Search This Blog

Powered by Blogger.

Blog Archive

Labels

Showing posts with label internet Security. Show all posts

Understanding the Complexities of VPNs: Balancing Privacy and Security in the Digital Age

 

Virtual private networks (VPNs) are crafted to safeguard online privacy through the encryption of internet traffic and concealment of IP addresses, thereby preventing the determination of user locations. This functionality becomes apparent when users attempt to access websites or services while abroad. 

Typically, an IP address triggers the loading of a URL based on the local area, potentially limiting access to U.S.-based services or sites. VPNs offer a workaround for such constraints. For instance, a U.S. traveler in Europe might face restrictions accessing certain paid streaming services available in the U.S., which can be circumvented by a VPN masking the local European IP address, thus granting access to U.S.-based content.

When utilizing a VPN, a VPN server substitutes its IP address as it transmits encrypted data to the public internet. For example, if an individual resides in New York but connects to a VPN server in Amsterdam, their IP address will reflect a location in the Netherlands. While VPNs appear to conceal a user's digital footprint, they don't ensure absolute anonymity. Internet service providers (ISPs) can detect VPN usage but cannot access specific online activities protected by VPN encryption, such as browsing history or downloaded files. VPNs are effective in preventing government agencies from surveilling users' online activities by creating an encrypted tunnel that shields data from prying eyes.

Despite their advantages, VPNs are not foolproof. In the event of a system breach, cybercriminals can bypass VPN protection and access user data. Furthermore, under certain circumstances, law enforcement agencies can obtain access to VPN data. In cases of serious crimes, police may request online data from a user's ISP, and if a VPN is employed, the VPN provider may be compelled to disclose user details. VPN logs have facilitated law enforcement in apprehending individuals involved in criminal activities by revealing their actual IP addresses.

Law enforcement agencies can legally request specific information from VPN providers, including logs of websites visited and services used while connected to the VPN, actual IP addresses, connection timestamps, and billing information. While some VPN providers claim to adhere to a no-logs policy to enhance anonymity, data may still be accessible under legal compulsion or through undisclosed logging practices. The level of cooperation with law enforcement varies among VPN providers, with some readily providing information upon request and others being less cooperative.

In terms of tracking IP addresses, police may obtain access to VPN connection logs, allowing them to trace a user's actual IP address and identify the user's device and identity. However, live encrypted VPN traffic is challenging to track, limiting law enforcement's ability to monitor online activities in real-time. Nevertheless, malware attacks and breaches in VPN security can compromise user data, emphasizing the importance of maintaining updated software and security measures.

Data retention laws vary by country, impacting the degree of privacy offered by VPNs. Users are advised to select VPN providers located in countries with strong privacy protections. Conversely, countries with stringent data retention laws may compel VPN providers to share user data with government agencies, posing risks to user privacy. Certain nations, such as China and North Korea, have extensive internet censorship measures, making it essential for users to exercise caution when using VPNs in these regions.

While VPNs alter IP addresses and encrypt data, they do not guarantee complete anonymity. Technically proficient individuals may find ways to track VPN data, and sophisticated tracking techniques, such as browser fingerprinting, can potentially reveal a user's identity. Moreover, corporate VPN users may be subject to monitoring by their employers, highlighting the importance of understanding the privacy policies of commercial VPN providers.

In conclusion, while VPNs offer enhanced privacy and security for online activities, users should be aware of their limitations and potential vulnerabilities. Maintaining awareness of privacy laws and selecting reputable VPN providers can mitigate risks associated with online privacy and data security.

Critical DNS Bug Poses Threat to Internet Stability

 


As asserted by a major finding, researchers at the ATHENE National Research Center in Germany have identified a long-standing vulnerability in the Domain Name System (DNS) that could potentially lead to widespread Internet outages. This flaw, known as "KeyTrap" and tracked as CVE-2023-50387, exposes a fundamental design flaw in the DNS security extension, DNSSEC, dating back to 2000.

