Google releases a fix for the security hole that, if left unplugged, could allow attackers to run malicious code with no user interaction
The post Critical Bluetooth bug leaves Android users open to attack appeared first on WeLiveSecurity
The feature is part of expanded parental controls on the Messenger Kids app aimed at children under 13
The post Facebook now lets parents monitor their children’s chats appeared first on WeLiveSecurity
Today we’re announcing that Chrome will gradually ensure that secure (HTTPS) pages only download secure files. In a series of steps outlined below, we’ll start blocking “mixed content downloads” (non-HTTPS downloads started on secure pages). This move follows a plan we announced last year to start blocking all insecure subresources on secure pages.
Insecurely-downloaded files are a risk to users’ security and privacy. For instance, insecurely-downloaded programs can be swapped out for malware by attackers, and eavesdroppers can read users’ insecurely-downloaded bank statements. To address these risks, we plan to eventually remove support for insecure downloads in Chrome.
As a first step, we are focusing on insecure downloads started on secure pages. These cases are especially concerning because Chrome currently gives no indication to the user that their privacy and security are at risk.
Starting in Chrome 82 (to be released April 2020), Chrome will gradually start warning on, and later blocking, these mixed content downloads. File types that pose the most risk to users (e.g., executables) will be impacted first, with subsequent releases covering more file types. This gradual rollout is designed to mitigate the worst risks quickly, provide developers an opportunity to update sites, and minimize how many warnings Chrome users have to see.
We plan to roll out restrictions on mixed content downloads on desktop platforms (Windows, macOS, Chrome OS and Linux) first. Our plan for desktop platforms is as follows:
- In Chrome 81 (released March 2020) and later:
- Chrome will print a console message warning about all mixed content downloads.
- In Chrome 82 (released April 2020):
- Chrome will warn on mixed content downloads of executables (e.g. .exe).
- In Chrome 83 (released June 2020):
- Chrome will block mixed content executables
- Chrome will warn on mixed content archives (.zip) and disk images (.iso).
- In Chrome 84 (released August 2020):
- Chrome will block mixed content executables, archives and disk images
- Chrome will warn on all other mixed content downloads except image, audio, video and text formats.
- In Chrome 85 (released September 2020):
- Chrome will warn on mixed content downloads of images, audio, video, and text
- Chrome will block all other mixed content downloads
- In Chrome 86 (released October 2020) and beyond, Chrome will block all mixed content downloads.
Developers can prevent users from ever seeing a download warning by ensuring that downloads only use HTTPS. In the current version of Chrome Canary, or in Chrome 81 once released, developers can activate a warning on all mixed content downloads for testing by enabling the “Treat risky downloads over insecure connections as active mixed content” flag at
Enterprise and education customers can disable blocking on a per-site basis via the existing
InsecureContentAllowedForUrlspolicy by adding a pattern matching the page requesting the download.
In the future, we expect to further restrict insecure downloads in Chrome. We encourage developers to fully migrate to HTTPS to avoid future restrictions and fully protect their users. Developers with questions are welcome to email us at email@example.com.
What is it like to defeat cybercrime? A peek into how computer forensics professionals help bring cybercriminals to justice.
The post How to catch a cybercriminal: Tales from the digital forensics lab appeared first on WeLiveSecurity
As Facebook turns 16, we look at how to keep your personal information safe from prying eyes
The post Facebook privacy settings: Protect your data with these tips appeared first on WeLiveSecurity
As the tide of phishing attacks rises, improving your scam-spotting skills is never a bad idea
The post Would you get hooked by a phishing scam? Test yourself appeared first on WeLiveSecurity