Crafty Phishing Technique Can Trick Even Tech-Savvy Gmail Users

Crafty Phishing Technique Can Trick Even Tech-Savvy Gmail Users

Gmail users in recent months have been targeted by a sophisticated series of phishing attacks that use emails from a known contact whose account has been compromised. The emails contain an image of an attachment that appears to be legitimate, according to Wordfence.

The sophisticated attack displays “accounts.gmail.com” in the browser’s location bar and leads users to what appears to be a legitimate Google sign-in page where they are prompted to supply their credentials, which then become compromised.

The technique works so well that many experienced technical users have fallen prey to the scam, noted Mark Maunder, CEO of Wordfence. Many have shared warnings on Facebook to alert family and friends, given that the technique has exploited otherwise trusted contacts so successfully

Google’s Reply

Google has been aware of the issue at least since mid-January, based on comments from Google Communications’ Aaron Stein, which WordPress characterized as an “official statement” from the company.

Google was continuing to strengthen its defenses, Stein said, adding that it was using machine learning-based detection of phishing messages, safe browsing warnings of dangerous links in emails, and taking steps to prevent suspicious sign-ins.

Users could take advantage of two-factor authentication to further protect their accounts, he suggested.

Wordfence last month noted that Google Chrome released 56.0.2924, which changes the behavior of the browser’s location bar. The change results in the display of not secure messages when users see a data URL.

Google last month announced additional steps to protect G Suite customers against phishing, using Security Key enforcement. The technique helps administrators protect their employees using only security keys as the second factor.

Bluetooth low energy Security Key support, which works on Android and iOS mobile devices, is another user option.

Realistic View

Recent changes in Chrome and Firefox browsers have mitigated some of these types of attacks, observed Patrick Wheeler, director of threat intelligence at Proofpoint.

However, a variety of techniques are used to target users, he pointed out.

Attackers create extremely realistic landing pages, use Javascript to obfuscate and encrypt pages and contents, and host documents directly on Google drive, he told TechNewsWorld.

They recently have used PDFs to make it appear that users already are logged onto Google Docs — then users are prompted for a login when they move the mouse over the PDF.

Attacks such as these are a type of cat-and-mouse game in the sense that attackers will find more sophisticated entry points as cyberdefense methods improve, noted Javvad Malik, security associate at AlienVault.

“This shows the increasing maturity of cybercriminals,” he told TechNewsWorld. “As they become more organized and better funded, mainly through the proceeds of crime, they can invest time and resources into tweaking attack methods to become more effective.”

Difficult Defense

Attacks like phishing and social engineering are among the most common methods of entry, according to Sam Elliott, director of security product management at Bomgar.

Attacks like these often target privileged users with access to sensitive data, he said.

“While companies are aware of this, providing security around these types of users without limiting their ability to do their jobs effectively is difficult,” Elliott told TechNewsWorld.

Defining “privileged user” poses additional challenges for companies, even those with sophisticated security protocols, he added.

Despite the challenges it poses, “like any phishing scam, this one has a limited lifespan,” observed Mark Nunnikhoven, vice president for cloud research at Trend Micro.

“Because it impacts a very specific audience, there’s also a central point to prevent this scam,” he told TechNewsWorld.

Google likely will deploy image recognition and URL filtering to prevent this campaign from continuing, Nunnikhoven said.

Google did not respond to our request to comment for this story.

Google Unveils Guetzli, Open Source JPEG Encoder, to Speed Browsing

Google Unveils Guetzli, Open Source JPEG Encoder, to Speed Browsing

Google on Thursday announced Guetzli, a new contribution to its evolving set of tools for the open source community. Guetzli is an encoder that allows JPEG files to be compressed as much as 35 percent, resulting in much faster Web page loading.

“Guetzli,” which means “cookie” in Swiss German, allows users to create smaller JPEG images while maintaining compatibility with existing Web browsers, image processing applications and the existing JPEG standard, noted Robert Obryk and Jyrki Alakuijala, software engineers at Google Research Europe, in an online post.

It produces a result similar to that of Google’s Zopfli algorithm, which produces smaller PNG and gzip files without the requirement of a new file format, they explained. The technique is different from RNN-based image compression, RAISR and WebP, all of which need ecosystem and client changes for compression at Internet scale.

Google first introduced the Zopfi compression algorithm in 2013 and two years later unveiled Brotli, which offered faster page loads and up to 26 percent higher compression ratios than Zopfi.

Microsoft late last year announced support for Brotli in Edge, which would make it broadly interoperable across major browsers, as the latest versions of Chrome and Firefox already supported Brotli.

Quality and Compression

JPEG resolution quality is directly correlated to its multi-stage compression process, Obryk and Alakuijala explained.

