Scanning QR codes in iOS 11 Camera app could take you to malicious websites

How Complete Beginners are using an ‘Untapped’ Google Network to create Passive Income ON DEMAND

The QR code scanning feature in the stock Camera app suffers from an odd parser bug…. Read the rest of this post here


Scanning QR codes in iOS 11 Camera app could take you to malicious websites” is an article by iDownloadBlog.com.
Make sure to follow us on Twitter, Facebook, and Google+.

iDownloadBlog.com

Cash For Apps: Make money with android app

Vulnerability in iOS camera QR code reader could direct users to malicious websites

How Complete Beginners are using an ‘Untapped’ Google Network to create Passive Income ON DEMAND

A vulnerability in the QR code reader built into the iOS camera app could allow users to be directed to a malicious website without their knowledge.

As of iOS 11, you can simply point your iPhone at a QR code using the standard camera app, and it will read and act on the code. In the case of an embedded website URL, iOS shows you the link address and asks you to tap to confirm you want to visit it. But you may not be visiting the link displayed …

more…

9to5Mac

Cash For Apps: Make money with android app

Now Hackers Are Mining Crypto On Government Websites

If you know any bitcoin investors, you might notice that they seem a little bummed lately. After months of an upward trend, the value of bitcoin (along with some lesser-known cryptocurrencies, such as Ethereum and Ripple) recently slumped, leading to some predictions that that the “bubble” of its inflated value is beginning to pop, that cryptocurrency in general is on its way out.

But hackers don’t believe it — they’re all in on crypto. They’re in so deep, in fact, that they’re hijacking thousands of websites, including those that belong to reputable entities like the U.K.’s National Health Service and the U.S. court system, to mine the stuff, according to The Register.

You might ask: What do so many disparate sites have in common? They all use a plug-in called Browsealoud, which allows blind or partially-sighted people to listen to the text that appears on screen. That’s what the hackers used to hijack the websites.

That’s right. The culprits exploited accessibility software to mine cryptocurrency. Real classy.

In the early hours of February 11, 2018 malware intended to mine lesser-known cryptocurrency monero was added to Browsealoud’s code. It ran on some 4,200 affected websites for several hours. So whenever an unsuspecting visitor accessed those sites, the mining script would run in their web browser, without the users’ consent, generating cryptocurrency for the hackers. By the afternoon, Browsealoud’s team had realized the issue and shut down its service while it repaired its code.

Authorities aren’t yet sure who the hackers are. But the company at least has been clear: the hackers’ actions were illegal.

The breach is bad news for more than just Browsealoud, and for the sites that use it. It reveals a weakness of the modern internet as a whole. Most web sites rely on just a few providers of various services — almost half of the web sites that track user activity via cookies, for example, use the same software. That means that if hackers can crack that one common software, they can take advantage of thousands, or even millions, of sites that rely upon it. 

The web sites themselves have little control over it. And even though Browsealoud had been preparing for such a breach over the past year, according to a company statement, there wasn’t much their clients could do after the attack.

Yes, breaches are bad, but ultimately, consumers didn’t suffer too much from this one. The hackers didn’t steal any user information (that could be particularly bad for users typing in their most personal identifying information to government web sites), they didn’t infect computers with buggy software. They just mined some cryptocurrency, and probably made the environment just a bit worse off for it.

And in that regard, they’re far from the only ones.

 

Disclosure: Several members of the Futurism team, including the editors of this piece, are personal investors in a number of cryptocurrency markets. Their personal investment perspectives have no impact on editorial content.

The post Now Hackers Are Mining Crypto On Government Websites appeared first on Futurism.

Futurism

Government websites have quietly been running cryptocoin mining scripts


A security researcher has discovered thousands of legitimate websites — many belonging to local governments and government agencies — running scripts that secretly force visitors’ computers to mine cryptocoins. In the UK, both the websites of the Information Commissioner’s Office and the Student Loan Company have found to be affected. The mining scripts were also found on the websites of the General Medical Council and NHS Inform. Ummm, so yeah, this is *bad*. I just had @phat_hobbit point out that @ICOnews has a cryptominer installed on their site… 😮 pic.twitter.com/xQhspR7A2f — Scott Helme (@Scott_Helme) February 11, 2018 On the other…

This story continues at The Next Web
The Next Web

Government websites fall prey to cryptocurrency mining hijack

It's not just private companies' websites falling victim to cryptocurrency mining hijacks. Security consultant Scott Helme and the Register have discovered that intruders compromised over 4,200 sites with Coinhive's notorious Monero miner, many of t…
Engadget RSS Feed

PSA: How to stop websites from displaying that annoying notification prompt in Chrome

Chrome notifications are great in theory, but now that virtually every site supports them, that constant, nagging banner under the URL bar can get annoying fairly quickly. Of course, you can always block each site individually, but that doesn’t really solve the issue, since you’ll still get the pop-up every time you visit a new site that supports Chrome’s notifications.

What the banner looks like on Chrome for Android

The solution is quite simple, really: just head over to chrome://settings/content/notifications (you’ll have to copy and paste that link manually) and flip that toggle from “Ask before sending” to “Blocked.”

Disabling the prompt in Chrome for desktop

Chrome on Android works slightly differently, but the gist is the same.

Read More

PSA: How to stop websites from displaying that annoying notification prompt in Chrome was written by the awesome team at Android Police.

Android Police – Android news, reviews, apps, games, phones, tablets

Apple’s iOS 11.3 may use iCloud as a single sign-on for websites

You might not to log in to your favorite websites one at a time in the near future. The 9to5Mac team has found code in the iOS 11.3 beta hinting at a single sign-on option for the web based on your iCloud account. It's not certain just how it would…
Engadget RSS Feed

iOS 11.3 Beta Teardown Reveals Possible iCloud Single Sign-On Feature For Websites

Looking through iOS 11.3 code appears to have uncovered something to suggest that iCloud may soon be available to websites as a means of single sign-on authentication.

[ Continue reading this over at RedmondPie.com ]

Redmond Pie