Category: Security & Privacy

Latest Rufus release fixes side-loading vulnerability

Posted on by Martin Brinkmann

Rufus, one of my favorite open source tools, is now available in a new version. Rufus 4.7 is a security release that includes new features and non-security fixes.

The developer fixed a side-loading vulnerability in the application that allowed an attacker to load a malicious DLL with escalated privileges.

For this to work, the attacker had to plant the malicious DLL file into the same directory as the Rufus executable. The impact seems low, but it is still good that the issue got fixed.

Here is the info provided on the Rufus Security forum:

A DLL hijacking vulnerability in Rufus 4.6.2208 and earlier versions allows an attacker loading and executing a malicious DLL with escalated privileges (since the executable has been granted higher privileges during the time of launch) due to the ability to inject a malicious cfgmgr32.dll in the same directory as the executable and have it side load automatically. Versions 4.7 and later are not affected by this vulnerability.

So, it is recommended to update Rufus to the latest version to patch the issue.

Note that the internal update finder may not find the update yet. You can download it manually from the project’s GitHub repository in the meantime.

As far as other features are concerned, there are a handful:

  • Ability to detect and download updated DBXs from the official UEFI repository.
  • Support for ztsd compression for disk images added.
  • Exclusion feature in Settings to “ignore disk with a specific GPT GUID”.

There are also some fixes included, which you find listed here.

Gmail’s new end-to-end encryption feature is atrocious for non-Gmail users

Posted on by Martin Brinkmann

Google announced support for end-to-end encrypted emails on Gmail for organizations and later this year for end users last week. This allows Gmail users to encrypt emails so that only the recipient can read them.

Gmail is far from being the first email provider to offer such a feature. Proton Mail, for instance, supported end-to-end encrypted emails from the get-go.

When you read Google’s announcement, you may stumble upon the explainer on how this is implemented. Not technically, but how it works from the user’s perspective.

According to Google, end-to-end encrypted emails on Gmail work differently depending on whether you are a Gmail user or not, and whether an administrator has configured use of the restricted Gmail version for all users.

So, here are the different scenarios when someone sends an encrypted email from Gmail.

  • When the recipient is a Gmail user, the user may read it in their inbox. The email is decrypted when it reaches the inbox and the email can be read.
  • When the recipient is not a Gmail user, they receive an invitation to open the email in a guest Google Workspace account. This allows them to view and reply to the email in a restricted version of Gmail.
  • If S/MIME is configured, Gmail sends the encrypted email via S/MIME.

Google Workspaces administrators may furthermore configure encrypted emails to always require the restricted version of Gmail.

Here is why that is bad

Some emails, all end-to-end encrypted ones, no longer land in your inbox, if you do not use Gmail or when the admin enabled restricted mode. You furthermore need to sign in using an invite link and a pin. Organizations may furthermore limit access to emails by revoking access at any time.

To be fair, this is not all that different from how Proton Mail handles sending encrypted emails to non-Proton users.

Still, if you are not a Gmail user, you may have to read some emails on the Gmail website in the future using the guest account feature of Google Workspaces. This may have severe consquences:

  • When you search emails in your dedicated client or web service, encrypted email content is not included.
  • Filters may not work correctly, as they may only apply to the public part of the email and not the body.
  • Security tools can’t scan the emails.

It is probably only a matter of time before malware campaigns start to use the new feature.

Now You: what is your take on this? Do you use encrypted email already? Feel free to leave a comment down below.

KeePass 2.58

KeePass 2.58 password manager is out

Posted on by Martin Brinkmann

A new version of the password manager KeePass for Windows is now available. KeePass 2.58 is the first release of the password manager in 2025. The last version, KeePass 2.57.1, was released in October 2024.

The update is a smaller one. It introduces a few minor features and changes. Good news is that no security issues needed fixing, which is why this is a non-security update for the password manager.

The list of changes is relatively long, and it may be confusing to navigate the listing. Here is a quick overview of the most important or useful changes in the release:

  • You may now use the keyboard shortcut Ctrl-H to toggle password visibility in report dialogs. Note that this works when viewing passwords in the table-like interface, but seemingly not, when you display a single password.
  • The preview tab of the password generator displays the average estimated quality of the passwords now and has the number of passwords increased to 50.
  • KeePass will abort the preview generation of passwords if the operation is taking too long.
  • User-Agent header for web requests added.
  • On systems with Microsoft Edge uninstalled, the browser no longer appears in the URL(s) menu.

Again, there is more to discover but these look to be the highlights of the release.

How to update KeePass: this is relatively easy. Since there is no integrated update system that you may use to download and install updates, you need to visit the developer website, download the latest release, and install it manually.

