,

Google Chrome Update 56 “Not Secure”


Coming soon to a device near you, Google is releasing a new version of its web browser. Version 56 which will apparently flag any website that collects passwords and other sensitive info as “Not Secure.” We just saw an update shoot down that causes Chrome to default to HTML5 for all sites except a good many still around. This move is frankly part of an effort to make the web safer. An effort that has been effected greatly by sites like Letsencrypt, which is mainly a project aimed to make encrypted connections to WWW servers ubiquitous. See building a website is one step while securing that site is another. A process that came/comes with a pretty high cost. Letsencrypt has created a way for anyone with a website whether they make $0 to infinite dollars to secure information they collect.






Chrome version 56 is the start of a long-term game to mark all HTTP sites as not being secure sites. So since users of Chrome were not taking the notifications serious enough Google will change the notification to a red triangle with expanded text. If anyone wants to try out the new version you can find it in the dev channel. Speaking of which I looked through and I find that this new version will also support Web Bluetooth. Web Bluetooth will allow sites to interact with Bluetooth Low Energy (BLE) devices on Android, Chrome OS, and Mac. Starting to sound cool and maybe a little crazy depending on how you look at it. So with a few lines of code your browser will be able connect to printers or even LED displays along with Physical Web Beacons to further open up control of more nearby devices. You are gonna have read more on Physical web. Just click the link but to sum it up it allows use of just about anything. I can already see the issues that can arise with being able to control someone’s house using their browser.

So with this new update we could assume other browsers will follow suit but at this moment I cannot find any mention of this. I am sure though that they will and with this I tell anyone that has a website to start migrating your sites to use HTTPS if you do not already.



Physical Web Beacons


, , , ,

Windows 10 – Edge Browser is Safer?



Bouncing around the web I ran into a reddit page from a user called “illCodeYouABrain” who while opening Firefox at times receives a message from Windows 10 (image shown link). I thought it was a little interesting but wanted to know for sure or rather what prompted Microsoft to create such a notification.

So apparently Microsoft has enabled a set of ‘Windows Tips’ that lets users who use Firefox and Chrome know that their Edge browser is safer. I do remember some news months ago about Windows 10 warning Chrome and Firefox users about battery drain related to those browsers and recommended using Edge instead.  This notification of course most likely applies to those that have portable Windows 10 devices like tablets and laptops. My first reaction to it was just a simple “okay”.  I can understand already how battery drain can be applied to Chrome and Firefox just from my own personal use of the browsers. Both have more features and having addons in any browser will equate to more battery use depending on the addons you like to use. Microsoft even supposedly performed an experiment to prove it. (video on left) I don’t know how trustworthy this would be and I have a lot of questions on the test itself but either way it would not surprise me for reasons I have mentioned latter.

The notification can at times popup when opening Firefox as well as Chrome; and, if anyone has seen this popup make a comment. Microsoft of course will only respond with rhetoric that coincides with the tone they use in the Windows 10 environment with words like “We want to provide easy information that can help our users enhance their Windows 10 experience.” I will add that you can change the settings for this feature if you open Settings => System => Notifications => Disable “Get tips, tricks and suggestions as you use Windows”

win10tipsdisable

So where does this tip find its merit? Well NSS Labs performed a comparison of the 3 major browsers. Now I know Microsoft in the past has asked them to do studies and Internet Explorer has come out on top but apparently this time Microsoft had not commissioned this study. I have the results and read through them and this is the scoop.

The NSS test results were obtained from live testing where all browsers were subjected to the same set of social malware. “This test comprised 220,918 test cases that included 5,224 unique suspicious samples. Ultimately, 304 samples met NSS validation criteria and were included as part of the test.”

The Edge browser blocked a great 99% of the socially engineered malware (SEM) that was thrown at it. Now this is due to SmartScreen URL Rep and App Rep which are reputation based defenses that protect you from malicious links and downloads. Chrome and Firefox use Google’s Safe Browsing service. Just check the image (right) to see how the the others compared in this test.

There were 2 tests and the next one was in phishing protection, namely the average phishing URL catch rate for browsers over a 12 day period where Edge hit 91.4% while Chrome and Firefox also following closely. (image on left)


Security is important in all browser and Microsoft has been on the ball as far as security in concerned. It seems Edge is pretty secure. Now will these result make you want to switch? Idk. Mozilla and Google have a good history of keeping their users safe. Now Edge is a Windows 10 only browser while Firefox and Chrome are available on PC, Mac, and Linux. Edge having less features and being less compatible being addon-less will of course make it more secure just on that point alone but I see changes little by little as Microsoft aspires to add more to the Edge browser. Overall??? Nothing beats user knowledge. The NSS report itself says this

“Users who are able to identify social engineering attacks rely less on technology for protection against such attacks. Technology will sometimes fail, but those users who can identify social engineering attacks will remain protected, regardless of the method used to attempt social engineering.”

which is something I always tell my own clients anyways.

If you wish to view some of the other data from the NSS report you can just continue reading. Whatever your browser of choice is just remember what was just said and know that YOU are the best protection against threats.


Other Tests Performed

There were other tests between the two categories of SEM and Phishing which I will show below.

