Tag Archives: Google

Posted on Author Atlantic Computer Services Categories Blog

Your Google Calendar Settings May Be Sharing Your Info

Twelve years ago, Google introduced a new feature to Google Calendar that allowed users to share their calendars with others.  It’s a great feature and invaluable in a corporate environment because it gives teams an easy way to collaborate.  Google itself even touted the “make it pubic” feature of their calendar as being a cool way to use their search engine to discover upcoming events.

Unfortunately, as with most things, there’s a potential downside.  Recently, a security researcher named Avinash Jain discovered more than 8,000 publicly accessible Google Calendars, searchable via Google’s own search engine.  Many of these calendars contain sensitive information (which is bad enough), but worse, they allow any user to add new events that can cause real harm to the system hosting the calendar. This is done via maliciously crafted events or poisoned links.

As Avinash Jain reports:

“I was able to access public calendars of various organizations leaking out sensitive details like their email IDs, their event name, event details, location, meeting links, zoom meeting links, google hangout links, and much, much more.

This is more of an intended setting by the users and intended behavior of the service. The main issue however, is that anyone can view anyone’s public calendar, add anything on it – just by a single search query without being shared the calendar link.

Jain goes onto say that several calendars belonging to many of the top 500 Alexa company’s employees were made public, which is certainly cause for concern.

This most recent finding adds to the chorus already warning of the dangers of calendar sharing.  Just a few months ago, researchers from Kaspersky Lab discovered scammers abusing Google Calendar in a variety of ways. For example, there were phishing scams that contained poisoned links masquerading as google calendar event links.

Stay vigilant and be sure you have all employees check their Google Calendar security settings so you’re not revealing more than you intended to.

0
Posted on Author Atlantic Computer Services Categories Blog

Google Hangouts Extending  Support Until Next Year

If you’re a G Suite user, you’re probably already aware that Google has been making plans to shut down Google Hangouts.  In fact, the original plan was to begin phasing it out of the G Suite in October of this year (2019).

If you’re a fan of the service and rely on it for interoffice communications, you can breathe a short-lived sigh of relief.

The company recently announced that they’re pushing their timetable back. G Suite users will continue to have access to it through the first half of 2020, with Google beginning their process of shutting it down starting in June.

Once Google does formally retire Hangouts, the plan is to replace it with a pair of new services:  Hangouts Meet (which is a video conferencing service) and Hangouts chat (for real time text-based communications).  The new services will have a similar look and feel to classic Hangouts, so there shouldn’t be a big learning curve when migrating from the old to the new. Of course, the new services will feature some additional functionality that it’s hoping will wow its impressively sized user base.

On balance, this is good news.  People who are attached to classic Hangouts get to keep using it for a little longer than originally anticipated. The new features and similar look and feel should assuage concerns about the switch over when it actually occurs.

It is also worth mentioning that Google has a longstanding habit of shifting gears and changing plans mid-stream. So, news of these most recent changes to the company’s plans should be taken with a proverbial grain of salt.  Between now and next June, it’s entirely within the realm of possibility that the company’s plans will change yet again, which may give classic Hangouts users even more time.  Stay tuned.

0
Posted on Author Atlantic Computer Services Categories Blog

Gmail Users Will Get Updated Spelling and Grammar Assistance

There are changes afoot in Gmail designed to help improve the quality of your writing using new AI features.

These features will auto correct simple spelling errors and offer suggestions to improve your grammar.

As the company notes in a recent blog post on the matter:

“If you’re working against deadlines to write a lot of emails daily, correct spelling and grammar probably isn’t top of the mind.  These capabilities can also help you write and edit with more confidence if you’re a non-native speaker.”

Currently, the new system only supports English, but that’s almost certain to change in the months ahead.  Google plans to roll out the enhanced features beginning on August 20th for G Suite users who are on rapid-release domains.  Anyone on a scheduled release domain will start seeing the new features on September 12th.

Here’s a quick summary of what you can expect:

  • Common spelling mistakes will simply be auto corrected.
  • Words that are auto corrected will feature a dashed line beneath the correction so you’re aware of it.
  • Grammar mistakes will feature a blue squiggly line beneath the words to call your attention to them.
  • Less common spelling mistakes will feature both a blue squiggly line and a red line beneath the word in question.

