Last week was something of a slow week for those of us that spend our days writing about computer security news. However, while there may not have been an abundance of news events, there were a small handful of noteworthy stories that emerged.<\/p>\n
In brief, the security firm White Hat has released its internal Web browser, which focuses on security and privacy, for use on Windows machines; U.S. President Barack Obama called for an end to NSA metadata collection; scammers used lost Malaysian Airlines flight MH 370 as bait in phishing scams, and another Microsoft zero day emerged.<\/p>\n
The Aviator Browser<\/b><\/p>\n
Internet security and privacy is as fashionable as ever, thanks, in no small part, to revelations over the last year that the United States\u2019 National Security Agency has the capacity to spy on essentially whomever they want. However, securing Web sessions and ensuring that they remain as private as possible is tough work, especially for users who lack the technical understanding or \u2013 perhaps more importantly \u2013 the time to really get to the bottom of their favorite browser\u2019s settings.<\/p>\n
Thus, our friends over at White Hat Security decided to release their Aviator browser to the public (for Mac \u2013 at least<\/a>) a few months ago. They\u2019ve been using the browser internally for a few years now. Earlier this week, they released the Windows variety<\/a>, making the browser available for a far larger audience.<\/p>\n Aviator is built on the Chromium code base, which is very similar in feel and look to Google\u2019s Chrome browser. However, Aviator is designed to optimise user privacy, security, and anonymity. By default, the browser disallows Web tracking for and by advertisers. DuckDuckGo is the default browser, which doesn\u2019t collect user search history or present ads or track users in any way.<\/p>\n In all, the browser doesn\u2019t simply block ads in the way that a number of popular extensions on the big three browsers do, but rather, it doesn\u2019t make any connections to ad networks at all. Not only does this prevent pervasive corporate tracking, but it also protects users from potentially malicious advertisements. The company says that an added benefit of all this is that the browser actually ends up performing faster than most other browsers.<\/p>\n Obama Calls for an End to Metadata Collection<\/b><\/p>\n Almost a year ago, it emerged that the NSA was gathering and holding onto the communications metadata of nearly anyone with a mobile phone or computer. Of all the secret information made public by former NSA contractor Edward Snowden \u2013 and it\u2019s a long list of damning allegations against the U.S. spying apparatus \u2013 blanket metadata collection seems to have been the revelation that has gained the most traction with the U.S. audience. This is particularly odd because most people didn\u2019t even know what metadata was two years ago, but also because \u2013 in retrospect \u2013 metadata collection is a bit modest in comparison to some of the other things the NSA has been caught doing.<\/p>\n Any progress is good progress though, and the White House has apparently decided it wants to end the intelligence agency\u2019s collection and storage of phone records<\/a>. Under the current system, the NSA stores phone record information for five years. Under the new rules, the NSA wouldn\u2019t store metadata at all. It would instead remain with the various service providers who would only be required to retain such information for 18 months.<\/p>\n In fact, just now, as I write this very article, the White House has made public its plan to end the bulk collection of metadata as was permitted under section 215 of the controversial PATRIOT ACT<\/a>.<\/p>\n Phishing MH 370<\/b><\/p>\n As you\u2019re likely aware, some three weeks ago, a Malaysian Airlines flight travelling from Kuala Lumpur to Beijing vanished bizarrely and seemingly without a trace with more than 200 people onboard. At the time of writing, it\u2019s been determined that that flight ended in tragedy. Yet, still there has been no concrete evidence of the flight\u2019s whereabouts, other than that it likely crashed into the Indian Ocean somewhere.<\/p>\n Like other mysterious events and unexplainable disappearances, the saga of MH 370 \u2013 despite what was always likely to be a terrible tragedy \u2013 has generated a laundry list of absurd and ridiculous conspiracy theories, many of which have been perpetuated by shameless media coverage.<\/p>\n Just as shamelessly (albeit less shockingly because now we\u2019re talking about criminals and not people that call themselves journalists), hacking groups have taken to the Internet to exploit MH 370 for financial and informational gain as well.<\/p>\n More than a few social media click scams emerged, suggesting that MH 370 had been found. Users were prompted to click on a link purporting to contain a news story. This old-fashioned link phishing scam pops up nearly any time anything gathers public attention (celebrity deaths, international sporting events, natural disasters, the list goes on). However, there was also a more sophisticated and targeted spear phishing campaign<\/a> in which attackers disseminated emails related to the flight with malicious attachments to government officials in the U.S. and Asia Pacific.<\/p>\n Microsoft Word Zero Day<\/b><\/p>\n