Category Archives: Google

Google denies illegally slurping data off free student Chromebooks

Nonsense! says Google in response to a lawsuit filed by New Mexico's AG, which accuses Google of violating COPPA's child privacy laws.

Smashing Security #166: What the Dickens! Ad ban thank you scam

How to stop dick pics on Twitter, and a new way bad guys are extorting money from websites earning cash from Google ads.

All this and much more is discussed in the latest edition of the award-winning “Smashing Security” podcast by computer security veterans Graham Cluley and Carole Theriault.

Our personal health history is too valuable to be harvested by the tech giants | Eerke Boiten

Action to prevent deeper access to our private lives and data is more essential than ever

Health data paints a rich picture of our lives. Even if you remove your name, date of birth and NHS number to “anonymise” yourself, a full health history will reveal your age, gender, the places where you have lived, your family relationships and aspects of your lifestyle.

Used in combination with other available information, this may be enough to verify that this medical history relates to you personally and to target you online. Consequently, whenever the NHS shares health data, even if it is anonymised, we need to have confidence in who it goes to and what they can do with it.

When data about us influences a credit rating or a hiring decision, we are unlikely ever to find out

Continue reading...

Google Foiled Over 1.9B Malware Installs from Non-Play Sources in 2019

Google revealed that it blocked more than 1.9 billion installations of Android malware from non-Play Store sources over the course of 2019. On 11 February, Google revealed on the Android Developers Blog that it had succeeded in scanning billions of potential malware installations by creating a revamped Play Protect experience in 2019. This built-in malware […]… Read More

The post Google Foiled Over 1.9B Malware Installs from Non-Play Sources in 2019 appeared first on The State of Security.

ZeroFOX launches AI-powered Advanced Email Protection for Google and Microsoft platforms

ZeroFOX, the leading provider of public attack surface protection, announced it has extended its artificial intelligence (AI) powered platform to now include advanced protection capabilities to solve intractable challenges in the cloud email security market and complement existing email security. The ZeroFOX Advanced Email Protection suite includes capabilities that address Business Email Compromise Protection for Google’s G Suite and Microsoft’s Office 365 platforms, which identifies impersonation-based attacks targeting employees. It also includes Email Abuse and … More

The post ZeroFOX launches AI-powered Advanced Email Protection for Google and Microsoft platforms appeared first on Help Net Security.

Facebook, Google, YouTube order Clearview to stop scraping faceprints

It's my First Amendment right to scrape publicly available face images, its CEO says. Besides, we're just doing what Google Search does.

Google announces startup accelerator and new office in Toronto

TORONTO–Google yesterday announced a new accelerator program to help grow startups at the series-A funding and seeding stages.  The accelerator is Google’s first accelerator Canada and 12th world-wide. According to a Fortune article, 90 per cent of startups never takes off, with insufficient capital, disharmony, poor marketing, and wrong team composition listed as key failing…

Google mistakenly shared private videos of some users with others in 2019

Google has accidentally shared private videos of some users that were stored on its servers with other, the tech giant notified impacted users.

Google admitted a new privacy incident, it has accidentally shared private videos saved on its servers with other users. At the time it is not clear the number of impacted users, anyway, the company sent them a security notification. The company only confirmed that “one or more videos in your Google Photos account was affected by this issue.”

The incident was caused by a technical issue in Google’s Takeout that is a project that allows users of its products, such as YouTube and Gmail, to export their data to a downloadable archive file.

The issue was confirmed by the researcher Jon Oberheide from Duo Security that published a Tweet that confirms some videos saved in Google Photos were exported to unrelated user’s archives.

The technical issue remained active between 21st November and 25th November 2019.

The privacy incident potentially affected those users who used Google Takeout service in the period mentioned above. The tech giant pointed out that the problem did not involve photographs uploaded by the users to Google Photos.

The company apologized for any inconvenience the incident may have caused, users can contact its Support service for further assistance.

Pierluigi Paganini

(SecurityAffairs – privacy, data leak)

The post Google mistakenly shared private videos of some users with others in 2019 appeared first on Security Affairs.

Google software glitch sent some users’ videos to strangers

Bug affected users of Google Takeout exporting from Google Photos in late November

Google has said a software bug resulted in some users’ personal videos being emailed to strangers.

The flaw affected users of Google Photos who requested to export their data in late November. For four days the export tool wrongly added videos to unrelated users’ archives.

Continue reading...

