Web Browsers Spellcheck Can Unveil Passwords

 

Google Chrome and Microsoft Edge are two Internet browsers that use extended spellcheck features to transmit form data, including Personally Identifiable Information (PII) and passwords to their parent companies. 

While this feature is intended to assist the browser user, it does raise privacy concerns and calls the efficacy of password protection to question.  

“Spell-jacking” is the term used to describe the process of a browser sending PII from spellcheck to Google, Microsoft, and the like. Transmitted PII form data can include Social Security Numbers, Social Insurance Numbers, personal names, addresses, e-mails, dates of birth, contact information, bank information, and so much more. 

Josh Summit, co-founder and CTO of JavaScript security firm otto-js, unearthed this issue while testing script behaviors for his company. When Google Chrome Enhanced Spellcheck or Microsoft Edge Editor is enabled, nearly everything you type in form fields is instantaneously transmitted to Google and Microsoft. Clicking on “show password” can spell-jack your data. 

Summit stated, “Some of the largest websites in the world have exposure to sending Google and Microsoft sensitive user PII, including username, e-mail, and passwords, when users are logging in or filling out forms. An even more significant concern for companies is the exposure this presents to the company’s enterprise credentials to internal assets like databases and cloud infrastructure.” 

Though the transmission of form fields is securely sent through HTTPS, what happens to the user data after it reaches Google’s server, for example, is not exactly clear. Some companies have mitigated the issue by adding ‘spellcheck=false’ to all input fields; however, this could cause problems for users who can no longer use the spellcheck feature. 

Google Chrome and Microsoft Edge users can turn off spellcheck (or remove Edge’s Editor add-on) until the companies revise their code to exclude passwords and other PII from sensitive fields. 

Do you need assistance with adding or removing spellcheck from your browser? Has your data already been compromised? Contact the computer experts at CPS today - we can assist!  

Founded in 1994, Creative Programs and Systems provides professional results for all computer needs. We design, create, and code an array of custom software programs and websites; offer top-notch digital marketing services including enhanced Search Engine Optimization (SEO) and paid advertising; repair and provide support for computers of both residential and professional nature; build custom systems and servers, and offer secure data backups. Need assistance or want to learn more? Call us at 810-224-5252 or e-mail info@cpsmi.com.

Written by the digital marketing team at Creative Programs & Systems: https://www.cpsmi.com/

 

 

What’s the Big Deal Regarding ‘Zero-Day’?

“Zero-day” is becoming a more popular term to describe recently discovered security vulnerabilities exposed by hackers and used to infiltrate computer systems. The phrase literally means the developer has zero days to fix the issue caused by hackers. 

Zero-day threats are unprecedented virus attacks that exploit either a new variant of malware or previously unknown software (zero-day vulnerability). Since these malware viruses are unique, they are impossible to detect by typical signature-matching tactics. Zero-day is sometimes written as 0-day, and the term is often associated with the words: vulnerability, exploit, and attack. Keep reading to learn the difference between the three. 

Zero-Day Vulnerability
Hackers unearth these software vulnerabilities before vendors can be made aware of them; therefore, no patch or fix exists, making them more likely to infiltrate systems.

Zero-Day Exploits
This term refers to the hacking method used to attack systems with a previously unknown vulnerability. 

Zero-Day Attack
The actual term describes the execution of a zero-day exploit to cause damage or steal data from an unprotected system. 

Hackers can exploit security vulnerabilities found in software, called exploit code, and ultimately wreak havoc before developers can remedy the situation. When anti-virus companies release “patch” updates, they are essentially covering a hole that was previously discovered by hackers. Unfortunately, this process can take months, as these security vulnerabilities are not immediately distinguished. 

Signature matching is a specific strategy used to identify malware by analyzing samples of destructed data to create a signature file and then distributing an update for anti-virus software to identify the specific signature. Zero-day threats can sneak past these signature matching tactics, ultimately affecting many victims. 

Zero-day attacks are immensely dangerous and typically aimed at operating systems, web browsers, office applications, open-source components, hardwired firmware, Internet of Things (IoT), and more. Potential victims include those who use a browser or operating system, intellectual data property owners, run hardware, firmware, and the IoT through large businesses, organizations, government agencies, etc. 

Cyber threats are continually infecting thousands of computers with zero-day threats. To protect your network, applications, and data, contact the experts at CPS. Our engineers can engage an advanced threat prevention system that can test untrusted files, links, and e-mails before they get to you.

Founded in 1994, Creative Programs and Systems provides professional results for all computer needs. We design, create, and code an array of custom software programs and websites; offer top-notch digital marketing services including enhanced Search Engine Optimization (SEO) and paid advertising; repair and provide support for computers of both residential and professional nature; build custom systems and servers, and offer secure data backups. Need assistance or want to learn more? Call us at 810-224-5252 or e-mail info@cpsmi.com.

Written by the digital marketing team at Creative Programs & Systems: https://www.cpsmi.com/ 

Falling Computer Chip Prices

Recently, there was a massive price drop in computer chips. A common question is how these large drops will affect businesses in the surrounding industry. It's been a bad decade for computer chip makers. That's not to say there have been no gains - Intel's profits have steadily climbed during the decade, and AMD has made some money in recent years. But the industry, as a whole, is facing lower prices–leading to a big earnings miss for industry leaders, and slower growth.

What Does It Mean When the Price Falls?

The falling price of computer chips is a sign of the cycle in capital-intensive businesses, as they look to make up for losses by cutting costs and laying off employees. The price of computer chips fell more than 70% over the past decade, and this is happening for a reason.

Continued price drops of computer chips indicate that we are entering a cycle where capital-intensive businesses are becoming increasingly difficult to maintain. This is because technology is changing so quickly, and new players are constantly coming up with new ways to do things better and cheaper.

It is not just computer chips that are showing this trend; it is also happening in other industries, like cars and airplanes, which are seeing similar price drops as they become more automated.

The falling price of the computer chip means that companies in which "capital intensive" processes are important will see their profits decline. That's bad news for investors.

Why Is the Price Falling and What It Means?

·         The cost of producing chips has dropped steadily, so manufacturers are able to lower their prices without taking a hit on their profits. This means that consumers have more money in their pockets, which they can put toward other purchases. It also means that companies who need to buy new computers are facing lower prices than they would have otherwise.

 ·         There is more competition in the industry, which means manufacturers are more competitive with each other. In addition, there is more innovation happening in design and production techniques.

 ·      Lastly, the advancement of technology.

Founded in 1994, Creative Programs and Systems provides professional results for all computer needs. We design, create, and code an array of custom software programs and websites; offer top-notch digital marketing services including enhanced Search Engine Optimization (SEO) and paid advertising; repair and provide support for computers of both residential and professional nature; build custom systems and servers, and offer secure data backups. Need assistance or want to learn more? Call us at 810-224-5252 or e-mail info@cpsmi.com.

Written by the digital marketing team at Creative Programs & Systems: https://www.cpsmi.com/