After a few eyebrows were raised over Chrome’s highly libertarian end-user license agreement (EULA) – almost a proclamation of a man’s fundamental right to piracy, an amendment or an explanation was inevitable. Chrome’s EULA stated that users were at liberty to use anything posted online through the browser. But Google has amended the EULA. The web juggernaut also downplayed the entire episode as a mistake. Setting the EULA aside, a few chinks in Chrome’s armor have already been sighted. Avi Raff, a researcher, has discovered that Chrome is vulnerable to carpet-bombing a la Safari.
Two researchers, Alex Pilosov and Anton Kapela, have concocted a technique to exploit the Border Gateway Protocol (BGP) – internet’s core routing protocol. They demonstrated their technique at the DefCon hacker conference in Las Vegas. The threat emanates from the innate credulity of the routing protocol: the BGP apparently is designed to trust all nodes and can be exploited to redirect insane volumes of internet traffic to malevolent networks.
It can be used for spying at a truly unprecedented scale. No, we are not talking about stalking someone on Facebook but nation-state espionage. Millions of users can be exposed within moments of such an attack. A few solutions have already been propounded, but ISPs seem to be watching quietly from the sidelines.
You wouldn't take a knife to a gun fight, and nor should you do battle with internet baddies using an unsecured browser. Yet despite what should seem obvious, a group of researchers found that surfers are doing just that, and hackers could be happier about it. During the study, the authors discovered a whopping 45 percent of users (roughly 637 million surfers) hopping online not using the most secure web browser version available, making them "an easy target for drive-by download attacks as they are potentially vulnerable to known exploits." And that data doesn't even include potentially vulnerable plug-ins.
But are users the ones to blame for putting themselves at risk? Ultimately yes, however the researchers made comparisons to the food industry arguing that browsers should display an expiration date, such as "145 days expired, 3 updates missed." Nom nom nom.