Google Chrome to add new features to protect against phishing attacks
Looking at the usefulness of Google in reconnaissance activities this week, I wanted to bring to light the latest development made by Google for safe browsing.
Google is working to add a feature to Google Chrome that warns users about similar or lookalike URLs that users may visit thinking they are legitimate sites.
This new feature will alert users when they visit URLs that pretend to lookalike a legitimate URL. For example, Appl3[.]com, tw1tter[.]com, m1crosoft[.]com.
Even though these features are currently available only in ‘Chrome Canary 74’, these are massive strides in the direction of safe internet browsing.
References:
https://cyware.com/news/google-to-add-a-feature-to-chrome-that-warns-users-about-lookalike-urls-481786c6
This is really good news. Finally a browser taking initiate to defend against typ0squatting. User make tying mistakes all the time when they try to navigate to a URL. This has been a ploy used by attackers for awhile now, and at great success. If Chrome can pull this off it will surely aid defending unsuspecting from navigating to a spoofed site by way of a typing error.
New Unpatched Bluetooth Flaw Lets Hackers Easily Target Nearby Devices
The Bluetooth SIG- an organization that manages the development of Bluetooth standards-issued a statement that a newly unpatched vulnerability potentially affects millions of hundreds of devices worldwide. Two sperate teams of academic researchers discovered the flaw. The flaw resides in the cross-transport key derivation (CTKD) supporting introductory rate/enhanced data rate Bluetooth (BR/EDR) and Bluetooth low energy (BLE) standards (Kumar, 2020). CTKD is the Bluetooth component is responsible for negotiating authentication keys when pairing two Bluetooth devices. The flaw (“BlURtooth tracked as CVE-202-15802) exposes devices powered with 4.0 and 5.0 technology, allowing attackers to unauthorizedly connect to the nearby device by overwriting the authenticated key or reducing the encryption key strength. “Dual-mode devices using the CTKD generated long term keys (LTK)or link keys (LK) can overwrite the original LTK or LK in cases that transport was enforcing a higher level of security.” In layman terms, under specific implementations of the pairing process, the authorization keys could be overwritten when it is required to enforce higher security. According to an advisory published by Carnegie Mellon CERT coordination center, the flaw can lead to several potential attacks, grouped as ‘BLURattacks,’ including man-in-the-middle attack,
References
Kumar.Mohit. (September 10,2020). New Unpatched Bluetooth Flaw Lets Hackers Easily Target Nearby DevicesThe hacker news. Retrieved from https://thehackernews.com/2020/09/new-bluetooth-vulnerability.html
I’m glad to hear Google is creating such simple but easy fixes to problems that have been prevalent around the web for so long. Since many users such as myself rely heavily on chrome browser, this is great news. Also tools such as the certificate authorities, “the lock logo” to signify the connection is through a secure browser, can all be used as small tips that can help us differentiate the authenticity and safety of a site!