“Guetzli specifically targets the quantization stage in which the more visual quality loss is introduced, the smaller resulting file,” they wrote. “Guetzli strikes a balance between minimal loss and file size by employing a search algorithm that tries to overcome the difference between psychovisual modeling of JPEG’s format and Guetzli’s psychovisual model.”

The model approximates color perception and visual masking in a more detailed way than what can be achieved through simpler color transforms and discrete cosine transforms, according to the engineers.

16x16 pixel synthetic example of  a phone line

16×16 pixel synthetic example of a phone line hanging against a blue sky — traditionally a case where JPEG compression algorithms suffer from artifacts. Uncompressed original is on the left. Guetzli (on the right) shows less ringing artefacts than libjpeg (middle) and has a smaller file size.

During experiments with human raters, Obryk and Alakuijala continued, images produced by Guetzli were preferred over images from libjpeg files, even when the latter files were the same size or slightly larger, making the slower compression a worthy tradeoff.

20x24 pixel zoomed areas from a picture of a cat's eye

20×24 pixel zoomed areas from a picture of a cat’s eye. Uncompressed original on the left. Guetzli (on the right) shows less ringing artefacts than libjpeg (middle) without requiring a larger file size.

The hope is that the format webmasters and graphic designers will embrace the format for running image-heavy websites, and that mobile users will see reduced load times and bandwidth costs, the engineers said.

Deep Learning

Google likely has developed the deep learning expertise and compute resources to tackle such a feat from a new vantage point, suggested Paul Teich, principal analyst at Tirias Research.

Image storage is a top priority for consumer cloud services, retail, advertising and other industries, he noted.

“My educated guess is that Google made Guetzli public because Google doesn’t control most of the endpoints that capture the images that Google then stores for image searches,” Teich told LinuxInsider. “It makes Google’s business run a little better if everyone uses Guetzli as their native JPEG format — and the same is true for other cloud services that handle images at scale, such as Facebook, Twitter and Instagram.”

There likely will be a version of Guetzli for motion video compression as well.

RAISR, which Google introduced in November, uses machine learning to turn low-resolution images into high-quality photos. WebP images are 26 percent smaller than PNGs and up to 34 percent smaller than JPEG images

Making the Guetzli technology available as an open source tool will help speed adoption and return significant benefits for Google, said Rob Enderle, principal analyst at the Enderle Group.

“Google makes money off ads,” he told LinuxInsider. “Slow load times lower ad views, so by speeding up the Web, they’ll make a ton more money.”

Dropbox engineers were excited to find that Guetzli interoperates with Lepton, the streaming image compression format Dropbox released to the open source community last summer.

“In preliminary testing, we are seeing real advantages in combining Guetzli with Lepton, as long as you apply Guetzli first,” said Daniel Reiter Horn, staff software engineer at Dropbox.

“For example, one test we tried resulted in ~24 percent savings from Guetzli and an additional ~22 percent compression from Lepton, with default settings,” he told LinuxInsider.

“The result was a total savings of ~41 percent over the default file,” Horn said. “The math makes sense, because Lepton gives 22 percent savings on the Guetzli file that’s 75 percent of the original size… so the savings is 24 percent + (22 percent * 76 percent) = ~41 percent.”

Google’s own team had little to say about the release beyond the revelations in Obryk and Alakuijala’s post, company rep Jason Freidenfelds told LinuxInsider.

However, it did release a statement suggesting that it was, shall we say, compressing its wild enthusiasm: “Grt to hv all ths intrst – w’r vry exctd fr ths brkthrgh!”

Pro-Turkey Hackers Hit Prominent Twitter Accounts

Pro-Turkey Hackers Hit Prominent Twitter Accounts

Hundreds, if not thousands, of Twitter users, many of them high-profile, were hacked Tuesday by someone who appeared to support Turkey in its diplomatic row with the Netherlands.

Their accounts displayed a Swastika — reversed to face to the right — as well as the Turkish flag and hashtags to the Nazialmanya and Nazihollanda accounts, which displayed comments on the attack.

The following message in Turkish, translated into English through Google Translate, also was posted on affected accounts: “Now Old Turkey Nothing You Have Set Adjust Absolute Wheel Will Earn Traitors Crime Freaks Needed YES le Verecek Elbet.”

The hackers included a reference to April 16, when Turkey will hold a referendum to give President Recep Erdogan more power, and a link to a Youtube video presenting clips of speeches by Turkish President Recep Erdogan, accompanied by a poem that appears to be threatening.

Among the victims are Nike Spain, Duke University, Starbucks Argentina, the European Parliament, the BBC, Amnesty International and a number of high-profile people, including singer Justin Bieber.

