Gmail Becomes Safer, Will Now Warn You About Unsecured Emails

security

Starting today, any messages that Gmail users send or receive from email providers that don’t support TLS encryption will be flagged with a tiny unlocked padlock icon. Clicking the padlock brings up a dialog box warning the user that if their message contains “confidential information” they may want to advise their contact to use a different email provider.

Here’s how it looks:

NewSaferGmail

In addition to this, Gmail will flag up email contacts whose identity can’t be verified. Any emails from unauthenticated sources will have their profile photo replaced with a question mark, and although Google notes that not all emails flagged in this way will be dangerous, it’s a good reminder to be extra careful.

SaferGmail

If you receive a message that claims to be from your bank, for example, but has an unauthenticated sender, it’s almost certainly malicious, and you should delete it immediately before it steals your money or your identity.

Gmail Security

Note that Gmail has always supported encryption in transit using TLS, and will automatically encrypt your incoming and outgoing emails if it can, and there are tons of other security measures running behind the scenes to keep your email safe.

Happy Safer Internet Day!

If you own a Samsung Phone, you’re at Risk!

Galaxy S6 Edge

If you are a Samsung Galaxy owner here is some news for you that is definitely worth taking a look at.

A Security Flaw Could Potentially Put A Massive Number Of Samsung Galaxy Phones At Risk.

The worrying announcement comes in the form of a security flaw that lets attackers install malware on to your device or, alternatively, eavesdrop on your phone calls.

Chicago-based security firm NowSecure has published a report that claims the bug lives in the SwiftKey keyboard software, which is installed on more than 600 million Samsung devices. It states the bug can allow a remote attacker, which is capable of controlling a user’s network traffic, to execute an arbitrary code on the user’s phone.

The most worrying thing though is that there is no option to uninstall the SwiftKey keyboard, if it’s there, it’s there for good.

An attacker can secretly install malware on a user’s device, access the camera, microphone and GPS, and listen in on calls and messages, change the way other apps behave and even steal photos and text messages.

NowSecure also claims it notified Samsung on this problem towards the end of last year. Samsung did provide a patch to amend the problem to network operators earlier in 2015 but it’s not known if this patch was made available to many users by the networks.

Potentially effected devices include; Samsung Galaxy S6, S5, S4 and the S4 mini.

Samsung and BlackBerry Announce Strategic Partnership

Samsung and BlackBerry announced a strategic partnership. The deal will bring the Canadian company’s highly praised mobile security solutions to the Korean giant’s lineup of Android devices.

The end result of the partnership between the two companies will be available in early 2015. It will merge BlackBerry’s BES12 cross-platform EMM solution and Samsung’s KNOX into a single security suite for Galaxy smartphones and tablets.

Samsung KNOX and BES12 will offer complete separation of business and personal data. The upcoming security suite will also provide enhancements that address some of the Android-specific security issues.

The deal is a win for both parties. It will instantly make Samsung a major player on the enterprise market. BlackBerry on the other hand, will surely welcome the fresh stream of cash to its business.

Source

“HeartBleed” Bug: What You Need to Know and How To Protect Yourself, Including for Yahoo, Gmail and Facebook!

heartbleed1

It’s been a while since there was a computer security bug we all had to worry about. 

Unfortunately, it seems like we may all have been facing one for two years and not even realized it.

Yesterday, security researchers announced a security flaw in OpenSSL, a popular data encryption standard, that gives hackers who know about it the ability to extract massive amounts of data from the services that we use every day and assume are mostly secure.

This isn’t simply a bug in some app that can quickly be updated. The vulnerability is in the machines that power services that transmit secure information, such as Facebook and Gmail.

We’ve put together the following guide to the so-called Heartbleed bug for those who want to understand what all the fuss is about, and how they can protect themselves.

What is the Heartbleed bug?

security

Heartbleed is a flaw in OpenSSL, the open-source encryption standard used by the majority of websites that need to transmit the data that users want to keep secure. It basically gives you a secure line when you’re sending an email or chatting on IM.

