Authentic8 Blog Category: Remote Browser

Browser Security: Pwned and Exposed

Illustration: Browser Security: Pwned and Exposed - Authentic8 Blog

Supposedly secure browsers are making headlines, but not in a good way. Their makers cannot gloss over the security weaknesses any longer.

*

Browser makers should be concerned, very concerned. Last week, a security researcher with software firm AdGuard called out five malicious ad blocking extensions in the Google Chrome Store.

At that point, they had already been installed by at least 20 million users of the Chrome browser. This shouldn’t have come as a big surprise. Many well-documented cases prove that plugins, in general, exacerbate the risks associated with using a locally installed browser.

And annual exploit competitions like last month’s Pwn2Own keep exposing ever more vulnerabilities of supposedly “secure” browsers for the world (malware authors, in particular) to see and study.

At Pwn2Own (sponsored by security vendor Trend Micro), Apple’s Safari browser was hacked by a three bug chain containing a macOS elevation of privilege vulnerability that modified text on a MacBook Pro's touch bar. And that wasn’

Silo vs. Chrome Study “Kind of Eye-Opening”

Illustration: Silo vs. Chrome Study “Kind of Eye-Opening” - Authentic8 Blog

Silo beats Google Chrome as the most secure browser for the enterprise, researchers at Georgetown University found. For our podcast “The Silo Sessions”, Authentic8 Co-founder and CEO Scott Petry spoke with Paul Brigner, Managing Director of the Security and Software Engineering Research Center (S2ERC) at Georgetown University, about the study and its findings.

This transcript has been edited for readability.

*

Scott Petry: Paul, we are going to spend some time talking about your latest research study, so why don't you introduce yourself and give a little background?

Paul Brigner: Thank you very much, it's good to be talking to you about our research at Georgetown University. S2ERC is a partially funded National Science Foundation Research Center, and all of our research is done in conjunction with industry. There’s a specific program at the NSF called the Industry-University Collaborative Research Program, and we
are one of those centers.

Scott Petry: And we, Authentic8, are an industry affiliate. We worked with you and

Fed Up? Fire Up This Cloud Browser.

Illustration: Fed Up? Fire Up This Cloud Browser. - Authentic8 Blog

The Facebook/Cambridge Analytica fiasco did not happen overnight or by “mistake”, as Facebook wants users to believe. The price of “free” services and apps online means the loss of data protection, privacy and transparency.

This isn’t a new phenomenon, it’s not limited to Facebook, and it should not be a surprise to anyone. Venture investment in companies building businesses around “eyeballs” and “clicks” had to convert to hard cash at some point, and that point is the monetization of user data.

In contrast, Authentic8’s cloud browser Silo was built on the trust of its users. How do we honor that trust? We think you have a right to know what we do with your data. But first, some background.

*

So Mark has admitted “mistakes” on behalf of Facebook. As did Marissa before him, for Yahoo. And don’t forget Richard (who?), who apologized - kinda, sorta - for Equifax. And so on…

Did it change anything that these

The Six Biggest Inside Threats to Law Firm IT

Illustration: The Six Biggest Inside Threats to Law Firm IT - Authentic8 Blog

by Jordan McQuown, CIO, LogicForce

Watching the news, you could easily come away with the impression that our greatest security threat emanates from state actors far away, seeking to hack into your law firm.

You might even feel that you are protected. After all, your firm put firewalls and strong external perimeter defense systems in place. Are you sure you didn’t overlook something?

Because in my experience, an external attack is far less likely to cause a data breach than incidental actions of internal employees. I have come to believe that the most prevalent cybersecurity threats are not direct attacks on your perimeter defenses from the outside. Unintentional actions by insiders expose your firm to much bigger risks.

How can you identify and manage these risks to prevent a data breach? I recommend starting by focusing on...

The Six Biggest Internal Cybersecurity Threats

To prevent threats, you must be aware of them. Recently, LogicForce profiled more than 300 law firms for

Inside GDPR: What Does It Mean for U.S.-based Companies?

Illustration: Inside GDPR: What Does It Mean for U.S.-based Companies? - Authentic8 Blog

For our podcast “The Silo Sessions”, Authentic8 CEO Scott Petry spoke with Steve Durbin (Information Security Forum) about the ramifications of the European Union’s General Data Protection Regulation (GDPR) for U.S. organizations.

This podcast transcript has been edited for readability.

*

Scott Petry: I'm joined by a colleague in the information security space, Steve Durbin. Steve, I'll leave it to you to introduce yourself.

Steve Durbin: Hi Scott, thanks very much for having me on. I'm the Managing Director of the Information Security Forum. The ISF is headquartered in London, we’re a not-for-profit organization and we work with many of the world's leading organizations on issues of information security risk management and increasingly, of course, the subject of today's session: what all of that means from a General Data Protection Regulation standpoint.

The GDPR is coming into effect in May of this year.

Scott Petry: Yes, sooner than people expect, I think - although we've had a couple of years