security blog

Evil Plug-ins

I love plug-ins! I love them on Firefox, Wordpress, Dreamweaver and now on Chrome. It has crossed my mind that some of these plug-ins could be created and distributed by very smart people with criminal or mischievous intent. But the reality of bad plug-ins didn’t hit me until I noticed a link on digg.com about Stealing Logins using Google Chrome Extensions. I am no programmer but understand enough to see how cleaver it is.

Basically, someone creates a innocent looking extension or plug-in, they distribute it and the innocent looking plug-in/extension sends your personal information to where ever.

How can a person avoid this?! I guess the safest way would be to not use ANY plug-ins and extensions.. but that is over kill.
I know that I am pretty paranoid about Wordpress extensions/plug-ins but the open source community is pretty good about peer reviewing, testing and reviewing some of the more popular plug-ins. When it comes to software I depend heavily on reviews of others who have used the product. If there are no reviews (even on forums or dev/plug-in sites), I usually consider the app to risky.

Sometimes what I do is try the app/extension/plug-in on a site/blog I don’t care as much about. In the case of browser plug-ins, I use a single trusted browser with minimal plug-ins to do important sensitive/personal transactions. Most of the stuff I do on the web does not require so much scrutiny.

Unfortunately, there is always a risk with plug-ins, apps, and extensions. All we can really do is manage the risk, by being careful and suspicious.

Thanks Mr. Grech for the knowledge.

Popularity: 1% [?]

EZ1 Rate report from a reader

Hi,
I want to apologize everyone. I am one of the employee working with EZ1 Rate. It is a Scam. Preveiouly it was Value Benefits of America and then its name got changed as Caller Advantage then Super Savings and now it is EZ1 Rate.

This company is situated in India. We r asked to take the Credit Card numbers of customers saying tht it is just an identification number but it is a very important numbers of cards.

after taking the numbers the card is charged of any amount and then after every month the card is getting charged. if u read this then pls sumone launch a complaint against this company. many r the ladies and old people who give us the credit card numbers so easily.

i m giving the name of the company who is running it is Silgate Solution. it is india one branch is in Delhi in gurgaon another 2 branches r in Mahaashtra in mumbai. if u want the complete address then check out for the silgate call center in yahoo else visit www.silgate.cc

Jack
New York, New York
U.S.A.

i found this today i had some call me to asking the same thing that you have writen in these bolgs but i am a cop so i know this was a joke so while i was on the phone i googel what he told me. there was no info of a build and a company name.dont ever gave you info ever over the phone. i called a # for reporting a a scam the are the fedrual some of such there # is 877-382-4357 call them and tell them what happen so the can find these crimanal.

Popularity: 4% [?]