects Agency (ARPA) in 1966, Taylor helped pioneer the concept of shared networks, as he was frustrated with constantly switching between 3 terminals to communicate with researchers across the country. His frustration led the creation of ARPAnet — a single computer network to link each project with the others — and this network then evolved into what we now know as the In
Tor Project Releases Sandboxed Tor Browser 0.0.2

Tor Project Releases Sandboxed Tor Browser 0.0.2

December 12, 2016Swati Khandelwal
The non-profit organization behind TOR – the largest online anonymity network that allows people to hide their real identity online – has launched an early alpha version of Sandboxed Tor Browser 0.0.2 . Yes, the Tor Project is working on a sandboxed version of the Tor Browser that would isolate the Tor Browser from other processes of the operating system and limit its ability to interact or query low-level APIs that can lead to the exposure of real IP addresses, MAC addresses, computer name, and more. Sandboxing is a security mechanism for separating running programs. When an application is sandboxed, its process runs in a separate environment from the underlying operating system, so that errors or security issues in that application can not be leveraged to affect other parts of the OS. Sandbox applications are enabled in their own sequestered area and memory, where they can be worked on without posing any threat to other applications or the operating system. Major modern br
'Web Of Trust' Browser Add-On Caught Selling Users' Data — Uninstall It Now

'Web Of Trust' Browser Add-On Caught Selling Users' Data — Uninstall It Now

November 08, 2016Swati Khandelwal
Browser extensions have become a standard part of the most popular browsers and essential part of our lives for surfing the Internet. But not all extensions can be trusted. One such innocent looking browser add-on has been caught collecting browsing history of millions of users and selling them to third-parties for making money. An investigation by German television channel NDR ( Norddeutscher Rundfunk ) has discovered a series of privacy breaches by Web Of Trust (WOT) – one of the top privacy and security browser extensions used by more than 140 Million online users to help keep them safe online. Web of Trust has been offering a " Safe Web Search & Browsing " service since 2007. The WOT browser extension, which is available for both Firefox and Chrome, uses crowdsourcing to rate websites based on trustworthiness and child safety. However, it turns out that the Web of Trust service collects extensive data about netizens' web browsing habits via its brows
New Privacy Rules require ISPs to must Ask you before Sharing your Sensitive Data

New Privacy Rules require ISPs to must Ask you before Sharing your Sensitive Data

October 28, 2016Swati Khandelwal
Good News for privacy concerned people! Now, your online data will not be marketed for business; at least by your Internet Service Providers (ISPs). Yes, it's time for your ISPs to ask your permission in order to share your sensitive data for marketing or advertisement purposes, the FCC rules. On Thursday, the United States Federal Communications Commission (FCC) has imposed new privacy rules on Internet Service Providers (ISPs) that restrict them from sharing your online history with third parties without your consent. In a 3-2 vote, the FCC approved the new rules by which many privacy advocates seem pleased, while some of them wanted the Commission to even apply the same rules to web-based services like Google and Facebook as well. Initially proposed earlier this year, the new rule says : "ISPs are required to obtain affirmative 'opt-in' consent from consumers to use and share sensitive information." What does 'sensitive' information mean h
An Army of Million Hacked IoT Devices Almost Broke the Internet Today

An Army of Million Hacked IoT Devices Almost Broke the Internet Today

October 22, 2016Unknown
A massive Distributed Denial of Service (DDoS) attack against Dyn , a major domain name system (DNS) provider, broke large portions of the Internet on Friday, causing a significant outage to a ton of websites and services, including Twitter, GitHub, PayPal, Amazon, Reddit, Netflix, and Spotify. But how the attack happened? What's the cause behind the attack? Exact details of the attack remain vague, but Dyn reported a huge army of hijacked internet-connected devices could be responsible for the massive attack. Yes, the same method recently employed by hackers to carry out record-breaking DDoS attack of over 1 Tbps against France-based hosting provider OVH. According to security intelligence firm Flashpoint , Mirai bots were detected driving much, but not necessarily all, of the traffic in the DDoS attacks against DynDNS. Mirai is a piece of malware that targets Internet of Things (IoT) devices such as routers, and security cameras, DVRs, and enslaves vast numbers of
France warns Microsoft to Stop Collecting Windows 10 Users' Personal Data