Encryption works by making it so that data being sent looks like nonsense to anyone but the intended recipient.

Occasionally, one computer might want to check that there’s still a computer at the end of its secure connection, and it will send out what’s known as a heartbeat, a small packet of data that asks for a response.

Because of a programming error in the implementation of OpenSSL, the researchers found that it was possible to send a well-disguised packet of data that looked like one of these heartbeats to trick the computer at the other end into sending data stored in its memory.

The flaw was first reported to the team behind OpenSSL by Google security researcher Neel Mehta, and independently found by security firm Codenomicon. According to the researchers who discovered the flaw, the code has been in OpenSSL for about two years, and using it doesn’t leave a trace.

How bad is that?

0

It’s really bad. Web servers can keep a lot of information in their active memory, including usernames, passwords, and even the content that users have uploaded to a service. According to Vox.com’s Timothy Lee, even credit-card numbers could be pulled out of the data sitting in memory on the servers that power some services.

But worse than that, the flaw has made it possible for hackers to steal encryption keys — the codes used to turn gibberish-encrypted data into readable information.

With encryption keys, hackers can intercept encrypted data moving to and from a site’s servers and read it without establishing a secure connection. This means that unless the companies running vulnerable servers change their keys, even future traffic will be susceptible.

Am I affected?

Probably, though again, this isn’t simply an issue on your personal computer or your phone — it’s in the software that powers the services you use. Security firm Codenomicon reports:

You are likely to be affected either directly or indirectly. OpenSSL is the most popular open source cryptographic library and TLS (transport layer security) implementation used to encrypt traffic on the Internet. Your popular social site, your company’s site, commercial site, hobby site, sites you install software from or even sites run by your government might be using vulnerable OpenSSL.

According to a recent Netcraft web server survey that looked at nearly 959,000,000 websites, 66% of sites are powered by technology built around SSL, and that doesn’t include email services, chat services, and a wide variety of apps available on every platform.

So what can I do to protect myself?

Since the vulnerability has been in OpenSSL for about two years and using it leaves no trace, assume that your accounts may be compromised. You should change your online passwords, especially for services where privacy and security are major concerns. However, many sites likely haven’t upgraded to software without the bug, so immediately changing them still might not help.

The researchers who discovered the flaw let the developers behind OpenSSL know several days before announcing the vulnerability, so it was fixed before word got out yesterday. Most major service providers should already be updating their sites, so the bug will be less prevalent over coming weeks.

President Obama says he’s not allowed to use an iPhone!

obama-biden-app-iphone-e1313703624657

US President Barack Obama has been photographed, on a number of occasions, using an iPad. He says he loves the tablet, and was actually given a second generation model days before it was announced, by Steve Jobs himself.

But it looks like that’s where Obama’s Apple gadget usage stops. During an Obamacare speech he gave yesterday to a youth audience attending a White House Summit, the President said he isn’t allowed to have an iPhone…

Here’s part of the speech via ABC News:

“Now, I am not allowed for security reasons to have an iPhone. I don’t know what your bills are. I’ve noticed that Sasha and Malia seem to spend a lot of time on it. My suspicion is that, for a lot of you, between your cable bill and your phone bill, you’re spending more than $100 per month.”

While Obama’s remark was obviously meant to be a quip, it has sparked a conversation in the tech world about mobile platform security. After all, the President is allowed to use a custom version of one of BlackBerry’s handsets.

Interestingly enough, many other US government agencies have already ditched their BlackBerrys, or are in the process of doing so, in favor of Apple’s smartphone. More secure or not, the company is bleeding enterprise customers.

As for Mr. Obama, his involvement in the tech community extends much further than gadget usage. Earlier this year, he vetoed an ITC sales ban on Apple products, and he’s currently fighting (or says he is) for a new unlocking policy.