security

165 'security' stories June 2011 - February 2017

See All Stories

security

Cloudflare security breach exposes data from Uber, Fitbit, OKCupid among 3,400 websites; password changes recommended

Ben Lovejoy Feb 24 2017 - 4:24 am PT

0 Comments

cloudflare

User data from 3,400 websites has been leaked and cached by search engines as a result of a bug in Cloudflare, a content delivery network. Sites affected over the course of several months include major ones like Uber, Fitbit and dating site OKCupid. 1Password also uses Cloudflare, but says that end-to-end encryption means that no customer data was exposed.

ArsTechnica reports that the leaks were spotted by Google security researcher Tavis Ormandy.

We observed encryption keys, cookies, passwords, chunks of POST data and even HTTPS requests for other major cloudflare-hosted sites from other users. Once we understood what we were seeing and the implications, we immediately stopped and contacted cloudflare security.

Cloudflare has admitted that the breach occurred, but Ormandy and other security researchers believe the company is underplaying the severity of the incident …

Expand
Expanding
Close

Google details how its ‘Verify Apps’ feature has identified over 25k potentially dangerous apps

Ben Schoon Jan 18 2017 - 3:12 pm PT

0 Comments

android

Security is always an important discussion on Android. If you stick to the Play Store, odds are you won’t run into issues, but some apps aren’t available through Google’s official portal. Rather, they have to be sideloaded as APKs, and that’s where holes open up.

Expand
Expanding
Close

Camera-related security flaw on Google Pixel could ‘facilitate tracking,’ fix already implemented

Abner Li Dec 30 2016 - 2:20 pm PT

0 Comments

orzly_pixel_3

Google is a very security-focused company from the web to even third-party platforms. On Android, this results in monthly security patches, user controlled permissions, various Play Store protections, and more. However, flaws still slip through as evident by a camera-related one on the Pixel and Pixel XL that could ‘facilitate tracking.’

Expand
Expanding
Close

Security vulnerabilities in AirDroid allow access to private data and sending of malicious files [Video]

Ben Schoon Dec 1 2016 - 9:51 pm PT

0 Comments

airdroid4

AirDroid has been a popular service on Android for years, allowing users to easily and wirelessly access the files on their smartphone from a PC, mirror notifications, and send/receive text messages. However, security company Zimperium has been tracking some major security vulnerabilities in the app for a few months now, and they’re still not fixed…

Expand
Expanding
Close

Some budget Android phones in the US reportedly affected by ‘backdoor’ which sent personal data to China

Ben Schoon Nov 15 2016 - 6:54 pm PT

0 Comments

blu_r1hd_1

There are a lot of fantastic budget smartphones on the market today, but there are always concerns with smartphones that are super cheap. One of those is security, an increasingly important part of any smartphone. Now security firm Kryptowire has uncovered an alleged backdoor hidden within some budget Android smartphones.

Expand
Expanding
Close

Android is as secure as iOS on the iPhone, says Google’s director of security

Edoardo Maggio Nov 2 2016 - 6:34 am PT

0 Comments

samsung_rooting_design_v01

One of the stigmas Android has long had to live with is its alleged lack of security. Despite patches deployed directly by Google every month, the slowness of intermediaries such as carriers and OEMs has put the whole platform in a position of uncertainty, especially when compared with the more vertically integrated iOS.

Of course, however, Android’s director of security Adrian Ludwig disagrees…

Expand
Expanding
Close

Third-party developers can now add Safe Browsing protections to Android apps

Abner Li Sep 15 2016 - 10:19 am PT

0 Comments

safe-browsing-buttons

First available on the web, Google has been expanding its Safe Browsing protections that warn users of nefarious sites to Android. Third-party developers will now have the ability to add the same URL checking to their Android apps with the new Safe Browsing API.

Expand
Expanding
Close

Google disabling third-party OAuth app logins from web-views over the next year

Abner Li Aug 22 2016 - 5:12 pm PT

0 Comments

google-oauth-security

Using a login party like Google, Twitter, or Facebook is much more convenient than remembering a username and password for individual services. To improve security for this type of sign-in, Google is deprecating third-party app logins from web-views in favor of the native browser.