Twitter Leaps Into Action

Twitter Support on Wednesday reported that it had addressed the issue.

Twitter had “moved the apps permissions to Twitter accounts globally,” noted Willis McDonald, senior threat manager at Core Security.

Its response was “appropriate, given the number of accounts affected and also that the attack had to do with a third-party app and not Twitter itself,” he told TechNewsWorld.

How the Hack Happened

The hack appears to have exploited a zero-day vulnerability in Twitter Counter, a third party app available on Google Play and the Apple App Store, said Robert Capps, VP of business development at NuData Security.

Twitter Counter, which lets users graph their Twitter stats, apparently has more than 180 million users.

Its website has been shut down temporarily, “for maintenance.”

“If Twitter were a country, it would be the 12th largest in the world,” Capps told TechNewsWorld.

Its more than 100 million users, and its capacity as a real-time source of information, “make it an attractive and vulnerable target for account takeovers,” he said, because it gives bad actors “access to the audiences of celebrities and brands with thousands of followers.”

Gangsters or Governments?

It’s likely that the attackers were operating in support of Turkey, Core Security’s McDonald suggested, but they probably were “a nationalist group and not state-sponsored attackers.”

The hack “only caused minor damage to the public image of the victim accounts,” he said, and the damage to Twitter’s image is “minimal, since [it] was due to a third-party app.”

However, “the damage to Twitter Counter is [worse] since their app’s permissions have been removed from Twitter, which essentially puts them out of business until they can resolve the issue,” McDonald said.

Twitter Counter users can remove the app from their devices and change their account credentials, and since Twitter has removed the app’s permissions, he noted, victims “only need to remove the offending tweets to remediate their accounts.”

Slackel Openbox Plays Hard to Get

Slackel Openbox Plays Hard to Get

Slackel’s Openbox edition is a lightweight operating system that offers reliable performance once you get the box open. It is not an ideal OS for every user, though.

Slackel 6.0.8 Openbox, the latest version of the Greece-based project’s lightweight distribution, was released by developer Dimitris Tzemos last fall.

Slackel is a Linux distro that offers several benefits for users who step away from the typical mainstream Debian-based Linux distros. Based on both Slackware and Salix, it offers a few advantages not usually found with the Slackware Linux lineup.

For example, Slackel is fully compatible with both Slackware and Salix software packages. The main difference is it includes the current version of Slackware and the latest version of KDE in the repository.

That gives Slackel a better reach for adding software. Slackware-based distros typically have far smaller software repositories than Debian-based distros and others. Think in terms of a few thousand packages compared to 35,000. Finding Linux packages that will run in Slackel is less of a challenge — but you will have slimmer pickings.

Slackel provides some of the best Slackware-based system tools, which is a big plus since Slackel also has all the Salix system tools present. It makes system administration easy and straightforward. The Salix codecs installer application installs patent-encumbered codecs quickly and easily.

Openbox desktop

Openbox is similar to the Xfce desktop with fewer configuration options. Click anywhere on the desktop to get a fully populated menu — but you can not place icons on the desktop or launchers on the panel bar.

Getting It

Normally, a live session disc image combines the ability to run the Linux OS from a bootable DVD with direct access to the hard drive installation. All you have to do is click a desktop install icon without leaving the “try-it-out” mode.

Not so with Slackel Linux. The Slackel disc images come in two separate forms: installation and live. Both are available in both 32-bit and 64-bit versions.

You have to pay attention to the download links. Slackel’s standard release uses the KDE environment. The Slackel line also offers the Fluxbox desktop. Be sure you grab the Openbox edition — twice. You will need the live session and the install-only images.

The 64-bit ISO images support booting on UEFI systems. The 32-bit ISO images support both i686 PAE SMP and i486, non-PAE capable systems.

Slackel is a bit less cooperative in putting the ISO onto a USB thumb drive. I usually run that procedure as a routine matter with other distros. If you want to transfer the ISO to a USB drive, check out the specific instructions here.

You can use the dd command to write the iso to a USB stick. However, dd is not a perfect solution with Slackel. It works — but some features like persistence will not be available.

I found the Slackel installation ISOs to be particularly finicky in configuring on UEFI systems. This is especially the case if you insist on setting up a dual boot around a Microsoft Windows partition. Read the directions very carefully.

Big Frustration Alert: Do not use eLilo as your bootloader. If you do, you will not be able to boot Windows partitions.

What’s Inside

Slackel 6.0.8 Openbox includes the Linux kernel 4.4.29 and latest updates from Slackware’s ‘Current’ tree. The live session ISO images contain full multimedia support.

