Google Chrome Now Blocks Insecure Scripts on HTTPS

JavaScript is a scripting language which is used to provide a lot of functionalities to users without them noticing it. It also powers some of the best known web services out there including and more. However, that a faulty or rogue JavaScript can also cause havoc on your system?

Well, how would you know that unless your browser told it? However, not all browsers tell you when a JavaScript is insecure, but you can count as your friend in this case (at-least the dev version on HTTPS), because it has started to block Insecure scripts while you are browsing a website on a HTTPS connection.

Chrome Blocks Insecure Scripts

As you can see from the above screenshot, Google Chrome now shows you a message saying that it has blocked an insecure script from running on the browser, whilst proving you an option to "Load Anyway". This is done to protect users from running harmful scripts on their system.

This behavior in Google Chrome is similar to them blocking users from accessing harmful websites that they have in their database an will be useful in protecting users.

The help page on this topic shows what Google is doing exactly:

When a website is secured via HTTPS, the web site designer must also ensure that all of the scripts used by the page will be delivered in the same secure manner as the main page itself. The same requirements also apply to the plugins and external CSS stylesheets used by the page, as these have the same considerations as javascript.

When this is not the case (sometimes called a mixed scriptsituation), visitors to the site run the risk that attackers can interfere with the website and change the script so as to serve their own purposes.

Traditionally, browsers have run the mixed script, genuine or not, and notified you after-the-fact by a broken lock icon, a dialog box, or a red https:// in the location bar (in the case of Google Chrome). The problem with this approach is that by the time the script has run, it is already too late, because the script has had access to all of the data on the page.

Google Chrome now protects you by refusing up-front to run any script on a secure page unless it is also being delivered over HTTPS. Data on the page remains secure even in the presence of an attacker, but the downside is that this may cause pages to display improperly. You may wish to let the website owner know that their site is not properly secured. (Note that a poorly-written extension can also sometimes cause this).

You can bypass this protection by clicking Allow Anyway, in which case Google Chrome will refresh the page and load the insecure content. You will then see an https:// displayed in red in the location bar indicating that the page could not be secured.

The above description says that Chrome is only blocking scripts which are served through non-HTTPS on a HTTPS connection. Hopefully, the will improve this behavior and also display the same message on the browser when a known rogue script is running on a website.

99% People Can’t See This Video For More Than 25 Seconds Facebook Scam

Just as I was writing about the new Marika Fruscio Facebook Scam I came across another scam that is rapidly spreading on with the text “99% of people can’t watch this video more than 25 seconds!!! I dare you to watch more than 25 seconds from this video!”.

Facebook Can't Watch Video Scam

The message in this Facebook Scam is accompanied with a NSFW image which is more than enough to entice users to click on it. Clicking on the video link could lead you to several different websites where they display a video supposedly from like the screenshot below.

99% People Can't Watch Facebook Scam

It then asks users to click the “Jaa” button twice to watch the video to confirm that you are 18 years of age. However, clicking on the button will open a share page on Facebook and then add a link to your wall. This link could be the 99% can’t watch this video link or the Marika Fruscio Live Television scam. Please don’t click on those links.

As a precautionary measure, always check which applications you use and remove unwanted or suspicious ones. If you aren’t sure how to do it, you can always check our guide on removing apps from Facebook. In addition to that, don’t forget to check out our article about Avoiding Facebook Lifejacking and Clickjacking scams. We also have a list of actively spreading scams on Facebook for you to look through and avoid.

Marika Fruscio Scam Spreading Again on Facebook

Remember the earlier Facebook scam  related to Marika Fruscio Breasts on ? Well it looks like the scam has taken centerstage again and is rapidly spreading on Facebook.

Marika Fruscio Facebook Scam

The Italian journalist had an oops moment on live television in March. Though the video was genuine, several Facebook scammers began to use it to spam people’s timeline and make money for themselves while they asked users to complete surveys. The spam spread pretty rapidly and users fell for it too, you can read our entire coverage of the Marika Fruscio Scam on Facebook.

Now a similar spam is spreading on Facebook for the past few days with users clicking on the links shared by their friends and spreading it virally. This scam plays on a genuine video, but there have been a few fake one’s recently including the recently demised Ryan Dunn’s last words.

As a precautionary measure, always check which applications you use and remove unwanted or suspicious ones. If you aren’t sure how to do it, you can always check our guide on removing apps from Facebook. In addition to that, don’t forget to check out our article about Avoiding Facebook Lifejacking and Clickjacking scams. We also have a list of actively spreading scams on Facebook for you to look through and avoid.