DNS servers play a crucial role in translating website URLs into IP addresses, facilitating the flow of Internet traffic. The KeyTrap vulnerability exploits a loophole in DNSSEC, causing a DNS server to enter a resolution loop, consuming all its computing power and rendering it ineffective. If multiple DNS servers were targeted simultaneously, it could result in extensive Internet disruptions.

A distinctive aspect of KeyTrap is its classification as an "Algorithmic Complexity Attack," representing a new breed of cyber threats. The severity of this issue is underscored by the fact that Bind 9, the most widely used DNS implementation, could remain paralyzed for up to 16 hours after an attack.

According to the Internet Systems Consortium (ISC), responsible for overseeing DNS servers globally, approximately 34% of DNS servers in North America utilise DNSSEC for authentication, making them vulnerable to KeyTrap. The good news is that, as of now, there is no evidence of active exploitation, according to the researchers and ISC.

To address the vulnerability, the ATHENE research team collaborated with major DNS service providers, including Google and Cloudflare, to deploy interim patches. However, these patches are deemed temporary fixes, prompting the team to work on revising DNSSEC standards to enhance its overall design.

Fernando Montenegro, Omdia's senior principal analyst for cybersecurity, commends the researchers for their collaborative approach with vendors and service providers. He emphasises the responsibility now falling on service providers to implement the necessary patches and find a permanent solution for affected DNS resolvers.

While disabling DNSSEC validation on DNS servers could resolve the issue, the ISC advises against it, suggesting instead the installation of updated versions of BIND, the open-source DNS implementation. According to the ISC, these versions address the complexity of DNSSEC validation without hindering other server workloads.

The ATHENE research team urges all DNS service providers to promptly apply the provided patches to mitigate the critical KeyTrap vulnerability. This collaborative effort between researchers and the cybersecurity ecosystem serves as a commendable example of responsible disclosure, ensuring that steps are taken to safeguard the stability of the Internet.

As the story unfolds, it now rests on the shoulders of DNS service providers to prioritise updating their systems and implementing necessary measures to secure the DNS infrastructure, thereby safeguarding the uninterrupted functioning of the Internet.


Understanding Cold Boot Attacks: Is Defense Possible?

 

Cold boot attacks represent a sophisticated form of cyber threat that specifically targets a computer's Random Access Memory (RAM), presenting a substantial risk to information security. It is imperative to comprehend the mechanics of cold boot attacks and the potential hazards they pose to take necessary precautions. However, if you become a target, mitigating the attack proves extremely challenging due to the requisite physical access to the computer.

Cold boot attacks, although less common, emerge as a potent cyber threat, particularly in their focus on a computer's RAM—a departure from the typical software-centric targets. These attacks have a physical dimension, with the primary objective being to induce a computer shutdown or reset, enabling the attacker to subsequently access the RAM.

When a computer is shut down, one anticipates that the data in RAM, including sensitive information like passwords and encryption keys, vanishes. However, the process is not instantaneous, allowing for the potential retrieval of data remaining in RAM, albeit for a brief period. A critical element of cold boot attacks is the necessity for physical access to the targeted device, elevating the risk in environments where attackers can physically approach machines, such as office spaces. Typically, attackers execute this attack using a specialized bootable USB designed to duplicate the RAM contents, enabling the device to reboot according to the attacker's intentions.

Despite the ominous nature of cold boot attacks, their execution requires a significant investment of skills and time, making it unlikely for the average person to encounter one. Nevertheless, safeguarding your computer from both cyber and physical threats remains a prudent practice.

The essence of a cold boot attack lies in exploiting a unique feature of RAM—the persistence of data even after the computer is powered off. Understanding this attack involves recognizing what happens to the data in RAM during a computer shutdown. The attacker gains physical access to the computer and utilizes a specialized USB to force a shutdown or restart. This USB facilitates the booting or dumping of RAM data for analysis and data extraction. Additionally, malware can be employed to transfer RAM contents to an external device.

