The Best Reason to use a Professional WordPress Developer

wordpress-locked

Thousands of WordPress sites backdoored with malicious code

Malicious code redirects users to tech support scams, some of which use new “evil cursor” Chrome bug.

 


Thousands of WordPress sites have been hacked and compromised with malicious code this month, according to security researchers at Sucuri and Malwarebytes.

All compromises seem to follow a similar pattern –to load malicious code from a known threat actor– although the entry vector for all these incidents appears to be different.

Researchers believe intruders are gaining access to these sites not by exploiting flaws in the WordPress CMS itself, but vulnerabilities in outdated themes and plugins.

Also: Access to over 3,000 backdoored sites sold on Russian hacking forum

When they gain access to a site, they plant a backdoor for future access and make modifications to the site’s code.

In most cases, they modify PHP or JavaScript files to load malicious code, although some users have reported seeing modifications made to database tables as well.

Malwarebytes security researcher Jérôme Segura said this malicious code filters users visiting the compromised sites and redirects some to tech support scams.

CNET: How to avoid tech support scams

He says some of the traffic patterns seen during the redirection process match the patterns of a well-known traffic distribution system used by several malware distribution campaigns.

Segura also said that some of tech support scams that users are landing on are using the “evil cursor” Chrome bug to prevent users from closing the malicious site’s tab, a trick that the researcher first spotted last week.

TechRepublic: Why that email from your boss could be a scam waiting to happen

This WordPress site hijacking campaign appears to have started this month, according to Sucuri, and has intensified in recent days, according to Segura.

Googling just one of the pieces of the malicious JavaScript code added to the hacked WordPress sites reveals just a small portion of the total number of hacked sites. In this case, this string search yielded over 2,500 results, including a corporate site belonging to Expedia Group, the parent company behind the Expedia portal.

wp-spam-campaign.png

Last week, ZDNet revealed that attackers had been scanning the Internet in an attempt to exploit a recent vulnerability in a popular WordPress plugin.

While Sucuri did not find confirm that this vulnerability was now being used in this recent wave of site hacks, the company did confirm our initial report, based on WordFence’s telemetry.

What is the dark web? The good and bad of the Internet’s most private corner

ProtonMail-What-is-the-dark-web-diagram-2

What is the dark web? The good and bad of the Internet’s most private corner

You may have heard the dark web is a place for drug dealers and hitmen. That’s correct, but there’s more to it than that. In this article, find out what is the dark web, how to access it, and what you might find there.

The dark web is a part of the Internet that requires special software to access and is not indexed by search engines. It offers much greater privacy than the widely accessible parts of the World Wide Web.

That privacy also makes the dark web a setting for illegal activity, scams, and offensive content. The high-profile rise and fall of the Silk Road marketplace for illicit drugs is the best-known example of this. But despite the sensational media coverage, few people really understand what the dark web is or how it works. For instance, it might surprise some people to learn that The New York Timesand Facebook both maintain websites on the dark web.

The dark web isn’t “dark” because it’s bad; it’s dark because it’s the only place on the Internet that offers a bit of privacy. In this article, we’ll explain how that works, what actually happens on the dark web, and how you can check it out for yourself.

What is the dark web?

Think of the Internet as divided into three parts: the clearweb, the deep web, and the dark web.

The clearweb is the Internet most of us are familiar with. Its pages are searchable in Google, but it makes up just a small percentage of all the content on the Internet. The deep web comprises the majority of the Internet, but it is not indexed by search engines, it is often password-protected, and therefore it’s not generally accessible. The deep web includes things like financial databases, web archives, and password-protected pages.

The dark web is a small portion of the deep web. It runs on top of existing Internet infrastructure, but it is a parallel web that cannot be accessed without special tools. For this reason the dark web is sometimes referred to as the hidden web.

Websites on the dark web have domains ending in “.onion” and are sometimes known as onion sites. They’re called onion sites because of the kind of encryption technology they use to hide the IP address of the servers that host them. Websites on the dark web mask their data behind multiple layers of encryption (like the layers of an onion), and can only be accessed through the Tor network, which is a network of computers around the world maintained by volunteers. Because the routing is random and the data is encrypted, it’s extremely difficult for anyone to trace any piece of traffic back to its source.

How to access the dark web

Tor is the most popular dark web interface, with millions of users. There are a number of ways to access the Tor network, including via the Tor browser , the operating system Tails, or by installing Tor on your computer. ProtonVPN also provides one-click Tor access through the Tor over VPN feature. From there, you can browse the web normally as well as gain access to highly private and secure onion sites.