If you like winget, you could also run winget upgrade DominikReichl.KeePass to download and install the latest version using the built-in software package manager.

Now it is your turn. What is your favorite password manager right now and why? Feel free to leave a comment down below.

uBlock Origin working in Chrome

More Chrome users are getting “this extension was turned off” notifications

Posted on by Martin Brinkmann

Google has been hard at work to establish Manifest V3 as the new and only set of rules for Chrome extensions. Report suggest that Google has shifted the process into a higher gear and is disabling classic extension support for more Chrome users.

The effect is the following: any extension that is not compatible with Manifest V3 will be disabled. Chrome displays “was turned off” messages to users in that case on start. A check of the extensions management page reveals a similar message: “This extension was turned off because it’s no longer supported”.

Most Chrome users will probably experience this with the popular uBlock Origin extension. It cannot be ported fully to Manifest V3, as Google changed core functionality.

In other words, the change has a very positive effect for Google, as it gets rid of what is probably the most popular content blocker for Chrome.

While there is uBlock Origin Lite by the same developer, it is limited in some regards to the classic version. It is better than no content blocking, but still inferior.

Users who really need to use Chrome can postpone the death of uBlock Origin and other Chrome extensions that are not compatible with Manifest V3 by setting a policy. This will work only until mid-2025 though, unless Google pushes the change back a bit.

Your options

In the end, it may be better to switch to a browser that is still offering support. If you prefer Chromium, you could give Brave or Opera a try. Both companies have pledged to support Manifest V2 extensions, at least some of them, even after Google ends support in Chrome.

Another option is to switch to Firefox or a Firefox fork, like Mullvad Browser. Mozilla said that it is going to support Manifest V2 extensions and V3 extensions at the same time in Firefox. Means, you can run good old uBlock Origin in Firefox without having to worry about it suddenly being turned off.

ThisIsNot11: another open source Windows tweaker for

Posted on by Martin Brinkmann

There is certainly no shortage of tweaking tools for Microsoft’s Windows 11 operating system. If I had to guess, Windows 11 is probably the Microsoft operating system with the largest number of programs of this kind ever.

Serial developer Belim has created a new tool. It is a bit difficult to keep track of all of Belim’s tools. First, because there are so many, and second, because Belim loves to change the names of his tools.

Windows 11 Tweaker: ThisIsNot11

ThisIsNot11 is a small open source tool. Designed as a follow-up tool after using the developer’s FlyBy11 tool to upgrade systems to new Windows 11 versions — even those deemed not compatible — it is quite easy to use. At the same time, it is not as feature-rich as crowd-favorite tweakers such as WinAero Tweaker.

When you run the tool after you have downloaded it, you are asked to give it quick access to the Start menu. It scans installed apps and settings, and bases its suggests on that scan. The app resembles the Windows 11 Start menu, which is intentional according to the developer.

From here on, it is just a matter of selecting tweaks to apply them. For apps, you need to check them and hit the “remove selected” button to uninstall them.

Important tweaks are included. You can use the app to disable advertisement, remove individual apps from the system, hide Copilot and other icons on the taskbar, or enable the full content menu of File Explorer.

All tweaks have a description, which helps identify what they do, especially for regular users who are new to optimizing Windows 11.

Verdict

ThisIsNot11 is a tiny less than 100 kilobyte tool to tweak Windows 11. It is an easy to use tool, which is great for less-experienced users. The app explains the tweaks that it supports well and everything is accessible on a single screen. While you do need to scroll a bit to access all tweaks, it is one of the easiest tools to use.

Part of that comes from the limited number of tweaks that it supports at this stage. If you want to quickly apply many important tweaks, it may be worth a shot. If you want the largest number of tweaks possible in a tool, you need to look elsewhere.

Now you: do you use tweaking tools for Windows? Or do you prefer to apply tweaks manually instead? Feel free to leave a comment down below.

Google Search

Just block third-party cookies

Posted on by Martin Brinkmann

Google is apparently testing a new privacy feature in Chrome that blocks third-party cookies by default in the browsers Incognito mode.

While that is great that Google is introducing the change, most Internet users may want to take matters into their own hands instead.

Why not block third-party cookies altogether? Yes, there is a tiny-tiny chance that some services may not work correctly anymore when you make the change. Most users on the other hand should not notice any ill-effects.

Here is the main benefit: advertisers and sites can no longer use third-party cookies to track you on the Internet.

One of the biggest offenders is Google, as it operates ads and other services on the majority of websites.

While disabling third-party cookies won’t do you much good in regards to Google, as you are using Chrome and therefore likely an open book to Google anyway, it does against many other firms on the Internet that track users for financial gains.

