It is good to see the IMF come round to the idea of a wealth tax as a way of resolving the current crisis. We suggested this three years ago in these pages (Let's be really in it together, 16 August 2010), and the IMF has now made a similar calculation that a 10% levy could return European countries to pre-crisis public debt/GDP ratios (The moral case for a one-off wealth tax is compelling, 5 November).
But the issue is not simply moral. The problem policymakers have still not faced is that the intense concentration of wealth at the top of society creates a mobility of private capital seeking rapid profitable investment. This is often in speculative activity, in commodities such as food, or as we are seeing once again in the frenzy gripping housing markets. Such capital needs to be recirculated into the economy in productive areas for social use but instead is destabilising in its effects, whether in the disaster of financial derivatives, or in producing the next housing crash.
Although the number of malicious browser extensions has significantly increased in the past year many security products fail to offer adequate protection against them, while others are simply not designed to do so, according to a security researcher.
Attackers have already used such extensions to perform click fraud by inserting rogue advertisements into websites or by hijacking search queries, but research has shown that this type of malware has the potential to cause much more damage.
Last year Zoltan Balazs, an IT security consultant with professional services firm Deloitte in Hungary, created a proof-of-concept malicious extension that could be controlled remotely by an attacker and could steal authentication credentials, hijack accounts, modify locally displayed Web pages, take screenshots through the computer's webcam, bypass two-factor authentication systems and even download and execute malicious files on a victim's computer.
And last week the European Union Agency for Network and Information Security (ENISA) warned in its midyear report: "An increase in malicious browser extensions has been registered, aimed at taking over social network accounts."
Earlier this year Balazs investigated how various security products protect users against malicious browser extensions and presented his findings at the OHM2013 security conference near Amsterdam in August. He performed tests against browser security extensions, sandboxing software, Internet security suites, anti-keylogging applications and financial fraud prevention programs recommended by some banks.
Many of these products either don't detect and block malicious extensions at all, or their protection can be bypassed, sometimes very easily, he found.
Not all of the tested products claim to protect against malicious extensions, but Balazs said he tested them because some users might believe they do.
For example, the NoScript security extension for Mozilla Firefox is designed to block plug-in content from executing without user authorization, and also blocks some Web-based attacks such as cross-site scripting or clickjacking. However, it doesn't protect against malicious browser extensions or local malware, Balazs said.
BrowserProtect, another Firefox extension, claims to protect the browser against "homepage, search provider, extension, add-on, BHO and other hijacks." This extension also fails to protect against malicious extensions, the researcher said.
Browser security extensions are not really trying to protect against malicious extensions and they wouldn't be able to because by design they run with the same privileges as those extensions, Balazs said.
Balazs also tested Internet security suites from five top antivirus vendors that he declined to name. The level of protection they offered against malicious browser extensions varied from none to good.
One of the tested products detected and removed the researcher's malicious Firefox extension, but he was able to bypass the detection signature by adding a single space character at a specific location in the extension's code.
A product from a different vendor came with a "safe browser" feature that involved creating a clean Firefox profile with no extensions installed. However, once it had created the profile, it kept using the same one, which meant that a malicious extension installed in the user's regular browser profile could copy itself to the "safe browser" profile, Balazs said.
Balazs said a third vendor, asked in a forum if its product detects or blocks Firefox keylogging extension Xenotix KeylogX, replied there was no need because "browser add-ons are subject to the same sandbox the browser runs through." The vendor recommended that users remove any suspicious extensions themselves, he said.
For Balazs, the answer highlights the poor understanding some vendors have of this type of threat, because Firefox doesn't have a sandbox and malicious browser extensions can be installed silently by malware without users ever knowing.
Some other "safe browser" implementations, such as Avast's SafeZone and Bitdefender's Safepay, did block the installation of malicious extensions. These offerings are designed to give users a way to bank and shop securely online using a custom browser based on Chromium, the open source project behind Google Chrome, within a secure environment similar to a sandbox.
Even though Balazs didn't find a way to install malicious extensions directly into the Avast SafeZone or Bitdefender Safepay browsers, he claims to have found a weakness that could allow an attacker to spy on traffic, even when users access HTTPS websites and their connection is encrypted.
Sharing your scoops to your social media accounts is a must to distribute your curated content. Not only will it drive traffic and leads through your content, but it will help show your expertise with your followers.
How to integrate my topics' content to my website?
Integrating your curated content to your website or blog will allow you to increase your website visitors’ engagement, boost SEO and acquire new visitors. By redirecting your social media traffic to your website, Scoop.it will also help you generate more qualified traffic and leads from your curation work.
Distributing your curated content through a newsletter is a great way to nurture and engage your email subscribers will developing your traffic and visibility.
Creating engaging newsletters with your curated content is really easy.