Will we just accept our loss of privacy, or has the techlash already begun? | Alan Rusbridger

Not so long ago we searched Google. Now we seem quite happy to let Google search us

Probably too late to ask, but was the past year the moment we lost our technological innocence? The Alexa in the corner of the kitchen monitoring your every word? The location-betraying device in your pocket? The dozen trackers on that web page you just opened? The thought that a 5G network could, in some hazily understood way, be hardwired back to Beijing? The spooky use of live facial recognition on CCTV cameras across London.

With privacy there have been so many landmarks in the past 12 months. The $5bn Federal Trade Commission fine on Facebook to settle the Cambridge Analytica scandal? The accidental exposure of a mind-blowing 1.2 billion people’s details from two data enrichment companies? Up to 50m medical records spilled?

We gleefully carry surveillance machines in our pockets and install them in our homes

Related: Cybercrime laws need urgent reform to protect UK, says report

Continue reading...

Make your own security key with Google’s OpenSK

Google has open-sourced OpenSK, firmware that, combined with an affordable chip dongle, allows you to make your own security key to use for authentication purposes. About OpenSK OpenSK isan open-source implementation for security keys that supports both FIDO U2F and FIDO2 standards. “Under the hood, OpenSK is written in Rust and runs on TockOS to provide better isolation and cleaner OS abstractions in support of security,” Elie Bursztein, Google’s Security & Anti-abuse Research Lead, and … More

The post Make your own security key with Google’s OpenSK appeared first on Help Net Security.

Google Receives Geofence Warrants

Sometimes it's hard to tell the corporate surveillance operations from the government ones:

Google reportedly has a database called Sensorvault in which it stores location data for millions of devices going back almost a decade.

The article is about geofence warrants, where the police go to companies like Google and ask for information about every device in a particular geographic area at a particular time. In 2013, we learned from Edward Snowden that the NSA does this worldwide. Its program is called CO-TRAVELLER. The NSA claims it stopped doing that in 2014 -- probably just stopped doing it in the US -- but why should it bother when the government can just get the data from Google.

Both the New York Times and EFF have written about Sensorvault.

Say hello to Microsoft’s new Chromium-based browser

Microsoft officially launched its new Edge Chromium browser across both Windows and macOS operating systems this week and is available for download now.

One of the biggest issues facing IT professionals is high costs and the complexity in managing enterprise companies that support two or more browsers for maximizing compatibility across legacy and modern websites. Microsoft is hoping to eliminate some of those frustrations by allowing enterprise users to access features like Internet Explorer mode, which lets businesses load legacy IE sites within Edge automatically. 

The new Edge browser also comes with Microsoft’s privacy promise and embraces new features such as tracking prevention in addition to offering three levels of control while employees are browsing. The tracking prevention feature will help businesses know who has access to their data and also give them the control to choose the information they share. Tracking prevention and SmartScreen features of the new Edge browser will also protect businesses from any type of malware, phishing scheme and malicious software. 

A study conducted by Ponemon Institute in 2019 says a data breach costs companies $3.2 million on average.

In addition, new features like Collections will let employees more easily collect and organize web content and research, and export that information into Word or Excel. 

Jimmy Tom, research director at Info-Tech, noted in a recent presentation shared with IT World that the Chromium-based browser opens up new opportunities for Microsoft.

“In effect, Microsoft can now compete in other races that it has never before considered,” he wrote, adding it could provide them with an advantage against AWS as the cloud race between the two tech giants intensifies.

Additional benefits for users giving the new browser a try, he added, include having a much more unified experience for end-users on a platform that IT can control, as well as having the ability to easily port existing Chrome apps into Edge.

The new Collections feature to allow employees more easily collect and organize web content and research.

Microsoft Search in Bing can be easily accessed on mobile phones, thereby enabling knowledge workers to search for corporate information on the go.  

Microsoft Search in Bing can be accessed on mobile phones.

Microsoft Search in Bing also offers new inPrivate mode so that online browsing and searches by employees are not attributed to them.

The new Microsoft Edge browser offers new inPrivate mode.

The new Microsoft Edge browser also comes with a new logo. 

The new Microsoft Edge browser has a new logo

In order to pilot the new Edge browser within the corporate environment, IT administrators will need to download an offline deployment package. The new Edge browser will not automatically deploy for enterprise or commercial customers, Microsoft says. Tools like Configuration Manager tools and Intune deployment, the company adds, can simplify deployment.

The new browser is supported by FastTrack and App Assure. FastTrack will allow businesses with an eligible subscription to Azure, Dynamics 365, and Microsoft 365 to deploy this new browser at no extra charge. Businesses having sites compatible with legacy Microsoft Edge, Google Chrome, or Internet Explorer 8 and above, will also work on the new Microsoft Edge the same way.