Here is how you disable third-party cookies in Chrome:

  1. Load chrome://settings/cookies in the Chrome address bar. You may also select Menu > Settings > Privacy and security > Third-party cookies to get there manually.
  2. Enable “Block third-party cookies”.
  3. Disable “Allow related sites to see your activity in the group”.

The change is active right away. Use the browser normally and take note of any issues that you may encounter. This can be login related issues or other issues, such as missing functionality on websites.

You may add sites to an allow list. If you notice that a site misbehaves after you switched third-party cookies off, you may add it to the list of exceptions to see if that resolves the issue.

Here is how that is done:

  1. Load chrome://settings/cookies again in the address bar.
  2. Click on the add button under “Sites allowed to use third-party cookies.
  3. Add [*.]domainname to add an exception for the entire site. Replace “domainname” with the name of the actual domain, e.g., chipp.in.

Verify that the change has fixed the issue that you have experienced.

Clearly, you’d also want to install a content blocker to speed up web browsing and improve privacy further.

Chromium’s feature to limit installed extensions is still great

Posted on by Martin Brinkmann

Browser extensions are great. They improve usability and functionality on the Internet. From blocking ads and tracking over creating screenshots to improving password management or games.

All extensions come with a manifest file. This file defines rights and permissions. One of these sets the websites the extension is designed to run on. This can be a single website, part of a domain, or on the entire Internet.

Chromium has a great usability feature to limit the access of extensions. You can use it for the following:

  • Allow an extension to only run on sites you select.
  • Block an extension from running automatically. Make it run only when you want it to.

This may sound complicated, but it can increase privacy or performance significantly. Here is how you use the feature.

Limiting extensions in Chrome and other Chromium-based browsers

Chrome menu to limit extensions

Make sure you have one extension installed. This works in Chrome, Brave, and many other Chromium-based browsers.

  1. Right-click on the icon of the extension in the toolbar of the browser. Some extension icons may not be displayed. You find them when you click on the general extensions icon in that case.
  2. Move the cursor over “This can read and change site data”.
  3. Select one of the following options:
    • When you click the extension: this prevents the extension from running automatically when the website is opened. You need to click on its icon to load it.
    • On “sitename”: this allows the extension to run on the active website.
    • On “all sites”: this allows the extension to run on all websites (it is configured for).

Some notes:

  • Functionality of some extensions may be reduced or not available when you select the click to run option. A prime example for this are ad blockers, which need to run when the site loads.
  • When you select the option to run an extension on a specific site, it is set to “click to run” on any other site you have not picked.
  • You may modify the setting at any time.

The list of allowed sites is manageable. You find it under Chrome menu > Extensions > Details of the extensions.

There you see “site access”, which lists all allowed sites. You may also add new sites there, if you prefer that.

Closing Words

The ability to restrict extension access in Chrome can be mighty useful. While it depends on the installed extensions, it may limit extension access to sites that you want to use the extensions on.

Sometimes, you may need extension functionality on a single site only. With this feature, you can do that exactly.

Mozilla has the feature “under development” apparently, but this has been the case for more than three years. Will it ever be a part of Firefox? I do not know.

What is your take on the feature? Do you use it actively, or is it the first time you hear about it? Let everyone know in the comment section below.

Obscura client macOS

Obscura VPN partners with Mullvad to create two-party VPN service

Posted on by Martin Brinkmann

VPN services offer an excellent way to improve privacy while online. To be precise, good VPN services do, while bad ones either leak your data or sell it outright.

Mullvad is considered to be one of the best when it comes to online privacy. The Sweden-based provider gets audited by third-parties regularly and offers several options to purchase access anonymously.

Mullvad announced this week that it has entered a partnership with Obscura VPN.

The core idea is simple: Obscura VPN uses Mullvad’s servers as exit nodes for its customers. This means, in essence, that the traffic of Obscura VPN customers flows through two independent systems.

In other words, neither Mullvad or Obscura have full control over the data. This may remind you of how Tor operates, or how some VPN services offer multi-hop connections.

The latter pushes the connection through two or more servers in different countries to improve privacy. The difference is that a single VPN provider is in control of all servers.

As for Tor, it uses a three-hop system and comes close to what Obscura offers. Tor is largely operated by volunteers, which means that it can be slow at times and that denial of service attacks happen regularly on top of that.

I published a guide about using multiple VPN services on a single system. It involves virtual systems, which allow you to chain-link as many VPN connections as you like.

Privacy by design, says Obscura

The system that Obscura uses to protect the privacy of users connected to the service. Source: Obscura

Obscura claims that the system that it uses never sees a user’s browsing history while using the VPN. Here is how Obscura explains it on its website:

  • Obscura uses Mullvad for exit hops. This means that it does not know which websites users access.
  • Mullvad operates the exit hops, but it does not know the customer. Obscura says that it is masking a user’s real IP address when traffic is relayed to the exit server.