The data collected in cold boot attacks encompasses a spectrum from personal information to encryption keys. Speed is paramount in this process, as prolonged power loss to RAM results in data corruption. These attacks pose a significant threat due to their ability to bypass conventional security software, rendering antivirus programs and encryption tools ineffective against them.

To counter cold boot attacks, a combination of physical and software strategies is necessary. Securing the physical space of the computer, employing encryption, and configuring BIOS or UEFI settings to prevent external device booting are recommended. Addressing data remanence is crucial, and techniques like memory scrubbing can be employed to clear RAM of sensitive data after shutdown or reset.

In conclusion, robust defenses against cold boot attacks involve a multi-faceted approach, including strong encryption, physical security measures, and regular updates. Understanding the intricacies of RAM and its data persistence underscores the need for dynamic and proactive cybersecurity measures. Adapting to evolving cyber threats and strengthening defenses is essential in building a resilient digital space that protects against not only cold boot attacks but a range of cyber threats.

Top 5 Ways to Encrypt Your Internet Traffic for Enhanced Securit

 

Encryption involves converting data into a format that is unreadable without the corresponding decryption key, thereby bolstering security and preventing unauthorized access.

Securing your internet connection with encryption is indeed possible, but it necessitates a multi-pronged strategy. Here are five approaches to encrypting your internet traffic:

1. Utilize a Private Browser:

Your browser serves as the primary gateway to the internet. If it doesn't shield you from tracking, other security measures won't be as effective. The Tor Browser stands out as a truly private option. It redirects traffic through a series of relays, encrypting it at each step. While it's indispensable for privacy-conscious tasks, its speed may be a limitation for everyday use. In such cases, browsers like Brave or Firefox, while not as robust as Tor, offer enhanced privacy and tracking protection compared to mainstream options like Chrome or Microsoft Edge.

2. Employ a VPN:

The use of a Virtual Private Network (VPN) is recommended, especially when combined with browsers other than Tor. A VPN enhances privacy and complicates efforts to track online activities. However, not all VPN providers are equal. It's crucial to choose one with robust encryption, a strict no-logs policy, protection against DNS leaks, a kill-switch feature, and reliable performance. Ensure thorough testing after selection, and extend VPN use to all devices, not just computers.

3. Embrace Encrypted Messaging Apps:

While a secure browser and VPN are crucial, using an encrypted messaging app is equally important. Opt for apps with end-to-end encryption, ensuring only the sender and recipient can read messages. Signal is highly recommended due to its reputation and emphasis on user privacy. Telegram offers a good alternative, especially for those seeking social features. WhatsApp, despite being owned by Meta, also provides end-to-end encryption and is more secure than many mainstream messaging apps.

4. Switch to an Encrypted Email Provider:

Email services from major companies like Google, Microsoft, and Yahoo collect substantial amounts of user data. By using their services, you not only contribute to Big Tech profits but also expose yourself to potential risks. Consider migrating to an encrypted email provider, which typically offer superior encryption, advanced security measures, and a focus on user privacy. While some advanced features may require payment, providers like ProtonMail, TutaNota, and Mailfence enjoy excellent reputations.

5. Invest in Encrypted Cloud Storage:

File storage plays a crucial role in internet traffic encryption, especially with the widespread use of cloud storage for personal data. Opt for providers offering end-to-end encryption and robust security practices. While numerous options are available, paid encrypted cloud storage services like Icedrive, pCloud, Tresorit, and Proton Drive provide reliable and secure solutions. Free options are scarce due to the substantial costs associated with providing this level of security and infrastructure.

By implementing these measures, you can significantly enhance the encryption of your internet traffic and fortify your overall cyber infrastructure. Additionally, consider local encryption and encrypting your entire hard drive for added security.

Every fifth child faced with malware and adult content

Experts analyzed how often children encounter cyber incidents in the online space. It turned out that every fifth child has at least once encountered malware and viruses. Also (in 19% of cases), children come across unwanted content "for adults". In 18% of cases, children's social media accounts were hacked or attempted, and 15% of parents also reported that suspicious strangers wrote to their child.