Unlike the regular web, however, even after you have connected to the dark web, it isn’t so easy to find websites. Dark web sites use randomly generated domains that aren’t easy to remember. The dark web is also difficult to index, meaning search engines are ineffective. There are a number of link directories, such as The Hidden Wiki, that attempt to catalogue the dark web. But because dark web sites change their domain frequently, you’ll find a lot of dead links. A typical onion site url looks something like this:

http://3g2upl4pq6kufc4m.onion/

Some special onion sites, though, have easy to remember domain names and also SSL encryption (URLs that start with “https” instead of “http”). For example, ProtonMail’s Tor encrypted email site is at https://protonirockerxow.onion while Facebook’s onion site is at https://facebookcorewwwi.onion. You can learn more about these special onion sites here.

What’s on the dark web?

The illicit uses of the dark web are well documented: assassination services, ecommerce sites for buying guns and drugs, and so on. It’s best to stay clear of anything that seems suspect while browsing there. However, there are plenty of 100% legal things you can do on the dark web. You can read ProPublica or The New York Timescheck your email in ProtonMail, or browse your Facebook wall. All of these mainstream websites offer dark web access because of the benefits to privacy and freedom of information.

One of the biggest advantages of the dark web is the difficulty of blocking it. Common forms of censorship, which block traffic to websites at specific choke points along the Internet hierarchy, do not work with encrypted overlay networks. (As a result, some dictators have, for example, tried to block Tor itself.)

For similar reasons, the dark web is more resistant to surveillance by governments and corporations (such as Internet service providers). Whistleblowers, journalists, and other professionals at risk of targeted surveillance use the dark web to communicate sensitive information. And organizations including Human Rights Watch and the Electronic Frontier Foundation support the use of and access to the dark web.

One of the only drawbacks of the dark web is its speed. For instance, because Tor bounces your traffic through multiple servers around the world, it necessarily slows your connection. But when you need it, the dark web can be vitally important: When Turkey temporarily blocked ProtonMail for some users, our onion site was one of the only ways people could gain access to email.

So, there’s no reason to be afraid of the dark web. On the contrary, the dark web is an essential privacy tool. As governments work to weaken encryption with backdoors and corporations gain greater access to everything we do, privacy and security technologies like the dark web must be vigorously defended. And that starts with understanding them beyond sensational headlines.

Best Regards,
The ProtonMail Team

You can get a free secure email account from ProtonMail here.

We also provide a free VPN service to protect your privacy.

ProtonMail and ProtonVPN are funded by community contributions. If you would like to support our development efforts, you can upgrade to a paid plan or donate. Thank you for your support!

Alexa Is Losing Her Edge

google-home

Alexa Is Losing Her Edge

A year ago, everyone was buying an Amazon Echo. Here’s how Google turned the tables.

It’s easy to imagine a world in which “Alexa” is synonymous with talking computers, or Echo with smart speakers—just as Kleenex is synonymous with facial tissue, Xerox with copy machines, or Google with online search. (These are called genericized trademarks, or proprietary eponyms, by the way. They need a better name.)

That’s almost the world we live in today, thanks to the dramatic early success of Amazon’s pioneering smart speaker and the surprisingly capable digital assistant that animates it. Almost, but not quite.

It’s true that voice-powered smart speakers are on the path to ubiquity: Analysts predict that most U.S. households will eventually have one. But at a time when sales are booming around the world, it’s becoming clear that Amazon’s first-mover advantage wasn’t built to last.

While there are no official sales figures, mounting evidence suggests that Echo devices have been losing ground in the past year to competitors on multiple fronts. Assemble the pieces from an array of market-research reports with different methodologies, and the picture is that of a rapidly shifting landscape in which no single company is likely to dominate long-term—but if anyone does, it might be Google. That matters not only to industry watchers and investors but to anyone who cares about the business models and privacy practices of the tech goliaths that mediate what we say, learn, buy, and do.

With that caveat aside, a consensus has emerged on the broad trends. Here are three of the big ones:

• Google Home devices are rapidly catching up to Amazon Echo devices in worldwide sales and may have already surpassed them.

• Apple’s HomePod isn’t selling as poorly as some initial reports suggested, and Samsung just launched its own smart speaker.

• China is the fastest-growing market for smart speakers, and neither Amazon nor Google is a significant player there.

The common thread: Alexa is losing its edge. And the obvious question: What happened?

