Showing posts with label 5. Show all posts
Showing posts with label 5. Show all posts

Wednesday, March 30, 2016

5 things Google has done for Privacy & Security


Over the past few years, Google has increasingly improved the online security and protections of its Gmail users.

Besides two-factor authentication and HTTPS, Google has added new tools and features to Gmail that ensures users security and privacy, preventing cyber criminals and intelligence agencies to hack email accounts.


1. Enhanced State-Sponsored Attack Warnings


Apple vs. FBI case urged every company to beef up the security parameters to prevent their services from not just hackers but also the law enforcement.

Google for a while now has the capability to identify government-backed hackers, and notify potentially affected Gmail users so they can take action as soon as possible.

Google recently announced on its blog post that it will alert Gmail users about the possibility of any state-sponsored attack by showing them a full-page warning with instructions about how to stay safe — very hard to miss or neglect.

Meanwhile, the company revealed that over 1 Million Gmail accounts may have been targeted by government-backed hackers so far.

Although Google has warned Gmail users of state-sponsored attackers since 2012, the company neither disclosed the exact number nor explained how it knows of such hacking attacks.

However, Google said that it knows who the targets are – the list often includes "activists, journalists, and policy-makers taking bold stands around the world."

2. SMTP Strict Transport Security (SMTP STS)


A new security feature dubbed "SMTP STS" has been on the bench of the Internet Engineering Task Force (IETF) to obtain a green signal.

This new email standard is developed in a joint effort by the engineers of top email services including Google, Microsoft, Yahoo!, Comcast, LinkedIn, and 1&1 Mail & Media Development.

SMTP STS has been designed to enhance the email security by preventing Man-in-the-Middle (MitM) and encryption downgrade attacks that have compromised past efforts like STARTTLS at making SMTP a more secure protocol.

SMTP Strict Transport Security (SMTP STS) runs on top of the STARTTLS feature to strengthen SMTP standard.

SMTP STS will check if recipient supports SMTP STS and has valid and up-to-date encryption certificate. If everything goes well, it allows your message to go through. Otherwise, it will stop the email from sending and will notify you of the reason.

3. End-to-End Encryption (via Chrome Extension Only)


Google announced the End-To-End encryption for its users almost two years ago, but still, the novel feature is yet to release.

The idea is to develop a browser extension that ensures its users Privacy by implementing the complex, yet secure PGP (Pretty Good Privacy) encryption in an attempt to fully encrypt messages that even Google can not read, nor anyone else other than the users exchanging the emails.

With this goal in mind, the browser extension will let users create their private and public encryption keys within their browsers. The public key will be uploaded to Google's servers, while the private key will be stored locally in the browser.

How the End-to-End Chrome Extension Works:


When a user sends an email to the other user with a PGP key, his or her browser will automatically download the other user's public key from the server and encrypt the content of the email.

However, the work is still in progress, and the company has not revealed that when it is planning to release the browser extension.

Although Google made the source code for its End-to-End Chrome extension open source via GitHub almost a year ago, so that researchers can review it, the stable version is yet to release.

For now, you can try an alternative method to send encrypted emails. We have written a step-by-step tutorial article on how to send end-to-end encrypted emails to others.

If difficult, you can try a Swiss-based, ProtonMail, a free, open source and end-to-end encrypted email service that offers the simplest and best way to maintain secure communications to keep user's personal data safe.

4. Gmail's Red Padlock Alert

gmail-red-padlock-alert
Previously there was no method to ensure whether the received email had been traversed via an encrypted channel or not, which could be subjected to scrambling or Man-in-the-Middle (MiTM) attacks.

But last month, Google introduced a security measure in Gmail service in the form of a small Red Padlock next to a sender's email address in an effort to highlight users if the message has been sent through an unencrypted channel.

If a Gmail user receives an email from other services that don't support TLS encryption, the feature gives warning by showing an open red lock next to the sender’s email address (as shown).

These unencrypted emails then went to spam, increasing Gmail security of its users.

