Voir en

français

Computer Security: Push & pain

With the demise and tighter regulation of cookies as a result of the EU’s General Data Protection Regulation (GDPR), more and more websites are moving to alternative methods to get at your data. For curiosity, for spamming, for selling, for promoting – based on the principle of “if it’s for free, you pay in data”. Browser notification spam is increasingly becoming the new method to promote unwanted extensions, fake software, adware bundles, adult sites and scam sites. Don’t fall for it! Tame your curiosity. And follow the general mantra of “STOP – THINK – DON’T CLICK”.

Browser notifications are becoming the new spam of the web, presenting you with a kind of paywall before you can access a webpage, video or web functionality. But you don’t pay with money, you pay with your data – location data, activity tracking – or by installing unwanted extensions. For example, the French bank Crédit Agricole asks for location data when it is not even clear what the purpose of such a request is. Ideally, you should just decline unless you see a benefit for your usage of that webpage (e.g. finding an ATM in your vicinity).

Similarly, we have seen an increased number of devices running Omnatuor – mainly unsolicited, unwantedly and maliciously. Omnatuor.com is part of an advertising service that website publishers can use to generate revenue on their sites. Unfortunately, there are malicious programs that are redirecting users to these Omnatuor.com ads without the permission of the publisher in order to generate revenue. Your data, your clicks, their money.

It goes without saying that installing additional extensions, programs or software from untrusted third-party websites must be avoided. Just. Don’t. Do. It. You never know what you’ll get. Adware? A hidden VPN gateway (see our Bulletin article on “Tunnel Madness”)? Malware? With any installation, you put your device, your digital life and, probably, also the operation and reputation of the Organization at risk. Avoid that pain. Avoid push notifications via your browser. Once again: “STOP – THINK – DON’T CLICK”.

So, if a webpage acts in weird ways, doesn’t display properly, hosts ads in places where they shouldn’t be, triggers pop-ups of other webpages, asks to install additional software or redirects you to websites you didn’t expect, the time has come to be vigilant and check your device. Consider installing an ad-blocker from your favourite browser’s app store (like Privacy Badger, uBlock or Ghostery, to name just a few). And feel free to contact us at Computer.Security@cern.ch for advice and help.

____

Do you want to learn more about computer security incidents and issues at CERN? Follow our Monthly Report. For further information, questions or help, check our website or contact us at Computer.Security@cern.ch.