Advertisements

Google Warns LastPass Users Were Exposed To ‘Last Password’ Credential Leak

Google Project Zero is a team of highly talented security analysts with a brief to uncover zero-day vulnerabilities. If a vulnerability is found, Project Zero reports to the vendor concerned and starts a 90-day countdown for a fix to be issued before full public disclosure is made. LastPass is also in the security business, being one of the most popular password management solutions with more than 16 million users, including 58,000 businesses. Project Zero has just disclosed that a security vulnerability left some of those 16 million users exposed to the risk of credential compromise as, in an ironic twist, LastPass could leak the last password used to any website visited.

How could the LastPass ‘last password’ vulnerability be exploited?

In a tweet posted September 16, Google Project Zero analyst Tavis Ormandy stated that “LastPass could leak the last used credentials due to a cache not being updated,” adding “this was because you can bypass the tab credential cache being populated by including the login form in an unexpected way!”

Ormandy reported the vulnerability on August 29, as Project Zero issue 1930, which showed how the credentials previously filled by LastPass could be exposed to any website under certain circumstances.

Today In: Innovation

Ferenc Kun, the security engineering manager for LastPass at LogMeIn, which owns LastPass, said in an online statement that this “limited set of circumstances on specific browser extensions” could potentially enable the attack scenario described.

“To exploit this bug, a series of actions would need to be taken by a LastPass user including filling a password with the LastPass icon, then visiting a compromised or malicious site and finally being tricked into clicking on the page several times,” Kun said, “any potential exposure due to the bug was limited to specific browsers (Chrome and Opera.)”

The answer, thankfully, is nothing. LastPass has already patched the vulnerability, and the fix was comprehensively verified with Project Zero. Indeed, the fix was rolled out on September 13, and Kun confirmed that “we have now resolved this bug; no user action is required and your LastPass browser extension will update automatically.”

As a precaution, the LastPass update was deployed to all web browsers and not just Chrome and Opera.

How severe was this vulnerability and should you stop using LastPass?

Let’s deal with the last part of that question first; there’s absolutely no reason to stop using LastPass or your preferred password manager for that matter. “Although password managers like any other software have flaws the benefits of using one far outweigh the risks,” says ethical hacker John Opdenakker. “It’s far more likely that your accounts will get compromised by attacks that exploit poor passwords,” Opdenakker says, “such as through credential reuse, than by attacks against password managers themselves.”

OK, so how serious was this particular vulnerability? It certainly sounds serious enough, right? Tavis Ormandy at Project Zero allocated the vulnerability a “high” severity rating. Opdenakker isn’t so sure it merits that. “I think it’s most important that LastPass fixed this bug, which is certainly not a critical one, within a reasonable amount of time,” Opdenakker says, “it’s debatable whether it’s high or medium because, as Ormandy says, it doesn’t work for all URLs.”

LastPass security recommendations

Ferenc Kun said that LastPass continues to recommend the following best practices for added online security:

  • Do not click on links from people you don’t know, or that seem out of character from your trusted contacts and companies.
  • Always enable Multi-Factor Authentication (MFA) for LastPass and other services like your bank, email, Twitter, Facebook, etc.
  • Never reuse your LastPass master password and never disclose it to anyone, including us.
  • Use different, unique passwords for every online account.
  • Keep your computer malware-free by running antivirus with the latest detection patterns and keeping your software up-to-date.

More at Forbes

This iPhone Hack Let Google Access iOS Device Files

Google To Fix Malicious Invites Issue For 1 Billion Calendar Users

New Security Warning Issued For Google’s 2 Billion Chrome Users

Follow me on Twitter or LinkedIn. Check out my website.

I’m a three-decade veteran technology journalist and have been a contributing editor at PC Pro magazine since the first issue in 1994. A three-time winner of the BT Security Journalist of the Year award (2006, 2008, 2010) I was also fortunate enough to be named BT Technology Journalist of the Year in 1996 for a forward-looking feature in PC Pro called ‘Threats to the Internet.’ In 2011 I was honored with the Enigma Award for a lifetime contribution to IT security journalism. Contact me in confidence at davey@happygeek.com if you have a story to reveal or research to share

Source: Google Warns LastPass Users Were Exposed To ‘Last Password’ Credential Leak

This is a short intro to how to use LastPass. Links: https://www.lastpass.com https://youtu.be/M4Z0xwzpQrk (My Diceware Video) ======================================== Follow me on Twitter: @redfalconsec Like me on Facebook: search “RedFalcon Security” Fonts used: Digitalt by gluk (http://www.dafont.com/digitalt.font) Royalty free ClipArt provided by LibrOffice Impress and clker (www.clker.com). This video made entirely in Linux using open source tools.