Parents also noted that children make unconscious or uncoordinated spending on the Internet: they subscribe to paid services or buy access to online games. Parents whose children bought something on the Internet said that in most cases (81%) the purchase amount was up to 1 thousand rubles ($14).

“Parents need to abandon online wallets and cash and make a separate bank card for the child in order to protect the family from unwanted spending. This can be a virtual account or an additional card to your own. The fact is that openly criminal websites and services on the Internet do not accept bank cards for payment. In addition, adults have access to the limits and settings of the children's card, and they can always challenge unwanted spending in the bank and save the family budget," said Alexey Govyadov, head of analytics and automation at ESET in Russia.

Cyber threats that children most often face online: malware (viruses, etc.); unwanted content 18+; hacking or attempted hacking of a page in social networks; suspicious strangers wrote to the child; unconscious or uncoordinated spending; the child was in suspicious groups or communities.

Speaking about child safety on the Internet, half of the parents surveyed say that their child knows that in the event of a cyber incident, they should immediately contact adults. More than a third of the respondents also noted that their child knows safe sites and applications, and also makes online payments only on trusted resources.

Covid-19 has led to Increase in Cyberattacks Against Banks and Insurers

 

According to recent studies, the coronavirus pandemic and working from home (WFH) provisions are triggering a "huge" increase in attacks against financial institutions. The COVID Crime Index 2021 survey, published on Wednesday by BAE Systems Applied Intelligence, looked at how the remote working paradigm is affecting the banking and insurance industries.

Cybersecurity analysts expected that every 11 seconds in 2021, a cyberattack will occur. It's almost twice as frequent as it was in 2019 (every 19 seconds), and four times as frequent as it was five years earlier (every 40 seconds in 2016). Cybercrime is estimated to cost the global economy $6.1 trillion a year, making it the world's third-largest economy, behind only the United States and China. 

The situation is ripe for manipulation, given that the current pandemic has a greater portion of the population operating from home — and all of the associated disruptions. The harried, rushed, exhausted, and depressed employee has become the weapon of choice, and the humble home router has become the surface attack. It's no surprise that over 4,000 malicious COVID pages appeared on the internet within months of the pandemic's first lockdown.

The gradual transition to WFH models is being loosened in certain places as the pandemic appears to have a global effect, but many organizations are preferring to either continue encouraging workers to operate remotely or follow hybrid working practices. For the near future, HSBC and JP Morgan, for example, would encourage thousands of their workers to work from home. 

Security has also proved to be difficult. According to a survey by BAE Systems, 74 percent of banks and insurers have seen an increase in cyberattacks since the pandemic began, and "criminal behavior" reported by financial institutions has increased by about a third (29 percent). The study is focused on two surveys of 902 financial services companies, as well as fieldwork in both the US and UK markets in March 2021. 

According to the survey, 42% of banks and insurers agree that working from home has rendered their companies "less safe," and 44% believe that remote models have caused visibility issues through established networks. Many businesses have been forced to cut expenses anywhere they can, and when it comes to cybersecurity, average risk, anti-fraud, and cybersecurity budgets have been slashed by 26%, contributing to 37% of businesses saying their consumers are now more vulnerable to cybercrime and fraud. 

According to the survey, 56 percent of UK and US banks have suffered such casualties, with the average expense of online illegal activities approaching $720,000 since the pandemic.

How 5G Network would Change the IoT and the Challenges Ahead



Extremely fast and effective, 5G mobile networks would increase the exposure to attacks as every internet of things (IoT) when connected to fifth-generation technology can potentially become a tempting target for attackers and cybercriminals.

The efficiency would allow for improved interconnectivity and greater control over devices and machines ranging from automobiles to traffic lights and everything in between which have internet-connected sensors embedded in it. The number of such items is reported to rise from 14.2bn to 25bn by 2021, according to global research and advisory firm, Gartner.