France warns Microsoft to Stop Collecting Windows 10 Users' Personal Data

July 21, 2016Swati Khandelwal
We have heard a lot about privacy concerns surrounding Windows 10 and accusations on Microsoft of collecting too much data about users without their consent. Now, the French data protection authority has ordered Microsoft to stop it. France's National Data Protection Commission (CNIL) issued a formal notice on Wednesday, asking Microsoft to "stop collecting excessive data" as well as "tracking browsing by users without their consent." The CNIL, Commission Nationale de l’Informatique et des Libertés, ordered Microsoft to comply with the French Data Protection Act within 3 months, and if fails, the commission will issue a sanction against the company. Moreover, the CNIL notified Microsoft that the company must also take "satisfactory measures to ensure the security and confidentiality" of its users' personal data. The notice comes after a series of investigations between April and June 2016 by French authorities, revealing that Mic
Core Tor Contributor Leaves Project; Shutting Down Important Tor Nodes

Core Tor Contributor Leaves Project; Shutting Down Important Tor Nodes

July 19, 2016Swati Khandelwal
Another blow to the Tor Project : One of the Tor Project's earliest contributors has decided to quit the project and shut down all of the important Tor nodes under his administration. Lucky Green was part of the Tor Project before the anonymity network was known as TOR. He probably ran one of the first 5 nodes in the TOR network at its inception and managed special nodes inside the anonymity network. However, Green announced last weekend that "it is no longer appropriate" for him to be part of the Tor Project, whether it is financially or by providing computing resources. TOR, also known as The Onion Router , is an anonymity network that makes use of a series of nodes and relays to mask its users' traffic and hide their identity by disguising IP addresses and origins. The TOR network is used by privacy-conscious people, activists, journalists and users from countries with strict censorship rules. Crucial and Fast TOR Nodes to be Shut Down Soon Alongs
Microsoft Wins! Govt Can't Force Tech Companies to Hand Over Data Stored Overseas

Microsoft Wins! Govt Can't Force Tech Companies to Hand Over Data Stored Overseas

July 15, 2016Swati Khandelwal
Especially after the Snowden revelations of global  mass surveillance by US intelligence agencies at home and abroad, various countries demanded tech companies including Google, Apple, and Microsoft to set-up and maintain their servers in respective countries in order to keep their citizen data within boundaries. The US government has powers to comply US-based tech companies with the court orders to hand over their customers' data stored on servers, even if the data centers are beyond US borders. Now, the recent court decision has proven that the data centers and servers located outside the US boundaries are safe haven. The Second Circuit Court of Appeals in New York ruled Thursday that the United States government cannot force tech companies to give the FBI or other federal authorities access to their non-US customers' data stored on servers located in other countries. US Government Can't go Beyond its Boundaries to Collect Data Yes, the Stored Communicatio
WebUSB API — Connect Your USB Devices Securely to the Internet

WebUSB API — Connect Your USB Devices Securely to the Internet

April 12, 2016Swati Khandelwal
Two Google engineers have developed a draft version of an API called WebUSB that would allow you to connect your USB devices to the Web safely and securely, bypassing the need for native drivers. WebUSB – developed by Reilly Grant and Ken Rockot – has been introduced to the World Wide Web Consortium's Web Incubator Community Group (W3C WICG), is build to offer a universal platform that could be adopted by browser makers in future versions of their software. Connecting USB Devices to the Web WebUSB API allows USB-connected devices, from keyboards, mice, 3D printers and hard drives to complex Internet of Things (IoTs) appliances, to be addressed by Web pages. The aim is to help hardware manufacturers have their USB devices work on any platform, including Web, without having any need to write native drivers or SDKs for a dedicated platform. Besides controlling the hardware, a Web page could also install firmware updates as well as perform other essential tasks. Howev
Password Security — Who's to Blame for Weak Passwords? Users, Really?

Password Security — Who's to Blame for Weak Passwords? Users, Really?

