Informations about SSL certificates and networks security
Auto Added by WPeMatico
The Nest home alarm system shipped with a secret microphone, which — according to the company — was only an accidental secret: On Tuesday, a Google spokesperson told Business Insider the company had made an “error.” “The on-device microphone was never intended to be a secret and should have been listed in the tech specs,” … Read More “The Latest in Creepy Spyware” »
This is clever: Malicious apps hosted in the Google Play market are trying a clever trick to avoid detection — they monitor the motion-sensor input of an infected device before installing a powerful banking trojan to make sure it doesn’t load on emulators researchers use to detect attacks. The thinking behind the monitoring is that … Read More “Clever Smartphone Malware Concealment Technique” »
BuzzFeed is reporting on a scheme where fraudsters buy legitimate Android apps, track users’ behavior in order to mimic it in a way that evades bot detectors, and then uses bots to perpetuate an ad-fraud scheme. After being provided with a list of the apps and websites connected to the scheme, Google investigated and found … Read More “Android Ad-Fraud Scheme” »
Google is tracking you, even if you turn off tracking: Google says that will prevent the company from remembering where you’ve been. Google’s support page on the subject states: “You can turn off Location History at any time. With Location History off, the places you go are no longer stored.” That isn’t true. Even with … Read More “Google Tracks its Users Even if They Opt-Out of Tracking” »
Krebs on Security is reporting that all 85,000 Google employees use two-factor authentication with a physical token. A Google spokesperson said Security Keys now form the basis of all account access at Google. “We have had no reported or confirmed account takeovers since implementing security keys at Google,” the spokesperson said. “Users might be asked … Read More “Google Employees Use a Physical Token as Their Second Authentication Factor” »
The Norwegian Consumer Council just published an excellent report on the deceptive practices tech companies use to trick people into giving up their privacy. From the executive summary: Facebook and Google have privacy intrusive defaults, where users who want the privacy friendly option have to go through a significantly longer process. They even obscure some … Read More “Manipulative Social Media Practices” »
Researchers have demonstrated the ability to send inaudible commands to voice assistants like Alexa, Siri, and Google Assistant. Over the last two years, researchers in China and the United States have begun demonstrating that they can send hidden commands that are undetectable to the human ear to Apple’s Siri, Amazon’s Alexa and Google’s Assistant. Inside … Read More “Sending Inaudible Commands to Voice Assistants” »
This is interesting research and data: With Google accounts as a case-study, we teamed up with the University of California, Berkeley to better understand how hijackers attempt to take over accounts in the wild. From March 2016 to March 2017, we analyzed several black markets to see how hijackers steal passwords and other sensitive data. … Read More “Google’s Data on Login Thefts” »
Google has a new login service for high-risk users. it’s good, but unforgiving. Logging in from a desktop will require a special USB key, while accessing your data from a mobile device will similarly require a Bluetooth dongle. All non-Google services and apps will be exiled from reaching into your Gmail or Google Drive. Google’s … Read More “Google Login Security for High-Risk Users” »
Fortune magazine just published a good article about Google’s Project Zero, which finds and publishes exploits in other companies’ software products. I have mixed feeling about it. The project does great work, and the Internet has benefited enormously from these efforts. But as long as it is embedded inside Google, it has to deal with … Read More “Good Article About Google’s Project Zero” »