Major home appliance company, Whirlpool is all set to have one its factories run on 5G technology. The factory puts to use a lot of metal and as 5G penetrate through walls and doesn't reflect off metal unlike Wi-Fi, Douglas Barnes, Whirlpool's North American regional IT and OT manufacturing infrastructure applications manager, says, "This will allow us to go to truly autonomous vehicles throughout the entire plant, for maintenance, for delivery, for everything that supports the manufacturing operations. That business case carries so much weight and so much in cost savings. The payback for 5G is very favorable."

With encryption of data becoming more secure than ever, 5G technology will massively change the way users communicate over the internet, browse, watch videos and play games. However, the increased speed and effectiveness, low latency, high Gbps data transfer rates, and greater capacity also accompany more security challenges as compared to the current mobile networks. It would mean that threat actors while breaching a machine running on a 5G network, will be able to download and hence steal the data much faster than the current networks allow. It would also make it easier for criminals to execute bigger cyber attacks by utilizing the increased engagement of software required to smoothly run 5G technology.

Did hackers exploit IoT before?

Earlier in 2016, in the "Mirai botnet" cyber attack, where hackers took advantage of vulnerable IoT devices to take down major websites including Reddit, Twitter, Spotify and left much of the internet inaccessible, the incident witnessed the involvement of a large number of routers, cameras, and video recorders to take down a large chunk of the internet for the Eastern coast.

Commenting on the matter, Cesar Cerrudo, chief technology officer at IOActive, a cybersecurity consultancy, said, "I think 5G will be a more tempting target for nation-state actors than . . . hackers, as 5G will be a core communication technology for most countries,” 

Ransomware Attack Locks the Internet Service in Public Schools of Rockford





Due to a ransomware attack, the public schools in Rockford, Illinois are working without the internet service; whether it may be phone or a computer system everything has been affected.

The schools originally experienced the problem with its phone and internet services on Friday yet classes for around 28,000 students in 47 schools resumed by Monday in spite of outages as yet impacting the school buildings and the nearby district offices.

The ransomware in this way distinguished is said to be a kind of malware, or malevolent software, regularly spread through emails containing link or attachments that 'encrypt' a user's documents or systems, preventing them from accessing the data.

In a statement on Monday, the school officials said that experts are helping the district's technology team assess the outage. The locale says its authorities are attempting to get a 'complete picture' of the episode and see how it impacts its data.

However it is still under wraps as to with whom the school district is working with to thusly find the root cause of the whole problem, whether it is working with local, and state or federal law enforcement agencies.

Hackers Working For the Chinese Government Tracking Movements of Ethnic Uighurs




Hackers working for the Chinese government are said to have been tracking the movements of ethnic Uighurs, a mostly Muslim minority, which is viewed as a security threat by Beijing. The hacks are a part of a rather extensive cyber-espionage campaign focused on “high-value individuals” such as diplomats and foreign military personnel, the sources said.

As a part of the campaign, various groups of Chinese hackers have compromised telecoms operators in nations including Turkey, Kazakhstan, India, Thailand and Malaysia, the four sources said.

China is currently confronting growing international criticism over its treatment of Uighurs in Xinjiang , as the members from the group have been subject to mass confinements in what China calls  “vocational training”  centres as well as 'widespread state surveillance'.

The nation has more than once denied association in any cyber-attacks or any abuse of the Uighur people, whose religious and cultural rights Beijing says are completely ensured, and the Chinese Foreign Ministry said any hacking charges should be upheld by legitimate proof.

“We would again like to stress that China is a resolute safeguarder of internet security. We consistently and resolutely oppose and crack down on any forms of internet attacks,” a ministry statement said.

While government authorities in India and Thailand declined to remark in regards to the specific telecoms operators that were undermined, officials in Malaysia, Kazakhstan and Turkey refused to promptly react to the requests for comments.

Can we control our internet profile?

"In the future, everyone will be anonymous for 15 minutes." So said the artist Banksy, but following the rush to put everything online, from relationship status to holiday destinations, is it really possible to be anonymous - even briefly - in the internet age?

