Right at the beginning of July, Turing Robotics announced a brand new phone which promised to be ultra-durable and ridiculously secure. Now, the phone is available to reserve online. There are three colors to choose from: Beowulf, Pharaoh and Cardinal. Those will be available in three storage options, the usual 16GB, 64GB and 128GB storage models will cost $610, $740 and $870 respectively.
Dmail is a Chrome extension which allows you to un-send, or revoke any emails you send through your Gmail account. The service was launched by the same brainiacs that brought us the Delicious social bookmarking tool.
Self-destructing email isn’t exactly a new thing. Google itself rolled out a feature that lets you un-send a message once you’ve sent it. The only issue with Google’s built-in service however, is that you only have 30 seconds to change your mind about sending an email to someone. Dmail lets you revoke emails whenever you like. I took it for a quick spin to see what it’s like, and I have to say, it’s an incredibly convenient way to make all your outgoing communication more secure. It also happens to be ridiculously easy to use.
Popular iOS and Android apps from companies like Walmart, ESPN, Slack and SoundCloud have been found vulnerable to password cracking, according to a recent report from AppBugs. The security firm found that dozens of the most popular apps are lacking, in that they allow you to make any number of attempts to login without restriction. These clearly opens up a gap for attackers who have the means to guess those passwords and gain access to your accounts.
If you’ve ever been browsing the web and seen the above warning, you’ve probably done one of two things. You either quickly click the “Back to safety” button, or you navigate into the “Details” section to tell Chrome that it’s being a helicopter mom — and go about your “dangerous” browsing. Although I haven’t encountered this page too many times, I definitely fall into the latter category when I do.
Today, Google announced that as its detection of unwanted software on the web has improved, these alerts are going to become more common in your web browsing experience. Specifically, in the coming weeks, you’ll see “more warnings than ever before”…
Expand
Expanding
Close
Google Capital has led a $100M investment in Crowdstrike, a cybersecurity company with strong government ties, reports the WSJ. Supporting investors include Rackspace, Accel and Warburg Pincus.
Its head of investigations, Shawn Henry, is the former top computer-crimes official at the Federal Bureau of Investigation. Crowdstrike’s D.C.-based chief technology officer, Dmitri Alperovitch, has a long history of calling out foreign hacker groups.
Crowdstrike offers a remote monitoring service for its clients’ networks, aiming to detect hacking attempts at an early stage. Where hackers have already penetrated, the company works to identify the group responsible.
Google Capital was formed last year to provide funding for successful companies looking for growth. It sits alongside Google Ventures, which provides early-stage funding for startups. Google Capital partner Gene Frantz said that they were “blown away” by the company tripling its billings year-on-year.
“We were blown away by CrowdStrike’s incredible growth and impressive customer adoption,” said Gene Frantz, partner at Google Capital. “They have a truly unique SaaS-based endpoint security model, a highly scalable subscription revenue model, and a visionary technical approach that has huge potential to transform the industry, which is why we’re thrilled to make this investment.”
Google killed its stock email app in favor of Gmail with the release of Android 5.0 Lollipop, but they also made it possible to connect email accounts from other providers including Microsoft and Yahoo. Today they’ve gone ahead and added OAuth support for both of these third-party providers, which means increased security and added features including two-step verification and account recovery. The change will be rolling out to users over the next few days.
OAuth is an open-source standard used for authorization by many large services including Twitter, PayPal, and a bevy of others. In layman’s terms OAuth is used by these service providers to give applications like Gmail for Android a token they can use to access a user account on company servers. It’s considered much safer than simply giving out email-password combinations to apps which could be targeted by outside attacks.
ZTE is buddying up with security software company AVG to pre-install AVG AntiVirus Pro on all of its new Android tablets and smartphones starting this month, the company announced in a press release. It’s only a 60-day trial, though, so you’ll have to pay up $15 if you want to continue using it after that.