Ryan Dunn’s LAST WORDS – EXCLUSIVE Video Spam Spreading on Facebook

In a unfortunate and tragic incident, "JackAss" star Ryan Dunn was killed in a car accident. Though this incident is tragic, spammers are trying to lure people on by posting a new scam which is saying that it has "Ryan Dunn’s LAST WORDS – EXCLUSIVE!!" video. It also adds a warning saying that the video is for mature audiences only.

Ryan Dunn Last Words Facebook Scam

Spammers show no remorse for anyone, and they have used deaths of popular celebrities like Michael Jackson among others to scam unsuspecting people who would click on links out of curiosity or because of their love for an artist. This is pathetic behavior at best.

We have uncovered several such Facebook Scams in the past, which include sick videos of Miley Cyrus, showing what Justin Bieber did to a girl, OMG Look What This Kid Did To His SchoolOsama Bin Laden Dead Videos and Osama Bin Wikileaks Video among others.

The current Ryan Dunn’s video scam is a typical Facebook scam which asks users to complete surveys and does not show any video at all. They then post the offending message to the user’s wall and spread it to their friend. Please DO NOT click on those links.

As a precautionary measure, always check which applications you use and remove unwanted or suspicious ones. If you aren’t sure how to do it, you can always check our guide on removing apps from Facebook. In addition to that, don’t forget to check out our article about Avoiding Facebook Lifejacking and Clickjacking scams.

Friending Unknown People on Facebook Could Lead to House Robberies

Social Networking is a fad, and I dare say growing fad because it has gone beyond it. We make friends with people on sites like and . However, we might not know most of them personally and might have never met them too.

Facebook Scams

On one hand Twitter is safer for anonymous or unknown friends because your profile does not have information about your actual location (unless you specify it explicitly in your bio). However, Facebook on the other hand provides detailed information about your location, home address, telephone numbers and more to your friends depending on how you have set up your privacy settings.

Now, this information would be great if you want your friends to find you and visit you. However, it could also be used by thieves to visit your house and rob you.

Must Read: Read about Facebook Scams, How To Avoid Facebook Scams and Removing Unwanted Apps from Facebook.

According to the Daily Telegraph, a recent spate of robberies in West Sussex, London have been credited to users friending unknown people on Facebook. The thieves have been friending people on Facebook to find out when they are going out on vacations and then ransacking their houses. Considering that it is summer, there are bound to be several hundred targets who update their Facebook page to tell everyone when and where they are going on a vacation.

This information is then used by those thieves to rob their houses while they are away. Scary right?  Almost 12 houses have been robbed in the past four months and they might continue to happen if you decide to share critical information without checking your privacy settings and friending unknown people.

This incident might not just be limited to West Sussex though since Facebook makes is easy for users to find people from a particular location. Take for example, the screenshot below which shows how easy it is to find people in a particular area using their search options.

Find Friends On Facebook using Location

If you publicly share  your location information, you will end up being shown in the search results and become a ripe target for the thieves who are looking to find an opportunity.  This information is not shared without user consent (well, you can argue about Facebook privacy settings). However, you can restrict it from being made available by changing your privacy settings.

In the end, it is up to you to know what information is being shared. If something untoward happens a website will simply show that you had an option to change everything but did not. In many cases, users are uneducated about such things. I will briefly touch upon how you can stay safe and avoid such things in the section below.

What Can You Do to Avoid Being Robbed and Stay Safe on Facebook?

Don’t Friend Unknown People

Facebook Mutual Friends

Don’t friend anonymous people. Facebook provides an easy way to see if you have mutual friends between the person asking to be your friend and yourself. Take a look at those mutual friends and see if you can make connections. If you can’t make connections or the connections don’t seem known to you, just ignore the friend request.

Update your Privacy Settings to Friends Only

Custom Facebook Settings

Facebook wants your information to be discoverable and they keep the privacy settings such that people other than your friends along with search engines can see it too. However, it is not necessary. Go to Accounts -> Privacy Settings and Customize your settings such that it is viewable only by your friends. At the most, make your name, school information and work information public. For the rest, let those strangers become your friends before they can view that information.

Please understand that you still have to follow the first step and not friend unknown people to keep your information private from strangers.

Selectively Update Sensitive Information to a Group of People

Facebook provides you an option to create groups of people. You can create groups and add select people to it. For example, you can create a Facebook Group which consists of your family and close friends who you personally know. You can then directly send your updates to that group instead of everyone.

Customize Facebook Update Recipients

Alternatively, Facebook also provides users to display their updates to a selective set of people. To do that, click on the lock icon under the status update box and click on Customize.