You do not have to install multimedia codecs while on live environment. However, remember to install multimedia codecs after you put SlackelOpenbox on your hard drive from the installation ISO.

Slackel 6.0.8 Openbox includes the Midori 0.5.11 Web browser. This distro does not provide automated installers for other Web browsers.

If you want to add a standard preference such as Firefox or Chromium, you will need to launch the gslapt Package Manager. gslapt is a GTK+ front-end to slapt-get — an APT-like package tool for Slackware.

Slackel gslapt
Package Manager

Slackel uses the gslapt Package Manager, a GTK+ front-end to slapt-get, an APT-like package tool.

Other standard software packages in the Openbox edition include Claws-Mail 3.13.2, Transmission 2.92, PCManFM 1.2.4 and Pidgin 2.11.

Smplayer is the default movie player. Exaile 3.4.5 is the default application for managing music collections. Other media tools include Asunder 2.7 Cd ripper and Bracero 3.12.0 for writing CD/DVDs. Graphics software includes Viewnior 1.6, GIMP 2.8.18 and mtpaint 3.40. Scrot is the snapshot utility.

Openbox Look and Feel

The standard panel bar sits at the bottom of the screen. The left side of the panel has a very easy-to-use, uncluttered menu. A few icons sit on the left. The expected notifications are on the right end of the panel. Toward right center is a preconfigured work space switcher with four locations ready to use.

Openbox desktop

The Openbox desktop design requires nearly no learning curve. It is point-and-click simple. Both its appearance and its operation are old school on Slackel, which is a good thing.

Openbox is similar to the Xfce desktop, but it has fewer configuration options. Like Xfce, you can right-click anywhere on the desktop to get a fully populated menu for system tools and applications. And like Xfce, you can not place icons on the desktop or the panel bar.

The panel bar is devoid of any extra features, such as applets. Openbox is very simple with some user tweaks built in, but power users will be less enchanted with its almost one-size-fits-all design.

Software Supplies

I was disappointed by the absence of some key software that I find bundled on other Linux distributions offering lightweight desktop options, such as Openbox. Some of them are available via other Slackel or Salix repositories, but having to track stuff down is inconvenient.

For example, Abiword 3.0.1 office application and Gnumeric-1.12.27 are included. Both applications are extremely lightweight and feature-deprived. You can add Libreoffice 5.2.3 from the Slackel repositories through gslapt.

Much to my pleasure, Slackel comes with the Geany IDE text editor installed. It also bundles the Leafpad text editor. Geany is one of my core applications.

If you install Slackel on just one computer, you’ll have to suffer through a one-time inconvenience. However, if you maintain multiple computers running the same set of applications for work projects, for instance, getting your working tools up to speed will become a much larger annoyance.

That is not the fault of Slackel itself — it is a characteristic of the Slackware Linux line. Slackware distros typically force you to find and install the software on your own.

Slackel Primer

The Slackel distro is a slice of the Slackware and Salix Linux ecosystems. It is just a better Slackware derivative.

Slackware originated in 1992. By comparison, well known and well used distros such as Ubuntu, Fedora and Linux Mint were introduced in the mid-2000s.

Salix is a GNU/Linux distribution based on Slackware. It is not a clone, however. It is built on the concept of being stable, fast and easy to use. Salix is fully backward-compatible with Slackware. One of the guiding priciples of Salix Linux is economy. It provides one application per task on the installation ISO.

Slackware is among the oldest actively maintained Linux distros. It tends to adhere to its less modern Linux underpinnings in terms of user-friendliness. The Slackware project started as a way to install a Linux system that already included some core packages like the kernel and an X window system.

In its long run, Slackware has updated but not improved much. It is still not easy to set up and use compared to more modern Linux distro replacements. If nothing else, Slackel tries to modernize that heritage just a bit.

Bottom Line

Slackel is not a good choice for new users looking to make a fast move into a Linux OS. Still, this distro has some benefits.

If you like to learn how things work, Slackel gets you closer to understanding the pure Linux environment. Plus, you have a system made your way because you decide what gets installed.

If you give Slackel Linux a test run, jot down these user credentials. Otherwise, you will soon be dead in the water.

The root password for the live CD is “live” (no quotation marks). The standard user login is “one” with password: “one”)

For installation and for all work required administration privileges, the super user “one” with password “one” is used.

Slackel Linux is hardware-friendly. Its minimum system requirements are Pentium 2 or equivalent, 256 MB of RAM and a 1.5 GB HDD.

Want to Suggest a Review?

Is there a Linux software application or distro you’d like to suggest for review? Something you love or would like to get to know?

Please email your ideas to me, and I’ll consider them for a future Linux Picks and Pans column.

And use the Reader Comments feature below to provide your input!