That saying, a twist on Andy Warhol's famous "15 minutes of fame" line, has been interpreted to mean many things by fans and critics alike. But it highlights the real difficulty of keeping anything private in the 21st Century.

"Today, we have more digital devices than ever before and they have more sensors that capture more data about us," says Prof Viktor Mayer-Schoenberger of the Oxford Internet Institute.

And it matters. According to a survey from the recruitment firm Careerbuilder, in the US last year 70% of companies used social media to screen job candidates, and 48% checked the social media activity of current staff.

Also, financial institutions can check social media profiles when deciding whether to hand out loans.

Is it really possible to be anonymous in the internet age?

Meanwhile, companies create models of buying habits, political views and even use artificial intelligence to gauge future habits based on social media profiles.

One way to try to take control is to delete social media accounts, which some did after the Cambridge Analytica scandal, when 87 million people had their Facebook data secretly harvested for political advertising purposes.

- Netflix Cambridge Analytica film- Social media is 'like a crime scene'

- Facebook to pay $5bn to settle privacy concerns

- Is leaving Facebook the only way to protect your data? While deleting social media accounts may be the most obvious way to remove personal data, this will not have any impact on data held by other companies.

Fortunately, in some countries the law offers protection.

Cars connected with internet vulnerable to hacking








A nonprofit group Consumer Watchdog along with car industry technologists has issued a warning for all the cars that have Internet connections to safety critical systems. 

The report “Kill Switch: Why Connected Cars Can Be Killing Machines And How To Turn Them Off,” finds out that the cars are highly vulnerable to fleet wide hacks, if their safety systems are connected to internet. 

The automakers have disclosed this vulnerability to their investors, but they are compelling them to use the new features as it is very much fascinating to the market. 

“Connecting safety-critical systems to the Internet is inherently dangerous design,” said Jamie Court President of Consumer Watchdog.  “American car makers need to end the practice or Congress must step in to protect our transportation system and our national security.”

The report warns: “Recent reporting about United States efforts to counter Russian cyber-attacks with its own online infiltration indicate that we increasingly live in the era of cyber warfare. An attack targeting transportation infrastructure is a growing possibility.  Most concerning is that automotive industry executives are aware of these risks, yet are proceeding nonetheless to deploy these technologies, putting corporate profits ahead of consumer safety and national security.”

According to the Consumer Watchdog’s report, the car connected with an Internet kill-switch that physically disconnects the Internet from safety-critical systems. To stop this, the future designs should completely isolate safety-critical systems from infotainment systems. 


The report was prepared by a  group of more than 20 car industry engineers and insiders, but they choose to remain anonymous for fear of losing their jobs. 

Russia to create a National Internet filtering system that allows only WhiteListed sites


By 2020 Russia will launch a national web-filtering system, intended to protect children from the negative and dangerous content.

Denis Davydov, the head of the Secure Internet League, said that there are two versions of the project:

1. Traffic filtering in educational institutions.

2. Traffic filtering by default for all users.

With the second option users will be able to access unfiltered content, if they write a statement to provider or if they remove the checkbox in the account Settings.

Nowadays the League of Secure Internet has a "white list" of websites. It has more than 1 million resources.

Igor Ashmanov, IT businessman, thinks that the idea of "white lists" of websites is not viable. According to the expert, the system of "smart" operational filtering, which blocks prohibited content, is very important and necessary.

"We support the idea of ​​restricting children's access to unwanted content and have been working in this direction for a long time", the official representative of "MegaFon" Julia Dorokhina said.

- Christina

NoScript Anywhere (NSA) Firefox Security Add on Available for Mobiles

NoScript Anywhere (NSA) is one of Famous Firefox Add on that provides protection from Cross site Scripting ,Clickjacking,etc. It blocks malicious script.  Now this extension is available for Mobile Operating systems also(Android and Maemo builds).