Customize Facebook Update Privacy

You can customize who can see the update and even specify a certain set of people to receive them. Alternatively, you can hide updates from a certain set of people too. Facebook also provides an option to make it your default setting so that you don’t have to change it all the time.

I find the option to select specific people a bit tedious. They do have an option to create a list of friends, however, it is just for the sake of it. It would be great if Facebook allowed you to share certain updates with a set of people included in a list rather than use groups, which is an annoyance at best.

Don’t Share Your Exact Address and Phone Numbers with Everyone (In-fact Anyone)

If someone needs to contact you or come to  your house, they will find a way to get in touch with you and get that information. In fact, Facebook has a private messaging system which could be used for that purpose. For security and other reasons, there is no need to make private and sensitive information publicly available unless you want people to come and visit you or call you often, including thieves.

Go ahead and make those changes to hide that information in your Privacy settings so that only your friends or preferably only you can see that information.

Inform Your Neighbors and Use Security Devices if You Are Going on Vacation

If you plan to go away for a long time, inform your neighbors and use security devices in your home to bulletproof your house. Security systems have become far more cheaper than they were years ago and equipping your house with one will not take more than few days. This is definitely a worthwhile investment and will allow you to enjoy your vacation in peace.

Last but not the least, if you do not follow the above steps you are to the one to be blamed if anything like this happens to you, because the web is something you can’t control. However, you can at-least control what information you share on social networking sites. "Common Sense" can save you a whole bunch of trouble. Stay safe on Facebook and elsewhere.

LulzSec Havoc: Change Your Important Passwords Before You Get Hit

The unknown and anonymous group (or single person) LulzSec is creating havoc, not just for companies like Sony, but also for government organizations like CIA and FBI. Most recently, the targets of the group has been common individuals like you and me.

In today’s data dump, LulzSec uploaded 62000 username and passwords for various users. Using this data anyone could login to your email account, , , bank account and more. It is definitely a huge privacy and security issue.

If you go through the Twitter feed of @LulzSec, you will see how the leaked passwords are being used. Some of those updates are really scary, take for example the one below where someone managed to destroy relationships over Facebook using those stolen accounts.

LulzSec Destruction

As you can see from the above screenshot, several users have used those accounts to access Xbox Live, PayPal, Facebook, Twitter, accounts. Some users even withdrew money from PayPal accounts and claimed to ruin relationships. This is definitely sickening.

Gizmodo has written an article to check if your passwords were leaked and find them out, however, don’t sit back happy if you are not one of the people who were not compromised. Regardless of whether or not your data was leaked, take about 15-20 minutes out of your time today and update the passwords for your Facebook, Twitter, Bank accounts and email providers like (, Hotmail, Yahoo) and other important services you use.

Make sure to create a new password for these services and if possible use different passwords on all of them. If you are having trouble with creating strong passwords read our guides on how to create strong passwords and more or use some password creation tools which can help you generate strong passwords

Though you might use hundreds of services, upgrading your passwords for some key services might save you trouble other individuals are going through. As a practice, try and use different passwords for different services and use alternative logins like (login through Twitter or Facebook) wherever you can.

Create Strong, Secure and Safe Passcodes for iPhone, iPod Touch and iPad

A recent study about iPhone passcodes revealed that several users use unsecure passcodes for the , and . This study shows that people are more than vulnerable if their mobile phone or gadget lands in the hands of intruders.

While it is easy to create strong passwords with password creation tools and more, not many take the time to do it. If you are someone who uses any of the most common passcodes for iPhone or the most common passwords on the internet, it is time to buck up a bit and create a stronger and secure password for your device.

If you are an iPhone, iPod Touch or iPad user, here is a simple way to create stronger passcodes for your device.

How To Use Strong Passcodes on iPhone, iPod Touch and iPad

Step 1: Go to the Settings App on your device.

iPhone General Settings

Step 2: Go to the General option and then click on the option "Passcode Lock". This will prompt you to enter your current passcode. Enter the same and click on the "Done" button.

Step 3: On the passcode screen, click on the "On" button next to Simple Passcode and change it to "Off". You will now be prompted to enter your current passcode, followed by an option to create a new alpha-numeric passcode. You can create very strong passcodes using alphabets, numbers and special characters.

Performing these three easy steps will allow you to protect your iPhone, iPod Touch and iPad better than the 4 digit passcodes. You can always create strong passwords using the tips and tools mentioned above in this article.

Common iPhone Passcodes Could Put Your iDevice At Risk

Mobile devices have become the lifeline of our existence. From making simple calls, these devices have now transformed into smartphones allowing us to keep in touch with family and friends, checking our email, check our favorite websites, read news, banking online and more.

