Archive for the ‘google’ Category

Iranian phishers bypass 2fa protections offered by Yahoo Mail and Gmail

December 13th, 2018
Iranian phishers bypass 2fa protections offered by Yahoo Mail and Gmail

Enlarge

A recent phishing campaign targeting US government officials, activists, and journalists is notable for using a technique that allowed the attackers to bypass two-factor authentication protections offered by services such as Gmail and Yahoo Mail, researchers said Thursday. The event underscores the risks of 2fa that relies on one-tap logins or one-time passwords, particularly if the latter are sent in SMS messages to phones.

Attackers working on behalf of the Iranian government collected detailed information on targets and used that knowledge to write spear-phishing emails that were tailored to the targets’ level of operational security, researchers with security firm Certfa Lab said in a blog post. The emails contained a hidden image that alerted the attackers in real time when targets viewed the messages. When targets entered passwords into a fake Gmail or Yahoo security page, the attackers would almost simultaneously enter the credentials into a real login page. In the event targets’ accounts were protected by 2fa, the attackers redirected targets to a new page that requested a one-time password.

“In other words, they check victims’ usernames and passwords in realtime on their own servers, and even if 2 factor authentication such as text message, authenticator app or one-tap login are enabled they can trick targets and steal that information too,” Certfa Lab researchers wrote.

Read 7 remaining paragraphs | Comments

Posted in 2FA, Biz & IT, google, security keys, SMS, Text, two-factor authentication | Comments (0)

Chromecasts are finally available from Amazon again

December 13th, 2018
Chromecasts are finally available from Amazon again

Enlarge (credit: Jeff Dunn)

Amazon and Google haven't played nicely with each other over the past few years, but consumers were thrown just thrown a bone. Amazon has finally restocked Chromecast and Chromecast Ultra devices in its online store, selling them for $35 and $69 respectively.

Back in 2015, Amazon pulled Chromecast devices from its store after it dictated that it would only sell streaming devices that support its own Prime Video service. Since the Chromecast did not, Amazon claimed it would cause "customer confusion" to offer it for purchase.

The same strange rule applied to the Apple TV, which Amazon didn't sell for some time as well. But Amazon released its Prime Video app for Apple TV this time last year, and Apple's set-top box reappeared on Amazon quickly after that.

Read 5 remaining paragraphs | Comments

Posted in amazon, chromecast, chromecast ultra, echo, google, online shopping, Tech, YouTube | Comments (0)

FCC panel wants to tax Internet-using businesses and give the money to ISPs

December 12th, 2018
A mouse cursor hovering over two options labeled

Enlarge (credit: Getty Images | Christian Michaels)

A Federal Communications Commission advisory committee has proposed a new tax on Netflix, Google, Facebook, and many other businesses that require Internet access to operate.

If adopted by states, the recommended tax would apply to subscription-based retail services that require Internet access, such as Netflix, and to advertising-supported services that use the Internet, such as Google and Facebook. The tax would also apply to any small- or medium-sized business that charges subscription fees for online services or uses online advertising. The tax would also apply to any provider of broadband access, such as cable or wireless operators.

The collected money would go into state rural broadband deployment funds that would help bring faster Internet access to sparsely populated areas. Similar universal service fees are already assessed on landline phone service and mobile phone service nationwide. Those phone fees contribute to federal programs such as the FCC's Connect America Fund, which pays AT&T and other carriers to deploy broadband in rural areas.

Read 21 remaining paragraphs | Comments

Posted in amazon, AT&T, FCC, google, Netflix, Policy | Comments (0)

Republicans in Congress grill Google CEO over liberal bias

December 12th, 2018
Google CEO Sundar Pichai testifies before House Judiciary Committee.

Enlarge / Google CEO Sundar Pichai testifies before House Judiciary Committee. (credit: Xinhua/Liu Jie via Getty Images)

At a House Judiciary Committee hearing Tuesday, members of Congress grilled Google CEO Sundar Pichai about a variety of topics, from user privacy to the possibility of a censored Chinese search engine. But the focus of the hearing was political bias.

"A while back Republicans passed legislation to repeal and replace Obamacare," said Rep. Steve Chabot (R-OH). During the debate over that legislation, Chabot said, he Googled the Republican legislation and "virtually every article was an attack on our bill. It wasn't until you got to the third or fourth page of search results before you found anything remotely positive."

Chabot was just one of several Republican committee members who charged that Google's search algorithms—and its employees—were biased against conservatives. But Pichai stood firm, insisting that Google has rigorous procedures in place to ensure that the personal political views of Google employees doesn't undermine the objectivity of search results.

Read 24 remaining paragraphs | Comments

Posted in congress, google, house judiciary committee, Policy | Comments (0)

macOS Mojave’s dark mode is coming to Google Chrome

December 11th, 2018
Google Chrome in macOS Mojave.

Enlarge / Google Chrome in macOS Mojave. (credit: Samuel Axon)

Apple added dark mode to macOS with its Mojave software update on September. Since then, third-party apps have been adding dark themes to go along with it, but there have been a handful of notable outliers, like Slack and Google Chrome. We've now learned that the latter of those will get a formal dark mode in an upcoming release, likely Chrome 73.

As noted on Reddit and reported by MacRumors, a code change was submitted to Chromium on December 5 that lays the groundwork for the future public release. Here are the notes on the change from the Chromium issue page:

Mac: Change dark mode optout logic and respond to system changes

This change hooks up the "DarkMode" feature, allowing for three states
in Mojave:
- --force-dark-mode for dark appearance unconditionally
- --enable-feature=DarkMode to track system dark mode status
- No flags/default state is light appearance unconditionally

Since we build with an SDK < 10.14, we still need the Info.plist
key, but it now must be false.

