Menu

Refactual

We publish EVERYTHING sent to publish@refactual.com

How Email Bombing Uses Spam to Hide an Attack

Did You Know?:

The period prior to the 1930s adoption of the Motion Picture Production Code (which governed profanity, nudity, violence, and the treatment of other subjects in cinema) was known as Pre-Code Hollywood; throughout the 1920s and early 1930s, movies featured content that wouldn’t be seen again in American cinema for decades.

 

April 29, 2019

Did You Know?

The period prior to the 1930s adoption of the Motion Picture Production Code (which governed profanity, nudity, violence, and the treatment of other subjects in cinema) was known as Pre-Code Hollywood; throughout the 1920s and early 1930s, movies featured content that wouldn’t be seen again in American cinema for decades.

 
How Email Bombing Uses Spam to Hide an Attack

If you suddenly start receiving an endless stream of junk email, perhaps asking for confirmation of a subscription, you’re the victim of email bombing. The perpetrator is probably trying to hide their real goal, so here’s what to do. Read More »

 
Chrome for Android Has Dark Mode–Here’s How to Turn it On

The Chrome desktop browser recently got dark mode on both Mac and Windows, but it’s also available on Android. It’s not quite as straightforward as other platforms, however, as it’s currently tucked behind a flag. Here’s how to enable it. Read More »

 
How to Watch Netflix in 4K on a Mac

Watching 4K Netflix on a Mac is unnecessarily complicated. It’s not currently supported in macOS, so you’ll need to run Windows on your Mac—and even then you’ll still be limited to the Edge browser. But it can be done. Read More »

 
The Worst Things About Owning a Smarthome

Smarthomes are convenient and powerful. From self-locking doors and automated lights to video doorbells and voice control, there’s so much to love. But, sometimes, owning a smarthome is an incredibly frustrating experience. Here are a few reasons why. Read More »

 
Daily News Roundup: New Chrome for Android Attack Spoofs the Omnibox

There’s a new Chrome attack on the horizon, and man, it’s a doozy. Dubbed the “Inception Bar” by the finder, it replicates Chrome’s Omnibox, essentially giving attackers the potential to take control of Chrome completely.

Found by developer James Fisher, the Inception Bar is an incredibly clever phishing attack that leverages the fact that Chrome for Android hides the Omnibox—that’s what the address bar on Chrome is called—as you scroll. Once you scroll down the page a bit, the Omnibox is hidden, and it’s automatically replaced with the spoofed bar. And it looks incredibly convincing—it can even lock the real Omnibox in an overflow container, preventing it from re-appearing once the Inception Bar is in place.

While it doesn’t look like this attack has been found present on the web (yet), Fisher built a working proof of concept on his site, which you can check out at the link. Once you visit the site, scroll down the page a bit, and right after the Omnibox disappears, you’ll see the spoofed Inception Bar—complete with a fake URL—appear in its place. The bar doesn’t work at this point (as it’s just a proof of concept), but it’s not hard to see how with a little bit of additional code it could become a very realistic clone. It’s also worth noting that this is still buggy—closing Chrome and reopening it will display both bars, for example.

Fisher notes in his post that he doesn’t see an easy way to fix this issue, which makes a lot of sense. Since the website itself is generating the faux bar, it will be incredibly hard for the Chome team to find a way to combat the issue.

As for possible ways for users to prevent encountering this issue should it become a legitimate problem, the first one is easy: use a different browser. Any page with the code to generate the Inception Bar will still do so, but it will be hilariously obvious because other browsers don’t use Chrome’s Omnibox. It’s also worth reiterating the fact that this only works on Chrome for Android—Chrome for iOS uses a different interface that prevents this from being any sort of convincing attack. [via Android Police]

In less terrifying news, Apple talks about why it pulled screen times apps from the App Store, Zuck built his wife a nifty “sleep box,” Facebook will be a necropolis in 50 years, Spotify hits 100m subs, and more.