SEM

Socially Engineered Malware



New threats are always an issue and will continue to be and so how fast your browser can respond to new threats is also important. This image shows how long it took for each browser to block a threat once it was introduced. The cumulative protection rates were calculated each day until the threats were blocked. “During the test, Microsoft Edge demonstrated a 98.7% zero-hour protection rate for malware. Microsoft Edge blocked 5.9% more malware than Google Chrome and 20.4% more malware than Mozilla Firefox. By the end of the seventh day of testing, Microsoft Edge was maintaining a 3.6% lead over Google Chrome and a 17.4% lead over Mozilla Firefox.”

fig2-zerohoursem



“Figure 3 depicts the average time to block SEM samples for each browser.”

fig3-avgtime2blocksem

“Microsoft Edge required an average of less than ten minutes to block new SEM. At more than two hours and 39 minutes, Google Chrome had the next best average time to block. Mozilla Firefox took longer than three hours and 45 minutes to block malware.”



“Figure 4 compares the use of Google Safe Browsing API vs Microsoft SmartScreen.”

“Microsoft has invested significantly in its SmartScreen technology, which has constantly provided superior
protection for its users over time. When Google Safe Browsing API was first rolled out, it only offered protection against drive-by downloads and phishing sites. In response to the increase in socially engineered malware, Google added protection against SEM, which improved its block rate over previous NSS browser tests.”



“Throughout the test, new URLs hosting SEM were added, and URLs that were either no longer reachable or no longer delivering SEM, were removed. Figure 5 shows the consistency of protection of the tested browsers throughout the testing period.”

“Microsoft Edge had an average block rate of 99.0%; with its lowest recorded at 98.0%. Google Chrome had an average block rate of 85.8%; its lowest recorded at 50.0%. Mozilla Firefox had an average block rate of 78.3%, which was noticeably different than the 38.9% block rate it demonstrated at the beginning of the test.”

Phishing Malware

Masquerading as a legit entity to obtain sensitive info.



Equivalent data when referencing phishing attacks…

“Figure 2 depicts how long it took the browsers to block a threat once it was introduced into the test cycle. Cumulative protection rates are listed at the time of introduction, i.e., the “zero hour,” through the end of the test. Final protection scores for the duration of the URL test are summarized under the “Total” column.

fig2-avgtimeblockphishing

“Initial protection from phishing sites ranged from 82.7% for Google Chrome to 92.1% for Microsoft Edge. Since both Google Chrome and Mozilla Firefox rely on the Google Safe Browsing API, their protection is almost identical.”



“Figure 3 answers the question of how long a user must wait on average until a requested phishing URL is added to a block list. It shows the average time to block a phishing site once it was introduced into the test set, but only if it was blocked during the the test. Unblocked sites are not included,…”

“The average time to block a site (if it is blocked at all) is 56.4 minutes. Microsoft Edge was significantly faster at adding protection in the earliest hours of a phishing attack than any of the other browsers. Google Chrome and Mozilla Firefox took more than one hour on average to block new phishing websites.”



Daily users visit a wide range of sites that change from time to time thus phishing links also evolve along with it and keeping the phishing links blocked is key. NSS tested some live hyperlinks every six hours. The percentages will be different from the link results because this test entails multiple tests of a link. So if a link is blocked early on this will  improve the score while links missed continually will lower the score.

“Figure 4 shows protection at each of the 44 incremental tests of over a period of 12 days, and each score represents protection at a given point in time.”

“Google Chrome and Mozilla Firefox use the Google Safe Browsing API. The mean detection rates for these browsers is very close; however, Chrome lags behind Firefox in early protection.”

Products by Amazon

, , , , , , ,

Tired of Being Confined to your Small Mobile Screen?




Today smartphones come in larger sizes and you can go out and buy a tablet which will have larger size screens but at times there are trade-offs depending on which tablet you buy.  There are also the large following of people who have discovered the Android Emulator. I feel as if I have to back up a little bit to explain what this is and it starts with the word emulator. In this context an emulator is hardware or software that enables one computer system (the host) to behave like another computer system (the guest). Emulators are typically used for running software and games from another system. To make it more clear I can play Playstation games on my computer by installing an emulator. Next step in this definition is an AVD (Android Virtual Device) which by definition is an emulator configuration that lets you model an actual device by defining hardware and software options to be emulated by the Android Emulator. So AVD is a set of settings (basically). In the Android world we have many different Android phones that run several different versions of Android as well as several different graphical overlays (all those icons that you tap on); and, different hardware. So it is possible to create an emulator that can behave just like the phone you bought, whichever phone you have.

I hope that was clear for you and I will be discussing mostly about an Android emulator called Bluestacks who have come a long way since its start in 2011, which was known for being one of the first ways to run Android apps on your Windows computer.  Bluestacks is on version 2 now, the latest version of its platform with one big upgrade: the ability to run more than one Android app at the same time. This sounds really cool to me and I will have to put it more through its paces but I can see it adds a tab interface for jumping between several Android apps. It looks a lot like a web browser and Bluestacks 2 can also play mobile ads in separate tabs on click, which is a better idea to keep the ads from interrupting your game. Bluestacks company-wise says it’s reached more than 109 million downloads, with users running more than 1.1 billion Android apps every month. Bluestacks now has the 7th largest Android user base in the world, which is more than Xiaomi and Sony. (According to data from the research firm Gartner.)

Are you a PC gamer interested in playing mobile games? Are you a mobile gamer with the need for a larger screen? Android emulators  may just be the thing for you. I will also add there is another big Android emulator that also works well. It is called Andyroid, which tends to be more for the overall Android user that may not need the functionality for gaming per say. You do have to try both out to see which one you like better or which works better for you because from my experience they do come at times with issues. Both companies though give you ways to ask questions in getting those issues worked out. Oh before I go I will add in that some game creators are adding in security software into their games that block these emulators due to some using them to hack those games with the intention of getting harder to acquire items and content. (Someone always has to mess things up for everyone right?)

Bluestackslogo
Andyriod