5. Google Safe Browsing For A Quick Malware Check

One of Google's recent changes is the expansion of its 'Safe Browsing' notifications.

The malicious links spread via emails are an easy hit method to infect a large number of users after forcing them to visit malicious web pages controlled by hackers.

However, the Safe Browsing feature protects Gmail users by identifying potentially dangerous links in emails.

The automated agents in the mail scan the content of emails for spam and malware detection. And before opening the link, Gmail inspects the complete mail and prevents the user to open the malicious links in the main upon a quick scan.

The features that are being added by Google helps the privacy of Gmail users and stricken the email confidential policies.

Monday, December 7, 2015

Five Emergency Apps: You should always carry with you

What applications do you carry with you at all times? Because you can never have enough emergency apps to carry with you in the field.
As you might expect, everyone has different needs and every emergency calls for a different tool. That's why you need to have a variety of tools on hand to cover nearly every issue. In this take on the emergency apps, we'll examine some tools that, although you may not always use, they will prove irreplaceable when the time comes to fire them up.

1: Mozilla Firefox, Portable Edition
Figure A
Figure A

2: FileZilla Portable

Figure B
Figure B

3: McAfee Stinger

Figure C
Figure C

4: EditPad Lite

Figure D
Figure D

5: MBRtool

Figure E
Figure E
Your go-to emergency apps
Let's face it, at some point you're going to run into a machine that only has Internet Explorer and the browser simply won't work. When that machine can't browse the web, you might not be able to get the specific tool you need (one you don't have with you) or you won't be able to gain access to the solution for the problem. When that time comes, you'll be glad you have Mozilla Firefox, Portable Edition (Figure A). What's great about this tool is that it looks and feels exactly like the standard edition desktop browser. As a bonus, if you use the browser with the Portable Apps Platform, the portable edition of Firefox will always run in private mode, so you don't leave any information behind.
There will be times when you either need to download or upload data from a troubled PC via FTP. When that happens, you'll want to have the portable edition of FileZilla (Figure B) on hand. Although you might be able to download from an FTP site with your favorite browser, uploading can be an issue. And what happens when the browser is misbehaving and you simply need to snag some data? That's when a portable FTP client can come in handy. Like the portable version of Firefox, FileZilla Portable behaves exactly like the desktop iteration of the app.
McAfee Stinger (Figure C) is a standalone application that does a great job of removing more than 6,000 "fake alert" malware threats. This version also includes a beta of Raptor (a real-time behavior detection that monitors suspicious activity on an endpoint). This is not to be considered a substitution for a full-blown antivirus solution, as Stinger only looks for specific threats. And while it isn't the fastest scanner you'll ever use, it is certainly effective. Once run, it will isolate suspicious and infected files to C:\Quarantine\Stinger.
At some point, you're going to need to manually edit a config file and the installed tools simply won't work. When that happens, you'll be glad you have the likes of EditPad Lite (Figure D) in your toolkit. Editpad Lite offers plenty of features. With it you can do simple text file edits or even programming (although it doesn't include all the features you'd want in a programming editor). EditPad also features a built-in clipboard tool, search and replace, and plenty of configuration options.
If you're looking for a tool to manage or recover your PC's master boot record (MBR), MBRtool (Figure E) might be just what you need. It lets you verify, back up, and restore the MBR, as well as edit or wipe the partition table and blank or remove the boot code. MBRtool supports the first four hard drives present on a system. The only caveat to using this tool is that it presumes you have backed up the MBR to a location outside the C drive (preferably on a portable drive you have access to) so you can then restore the MBR back to the corrupted system. Also note that MBRtool is an app that works with DOS, so there is no fancy GUI to help guide you through the process. You'll want to take a careful look at the MBRTool User Guide.
There are many good candidates for your emergency toolkit. If you're walking around without them, you're doing yourself (and your end users) a disservice. No, you won't always need each of these apps. But when you do, you'll be glad you have them at the ready.
What emergency tools do you find essential? Share your thoughts with fellow Latest Technology readers.