Google is undoubtedly correct that their changes will be most beneficial to harried office workers facing tight deadlines and non-native English speakers. However, there aren’t many people who won’t see at least some benefit from the new features.

These are good changes that will no doubt prompt other companies selling competing products to follow suit, which will slowly and steadily raise the bar.  Kudos to Google for the coming developments.  If you’re anxious to try them out, you won’t have long to wait.

0
Posted on Author Atlantic Computer Services Categories Blog

Study On Passwords Shows People Still Use Breached Passwords

Google recently released a large-scale password study that will probably give every IT manager in the country heartburn. The results of their study indicate that a disturbing percentage of users continue to use passwords after they’ve been warned that those passwords have been compromised.

 

One of the most common tactics hackers employ is called ‘password spraying.’  It’s a simple technique.  The hackers simply try several compromised passwords (even if they’ve been floating around the Dark Web for months) thinking that a surprising percentage will still work.  Google’s study confirms the hackers’ beliefs to be true.

Right now on the Dark Web, there are more than 4 billion passwords known to be compromised.  The scope and scale of the problem is staggering. Worse, the users who have compromised accounts are, as a rule, slow to do anything to mitigate the danger.  According to the results of the study, only 26.1 percent of users who saw an alert indicating a compromised password bothered to change it.  Barely one in four.

Even when users did bother to change their passwords, 60 percent of the time, the new password was found to be vulnerable to a simple guessing attack. Although in fairness, 94 percent of changed passwords wound up being stronger than the previous one.

To collect the information, Google relied on a newly offered Chrome extension called Password Checkup, which it claims is superior to Firefox’s Monitor and the “Have I Been Pwned” website.

The company contends that these other solutions could be exploited by hackers, summing it up as follows:

“At present, these services make a variety of tradeoffs spanning user privacy, accuracy, and the risks involved with sharing ostensibly private account details through unauthenticated public channels…For example, both Firefox and LastPass check the breach status of user names to encourage password resetting, but they lack context for whether the user’s password was actually exposed for a specific site, or whether it was previously reset.

Equally problematic, other schemes implicitly trust breach-alerting services to properly handle plaintext usernames and passwords provided as part of a lookup.  This makes breach alerting services a liability in the event they become compromised (or turn out to be adversarial).”

 

0
Posted on Author Atlantic Computer Services Categories Blog

Some Android Apps To Receive Your Data Without Permission

When it works, Android’s app permissions are awesome.

They’re straightforward and easy to understand.

When you install a new app on your phone, you’ll get a popup box that gives you a summary of what permissions the app says it needs. Then, you have the option to either accept or deny it that permission.

Sometimes, the app winds up working fine, even if you deny it the permission.  But sometimes (like in the case of a map or direction app where you don’t allow it access to geolocation data), it won’t work at all.  By and large though, the system works as intended and it gives you a fair amount of control over which apps have what permissions.

Unfortunately, things are not always as they seem.  Researchers from UC Berkeley’s International Computer Science Institute recently tested 88,000 apps from the Google Play Store. They found 1,325 instances where apps continued to collect information even after users denied them the permission to do so.

The researchers had this to say about their findings:

“Modern smartphone platforms implement permission-based models to protect access to sensitive data and system resources.  However, apps can circumvent the permission model and gain access to protected data without user consent by using both covert and side channels.

Side channels present in the implementation of the permission system allow apps to access protected data and system resources without permission, whereas covert channels enable communication between two colluding apps, so that one app can share its permission-protected data with another app lacking those permissions.”

To cite one example, the researchers discovered that the photo sharing website Shutterfly (which is commonly used for sharing and editing photos) collects GPS data from mobile phones and sends it to its own servers. That is even if users have declined the app permission to access location data.

The report estimates that based on the number of apps found to be circumventing permissions, the number of users being impacted are likely in the hundreds of millions. Even worse, there are no easy fixes for this problem.  Be aware then, that the apps you’re using are likely collecting more data about you than you realize, even if you’ve told them not to.

0
1 26 27 28 29 30 31