The new Microsoft Edge is available in more than 90 languages, ready to be downloaded on all supported versions of Windows and MacOS. It is also available to download on android and iOS. 

 

 

Apps are sharing more of your data with ad industry than you may think

Apps like Grindr, Tinder and Happn are (over-)sharing data about sexuality, religion, and location with a shadowy network of data brokers. And it's not just dating apps that are doing it...

Dynatrace, Google and Microsoft collaborate to help make OpenTelemetry enterprise-grade

Software intelligence company, Dynatrace, announced it is collaborating with Google and Microsoft on the OpenTelemetry project to shape the future of open standards-based observability. To further advance the industry and extend the reach of its Software Intelligence Platform, Dynatrace is contributing transaction tracing knowhow and manpower to the project. OpenTelemetry is focused on providing standardized transaction-level observability through the generation, collection, and description of telemetry data for distributed cloud-native systems. As OpenTelemetry becomes more widely … More

The post Dynatrace, Google and Microsoft collaborate to help make OpenTelemetry enterprise-grade appeared first on Help Net Security.

Kubernetes bug bounty program open to anyone, rewards up to $10,000

The Cloud Native Computing Foundation is inviting bug hunters to search for and report vulnerabilities affecting Kubernetes. Offered bug bounties range between $100 to $10,000. What is Kubernetes? Kubernetes is an open-source container-orchestration system for automating application deployment, scaling, and management. It was designed by Google but has been open sourced and handed over to the Cloud Native Computing Foundation to continue its maintenance and has become a community project. The Kubernetes bug bounty program … More

The post Kubernetes bug bounty program open to anyone, rewards up to $10,000 appeared first on Help Net Security.

Xiaomi Cameras Connected to Google Nest Expose Video Feeds From Others

Internet-connected devices have been one of the most remarkable developments that have happened to humankind in the last decade. Although this development is a good thing, it also stipulates a high security and privacy risk to personal information. In one such recent privacy mishap, smart IP cameras manufactured by Chinese smartphone maker Xiaomi found mistakenly sharing surveillance footage

Google Offers Financial Support to Open Source Projects for Cybersecurity

Besides rewarding ethical hackers from its pocket for responsibly reporting vulnerabilities in third-party open-source projects, Google today announced financial support for open source developers to help them arrange additional resources, prioritizing the security of their products. The initiative, called "Patch Rewards Program," was launched nearly 6 years ago, under which Google rewards

The Guardian view on Boris Johnson’s NHS plan: trading patient data | Editorial

Donald Trump has made clear he wants a post-Brexit Britain to let US tech companies and big pharma access medical records

The NHS is a goldmine of patient data which the United States wants to be quarried by some of its biggest companies. Britain’s health service is home to a unique medical dataset that covers the entire population from birth to death. Jeremy Corbyn’s NHS press conference revealed that the US wanted its companies to get unrestricted access to the UK’s medical records, thought to be worth £10bn a year. A number of tech companies – including Google – already mine small parts of the NHS store. Ministers have been treading carefully after an attempt to create a single patient database for commercial exploitation was scrapped in 2016 when it emerged there was no way for the public to work out who would have access to their medical records or how they were using them.

However, such caution might be thrown to the wind if Boris Johnson gets his way over Brexit – and patients’ privacy rights are traded away for US market access. This would be a damaging step, allowing US big tech and big pharma to collect sensitive, personal data on an unprecedented scale. Donald Trump’s officials have already made clear that this is what they are aiming for. In the leaked government records of talks between US and UK trade representatives White House officials state that “the free flow of data is a top priority” in a post-Brexit world. Trump’s team see Brexit as an opportunity “to avoid forcing companies to disclose algorithms”. The US wants the UK to drop the EU’s 2018 data law, in which individuals must be told what is happening with their medical data, even if scrubbed of personal identifiers.

Continue reading...

Google’s secret cache of medical data includes names and full details of millions – whistleblower

Whistleblower tells Guardian of growing alarm over secret transfer of medical history data, which can be accessed by Google staff

A whistleblower who works in Project Nightingale, the secret transfer of the personal medical data of up to 50 million Americans from one of the largest healthcare providers in the US to Google, has expressed anger to the Guardian that patients are being kept in the dark about the massive deal.

Related: Mick Mulvaney drops impeachment lawsuit but will not comply with House subpoena – live

Continue reading...