A recent report based on information from Edward Snowden made a startling accusation regarding the security of the SIM cards lurking in most of our phones. According to the newly leaked documents, Netherlands-based Gemalto was the target of a CIA and GSHQ (UK intelligence) plot to steal SIM card encryption keys. Gemalto is the largest maker of SIM cards in the world, so that would be a substantial security breach. Gemalto has issued a statement after completing its investigation to say that, yes, there was probably an attack. Read More
Google stands to make the most money if you're online using its search engine and viewing its ads, preferably in Chrome or on an Android device. But sometimes the internet can be a tricky place to navigate safely, and that's just not good for business. So the company is continuing its push to make the web a safer place to browse on PCs and mobile devices alike.
Before you visit a webpage that tries to trick you into downloading unwanted, potentially harmful software, Chrome will now stop you and dish out an intimidating, red warning.
The site ahead contains harmful programs. Attackers ... might attempt to trick you into installing programs that harm your browsing experience (for example, by changing your homepage or showing extra ads on sites you visit).
Managing 2-factor authentication is a pain, but such is the price we pay for security, right? Authy makes it much less annoying with secure backup, device sync, and offline mode for 2fa. It hasn't been the most attractive app, but the new version is looking much nicer and more material.
With the myriad of ways nefarious types are able to get their hands on passwords these days, often times whether your information gets stolen is completely out of your hands. Rather than changing their sign-in credentials every time another leak or hack happens, many folks trust their online security to password managers such as LastPass. Dashlane is an alternative that can also get the job done, and for the next week, you can snag a premium account free for six months over at sharewareonsale.com. A yearly subscription currently goes for $39.99.
Dashlane relies on AES-256 encryption to protect your data, which it backs up and automatically syncs across your various devices if you have a premium account. Read More
Did you know Safer Internet Day was a thing? Well, indeed it is, and it's today! Happy Safer Internet Day, everyone! To celebrate, Google is offering 2GB of additional Drive storage for completing a quick security checkup.
Remember how Marriott hotels wanted to block WiFi hotspots and make everyone pay for internet access? It turns out giving Marriott money for lodging is maybe not a good idea in the first place. According to software developer Randy Westergren, it has been possible to access customer information on Marriott's servers without a password since the Android app was released in 2011.
You might have noticed a number of recent stories (like this one) claiming Google was abandoning some huge portion of Android users rather than fixing WebView security holes. It's exactly the kind of thing that makes good clickbait. Google has now issued a statement on the security issues in Android 4.3 and earlier, basically pointing out it's not feasible to update old code forever and offering tips for avoiding potential exploits. Read More
Verizon isn't making many friends when it comes to keeping private information private. Just two days after news broke that Verizon Wireless is collecting and in some cases selling web browsing info, its parent company has been given a black eye for insecure practices associated with the FiOS Internet service. Security researcher Randy Westergren discovered a way to access any FiOS user's Verizon email account by using the mobile API.
The message is, "You really shouldn't be using this app. Or the free email we gave you. At all."
Westergren's discovery and his explanation are highly technical, but what it boils down to is that he could substitute the username (and only the username) of a Verizon FIOS email user in a particular API script in order to access that account. Read More
Not long after British Prime Minister David Cameron did the same, President Obama said Friday that he opposes encryption methods that are inaccessible to law enforcement. Rather naively, he advocated that the technology should still exist, but with methods of access for approved entities like police and preferred spy agencies. This is his first clear issue stance on the matter, though it is not necessarily out of step with his previous actions and statements.
Of course, cybersecurity experts collectively groaned at the President's suggestion of strong encryption that is only accessible to authorities. Taking for granted that law enforcement can be trusted - and, of course, Edward Snowden and countless others have shown us it cannot - there are a host of problems. Read More