Some related changes:
- Make Omnibox tint respond to OnNativeThemeChanged
- React immediately to changes in high-contrast mode setting

Chromium is the first stop for changes to Chrome, with more steps along the way like the beta release, before the changes finally make it to the public release. Even in Chromium, the feature requires digging into code to activate, so this is early along. But dark mode is clearly on the way.

Read 2 remaining paragraphs | Comments

Posted in apple, browser, chrome, dark mode, google, MacOS, macOS Mojave, Tech | Comments (0)

Google+ bug exposes non-public profile data for 52 million users

December 10th, 2018
The Google Plus (G+, or Google +) social network logo is seen in the company's offices behind Android toys on August 21, 2014 in Berlin, Germany.

Enlarge / The Google Plus (G+, or Google +) social network logo is seen in the company's offices behind Android toys on August 21, 2014 in Berlin, Germany. (credit: Adam Berry/Getty Images)

Two months after disclosing an error that exposed the private profile data of almost 500,000 Google+ users, Google on Monday revealed a new leak that affects more than 52 million people. The programming interface bug allowed developers to access names, ages, email addresses, occupations, and a wealth of other personal details even when they were set to be nonpublic.

The bug was introduced in a release that went live at an undisclosed date in November and was fixed a week later, Google officials said in a blog post. During the time the bug was active, developers of apps that requested permission to view profile information that a user had added to their Google+ profile received permission to view profile information about that user even when the details were set to not-public. What’s more, apps with access to users’ Google+ profile data had permission to access non-public profile data that other Google+ users shared with the consenting user. In all, the post said, 52.5 million users are affected.

“The bug did not give developers access to information such as financial data, national identification numbers, passwords, or similar data typically used for fraud or identity theft,” Monday’s post said. “No third party compromised our systems, and we have no evidence that the developers who inadvertently had this access for six days were aware of it or misused it in any way.”

Read 4 remaining paragraphs | Comments

Posted in Biz & IT, google, Google Plus, Policy, Privacy | Comments (0)

Post-mortem: Tying Edge to Windows 10 was a fatal error

December 6th, 2018
Post-mortem: Tying Edge to Windows 10 was a fatal error

Enlarge (credit: @AndreTelevise)

As reported earlier this week, Microsoft is going to use Google's Blink rendering engine and V8 JavaScript engine in its Edge browser, largely ending development of its own EdgeHTML rendering engine and Chakra JavaScript engine. This means that Microsoft will be using code from—and making contributions to—the Chromium open source project.

The company's browser will still be named Edge and should retain the current look and feel. The decision to switch was motivated primarily by compatibility problems: Web developers increasingly test their pages exclusively in Chrome, which has put Edge at a significant disadvantage. Microsoft's engineers have found that problematic pages could often be made Edge compatible with only very minor alterations, but because Web devs aren't using Edge at all, they don't even know that they need to change anything.

The story is, however, a little more complex. The initial version of Edge that shipped with the first version of Windows 10 was rudimentary, to say the least. It was the bare bones of a browser, but with extremely limited capabilities around things like tab management and password management, no extension model, and generally lacking in the creature comforts that represent the difference between a bare rendering engine and an actual usable browser. It also had stability issues; crashes and hangs were not uncommon.

Read 12 remaining paragraphs | Comments

Posted in Blink, chrome, Chromium, development, EDGE, google, JavaScript, microsoft, Open Source, Tech, WebKit | Comments (0)

Google CEO Sundar Pichai will face lawmakers at a hearing next week

November 28th, 2018
Google CEO Sundar Pichai.

Enlarge / Google CEO Sundar Pichai. (credit: Chesnot/Getty Images)

Google CEO Sundar Pichai is scheduled to testify before Congress next Wednesday, December 5. The hearing will give members of the House Judiciary Committee a long-awaited opportunity to grill Pichai about a wide range of issues, from user privacy to free speech in China.

Google angered some members of Congress in September when the company refused to send either one of its two most senior executives—Pichai or Alphabet CEO Larry Page—to testify before a September hearing on election security before the Senate Intelligence Committee. That hearing featured Twitter CEO Jack Dorsey and Facebook COO Sheryl Sandberg—as well as an empty chair marked "Google."

According to the Washington Post, next week's hearing is occurring at the request of House Majority leader Kevin McCarthy, who has raised concerns that Google may be biased against conservatives—and that this bias may be seeping into the policies of Google's search engine, YouTube, and other products. A recently-leaked video showed Google executives openly mourning Hillary Clinton's loss after the 2016 election.

Read 9 remaining paragraphs | Comments

Posted in Bob Goodlatte, congress, google, Kevin McCarthy, Policy, Sundar Pichai | Comments (0)

FBI Shuts Down Multimillion Dollar – 3ve – Ad Fraud Operation

November 28th, 2018
Google, the FBI, ad-fraud fighting company WhiteOps and a collection of cyber security companies worked together to shut down one of the largest and most sophisticated digital ad-fraud schemes that infected over 1.7 million computers to generate fake clicks used to defraud online advertisers for years and made tens of millions of dollars in revenue. Dubbed 3ve (pronounced "Eve"), the online

Posted in ad fraud, cyber security, google, Google Adsense, google adword, hacking news, Header Bidding, online ad fraud, scamming | Comments (0)