In early 2014, Microsoft started providing Office 365 users with the option to secure their accounts with multi-factor authentication. When signing in, folks have to respond to a phone call, text message, or phone notification after entering their password. The feature has since worked on PCs and smartphones, but when Office came to Android tablets, support was absent.
According to the identical changelogs accompanying the latest versions of Microsoft Word, Excel, and PowerPoint for tablets, that has changed. Read More
The increasingly popular team chat platform Slack confirmed in a blog post today that a database containing user profile information had been breached. Slack says the database contained usernames, email addresses, hashed passwords, and information users could connect to their account like Skype names. There's no evidence that the hackers were able to decrypt user passwords, but they did have access to the above-mentioned information.
Slack says it has blocked the unauthorized access, and - in the same blog post - announced the launch of a two-factor authentication option for its users, along with a "password kill switch" for team owners. Read More
The next time you sign into your Twitch account, you're going to have to change your passwords and stream keys. You will also need to reconnect your Twitter and YouTube accounts. Why? The same reason as always. It appears someone may have obtained unauthorized access to some Twitch user account information, and these precautions are for your own good.
Twitch has sent out emails to affected users of the video game streaming service, warning that their usernames, email addresses, encrypted passwords, last IP addresses, phone numbers, addresses, and dates of birth may have been accessed. Read More
We've heard a number of rumors about Google launching its own Mobile Virtual Network Operator (MVNO), codenamed Nova. According to reports, the service will source wireless service from Sprint and T-Mobile, but it will rely on Wi-Fi networks to bear most of the weight of both data and voice services (though VoIP). While the details of this plan still aren't clear, another piece of the puzzle just emerged that indicates Google is going to offer its own virtual private network (VPN) service, and it may be targeted specifically at Nova subscribers. Read More
It's not uncommon for security firms to raise their public profile by publishing analyses of device security and vulnerabilities. However, Bluebox Security really stuck its virtual foot in its mouth this time. After posting what appeared to be a damning exposé of malware shipping on Xiaomi's Mi4 last week, the company has had to post an addendum admitting that it was fooled by a fake and Xiaomi's phones aren't shipping with malware after all. Oops. Read More
Cerberus is a solid little app that makes it easy (or at least easier) to find/lock your phone or tablet if it's lost or stolen. The app has accumulated over a million downloads on the Play Store, so clearly it has earned some loyal users. The update to version 3.1 adds a couple of crucial features: full support for both Android Wear and Android 5.0. If you have either one, you'll appreciate the added functionality. Read More
Google made news earlier this year when it announced that Android 5.0 Lollipop devices would ship encrypted by default. And indeed, the first few Lollipop devices (all Nexus) were encrypted out of the box. However, OEM Lollipop phones are not shipping with encryption enabled. It looks like Google is backing off on this requirement, pushing it to a future version.
Google is cancelling the upcoming iteration of Pwnium, the competition they have sponsored regularly over the past several years. Pwnium has been very useful for Google in protecting Chrome and Chrome OS, because the entire event is about finding holes in the Chromium project. Why did they cancel it, then? For the sake of security! Read More
A recent report based on information from Edward Snowden made a startling accusation regarding the security of the SIM cards lurking in most of our phones. According to the newly leaked documents, Netherlands-based Gemalto was the target of a CIA and GSHQ (UK intelligence) plot to steal SIM card encryption keys. Gemalto is the largest maker of SIM cards in the world, so that would be a substantial security breach. Gemalto has issued a statement after completing its investigation to say that, yes, there was probably an attack. Read More