Expand
Expanding
Close
Nest sent out press invitations last week to an event on June 17th, and we speculated that it might mean that the company is ready to announce its first Dropcam successor since being acquired by Google in June of 2014. Now, thanks to an FCC filing that we’ve uncovered (published to the FCC website on May 28th), it seems more likely that the company is getting ready to announce the next generation of its security camera…
Expand
Expanding
Close
A multinational government group known as the Five Eyes intelligence alliance – the spy group comprising Canada, the U.S., Britain, Australia and New Zealand – planned to hack Android phones by compromising both Google and Samsung app stores. The plan was revealed in newly-released Snowden files dating back to 2012, reports CBC News.
Five Eyes specifically sought ways to find and hijack data links to servers used by Google and Samsung’s mobile app stores [trying] to find ways to implant spyware on smartphones by intercepting the transmissions sent when downloading or updating apps.
The alliance planned to begin by analyzing traffic to the stores to identify the Internet usage habits of targets (such as which apps they used), but the ultimate goal was to plant spyware that would enable them to extract data from targeted smartphones, or even to take control of them …
Expand
Expanding
Close
Google and Apple have co-signed a letter calling on President Obama to reject any government proposal to allow the government backdoor access to encrypted data on smartphones and other devices. The Washington Post says the letter, due to be delivered today, is signed by more than 140 tech companies, prominent technologists and civil society groups.
The signatories urge Obama to follow the group’s unanimous recommendation that the government should “fully support and not undermine efforts to create encryption standards” and not “in any way subvert, undermine, weaken or make vulnerable” commercial software.
The FBI has been pushing increasingly hard to require tech companies to build in backdoor access to their encryption systems to allow access by law enforcement, even going so far as to say that Apple could be responsible for the death of a child. a NY District Attorney has also cited public safety as justification for demanding access to encrypted data.
The letter calling on Obama to reject this argument is also signed by five members of a presidential review group appointed by Obama in 2013 to assess technology policies in the wake of leaks by former intelligence contractor Edward Snowden.
Many in the tech industry have pointed out that, aside from the obvious concerns over government intrusion into the private lives of its citizens, any backdoor used by the government could potentially be discovered and exploited by hackers and foreign governments.
Google is in the process of a radical change in its approach to IT security, reports the WSJ, moving its data from protected internal networks out onto the Internet.
At first glance, it sounds like a crazy move: moving corporate data from protected internal systems, only accessible within Google buildings and via VPN, to publicly-accessible servers. But Google engineering manager Rory Ward believes that the conventional ‘perimeter security’ model no longer reflects the realities of today’s world.
The perimeter security model is often compared to a medieval castle: a fortress with thick walls, surrounded by a moat, with a heavily guarded single point of entry and exit. Anything located outside the wall is considered dangerous, while anything located inside the wall is trusted. Anyone who makes it past the drawbridge has ready access to the resources of the castle […]
However, with the advent of a mobile workforce, [this approach is] fraught with danger.
In other words, if half your workforce is accessing resources from outside the network anyway, you need a different mindset …
Expand
Expanding
Close
Several Google executives held a question and answer session on Reddit today to address (and avoid) a variety of different topics. Perhaps most notably, the Google executives voiced their support for the federal appeals court ruling on Thursday that said bulk collection of telephone records by the NSA is not lawful.
Google today is launching a new tool called Password Alert that will allow users to keep track of sign-ins on their account with notifications and change their password if necessary. The new tool comes in the form of a Chrome extension and allows users to easily change their password if a fraudulent sign-in attempt is detected.
Expand
Expanding
Close
Google has released a new report detailing the security of the Android platform based on data collected from users over the course of last year. The 44-page document can be downloaded as a PDF from Google.
In the report, the company reveals that over a billion devices are currently protected by its Google Play store and accompanying software, which scan over 200 million devices each day for possible security flaws. Of all of the devices scanned, less than 1% had installed potentially harmful software, while devices that exclusively downloaded apps from the Play Store cut that number down to .15%.
