Skip to main content

security

166 'security' stories June 2011 - January 2016
See All Stories

Chrome 48 beta’s new Security Panel in DevTools makes it easier to create HTTPS pages

Avatar for Cam Bunton Jan 27 2016 - 2:52 am PT
0 Comments

Google has announced that it’s rolling out a new feature in Chrome 48 beta so that developers can better find and fix issues hindering their sites from showing as ‘secure’. The new Security Panel in DevTools will help web developers deploy HTTPS web pages more easily by showing connection information for every network request, and indicating whether or not they’re secure.

Devs will be able to see an overview of any given page. Secure pages will be indicated as such by a green lock, or green dot. Non-secure pages will have a yellow/orange triangle and will have information indicating why that particular page isn’t classed as secure.

This overview shows whether the page has a valid certificate, a secure TLS connection, as well as whether or not there’s any mixed content (aka if it loads insecure HTTP subresources). If there is mixed content, you can easily see what it is, and fix it.

Google launched the new Security Panel to replace the old ‘Connection Info’ tab which the company stated was too complicated for most users, but too basic for most devs. It didn’t make it clear exactly what was causing a site or page to show as non-secure.

Security Panel was originally shown off at the Chrome Dev Summit, where Emily Stark, a Google software engineer showed off the new tool in detail:

[youtube = https://www.youtube.com/watch?v=9WuP4KcDBpI]

Security Panel in DevTools will begin its rollout over the next few days.

Nest thermostats were transmitting unencrypted zip codes over the web (Updated)

Avatar for Abner Li Jan 20 2016 - 1:31 pm PT
2 Comments
Nest Thermostat

Update: Nest has reached out to clarify that the location data mentioned in the report is that of their weather provider’s remote stations and not of customers’ homes. Zip codes sent out to get weather reports are now encrypted. This article has been updated accordingly.

Researchers at Princeton University have discovered that Nest thermostats transmitted unencrypted zip codes of its users. Nest has since fixed the issue. The broader study takes a look at numerous Internet of Things devices from well known manufacturers to determine their safety and find privacy vulnerabilities.


Expand
Expanding
Close

CyanogenMod officially ends WhisperPush support, recommends downloading Signal app instead

Avatar for Cam Bunton Jan 20 2016 - 3:30 am PT
0 Comments

The CyanogenMod team has announced via an official blog post that it is ending support for WhisperPush, and that its services will be officially end of life from February 1st. WhisperPush, for those unaware, is an encryption service which keeps messages secure and private.

We’ve ultimately made the decision that we will no longer be supporting WhisperPush functionality directly within CyanogenMod. Further, WhisperPush services will be end-of-lifed beginning Feb 1st 2016. As this is a server side implementation, all branches of CM from CM10.2 and forward will be affected.

There are seemingly several reasons for CyanogenMod’s decision to end integrated WhisperPush support. The team says it saw many ‘hiccups’, and had a number of longstanding registration problems as well as issues in various countries with WhisperPush. Also, with the arrival of Snowden-endorsed Signal — an app which offers practically the same services — the necessity to continue the difficult development and upkeep of WhisperPush was significantly reduced.

We transitioned the work to CM13, instead opting to implement directly within our Messaging application. However, with the rapid adoption of the official Signal application, our implementation into Messaging would have been a seemingly unnecessary fork. Analyzing the costs of SMS verification (many thanks to Twilio for their support on this), usage traffic, server costs and registration numbers, forking would serve no larger long-term user benefit.

If you have a number registered with WhisperPush you should unregister  by heading to Settings>Privacy>WhisperPush on your device running any version of CyanogenMod from CM10.2 to CM12.1. Once February 1st rolls around, all numbers will be unregistered by CyanogenMod.

Those who have used, or use the service regularly are urged by the CM team to download the aforementioned Signal app. It comes from Open Whisper Systems (who helped create WhisperPush) and offers encrypted text messages and voice calls. What’s more, it’s cross platform and there’s a desktop beta version.

Samsung secure KNOX platform gets government blessing in China and France

Avatar for Cam Bunton Jan 14 2016 - 7:55 am PT
0 Comments

Samsung announced in a press release today that it has received government certifications for its security platform, KNOX, from the appropriate regulatory bodies in China and France. Both the China Information Security Certification Center (ISCCC) and France’s National Agency of Computer Security (ANSSI) have given Samsung’s secure mobile platform their blessing…


Expand
Expanding
Close

Get Canary’s all-in-one home security system + air quality/temperature sensor for $179 (Reg. $200)

Avatar for Sponsored Post Dec 18 2015 - 9:00 am PT
0 Comments

canary-security-ios

This is one of the best deals yet on our favorite all-in-one home security system and air quality detector.

Just in time for the holidays, get $20 off Canary. That brings the price down to $179 from the regular $199. Better yet, you can save a total of $50 off regular price when purchasing the Canary Two-Pack.

