Tag Archives: Google

Posted on Author Atlantic Computer Services Categories Blog

Google Bug Exposed Passwords For Some GSuite Enterprise Customers

Even companies that are normally quite good at providing security for their users occasionally wind up with egg on their faces.  Google is a classic case in point, in this instance.  Recently, the company announced that a bug in an older segment of their GSuite code base resulted in the recent discovery that the company had been storing customer passwords in an encrypted but un-hashed form for more than a decade.

Somehow, this bug managed to go undetected for a staggering fourteen years.  On discovering it, the company immediately corrected the issue, so there’s nothing for GSuite users to do at this point. Although, the company is recommending that all GSuite Enterprise customers immediately change their passwords just to be safe.

The company also notes that only GSuite Enterprise customers were impacted.  If you’re just a regular Gmail user, your password was not exposed in the manner described above.  Google’s official statement about the matter reads, in part, as follows: “To be clear, these passwords remained in our secure encrypted infrastructure.  The issue has been fixed and we have seen no evidence of improper access to or misuse of the affected passwords.”

This is the second time in recent months that the company has found itself dealing with issues of exposed passwords in systems that were thought to be highly secure.  Again, this is proof positive that even the largest companies with generally good reputations where security is concerned can misstep.

GSuite Admins have been notified and instructed to reset all user passwords that had been set using the old tool. If you’re one of the impacted users, odds are excellent that this has already been done.   If you’re not sure, take the time to query your IT staff just to be sure that base is covered.

0
Posted on Author Atlantic Computer Services Categories Blog

Chrome Will Offer More Ways To Control Web Tracking

Google announced a pair of important security features of upcoming versions of its Chrome browser at this year’s I/O Developer Conference.

Both changes are designed with the same goal in mind:

To give users some additional tools to block or at least mitigate the threat of online tracking.

The first of the two new features is called Improved SameSite Cookies, and as the name suggests, it’s an attempt to improve cookie handling.  As you probably know, cookies are created when a user visits a particular website.  Cookies are the mechanism by which that site remembers information about a user’s visit. It stores information such as preferred language, items you may have in your shopping cart (if the site has an eCommerce element), your login information, and the like.

Unfortunately, cookies are often used to identify users and track their movement and activities. That is not only by the owners of the site, but also by any third-party the site shares data with.  As an example, cookies are the reason that re-targeting ad strategies work. Worse, there’s currently no good way to categorize and identify how websites are using cookies.  To every browser in use today, they’re all considered to be the same thing. That is why when you go into your browser settings page and clear your cookies, it automatically logs you out of all websites where you’ve saved your login credentials.

Google’s new feature would change that, allowing you to selectively delete cookies based on what they’re doing. That means you’d be able to preserve your saved logins while blocking or deleting cookies used for other purposes. In a similar vein, the company’s planned Fingerprinting Protection feature seeks to make it harder to fingerprint people that are using the Chrome browser. That is a tactic commonly used to track user activity without their knowledge and consent.

It remains to be seen how robust these new features will be, but if they live up to expectations, they’ll be two powerful new additions to Google’s growing suite of user controls.  That’s a very good thing.

0
Posted on Author Atlantic Computer Services Categories Blog

Google Giving More Flexibility To Private Data Removal

Tech giant Google recently unveiled the next step in its plan to put more power in the hands of users when it comes to their own data.  The most recent change involves the introduction of a new auto-delete feature tied to your Google account.

It will allow you to set your Location History, Web data and App Activity data to auto-delete after a set period of time defined by you.

With the way things currently work, users have two options.  They can either disable Location History and Web and App activity entirely. Or they can manually delete portions of their data (or all of it).  Neither option is great, since many apps won’t function with those services disabled, and the second is exceedingly cumbersome.

Worse, an AP investigation last year revealed that even if you take the step of disabling your Location History, Google can, will, and does continue to track your location.  In fact, just last month it came to light that Google maintains a gigantic database called ‘Sensorvault’ that contains the detailed location histories of hundreds of millions of phones around the world. In addition, the company reportedly makes the database available to law enforcement agencies to assist them in solving crimes.

This caught the attention of and drew the ire of privacy advocates around the world. This most recent change comes on the heels of that revelation and to the company’s credit, it’s a good move.

Under the new system, you have three options to choose from:

  • Keep until I delete manually
  • Keep for 18 months, then delete automatically
  • Keep for 3 months, then delete automatically

At this point, there’s no official word from the company on when the new feature will be rolled out. You can be sure that when it is, it will make headlines everywhere.  It’s a pity that it took this long to see, but it’s a solid step in the right direction.

0
Posted on Author Atlantic Computer Services Categories Blog

Android Wifi Hotspot App Leaks Network Passwords And Information

Do you use an Android App called ‘WiFi Finder’?  If so, be advised that your network password has likely been exposed, based on research conducted by Sanyam Jain, of the GDI Foundation.

Jain discovered an unprotected database online associated with the app that contained more than two million network passwords.

He reported his findings to Zack Whittaker of TechCrunch, and the two of them spent more than two weeks trying to contact the Chinese-based developer to no avail. When that effort failed, they contacted DigitalOcean, the company hosting the database, and they promptly pulled it offline.

As to the app itself, WiFi Finder is very good at what it does, and it does what the name suggests. It searches for WiFi hotspots and maps them, giving users the ability to upload all their stored WiFi passwords.

Unfortunately, the app isn’t picky.  It makes no distinction between public and private hotspots.  If your neighbor has an unprotected router, it’ll show up on the list.

According to statistics obtained from Google, WiFi Finder has been downloaded more than 100,000  times. Given how many WiFi hotspots there are all over the world, each user is bound to have a dozen or more mapped by the app, which translates into a lot of hotspots in the database, considering the size of the database Jain found.

If there’s a bright spot to be found in the incident, the database did not include contact information for the WiFi owners. However, it did contain geolocation data, and of course, if you saved your passwords in the app, then that was included as well.

If you’re currently using the app, to be safe, you should probably delete it and find a better option. Then change your Wi-Fi passwords, as there’s no telling who may now have access.

0
Posted on Author Atlantic Computer Services Categories Blog

Popular Android Apps Banned For Sending User Data To China

A major Chinese developer is in hot water with Google from an extensive BuzzFeed investigation which revealed that the company’s apps were abusing user permissions, allowing the company to commit fraud on a massive scale.

As a result of BuzzFeed’s findings, Google took the step of removing six different apps made by the company down from the play store.

This was including a popular selfie app that boasted more than fifty million downloads. The apps were all products of the DU Group, which was spun off from Baidu, one of China’s’ largest tech companies.  The newly independent firm claims that its apps have been downloaded more than a billion times by users around the world.

Whether that claim is true or not, the reality is that the six apps Google removed from the Play store had been downloaded more than 90 million times.  The list of offenses varied from one app to the next, with some of them fraudulently clicking on ads to generate revenue, and others containing code that the DU Group could have selectively activated to engage in more nefarious forms of ad fraud.

A company spokesman had this to say about the matter:

“We explicitly prohibit ad fraud and service abuse on Google Play.  Developers are required to disclose the collection of personal data, and only use permissions that are needed to deliver the feature within the app.  If an app violates our policies, we take action that can include banning a developer from being able to publish on Play.”

The apps Google removed from the Play Store are:

  • Selfie Camera
  • Total Cleaner
  • Smart Cooler
  • RAM Master
  • AIO Flashlight
  • Omni Cleaner

If you have any of these installed, you should strongly consider deleting them and finding less intrusive alternatives.

0
1 28 29 30 31