January 26, 2016Swati Khandelwal
The majority of Internet users are vulnerable to cyber threats because of their own weaknesses in setting up a strong password. But, are end-users completely responsible for choosing weak passwords? Give a thought. Recently we wrote an article revealing the list of Worst Passwords of 2015 that proved most of us are still using bad passwords, like ' 123456 ' or ' password ,' to secure our online accounts that when breached could result in critical information loss. If the end-user is to blame for weak password security, then the solution is to educate each and every Internet user to follow the best password security practice. But is that really possible? Practically, No. Even after being aware of best password security measures, do we really set strong passwords for every website? I mean EVERY. Ask yourself. Who's Responsible for allowing Users to Set a Weak Password? It's the websites and their developers, who didn't enforce a
Kim Dotcom's Decentralized Internet — For You, Powered By You

Kim Dotcom's Decentralized Internet — For You, Powered By You

November 03, 2015Swati Khandelwal
Imagine the internet that would offer you to communicate privately with anyone else without censorship, safe from the prying eyes of surveillance authorities…. … Decentralized, Encrypted, Peer-to-Peer Supported and especially a non-IP Address based Internet. Yeah, a New Private Internet that would be harder to get Hacked. This Internet is a dream of all Internet users today and, of course, Kim Dotcom – the Famous Internet entrepreneur who introduced legendary Megaupload and MEGA file sharing services to the World. Kim Dotcom announced plans to start his very own private internet at the beginning of this year and has now revealed more details about MegaNet — a decentralized, non-IP based network that would share data via " Blockchains ," the technology behind Bitcoins. On Thursday, Dotcom remotely addressed a conference in Sydney, Australia, where he explained how MegaNet will utilize the power of mobile phones and laptops to operate. How will M
FBI Suggests Ransomware Victims — 'Just Pay the Ransom Money'

FBI Suggests Ransomware Victims — 'Just Pay the Ransom Money'

October 27, 2015Mohit Kumar
Your Headache is not my Problem. If your computer gets hacked and infected with malware that holds your data for ransom, just pay off the criminals to see your valuable data again and do not expect the FBI to save them – it's what the FBI is advising concerning ransomware . Ransomware is a sophisticated malicious software that lets hacker encrypts all the contents of a victim's hard drive or/and server and demands ransom (typically in Bitcoins) for the decrypt key. Also Read:   Free Ransomware Decryption and Malware Removal ToolKit Federal agencies and the FBI have long urged people not to pay ransom to the criminals, as there is no guarantee that they will even receive an unlock key. The FBI – 'Better Pay up the Ransom' However, while speaking at the 2015 Cyber Security Summit on Wednesday, Assistant Special Agent Joseph Bonavolonta , who oversees the FBI's Boston office, advised the companies infected with ransomware to better pay up th
Privatoria — Best VPN Service for Fast, Anonymous and Secure Browsing

Privatoria — Best VPN Service for Fast, Anonymous and Secure Browsing

October 27, 2015Swati Khandelwal
PRIVACY  – a bit of an Internet buzzword nowadays. Why? Because the business model of the Internet has now become data collection. If you trust Google, Facebook or other Internet giants to be responsible managers of your data, the ongoing Edward Snowden revelations are making it all clear that this type of information can be easily snooped by the intelligence agencies like NSA and GCHQ. In short, the simple truth is that you have no or very little privacy when you are online. So, if you are worried about identity thieves, or your ISP spying on or throttling your traffic, the most efficient way to secure your privacy on the Internet is to use a Virtual Private Network (VPN) service. Though you can take other measures to increase security on your end, like installing a firewall as well as blocking known intrusive IP addresses that might be spying on you — But VPN takes your security to the next level by encrypting all inbound and outbound data. VPN (Virtual Priv
Google to Disable Weak SSLv3 and RC4 Protocols to Boost Internet Security

Google to Disable Weak SSLv3 and RC4 Protocols to Boost Internet Security

September 19, 2015Swati Khandelwal
It is finally time to say GoodBye to the old and insecure Web security protocols. Citing the long history of weaknesses in the Secure Sockets Layer (SSL) 3.0 cryptographic protocol and the RC4 Cipher Suite, Google plans to disable support for both SSLv3 as well as RC4 stream cipher in its front-end servers. While announcing on its official blog , the Search Engine giant said the company is looking to put away SSLv3 and RC4 in all of its front-end servers, and eventually, in all its software including Chrome, Android, Web crawlers, and email servers. The move by Google came as no surprise, considering the fact that both RC4 and SSLv3 have been deemed unsecure by the Internet Engineering Task Force (IETF). What are the Problems? SSLv3, which was made outdated 16 years ago, has a long history of security problems like BEAST , out of them the most recent one was POODLE ( Padding Oracle On Downgraded Legacy Encryption ) attacks, which lead to the recovery of plaintext communication
Exclusive Deals

Get Daily News Updates By Email

Join over 350,000 information security professionals — Get the best of our cyber security coverage delivered to your inbox every morning.