Obscura is available for $6 per month as a starting offer. The regular price is $8 per month according to the website. Users can pay via Credit Card or Bitcoin over Lightning.

One downside right now is that there appears to be a client for macOS only.

Closing Words

The idea behind Obscura VPN is interesting. Combine two VPN services to increase security. The new company still has to prove itself and pass audits. The app code is open source, which is a good start. Support for additional platforms is a must.

What is your take on this? Do you use a VPN service? Would you use a service that offered Obscura’s system? Please leave a comment down below to let us know.

NordVPN says new Whisper protocol circumvents VPN filters, but details are scarce

Posted on by Martin Brinkmann

Using a VPN makes sense in a lot of situations. To protect your data when using networks that you do not have full control over, to protect your data from being sold by your ISP, or to access content that would be blocked otherwise.

Services and ISPs may use filters to limit the use of VPNs. This may lead to scenarios where you cannot access specific content while using a VPN.

NordVPN says that it has created a solution for the problem. Called NordWhisper, it is designed to disguise VPN traffic.

The company describes it in the following way:

While standard protocols using obfuscation techniques are effective on networks that prevent access to essential services or public resources, NordWhisper steps in when VPN-specific blocks make connecting to these networks more challenging. This protocol ensures users can browse securely in restricted networks.

NordWhisper mimics regular web traffic, making it more difficult for network filters to identify it. Essentially, it blends in with ordinary internet activity, providing users with a reliable way to browse on restricted networks while maintaining the same strong encryption and security as other VPN protocols.

One downside to using NordWhisper is that it may “be slower than other protocols” due to the way it works.

The feature will be integrated into NordVPN’s applications. First on Windows, Linux, and Android, but all other platforms will also be supported at a later point.

The feature has been in testing for some time. NordVPN customers may check for the availability of the new feature in the following way:

  1. Open the NordVPN application.
  2. Select Settings > Connection.
  3. Activate the menu next to VPN Protocol.

NordWhisper is listed as an option there, if the feature is available already. Tests will show how effective the new protocol really is and whether it can also be used for relatively mundane activities, such as accessing Netflix content in another region.

Regarding VPNs, do you use them? If so, which is your favorite and why? Feel free to leave a comment down below.

Microsoft Edge

Microsoft Edge: scareware blocker is now available

Posted on by Martin Brinkmann

Microsoft has added a new security tool to its Edge browser. Called Scareware Blocker, it is designed to detect and prevent attacks that fall under scareware.

Good to know: Scareware attacks use pressure to get users to do something that they should not. Common types are warnings about viruses found or that data has been leaked or accessed.

The goal of the attack is to gain access to a user’s computer system. Scareware attacks may display phone numbers that are made to look like tech support numbers. When a user calls these numbers, agents at the other end of the line try their best to gain access to the users device, for instance using remote computing.

Scareware often uses a browser’s fullscreen mode to prevent that users go back or run other searches to find out more about what is displayed on their screen.

Tip: long-pressing the ESC-key will always get you out of Fullscreen-mode.

Microsoft Edge: Scareware Blocker

Microsoft announced the new security tool in 2024. It is now available as a preview in Edge.

Here are the key points of the feature:

  • Scareware Blocker needs to be enabled, at least currently while in preview.
  • It complements Defender SmartScreen, which blocks known scareware pages and sites already.
  • The blocker uses machine learning on the local computer to determine whether a webpage is running a Scareware attack potentially.

If Scareware Blocker’s analysis concludes that a webpage is likely running a scam attack, it is existing fullscreen mode automatically and displaying a warning to the user.

A suspicious site is intercepted by Edge. Source: Microsoft

It is possible to select continue to go back, which is useful if it is a false positiv. The close page button enables users to close the page instead. All other options to close the page are also available, as fullscreen mode is no longer active thanks to the intervention of the security feature.

Users may report scareware attacks to Microsoft. This helps Defender SmartScreen “detect scareware outbreaks across multiple machines”. Users may also report false positives to Microsoft.

Microsoft admits that Scareware Blocker won’t detect every scam, but that is true for any security feature or software.

How to enable Scareware Blocker in Microsoft Edge

Enable the feature in the Settings to use its protective functionality.

Note: the feature is only available in Microsoft Edge for Windows at the time of writing.

Here are the steps to enable the feature in Microsoft’s web browser:

  1. Open Microsoft Edge.
  2. Select Menu > Help > About Microsoft Edge to make sure the browser is up to date.
  3. Open Menu > Settings.
  4. Select Privacy, search, and services.
  5. Scroll down to the Security section on the page.
  6. Toggle “Scareware blocker” to enable the feature.

You can repeat the process at any time to disable the security feature again.