techhelpkb 10 months ago

Security researchers uncovered a series of phishing campaigns that use a rarely exploited method to steal login credentials, even when protected by encryption. The method relies on blob URIs, a browser feature designed to display temporary local content.

TechRadar

Your antivirus won’t see this coming. Here

Hackers use blob URIs to hide phishing pages inside the browser memory

techhelpkb 10 months ago

A subtle psychological trick in your browser's address bar called salience bias has protected users from phishing attacks for over a decade. Salience bias is a cognitive behavior that causes one to notice things that stand out more.

9to5Mac

How your browser uses a clever psychological trick to stop phishing - 9to5Mac

This little salience bias design trick in Safari, Chrome, and more undoubtedly has saved millions from becoming victims of phishing attacks.

techhelpkb 10 months ago

Privacy-focused Firefox is one of the few web browsers around that is not based on Chromium. Many have asked for improvements to its core functionality, and Firefox has finally delivered a long-requested Tab Groups feature.

It's FOSS

Exploring Firefox Tab Groups: Has Mozilla Redeemed Itself?

Firefox's Tab Groups help you organize tabs efficiently. But how efficiently? Let me share my experience.

techhelpkb 11 months ago

In response to Mozilla's recent privacy changes, Zorin OS 17.3 replaces Firefox -- its previous default browser -- with Brave, albeit a customized version that hides features like Brave Rewards, Wallet, Leo AI, and more.

Zorin OS 17.3 takes Brave step of changing default browser

Comment: To be fair, it sounds like the team has ironed out the more controversial features

techhelpkb 11 months ago

Rumors of the ongoing death of software development — that it’s being slain by AI — are greatly exaggerated. The work of a software developer is much more than just writing lines of code.

MIT Technology Review

The machines are rising — but developers still hold the keys

Increasing use of AI in software development will make developer decisions and judgment more important, not less.

techhelpkb 11 months ago

Today, a nonprofit focused on bringing governance to open source projects announced the launch of a new security fund that will pay those who responsibly disclose security vulnerabilities that affect fediverse apps and services.

TechCrunch

A new security fund opens up to help protect the fediverse | TechCrunch

A new security fund aims to help apps in the fediverse — like Mastodon, Threads, and Pixelfed — to pay researchers for disclosing security bugs.

techhelpkb 11 months ago

Mozilla will soon unveil a new set of "professional" services designed to enhance the basic email management features of its free, open-source email client, Thunderbird. https://www.techspot.com/news/107366-thunderbird-email-client-venturing-new-pro-tier-commercial.html

techhelpkb 11 months ago

Today, unless you go totally off-grid, you'll never have the privacy people took for granted at the end of the 20th century.

Privacy died last century, the only way to go is off-grid

Opinion: From smartphones to surveillance cameras to security snafus, there's no escape

techhelpkb 0 years ago

Akamai announced a multi-year partnership with the Linux Kernel Organization to provide critical infrastructure support for the development & distribution of the Linux kernel, ensuring uninterrupted access for its global developer network.

Open Source Watch

Akamai becomes the official distributor of the Linux kernel

Someone needs to host the Linux kernel code, and going forward, it will be the content delivery network Akamai.

techhelpkb 1 year ago

Author, journalist, and long-time Internet freedom advocate Doc Searls wants us to stop asking for privacy from websites, services, and AI and start telling these things what we will and will not accept.

Ars Technica

“MyTerms” wants to become the new way we dictate our privacy on the web

It's not a "do not track" request, it's a set of terms you demand from sites.

techhelpkb 1 year ago

Unlike chatbots, AI agents operate outside of a chat window, navigating multiple applications to execute complex tasks in response to simple user commands. How much control are we willing to surrender? At what cost?

MIT Technology Review

Why handing over total control to AI agents would be a huge mistake

When AI systems can control multiple sources simultaneously, the potential for harm explodes. We need to keep humans in the loop.

techhelpkb 1 year ago

Cloudflare has created a bot-busting AI to make life hell for AI crawlers by letting them in and using generative AI to create junk content for them to devour in what Cloudflare has termed an “AI Labyrinth.”

Cloudflare builds an AI to make life hell for other AIs

: Slop-making machine will feed unauthorized scrapers what they so richly deserve, hopefully without poisoning the internet

techhelpkb 1 year ago

Duck[.]ai is DuckDuckGo’s latest AI feature, letting users chat with multiple AI models while keeping their interactions private. Duck[.]ai does not track, log, or store conversations.

TechRadar

What is Duck.ai? Everything we know about DuckDuckGo’s privacy-focused AI chatbot

Anyone who worries about ChatGPT

techhelpkb 1 year ago

The Linux Foundation's executive director has proposed developing a decentralized trust system to help users assess the trustworthiness of open-source projects based on factors like contributor verification and project history.

ZDNET

trust scorecard

How do you tell the difference between trustworthy open-source developers and hackers? Here's one idea.

techhelpkb 1 year ago

In iOS 18, Apple spun off its Keychain password management tool into a standalone app called Passwords. A serious HTTP bug left Passwords users vulnerable to phishing attacks for nearly three months.

9to5Mac

Apple's Passwords app was vulnerable to phishing attacks for nearly three months after launch - 9to5Mac

In iOS 18, Apple spun off its Keychain password management tool—previously only tucked away in Settings—into a standalone app called...

techhelpkb 1 year ago

Every day, Signal, iMessage, and WhatsApp use end-to-end encryption by default to keep data private. But despite the technology’s mainstream rise, long-standing threats to weaken encryption keep piling up.

WIRED

A New Era of Attacks on Encryption Is Starting to Heat Up

The UK, France, Sweden, and EU have made fresh attacks on end-to-end encryption. Some of the attacks are more “crude” than those in recent year...

techhelpkb 1 year ago

Recent data from Surfshark uncovered that Google Gemini is the most data-intensive AI chatbot app. DeepSeek, however, comes in fifth out of the 10 most popular applications.

ZDNET

Worried about DeepSeek? Turns out, Gemini is the biggest data offender

It's an AI privacy showdown. How much data does your favorite chatbot collect?

techhelpkb 1 year ago

Tor Browser users on versions older than 13.5.11 legacy should update to the latest available version for their OS, currently 14.0.7 stable or 13.5.13 legacy, to avoid the sudden disabling of the built-in NoScript extension tomorrow.

Older Tor Browsers Breaking, Update Now! | Tor Project

The expiration on March 14 2025 of a root certificate can cause breakages Tor Browser version 13.0 and below. Users should upgrade immediately.

techhelpkb 1 year ago

Enterprises understand the value of passkeys for workforce sign-ins. 87% of decision makers report deploying passkeys at their companies. Of these, 47% report rolling out a mix of device-bound passkeys and synced passkeys.

Help Net Security

Goodbye passwords? Enterprises ramping up passkey adoption - Help Net Security

Enterprise passkey adoption rises as businesses move away from passwords to enhance security, combat AI-driven threats.

techhelpkb 1 year ago

A native Android Linux Terminal app is now widely available for Pixel users running the March 2025 update. The Debian-based environment allows users to carry a fully fledged Linux instance with them.

Android Authority

Android's Linux Terminal app is now widely available on Pixels, and here's how to get it

The Linux Terminal app is now available for Pixel devices on the latest Android 15 update. The app lets users run Debian on their devices.