Akshay Shendarkar

Google Chrome to add new features to protect against phishing attacks

Looking at the usefulness of Google in reconnaissance activities this week, I wanted to bring to light the latest development made by Google for safe browsing.

Google is working to add a feature to Google Chrome that warns users about similar or lookalike URLs that users may visit thinking they are legitimate sites.

This new feature will alert users when they visit URLs that pretend to lookalike a legitimate URL. For example, Appl3[.]com, tw1tter[.]com, m1crosoft[.]com.

Even though these features are currently available only in ‘Chrome Canary 74’, these are massive strides in the direction of safe internet browsing.

References:

https://cyware.com/news/google-to-add-a-feature-to-chrome-that-warns-users-about-lookalike-urls-481786c6

https://community.mis.temple.edu/mis5211sec702fall2020/2020/09/13/6661/

This week’s reading article emphasized on the importance of vulnerability management program in any organization.  Specific importance was given into difficulties organizations face in choosing their business partners.  We have seen over the years that hackers target vendors/business partners to gain an entry into the target organization.  This article provided a brief introduction to open source tools which can be used to get the necessary information about vendors’/ business partners’ strength and security of IT systems, without disrupting relations. Information obtained using these open source vulnerability assessment tools can help organizations in making informed decisions regarding their business partners.

What popular devices or techniques can you suggest IT Auditors/security professionals to check the hardening of or to audit network devices?

Canadian government services forced offline after credential stuffing attacks

Some of the key Canadian government applications, including the ones providing federal and immigration services were recently attacked and force to stop their operations. As per the report, the attack conducted was ‘password stuffing’, where username and passwords of users which were stolen in previous hacks were used. This attack was successful due to the fundamental human nature, where we use the same password/username for multiple applications and accounts.

My understanding from this article is that people or organizations might not even be aware that they have been hacked or suffered a security breach. It should be noted that usernames and passwords which were used in this attack, were stolen previously and there were no suspicions raised by any people whose usernames and passwords were stolen. The most realistic solution to prevent these attacks would be to have different usernames and passwords for different accounts. However, in the age of SSO and due to limited human capabilities to save different passwords, this solution is always going to be a challenge.

Reference:

https://portswigger.net/daily-swig/canadian-government-services-forced-offline-after-credential-stuffing-attacks

The reading articles for this week provided a great and simplistic introduction to the networking concepts which included brief descriptions of all the layers in OSI and TCP/IP (DoD) model.  The takeaway for me from these readings was getting an understanding of all the protocols which work in sync across all the layers when two ‘hosts’ communicate on a network. As a user, we are mostly interfacing with the application layer, however, I realized everything eventually comes down to bits and the electrical signals when a packet traverses across a network. The readings provided a fundamental understanding of the all the layers and could prove to be a good starting point to understand vulnerabilities in networks.