Posts Tagged: Windows 10

Jan 16

Skype Now Hides Your Internet Address

Ne’er-do-wells have long abused a feature in Skype to glean the Internet address of other users. Indeed, many shady online services that can be hired to launch attacks aimed at knocking users offline bundle so-called “Skype resolvers” that let customers find a target’s last known location online. At long last, Microsoft says its latest version of Skype will hide user Internet addresses by default.

“Starting with this update to Skype and moving forward, your IP address will be kept hidden from Skype users,” Microsoft’s Skype team wrote in a blog post about the latest version, v. for most users. “This measure will help prevent individuals from obtaining a Skype ID and resolving to an IP address.”

A Skype resolver service in action.

A Skype resolver service in action.

Typically, these Skype resolvers are offered in tandem with “booter” or “stresser” services, online attack tools-for-hire than can be rented to launch denial-of-service attacks (most often against online gamers). The idea being that if you want to knock someone offline but you don’t know their Internet address, you can simply search on Skype to see if they have an account, and then use the resolvers to locate their IP. Thus far, the resolvers have worked regardless of any privacy settings the target user may have selected within the Skype program’s configuration panel. Continue reading →

Dec 15

Expect Phishers to Up Their Game in 2016

Expect phishers and other password thieves to up their game in 2016: Both Google and Yahoo! are taking steps to kill off the password as we know it.

passcrackNew authentication methods now offered by Yahoo! and to a beta group of Google users let customers log in just by supplying their email address, and then responding to a notification sent to their mobile device.

According to TechCrunch, Google is giving select Gmail users a password-free means of signing in. It uses a “push” notification sent to your phone that then opens an app where you approve the log-in.

The article says the service Google is experimenting with will let users sign in without entering a password, but that people can continue to use their typed password if they choose. It also says Google may still ask for your password as an additional security measure if it notices anything unusual about a login attempt.

The new authentication feature being tested by some Gmail users comes on the heels of a similar service Yahoo! debuted in October 2015. That offering, called “on-demand passwords,” will text users a random four-character code (the ones I saw were all uppercase letters) that needs to be entered into a browser or mobile device.


This is not Yahoo!’s first stab at two-factor authentication. Another security feature it has offered for years — called “two-step verification” — sends a security code to your phone when you log in from new devices, but only after you supply your password. Yahoo! users who wish to take advantage of the passwords-free, on-demand password feature will need to disable two-step verification for on-demand passwords to work.

Continue reading →

Aug 15

Adobe, MS Push Patches, Oracle Drops Drama

Adobe today pushed another update to seal nearly three dozen security holes in its Flash Player software. Microsoft also released 14 patch bundles, including a large number of fixes for computers running its new Windows 10 operating system. Not to be left out of Patch Tuesday, Oracle‘s chief security officer lobbed something of a conversational hand grenade into the security research community, which responded in kind and prompted Oracle to back down.

brokenflash-aAdobe’s latest patch for Flash (it has issued more than a dozen this year alone) fixes at least 34 separate security vulnerabilities in Flash and Adobe AIR. Mercifully, Adobe said this time around it is not aware of malicious hackers actively exploiting any of the flaws addressed in this release.

Adobe recommends users of Adobe Flash Player on Windows and Macintosh update to Adobe Flash Player Adobe Flash Player installed with Google Chrome will be automatically updated to the latest Google Chrome version, which will include Adobe Flash Player on Windows and Macintosh, and version for Linux and Chrome OS.

However, I would recommend that if you use Flash, you should strongly consider removing it, or at least hobbling it until and unless you need it. Disabling Flash in Chrome is simple enough, and can be easily reversed: On a Windows, Mac, Linux or Chrome OS installation of Chrome, type “chrome:plugins” into the address bar, and on the Plug-ins page look for the “Flash” listing: To disable Flash, click the disable link (to re-enable it, click “enable”). Windows users can remove Flash from the Add/Remove Programs panel, or use Adobe’s uninstaller for Flash Player. Continue reading →