As recently as a year ago, Amazon single-handedly controlled the global smart speaker industry, with a market share upward of 75 percent, according to estimates from two of the leading market watchers, Strategy Analytics and Canalys, based in Singapore. Amazon itself boasted in a February earnings report that it had sold “tens of millions” of Echo devices in 2017. That figure included not only its flagship Echo smart speaker but the Echo Dot, Echo Show, and other Echos, the company clarified to me (though not other Alexa-powered gizmos, such as the Tap or Fire TV). It makes sense that Amazon was crushing the competition because there wasn’t much competition yet: Google had just launched the Home in late 2016, and Apple’s HomePod was not yet on the market. The Echo has been available since 2014.

Would-be rivals faced an uphill struggle. Amazon’s head start in smart speakers resembled the daunting leads that Apple famously built in portable MP3 players, smartphones, and tablets. But Apple’s high prices at least gave competitors an opening to build cheaper alternatives for the mass market. Not so with Amazon. Because it viewed Echo partly as a path to Amazon purchases, the company sold its smart speakers at affordable prices, opting to maximize sales rather than profit margins. How could latecomers compete?

Yet visions of an Amazon smart speaker monopoly faded faster than almost anyone expected. Google, in particular, has been catching up in a hurry. That could be partly because its Assistant is “smarter” than Alexa, by some metrics. But the Echo is more capable in other respects, and it continues to be a top-rated device in the category.

Analysts say the secrets to Google’s success lie elsewhere. A big-budget marketing blitz, an aggressive push to partner with retailers and makers of smart home gadgets, and the company’s reputation for answering search questions got it off to a good start. It didn’t hurt that the company was also pushing the Google Assistant—its equivalent of Alexa—onto hundreds of millions of Android devices. Perhaps most importantly, Google has experience, partners, and language capabilities in overseas markets where Amazon is less established.

Oh, and perhaps you’ve heard that brick-and-mortar retailers aren’t big Amazon fans. “Retailers are more open to the idea of arranging Google’s smart speakers because Google isn’t seen as such a direct competitor,” said Vincent Thielke, research analyst for Canalys.

By early this year, according to multiple industry reports, the tide was turning in Google’s favor. One firm, Strategy Analytics, estimated this month that Amazon’s global market share dipped from 76 percent to 41 percent over the past year, with Google’s rising to 28 percent. The firm projects Google’s smart speaker sales to surpass Amazon’s by 2020, said Bill Ablondi, director of smart home strategies.

Chart showing global smart speaker market by vendor in Q2 2018.

For Amazon, those numbers would be ominous enough. But Canalys reckoned in an Aug. 16 report that Google has already eclipsed Amazon in quarterly sales.

Chart showing worldwide smart speaker market by Q2 2018.

It’s worth noting that Canalys counts devices shipped to retailers, even if they haven’t yet been purchased by consumers. Canalys derives its estimates partly from suppliers, vendors, and other third parties, while Strategy Analytics relies on sources within the companies that make them. A third report, from the news and research site Voicebot, used consumer surveys to estimate how many users each firm’s smart speakers have. It found that 62 percent of U.S. smart speaker owners had an Amazon Echo, while 27 percent had a Google Home, as of May. That methodology favors Amazon by counting devices purchased in the past. But even there, Google was rapidly gaining ground, tripling its market share in the first half of 2018.

More competitors are looming: Electronics giant Samsung has just launched its Galaxy Home smart speaker, and a bevy of audio companies are gradually getting in on the game. Meanwhile, smart displays are emerging as an alternative to audio-only speakers, and Facebook is working on a device called Portal that could focus on video calling.

In the long run, though, it isn’t just Silicon Valley that threatens Amazon’s smart speaker lead. It’s China.

A year ago, pundits were wondering why smart speakers weren’t catching on in China. No one’s wondering that anymore: It is by all accounts the fastest-growing market for smart speakers. And virtually none of that growth is going to Amazon or its U.S. rivals, which don’t offer Chinese-language versions. It’s going instead to Chinese giants such as Alibaba, Xiaomi, and Baidu, which are pumping out smart speakers that go for a fraction of the price of the Echo or Home. These aren’t just cheap knockoffs, either. At CES this year, Baidu showed off high-concept smart speakers that look like lamps, ceiling lights, or even a colorful stack of blocks. Amazon and Google’s devices look outdated by comparison.

When you buy an Echo, you’re paying Amazon $85 today. But it also gives you a strong incentive to pay it $120 a year for Amazon Prime, and perhaps another $80 per year for Amazon Music Unlimited. On top of that, it makes it very easy to buy things on Amazon and plays nicely with other Alexa devices like the Fire TV.