This Wi-Fi, smartphone connected security system does a whole lot more than the webcam style security cameras gaining popularity recently, and it does it all with gorgeous industrial design and slick companion apps for Android and other mobile devices…
Expand
Expanding
Close

Google responds to student privacy concerns: ‘We are confident that our tools comply with both the law and our promises’

Avatar for Cam Bunton Dec 3 2015 - 4:02 am PT
0 Comments

Yesterday it was revealed that a privacy group (EFF) had a filed a complaint with the FTC claiming that Google “deceptively tracks students’ internet browsing”. Specifically, the group claims that Google is breaching a Student Privacy Pledge that it signed in January. One issue with Chrome OS in particular is Chrome Sync, a feature which enables users to have the same bookmarks, logins and other data across various devices with the Chrome Browser installed. As you would expect, it didn’t take long for Google to deny claims of wrongdoing…


Expand
Expanding
Close

Here’s how to see the personal information Google shares about you on the web

Avatar for Ben Lovejoy Nov 11 2015 - 3:55 am PT
0 Comments

Google has launched a new ‘About Me’ page, which lets you see and change what personal information is visible to others when you use any of Google’s services. The company has most likely introduced the service in an effort to counter concerns about data privacy.

Don’t expect too much from it: it’s essentially the same information you can see on Google+, and mostly appears to be an alternative for those of us who long ago consigned Google+ to history. When I checked my data, it showed only my name, gender, birthday and occupation. But if you shared contact details with any Google service, those may also be visible, so it’s worth a quick look.

You can edit the information shown, as well as choose who can view each piece of data. Personally, I always enter a false date of birth on web forms, as it’s a key piece of information used by identity thieves. I set it to private simply to ward off any mistaken birthday wishes.

You can check your own data at aboutme.google.com, where you’ll also find a link to Google’s existing privacy checkup.

One month on, Android 6.0 Marshmallow is running on just 0.3% of Android devices

Avatar for Stephen Hall Nov 5 2015 - 12:08 pm PT
10 Comments

It’s been about a month now since Android Marshmallow started rolling out to a variety of Android devices (mostly just the Nexus line), and according to this month’s distribution numbers, only 0.3% of Android phones are running the latest version. That’s just plain depressing.

And what’s worse is that the other numbers across the board haven’t really improved all the much since last month, either. Last month, 23.5% of Android users were running last year’s OS, Lollipop, and now 25.6% have managed to go to a build of either 5.0 or 5.1. An amazing 37.8% of Android users are still on KitKat…
Expand
Expanding
Close

BlackBerry commits to delivering monthly Android security updates to PRIV

Avatar for Cam Bunton Nov 5 2015 - 6:21 am PT
0 Comments

It seems an age has passed since the day John Chen, BlackBerry’s chief, said they’d only make an Android phone if they could make it secure. The BlackBerry PRIV is official, and is already available to pre-order. The physical QWERTY-equipped slider is the first BlackBerry to run Android and has several key features built in to ensuring that it stays secure. Security is built in to its hardware and its software. It’s no surprise then to read that the company is committed to keeping up with Google’s monthly security updates…


Expand
Expanding
Close

Pushbullet gets Android 6.0 Marshmallow optimization, more in latest update

Avatar for Cam Bunton Nov 3 2015 - 9:12 am PT
0 Comments

Pushbullet, the popular multi-device notification and link-sharing tool has been updated today to take full advantage of Android 6.0 Marshmallow’s built-in improvements. The company announced that the new update uses Android 6.0‘s runtime permissions and Direct Share features to give you more fine-tuned control over which parts of your system it has access to, and give the option to share items more easily and quickly with compatible devices…


Expand
Expanding
Close

Nest Cam Review: Is Google’s Wi-Fi security cam worth the subscription costs?

Avatar for Jordan Kahn Nov 2 2015 - 7:40 am PT
0 Comments

It’s certainly not the only connected-security camera, but following Google’s acquisition of popular security cam maker Dropcam last year, the company has just launched a second-generation product with new features. The new product was re-envisioned by Google’s Nest team— the people building smart home accessories like the Nest thermostat and fire alarm— and in the process dropped the Dropcam branding and gained a few notable enhancements.

But is the new Nest Cam worth an upgrade from your current Dropcam setup? And how does the product compare to the other connected home security-cam and all-in-one security devices on the market? We’ve been testing out Nest Cam since its release a few weeks back to find out.
Expand
Expanding
Close

PSA: First Android for Work online conference happening November 4th

Avatar for Stephen Hall Oct 7 2015 - 2:45 pm PT
0 Comments

Google isn’t just building Android for mainstream consumers — the company also wants to tackle the business sector. And to educate business owners on why they might want to take advantage of what Google has to offer, the Mountain View company is holding its first Android for Work online conference, dubbed Android for Work Live, on November 4th.