However, when we are increasingly using our mobile devices to do almost everything that we did on a desktop, we still do not protect it that well. Every mobile device including an have a feature which allows us to lock the device. This ensures that the device can only be accessed if a pass code is entered.

While many tech savvy people might use strong passcodes or symbols, a majority of users still prefer to use very weak passcodes. A recent study by Daniel Amitay, he found that the top ten iPhone passcodes are really easy to crack.

Most Common iPhone Passcodes

Out of 204,508 passcodes he had access to, the top ten iPhone passcodes were 1234, 0000, 2580, 1111, 5555, 5683, 0852, 2222, 1212, 1998. Most of these were easy to crack and were used very frequently. The most common one was 1234 which is also part of one of the most common internet passwords.

Interestingly passwords like 5683, which do not seem to follow any pattern is actually the numeric value for the word "LOVE" when typed on a phone keypad.  Another common password usage was to use the 4 digit year. For example, 1998, 1999 and so on or birth years.

These trends are pretty disturbing as it gives intruders an easy chance to access the content of your phone. Having memorable and difficult passcodes is not hard at all.

In addition to that, you can also use a much stronger protection for your iPhone, or by visiting our guide for Setting stronger passcodes for iPhone, iPod Touch and iPad.

Kaspersky Antivirus 2012 and Internet Security 2012 Released

Kaspersky-2012Kaspersky Lab has released the 2012 editions of its reputed anti-malware products – Kaspersky Antivirus and Kaspersky Internet Security. Kaspersky Antivirus is the base offering which offers file antivirus, web antivirus, cloud scanning and proactive defense. Kaspersky Internet Security offers a more complete protection and has several additional features like firewall, sandboxing, and parental control.

To be honest the biggest change in the new version is the new user interface, which is nothing short of stunning. There isn’t a lot of new stuff, mostly because Kaspersky products are already packed to the brim with features. However, there are several improvements.


The focus of this release is on offering hybrid protection that harnesses the power of the cloud along with the local database and heuristics based security technologies to reduce the average protection delivery time. Kaspersky’s cloud protection relies on the Kaspersky Security Network (KSN), which has been a part of Kaspersky’s offerings for quite some time now. However, in the latest editions of its products, Kaspersky has done a better job at highlighting the cloud integration. KSN currently has more than 30 million voluntary members from 213 countries, and is capable of tackling advanced threats like zero-day exploits, phishing and spam. It also includes a File Advisor and a URL Advisor, which provides ratings on the trustworthiness of files and websites respectively.


The proactive defense module has also been improved. System Watcher module should be more efficient than before at analyzing activities performed by various processes and detecting malicious intent. Kaspersky is also promising better performance and improved compatibility with its latest release.


As I mentioned earlier, the changelog is pretty short and mostly unimpressive. However, Kaspersky is continuing its tradition of offering free upgrades to existing license holders. Just key in your existing activation code into the trial version, and your license will be automatically upgraded. You can download the free 30 day trial versions of Kaspersky Antivirus and Kapsersky Internet Security from here.

Microsoft Standalone System Sweeper Heals Virus Infected Systems

Windows-System-SweeperMicrosoft has quietly released a new security tool called Microsoft Standalone System Sweeper. The product is currently in beta, and is meant to complement Microsoft Security Essentials, which by itself is an excellent antivirus software.

Microsoft has never been good at naming things, and Microsoft Standalone System Sweeper only reinforces that fact. However, Microsoft does have a reputation of developing stellar Windows applications. According to most third party tests, Microsoft Security Essentials is as good as (or even better than) most other antimalware software available in the market. System Sweeper could turn out to be another extremely handy tool from the software giant.


System Sweeper creates a bootable rescue disk that can be used for scanning systems without booting into Windows. This can be helpful in getting rid of hard to remove malware, or detecting advanced rootkits. It also makes it possible to run a scan even when Windows has been rendered unusable by malware infections.

System Sweeper is available in both 32 bit and 64 bit flavors, and supports Windows XP (SP3), Vista and 7. It is capable of creating bootable CDs, DVDs, and USB devices. The latest definitions are downloaded from the web; hence, an internet connection is required for creating the bootable image.


Microsoft Standalone System Sweeper isn’t a revolutionary product. Most other antivirus vendors have been offering system rescue disks for a long time. However, it’s nice to see Microsoft stepping up its game, and getting serious about offering a comprehensive set of tools for tackling malware infections.

[ Download Microsoft Standalone System Sweeper ]

Thumbnail via OpenClipArt