This is first complete version(NoScript 3 alpha 9) of Noscript extension for mobile. NSA provides features like Desktop version. Like Desktop version, You can allow javascript in trusted sites (whitelist) and block for all other sites(Blacklist).

Features:
  • Easy per-site active content permissions management.
  • The first and most powerful anti-XSS (cross-site scripting) filter available in a web browser.
  • ClearClick, the one and only effective client-side protection against Clickjackings available on the client side.
  • ABE (App Boundaries Enforcer), a true webapp firewall inside your mobile browser to protect your router and web applications against CSRF and DNS rebinding attacks.
  • Restartless: no need to restart after you install the add on.
  • new page permission editing UI, specifically redesigned for smartphone usage and easily accessible by tapping on a navigation bar icon.
Blocks XSS Attack(Malicious Javascript)

Blocks Clickjacking Attack

Install NSA 3 Alpha 9 now:

Google partnered with Citizens Advice Bureau provides Online Security Tips


Google joined with Citizens Advice Bureau  and provides Online security tips with title" Good to Know".  This page gives public awareness about the Online risks and need of Security.  The topics separated as four categories namely
  • Stay safe Online
  • Your Data on Google
  • your data on Web
  • Manage your Data
Stay Safe Online:
This section provides basic Online security tips about:
  • Phishing and malware attacks(If you are reader of eHackingNews, then you might aware of it).
  • importance of Sign out(most of users fail to sign out.  if you are in public cafe, others can steal your accounts)
  • Secure Connection(https://)
  • Online shopping safety
  • 2-Step Authentication service(Mobile Authentication service that will send random authentication number, whenever you login to gmail)
  • Mobile Security
Your Data on Google:
It covers about the Google search logs and web history and more.

Your data on Web:
Basic knowledge about the Importance of cookies, accounts and IP address.

Manage Your data:
This section covers about the Google Dashboard, How to manage cookies, and more..

Good To Know is available here:
http://www.google.co.uk/goodtoknow/

Every Internet users must read this page in order to protect them self from online risks. 

Note:
If you want more security tips, you can check our Security Tips Blog: http://www.breakthesecurity.com. We have cover this topic before 6 months.  Also we have developer HashCodeCracker to check the Password Strength.

    Your Browser Matters ~Website to Rate the Browser Security , Microsoft


    Microsoft launched a website named as Your Browser Matters for checking the security of your browser.  Whenever a visitor browse the site, It judge the browser security and return the score out of Four points.  The score is based on the protection over the Security risks such as phishing,malware and some other threats.

    Looks like Microsoft launched this web application in order to create public awareness about the browser and Internet risks. 

    Score Results in Different Browsers:
    When i visit that site through my Firefox 6, it displayed 2 out of 4. For google chrome it shows 2.5 out of 4. I come to know that IE9 have 4 out of 4 score(i never used it).  For IE7 , it is 1 out of 4.  It refused to rate safari browser.

    How the Grading System works? 

    Your Browser Matters rate the browser based on the following factors:

    #.Protection Against Malware/Virus Downloads(1 Point):
    Internet browser must give protection against the Malware/Virus Downloads by restricting malware distributing websites. Microsoft developed IE9(Internet Explorer 9) with this protection.  IE9 scored 1 point here. But Mozilla and Chrome scored 0.

    #.Blocking Phishing Sites(1 Point):
    It should detect the Phishing sites and provide protection against them. IE9 scored 1, Firefox=1,Chrome=1

    #. Protection Against Browser Attack(1 point):
    Securing Extensions and an Effective Sandbox; also includes points for auto-updating, and a restriction for extensions and plugins. IE 9 = 1 point, Firefox = 0.5, Chrome = 1.

    #. Protection Against Website Attack:
    There are a lot of options here including blocking insecure content on webpages (which is kind of more annoying than what it’s worth, in my view), sanitizing HTML, and protecting against “Clickjacking.” IE 9 = 1 point, Firefox = 0.5, Chrome = 0.5.

    So the total score for Firefox=2 ,Chrome=2.5 ,IE9=4.