At Android for Work Live, you’ll:

  • Hear from Andrew Toy, product management director for Android for Work, who’ll discuss the broad vision of Android in the workplace and how businesses can mobilize every worker and workflow.
  • Learn how Android’s vast selection of devices – from affordable phones to locked-down hardware and customized devices – creates choice and agility for BYOD, corporate deployments and single-purpose scenarios.
  • Get an in-depth look at how companies can rely on Android’s built-in multi-layered protections to keep business data secure and managed across all devices in an overview from Adrian Ludwig, technical lead for Android security.
  • Hear insights from Android customers, including Guardian Life Insurance Company.

If this sounds interesting to you, Google says you can register for the event over at the Google for Work website.

Nexus AMA roundup: Google talks 5X and 6P names, Qi charging, T-Mobile band 12, & more

Avatar for Jordan Kahn Sep 30 2015 - 12:21 pm PT
3 Comments

A few Googlers that worked on the new Nexus 5X and 6P have taken to Reddit today to answer questions about the new devices that officially went up for pre-order yesterday following Google’s press event. Among some of the info shared by the team: Google is working to officially support Band 12 for T-Mobile by launch time, something that would require it to support VoLTE, and it also clarified some details about the lack of Qi charging this time around and security for the new fingerprint sensor features.

In addition, Google confirmed its thought process behind the names for the new devices, noting that X in 5X is “for the core of the Nexus brand (plus it sounds cool!),” and that the P in 6P is for “premium”.

Head below for a roundup for the most interesting info from the Reddit AMA:
Expand
Expanding
Close

Google preparing to release another security update for Nexus devices today

Avatar for Stephen Hall Sep 8 2015 - 9:16 am PT
0 Comments

It was about a month ago that Google announced that it would begin pushing security updates to Nexus devices on a monthly basis, and now it looks like the second of those is about to be released. The Nexus factory images page hasn’t been updated yet, but several software update pages on T-Mobile’s website say that Google is pushing out a mandatory update today with “Android security enhancements” and “minor bug fixes”…

There’s definitely not much to see here, and this update doesn’t even go as far as to patch any specific vulnerabilities (in contrast to last month’s update, which very clearly intended to patch the vulnerability in Stagefright. We’ll update this post as soon as Google uploads the images, but you can also just keep up to date by checking your device for an OTA. Many of the updates sport build LMY48M, and range between 7 and 30 MB.

Snapdragon 820 will be first chip to include Qualcomm’s anti-malware Smart Protect feature

Avatar for Cam Bunton Aug 31 2015 - 6:50 am PT
0 Comments

In a press release this morning, Qualcomm announced a brand new technology to help keep us protected from potential malware threats on our smartphones. Smart Protect will be built into chips in the near future and provide “real-time, on-device machine learning designed to support accurate and effective detection of zero-day malware threats for improved personal privacy and device security”. Qualcomm’s Snapdragon 820 chip will be the first to feature the new technology when it hits the market in 2016.


Expand
Expanding
Close

Even after security patch, Stagefright still likely poses a threat

Avatar for Cam Bunton Aug 14 2015 - 8:59 am PT
0 Comments

Google and several of its manufacturer partners rushed to fix a vulnerability found within Android which could see malware installed through simply receiving an MMS message. Dubbed Stagefright, it was described as the worst vulnerability to be found since the dawn of the new Mobile OS era. According to one security firm, sadly, the patches being released by a number of Android OEMs aren’t enough to fully fix the vulnerability.


Expand
Expanding
Close

Google reveals details of first monthly Nexus security update in new Google Group

Avatar for Ben Lovejoy Aug 13 2015 - 5:05 am PT
0 Comments
Site default logo image

Google’s Android security lead Adrian Ludwig has posted a detailed description of the security update recently issued by Google for Nexus devices. The update was designed to address the Stagefright vulnerability which has been described as the  “worst Android vulnerability in the mobile OS history.”

On August 5, 2015, we released an over-the-air (OTA) update for Nexus 4/5/6/7/9/10 and Nexus Player devices that includes several security fixes. The patches for these fixes have also been released to the Android Open Source Project (AOSP) source repository.  These issues are categorized and provided in decreasing order of severity.  We have also provided an assessment of each issue, given the information we have at the time of the publication of this bulletin … 


Expand
Expanding
Close

LG joins Google and Samsung in committing to monthly security updates following Stagefright discovery

Avatar for Ben Lovejoy Aug 7 2015 - 7:05 am PT
0 Comments
Site default logo image

The major Android manufacturers seem to at last be getting serious about security. Following the recent discovery of the Stagefright vulnerability, Google announced that it would commit to issuing monthly security updates to Nexus devices for at least three years. Samsung yesterday said that it too would do the same, though without stating how long it would continue to support older devices. LG has now joined in, reports Wired.

LG will be providing security updates on a monthly basis which carriers will then be able to make available to customers immediately.

Other manufacturers have also responded quickly to Stagefright, with HTC, Sony and Android One among the groups to be issuing patches … 
Expand
Expanding
Close

Manage push notifications

notification icon
We would like to show you notifications for the latest news and updates.
notification icon
You are subscribed to notifications
notification icon
We would like to show you notifications for the latest news and updates.
notification icon
You are subscribed to notifications