Cryptographers have discovered that a security flaw dating back to the ’90s is placing Android, iOS and Mac users at risk from hacking attacks when visiting some major websites, including American Express, Airtel, Bloomberg, Business Insider, Groupon, Marriott and many more.
The FREAK exploit allows an attacker to force a website to use lower-grade encryption for HTTPS connections, which can be cracked within a few hours when using a small botnet of just 75 computers. Once cracked, attackers would be able to hack the website as well as steal personal data from those visiting the site …
Expand
Expanding
Close
Back when Android 5.0 was announced, Google revealed that it would require all devices running the upgraded OS to use full-disk encryption by default to protect users. However, it seems that Google has now reversed course on that decision and allowed several Lollipop devices to ignore this requirement.
As noted by Ars Technica, several Android devices—both new and old—that run the Lollipop software have decided to forgo encryption for some reason. This includes previously released devices that were upgraded to the new software such as the Moto G, and new devices that ship with Lollipop, like the more recent Moto E.
Google has updated several online security features to help protect users from malicious sites and content. Chrome has gained new warnings about sites that attempt to fool users into downloading unwanted software, providing an option to go back to the previous page and avoid these types of sites.
Search has been updated to make it harder for those sites to show up in results, and Google has started disabling ads that link to them. All of these moves continue Google’s recent push to enhance security on its products. The company recently helped improve security by providing users an incentive to enable two-factor authentication.
Fresh off their landmark deal with Apple, IBM reports that around 60% of the leading Android dating apps include vulnerabilities that risk both personal and corporate data.
The report, which didn’t examine the iOS counterparts of any dating apps, found that 60% of the apps it examined included vulnerabilities that allow for either malware, the ability to track a user via GPS or the device’s microphone or camera, or steal credit card information.
Expand
Expanding
Close
Google wants you to check your account security, and its willing to bribe you to do it. In return for taking 30 seconds or so to complete a security checkup by February 17th, Google will add 2GB to your Google Drive storage allowance around the end of the month.
This Safer Internet Day, we’re reminded how important online safety is and hope you’ll use this as an opportunity to take 2 minutes to complete a simple Security Checkup […] As our way of saying thanks for completing the checkup by 17 February 2015, we’ll give you a permanent 2 gigabyte bump in your Google Drive storage plan.
The check makes sure you have up-to-date account recovery information, that recent activity looks legit, and that only the right apps and devices have permission to access your account. You can complete the check here.
Forbes reports that nearly one billion Android smartphone users that are not running the latest Lollipop operating system are at risk of malicious attacks due to Google no longer releasing security updates for the WebView tool on Android versions at or below 4.3 Jelly Bean. Research firm Rapid7 discovered that Google started the process of ending support for WebView late last year for devices not running Android 5.0 Lollipop.
Expand
Expanding
Close
Bloomberg reports that a Manhattan District Attorney is challenging recent moves by Apple, Google and other tech companies by suggesting government pass laws that prevent mobile devices from being “sealed off from law enforcement.” In an interview this week, the government official called it “an issue of public safety.”
Google released the latest version of its Transparency Report today, revealing data about government requests the company received between June and December of 2013. According to the report, Google received 3,105 requests to remove 14,637 pieces of content within that time period, which brings the total number of requests received by the Mountain View corporation up to 6,591 for the entirety of 2013, a figure that’s about 60% higher than the previous calendar year.
While most malware is the result of third-party attackers trying to gain access to your device or information, security research firm Palo Alto Networks has discovered that Chinese handset maker Coolpad has deliberately installed a backdoor on two dozen of its Android handset models. The so-called “CoolReaper” backdoor presents several security risks and is believed to impact over 10 million users.
Expand
Expanding
Close
Google has made several strides to improve the safety and reliability of Gmail in the past year, such as serving images through secure proxy servers and requiring an encrypted HTTPS connection. Looking to continue to that trend, Google announced on Tuesday that it has improved the security of Gmail on the desktop by adding support for Content Security Policy (CSP).
Expand
Expanding
Close