Expand
Expanding
Close

Safe Browsing extended to web Gmail, Android app now warns of unauthenticated senders

Abner Li Aug 10 2016 - 11:20 am PT

0 Comments

Gmail-Android-tablet

Rolled out earlier this year on the web, Gmail for Android will now warn users when they receive a message from an unauthenticated sender. Today’s other security update extends Safe Browsing protections to links from phishing and malware sites found in emails.

Expand
Expanding
Close

Google Account sign-in notifications are now sent directly to your Android device

Abner Li Aug 1 2016 - 9:31 am PT

0 Comments

Android Notifications

With the way security currently works, Google alerts users of new sign-ins to their account via email. The measure is a means of keeping users secure by informing them of what’s happening with their accounts in real-time. Starting today, users will be alerted of new sign-ins through notifications sent directly to their Android device.

Expand
Expanding
Close

Google’s latest experiment aims to protect against encryption-breaking quantum computers

Abner Li Jul 7 2016 - 10:10 am PT

0 Comments

d-wave_exterior

While quantum computing is still in its infancy, it has the possibility of solving problems — like secure digital communications — dramatically faster than current technology. In order to begin securing against future quantum computers, Google is experimenting with post-quantum cryptography connections to its websites.

Expand
Expanding
Close

PSA: Checking for software updates on your OnePlus 3 can expose your IMEI on open networks

Ben Schoon Jul 5 2016 - 5:28 pm PT

0 Comments

oneplus3_001

With major updates for the OnePlus 3 on the horizon there’s no doubt many users are constantly checking for that update to hit their devices. While that’s usually completely fine, a flaw in OnePlus’ system could turn this average task into something a bit more dangerous.

Expand
Expanding
Close

PSA: Gmail is down for some users, Google is investigating

Jordan Kahn Jun 9 2016 - 12:23 pm PT

0 Comments

gmail

Gmail is experiencing downtime this afternoon as some users are having issues with receiving messages and accessing their account. Google confirmed the issue on its apps status page and said it was investigating reports as of 1:56PM EST.

The company provided a later update at 2:46PM EST today noting that it’s continuing to investigate and confirming it’s discovered that “some messages sent to consumer Gmail accounts are being rejected due to authentication enforcement.”

Google plans to provide another update by 3:46PM EST with more details on when it expects to resolve the issues.

We’ll keep you posted here with further updates and let us know in the comments below if you’re still having problems with your account.

Screen Shot 2016-06-09 at 3.20.14 PM

Father’s Day Gift Guide Hub: One Place with all the best deals

Android N introduces new security measures to prevent future Stagefright vulnerabilities

Abner Li May 5 2016 - 2:04 pm PT

0 Comments

android-n

Last year’s particularly virulent Stragefright bug allowed attackers to perform a number of actions on an infected device through remote code execution. While Google has addressed those issues with monthly security patches, Android N will play a larger role in making sure a similar issue does not happen again.

Expand
Expanding
Close

Researchers show how malicious apps could control Samsung SmartThings locks, lights & more [Video]

Ben Lovejoy May 2 2016 - 4:48 am PT

0 Comments

smartthings-exploit

Update: Samsung has issued a statement to us, which just expands on its earlier response. You can read it below the video.

Computer science researchers from the University of Michigan have shown how malicious apps could take control of Internet of Things devices in Samsung’s SmartThings platform – including the ability of an attacker to unlock a front door to gain physical access to a home.

The main weakness identified is that way that the SmartThings platform grants apps more privileges than needed to perform their stated functions, reports The Verge.

The researchers demonstrated this finding with a proof of concept app promising to monitor battery life on various devices. If the user agreed to let the malicious — but seemingly innocuous — app access their smart lock, the researchers could then not only monitor its battery, but perform the lock’s other functions, including unlocking the door. The researchers found 42 percent of 499 analyzed SmartApps are currently over-privileged in a similar way …

Expand
Expanding
Close

Google’s second annual Android security report reveals 6 billion apps checked for malware and PHAs every day

Cam Bunton Apr 19 2016 - 9:06 am PT

0 Comments

androidvirus

Android is widely considered by many to be the least secure of all mobile operating systems, but in recent years, Google has made serious efforts to change that perception. In its second annual security report, the company has revealed some mind-boggling numbers.