Purchase a Google Home, on the other hand, and it will fit right in with Chromecast, YouTube, your Gmail and Google Calendar, and the Google Assistant on your Android device. A HomePod will deepen your relationship with Siri and iTunes, and so forth.

So an Echo-filled world would expand Amazon’s retail empire; a Home-filled world would broaden Google’s surveillance network and feed its A.I.; a world of HomePods would keep people ensconced in Apple’s ecosystem (especially if they’re well-off). And one shudders to think what a world of Facebook Portals might do. (Rumor has it the company delayed the device’s launch due to the Cambridge Analytica scandal.) The only darker scenario might be one in which the censorship-friendly Chinese tech companies ultimately prevail.

That Amazon no longer looks poised to monopolize smart speakers might reassure critics wary of its online retail dominance. But the prospect of Google’s dominance should give privacy advocates pause. What we have for now, thankfully, is a hotly competitive industry—the kind that is unlikely to give rise to any proprietary eponyms at all.

Google just updated text messaging for Android, and it completely changed the way I text

 

Google just updated text messaging for Android, and it completely changed the way I text

So I was pretty excited to hear that Messages for Android now has its own web client, accessible from any web browser. It’s called Messages for web, naturally:

Messages for Web (Messages for Android)Google

In short, Messages for web lets Android users text message seamlessly from any computer with a web browser. It’s super easy to set up, and even syncs in real time between phone and computer.

I’ve been using it for nearly a week at this point, and it’s fundamentally changed how I communicate.

Here’s why:

First, setting it up: It’s a snap!


Ben Gilbert / Business Insider / Google

Here’s how you set up Android text messaging on the web:

Step 1: Open Messages on your (Android) phone.
Step 2: Tap the three dots in the upper right corner, and select “Messages for web.”
Step 3: Navigate to the Messages for website on your favorite web browser.
Step 4: Scan the QR code using your phone.

And you’re in.

If you want the computer you’re using to remember your phone, there’s an option to select that from the web browser window.

If you’re not seeing the Messages for web option in Messages just yet, check back in a few days — Google is rolling out the update over time.

I’ve stopped knee-jerk responding to every text message buzz in my pocket.

I’ve begun ignoring the buzzes in my pocket, and it’s been a massive relief.

As someone who spends most of my time at a computer, I feel especially silly holding up a smartphone screen in front of that computer.

Eventually, I click over to the Messages for web tab in my browser and see what I’ve been missing: group texts with friends to get back to, messages from my partner, an alert from Verizon that my autopay went through successfully.

Important stuff, no doubt, but stuff that doesn’t require an immediate, “Stop everything!” response. Instead, I ignore the buzzes, find a natural end point to whatever I’m doing, then catch up on messages I’ve been missing.

It’s a subtle change with massive implications — I’ve been knee-jerk responding to text message pocket vibrations for over 10 years now.

But there’s something about having all my text messages in a browser window, waiting for me, that changed how I look at them: They’re just instant message windows now, nothing more than the AOL Instant Messengers and Facebook Messengers of the world.

It’s obvious, I realize. They’re all just messaging software in the broadest sense. But text messages have maintained the top spot in my personal hierarchy of prioritization. Messages for web is helping me put the space between myself and text messages that I didn’t even realize I needed.

Not having to switch between phone and computer while working is a huge time saver.

Not having to switch between phone and computer while working is a huge time saver.
Since I write about technology at a major publication in 2018, I use a MacBook Air with my phone sitting next to it. I don’t wear a name tag.
 Jacques Brinon/AP Images

Switching between a phone and a keyboard is massively disruptive. Moreover, as stated previously, it makes me feel ridiculous to pick up a smartphone solely for one type of messaging while I’m sitting at a powerful computer.

Having Messages for web makes text message communication a part of my workflow.

I’m free to ignore the buzzes in my pocket specifically because I know the messages they represent are easily tackled in a browser tab. Why bother looking?

Messages for web seamlessly syncs between phone and computer, instantly.

Ben Gilbert / Business Insider / Google

The way that Messages for Android works is identical to the way Messages for web works. You can send images, and emoji, and links, and GIFs, and there are even a handful of silly secret commands.

If someone sends you media, you can download it locally to your computer (and vice versa — it’s super easy to send your friends all the dumb GIFs you found before they woke up).

Messages for web works exactly as well as Google’s many other excellent services, like Google Docs, Calendar, Mail, and Keep. It is genuinely impressive how quick and easy it is to use Messages for web.

And yes, you can text message anyone with Messages for web, just like you would with your phone normally. It actually uses your phone to send the messages — there’s no way to use Messages for web without your phone close by.

Font Resize