Enlarge (credit: Getty Images )

In December, Ars reported that as many as 3 million people had been infected by Chrome and Edge browser extensions that stole personal data and redirected users to ad or phishing sites. Now, the researchers who discovered the scam have revealed the lengths the extension developers took to hide their nefarious deeds.

As previously reported, the 28 extensions available in official Google and Microsoft repositories advertised themselves as a way to download pictures, videos, or other content from sites including Facebook, Instagram, Vimeo, and Spotify. Behind the scenes, they also collected user’s birth dates, email addresses, and device information and redirected clicks and search results to malicious sites. Google and Microsoft eventually removed the extensions.

Researchers from Prague-based Avast said on Wednesday that the extension developers employed a novel way to hide malicious traffic sent between infected devices and the command and control servers they connected to. Specifically, the extensions funneled commands into the cache-control headers of traffic that was camouflaged to appear as data related to Google analytics, which websites use to measure visitor interactions.

Enlarge / Please don't do this. (credit: Getty Images)

If you’re like lots of people, someone has probably nagged you to use a password manager and you still haven’t heeded the advice. Now, Chrome and Edge are coming to the rescue with beefed-up password management built directly into the browsers.

Microsoft on Thursday announced a new password generator for the recently released Edge 88. People can use the generator when signing up for a new account or when changing an existing password. The generator provides a drop-down in the password field. Clicking on the candidate selects it as a password and saves it to a password manager built into the browser. People can then have the password pushed to their other devices using the Edge password sync feature.

As I’ve explained for years, the same things that make passwords memorable and easy to use are the same things that make them easy for others to guess. Password generators are among the safest sources of strong passwords. Rather than having to think up a password that’s truly unique and hard to guess, users can instead have a generator do it properly.

Enlarge (credit: Getty Images )

As many as 3 million people have been infected by Chrome and Edge browser extensions that steal personal data and redirect users to ad or phishing sites, a security firm said on Wednesday.

In all, researchers from Prague-based Avast said they found 28 extensions for the Google Chrome and Microsoft Edge browsers that contained malware. The add-ons billed themselves as a way to download pictures, videos, or other content from sites including Facebook, Instagram, Vimeo, and Spotify. At the time this post went live, some, but not all, of the malicious extensions remained available for download from Google and Microsoft.

Avast researchers found malicious code in the JavaScript-based extensions that allows them to download malware onto an infected computer. In a post , the researchers wrote:

• 

  Launching IE in Windows 10 immediate brings up a page suggesting Edge. [credit: Samuel Axon ]

Microsoft 365 apps will end support for Internet Explorer 11 by the end of 2021, Microsoft announced in a company blog post this week. It's a big step from the company, which is looking to move customers to its more modern Edge browser even as some enterprises are stuck on legacy systems running Internet Explorer (IE).

The change will begin with Microsoft Teams Web application, which will end IE support on November 30 of this year. Microsoft 365 applications will follow by August 17, 2021. Here's how Microsoft explained the 365 changes in its blog post:

Customers will have a degraded experience or will be unable to connect to Microsoft 365 apps and services on IE 11. For degraded experiences, new Microsoft 365 features will not be available or certain features may cease to work when accessing the app or service via IE 11.

That said, Redmond was careful to clarify that IE 11 is not going away. Many enterprises have proprietary Web applications that only work on that browser and are unlikely to drop it entirely in the immediate future.

An absolute ton of new announcements has been coming out of this week's Microsoft Build 2020 virtual conference for Windows developers. While cool, most of them are a little thin for individual reports—so we'll get you up to speed on them in this roundup, with links out to each topic if you're interested in more.

Windows Terminal goes 1.0

• 

  Windows Terminal 1.0 settings are modified in a very Linux-y way—by editing a big JSON-formatted text file, which pops up in Notepad when accessed from the Settings menu. [credit: Jim Salter ]

As Windows 10—and Server 2019—pack in more and better command-line functionality, one of the parts of the overall experience that began looking shabby by comparison is the terminal itself.

Windows Terminal seeks to change that, and it's just gone 1.0. The terminal itself is open source and is available for perusal and/or hacking at Github under the MIT license . Microsoft's own announcement makes a point of individually crediting 14 contributors by name and acknowledging hundreds more, which is a more-than-welcome sea change for those of us old enough to have lived through the Halloween Documents era.