Expand
Expanding
Close

Linux kernel root vulnerability affects many Android devices, Google working on mid-cycle patch

Abner Li Mar 22 2016 - 3:05 pm PT

0 Comments

android_m_hero_1200

Android usually maintains a monthly security patch schedule, but Google has released an out-of-cycle fix for a serious vulnerability that affects a majority of devices. The company is working on a security update for Nexus devices and has released the patch for other OEMs to implement.

Expand
Expanding
Close

ProtonMail brings end-to-end encrypted email to Android

Greg Barbosa Mar 17 2016 - 7:28 am PT

0 Comments

Proton Mail

ProtonMail has announced the official launch of their mobile apps for iOS and Android today. ProtonMail brings seamless PGP end-to-end encryption to emailing, making it significantly more secure for those looking for an extra layer of privacy.

Expand
Expanding
Close

New ‘Mazar’ Android malware spreads via SMS, tricks users into granting a malicious app full permissions

Abner Li Feb 16 2016 - 4:46 pm PT

2 Comments

androidvirus

Danish security firm Heimdal has detected a nasty piece of malware that spreads via SMS and tricks users into downloading a malicious app. The text message containing the download link has already been sent to 100,000 phones in Denmark, though common sense security practices should keep users safe.

Expand
Expanding
Close

Gmail will warn users before sending & receiving emails from insecure addresses

Abner Li Feb 9 2016 - 10:10 am PT

1 Comment

Inbox by Gmail

Google and the rest of the tech industry take security very seriously. As part of this year’s Safer Internet Day, Google is offering users 2GB of Drive storage if they perform a security check on their account. In another security minded update, Gmail will now flag emails sent to and received from non-encrypted sources.

Expand
Expanding
Close

Google expands Safe Browsing to protect against fake download/play buttons

Abner Li Feb 3 2016 - 1:20 pm PT

0 Comments

safe-browsing-buttons

Over the years, Google has expanded what its Safe Browsing feature protects against. Last December, Safe Browsing was fully rolled out to Android users as part of an update to Chrome and Google Play services. Today, they are expanding it to protect against deceptive download buttons increasingly found around the web.

Expand
Expanding
Close

Google’s VirusTotal service now scans for tampered computer firmware

Abner Li Jan 28 2016 - 12:51 pm PT

0 Comments

virus-total

Google bought VirusTotal, an online virus and URL scanner, back in 2012 and it continues to run as an independent company even today. Their website and Mac app offers a very useful utility that lets users upload files to see whether they are ridden with viruses. They recently added the ability to scan a computer’s firmware for suspicious malware.

Expand
Expanding
Close

Chrome 48 beta’s new Security Panel in DevTools makes it easier to create HTTPS pages

Cam Bunton Jan 27 2016 - 2:52 am PT

0 Comments

chrome-security

Google has announced that it’s rolling out a new feature in Chrome 48 beta so that developers can better find and fix issues hindering their sites from showing as ‘secure’. The new Security Panel in DevTools will help web developers deploy HTTPS web pages more easily by showing connection information for every network request, and indicating whether or not they’re secure.

Devs will be able to see an overview of any given page. Secure pages will be indicated as such by a green lock, or green dot. Non-secure pages will have a yellow/orange triangle and will have information indicating why that particular page isn’t classed as secure.

This overview shows whether the page has a valid certificate, a secure TLS connection, as well as whether or not there’s any mixed content (aka if it loads insecure HTTP subresources). If there is mixed content, you can easily see what it is, and fix it.

Screen Shot 2016-01-19 at 16.58.29

Google launched the new Security Panel to replace the old ‘Connection Info’ tab which the company stated was too complicated for most users, but too basic for most devs. It didn’t make it clear exactly what was causing a site or page to show as non-secure.

Security Panel was originally shown off at the Chrome Dev Summit, where Emily Stark, a Google software engineer showed off the new tool in detail:

[youtube = https://www.youtube.com/watch?v=9WuP4KcDBpI]

Security Panel in DevTools will begin its rollout over the next few days.