  • Apple cracks down on screen time apps: Apple has its own screen time system built into iOS. Recently, it started pulling competing products from the App Store, but the company’s Phil Schiller says it’s not about competition—they were misusing enterprise tools. Interesting. [AppleInsider, 9to5Mac]
  • Zuckerberg built his wife a “sleep box”: Zuck said his wife Priscilla has a hard time sleeping—if she wakes in the middle of the night and knows the kids will be awake even in just a few hours, she stays awake. So he built her a box with a subtle light; if the light is off, she knows it’s okay to go back to sleep. If it’s on, she can go ahead and get up. All without looking at a lock, so she doesn’t have the anxiety associated with knowing what time it is. How sweet. [Zuck on Insta]
  • Facebook will be a necropolis in 50 years: Researchers have concluded that it will take about 50 years for Facebook’s dead users to outnumber the living ones. It’ll be like Colma, California—where the dead outnumber the living by 1000:1—but online (okay, maybe it won’t be that extreme). [ZDNet]
  • Spotify hits a hundy mill: Spotify announced that it now has 100 million paid subscribers. Rollin’ in that dough, y’all. [The Verge]
  • TurboTax and H&R Block are hiding free filing from Google Search: Tax filing software wants your money, but it only recently became apparent how badly they really want it—TurboTax and H&R Block were reportedly hiding the free filing tier from Google search results. That means users who were eligible to file for free ended up paying, and that sucks. Shady crap. [ProPublica]
  • Apple thought about buying Intel’s smartphone modems business: According to a new report from The Wall Street Journal, Apple was considering gobbling up Intel’s smartphone modem business before the Qualcomm settlement. [WSJ]
  • Google has stopped publishing distribution numbers: For years, Google has been sharing Android’s monthly adoption numbers. But for the last six months, it’s been totally mum, and that’s troubling. [XDA Developers]
  • Nubia built a fan-cooled 8K gaming phone: Have you ever been so deep into a gaming session on your phone that you needed an 8K display and fan-cooling alongside the built-in liquid cooling? Boy, do we have the phone for you. [Engadget]
  • Distracted driving penalty fees have risen 10,000%: Distracted driving has become more of an issue over the last ten years than ever before, and as a result, insurance company penalty fees have jumped nearly 10,000 percent—from $2 to $290. Good. Keep ’em coming until people stop texting and driving. [Digital Trends]

Speaking of distracted driving charges, it’s time to talk about the best story from the weekend: a man spent 13 months and thousands of dollars to prove that a hashbrown is indeed not a phone.

Jason Stiber received a $300 distracted driving ticket for eating a McDonald’s hashbrown while driving. An officer mistook the breakfast food as a smartphone and gave Stiber a ticket. But he fought it in court, which revealed that the office was on the 15th hour of a 16-hour shift and his judgment may have been subpar. The case was overturned. Absolutely amazing. [The Washington Post]

 
How to Watch TV Online for Free

So, you’ve ditched the cable company, but now you’re stuck with a dozen streaming services and their rising prices. Fortunately, you can watch TV online for free. It just takes a little effort and a little patience. Read More »

 
DEAL OF THE DAY

Daily Deals: A $263 Nintendo Switch, a $675 iPhone X, an $80 Ultimate Ears Alexa-Enabled

Right now, the internet’s full of crazy deals and discounts. These deals range from a $42 Alex-Enabled car charger to a $250 50″ 4K smart TV, but as always, we’ve picked out a few favorites. Read More »

 
Windows 10’s Your Phone App Gets Android Notification Mirroring

Microsoft is updating the Your Phone app in Windows 10. As promised, it’s getting Android notification mirroring so you can see all your smartphone’s notifications on your desktop. This app can also send texts and mirror your phone’s screen. Read More »

 
How to Make Tri-Folds in PowerPoint

While Microsoft PowerPoint is almost exclusively used for presentation purposes, it’s also a great application for creating interesting and visually appealing brochures. Here’s how to create (and print out) a tri-fold using PowerPoint. Read More »

 
REVIEW GEEK

SenseAge Universal Ultra Lite Flat Stand: A Nearly Perfect Tablet Kickstand

Kickstands are awesome. This is a universal truth that, despite its undeniable nature, seems to go unacknowledged by the majority of the technology press. I’m going to do my part to alleviate that, with the help of the SenseAge Universal Flat Stand. Read More »

 
How to Disable Outlook Add-ins For Troubleshooting

If the Outlook client starts behaving oddly, one of the first things to do is see whether add-ins are causing the problem. Here’s how to disable them so you can tell if they’re the issue. Read More »

 

GEEK TRIVIA

Which 1980s Film Was Criticized As Being A Feature Length Commercial?

The Great Muppet Caper »
The Wizard »
The Goonies »
The Brave Little Toaster »
 
How to Delete Synced Information in Chrome

When you sign in to Chrome using your Google Account, a whole bunch of your personal information gets saved and synced across all your devices, but what if you want to delete everything stored in the cloud? Here’s how to remove your synced information. Read More »

 
 

Follow Us on Social Media

Follow us on Facebook Follow on Twitter Follow us on LinkedIn

 
 

You received this email because you signed up for newsletters from How-To Geek.
Click here to change your preferences or unsubscribe.

How-To Geek, 21010 Southbank St., #4015 Sterling, VA 20165

 

Leave a Reply