Advertisements

 AUTOMATED WordPress Theme that RANKS ITSELF on GOOGLE Only With WP News Ranker

 

The sad truth these days is that it seems there are no shortcuts to ranking on page #1.

5-10 years ago just about anyone could spam backlinks, do some seo and rank their site effectively.

But the problem is Google got wise to that. And that’s why online marketing has become so HARD.

It’s true… don’t beat yourself up if you haven’t had results ranking your site so far, because in 2019 Google is SMART.

Simply spamming some backlinks and installing an SEO plugin WILL NOT RANK your site.

These days it’s more true than ever that Google only rewards QUALITY websites with higher rankings.

And to Google quality means you posting masses and masses of original content on a regular basis.

  • Rank Your Site For Popular Searches In Your Niche: Start ranking your site on page#1 for things people are ACTUALLY searching for.
  • Start Getting TRAFFIC Today: Get masses of free search traffic from Google 24/7
  • 100% Automated Your site will start ranking itself on page #1 from the moment you activate the plugin
  • Get Original Content For Your Site 24/7: You never have to create ANY original content for your site ever again!
  • Automated “Human Readable” Articles : Get fully automatic content that looks like it was written by a human!
  • Easy To Use, Newbie Friendly: Anyone can have their site ranking itself within minutes of installing.
  • Works In ANY Niche: No matter how big or small your niche, you will see great results.
  • Unique “Image Spinning” Technology Included: You get unique IMAGES for your site content too!
  • Unlimited License Available: You could have dozens of sites, producing their own content and ranking themselves on FULL AUTOPILOT.

Profit

WP News Ranker goes to work every day searching top news sources to create trending content in your niche. Get masses of google search traffic every day by getting your site on page #1 for multiple popular search terms. Get automated content that is so realistic no-one will ever guess it’s automated. Not even Google!

Most Powerful “Content Spinning” You’ve Ever Seen.

Spin any of your chosen content sources into totally unique posts and articles All content is fully “human readable” High quality spun content that even your visitors will love. Appears totally original to Google. Get MASSIVE increases in your Google search ranking.

 

Source:  AUTOMATED WordPress Theme that RANKS ITSELF on GOOGLE Only With WP News Ranker | Online Marketing Tools

How Google’s Work With Motorbike Riders In India Demonstrates Its Plan For Emerging Markets

India is the world’s largest market for motorbikes, with two-wheelers making up 70% of all vehicles registered by its 1.3 billion residents. It’s these motorbike drivers, more so than car owners, that Google needs to please as it competes for mindshare in this emerging market. So when user research showed that motorbikers in India didn’t find Maps useful, a team in Google’s Seattle office was tasked with figuring out how to change it.

A dive into the data revealed that motorbike drivers would only open the app for about 30 seconds and then close it. The team of product experts hypothesized that drivers needed more guidance on their route, so they spun up a prototype that would provide more in-ride prompts. But when they tested it with users in Jaipur, the largest city in the Indian state of Rajasthan, the prototype flopped.

The trials and errors to make Maps work better in India were a wake-up call, says Lauren Celenza, lead designer on Google’s two-wheeler project. As Google aims to reach more users in emerging markets like India, South East Asia, Africa and Latin America, the company needed to better integrate user research with product design.

“Opening up of the process beyond the walls of our offices is a playbook that we’re looking to for future projects,” Celenza says.

After actually spending time in India talking to people, the product team realized that the exact opposite of their initial assumption was true: Motorbike drivers didn’t want to look at or listen to their phones at all as they navigated the crowded and often chaotic roads. Instead, they wanted clearer guidance before starting out.

That initial design process highlights the too common tech industry hubris wherein companies launch tools for people far away without proper preparation or understanding of regional wants, needs or cultural differences. At its most anodyne, this approach leads to unpopular products. But it can also fuel real-world crises, like fake news and hate-speech going viral in Myanmar because Facebook didn’t have enough Burmese-speaking moderators.

The Google Maps team on the project ended up building a “two-wheeler mode” with customized routes for motorbikes that simplifies the maps and highlights landmarks to make it easier for drivers to understand and memorize the way before starting out. Since that product launched about a year and a half ago, its usage has grown from one million daily users to 5 million, and Google has launched the feature in more than a dozen new markets.

Two-wheeler mode falls under the domain of what Google calls its “Next Billion Users” initiative to reach users in emerging markets, either by launching new products or adapting old ones. For example, Google launched data-light and offline versions of Search, YouTube and Maps, and created an India-specific payments service called Tez.

At Google’s I/O developers conference last week, the company announced several other features geared at emerging markets. For example, it will start allowing people to pay for Android apps using cash and demoed an automatic text-to-speech service that will initially launch in Google’s Go app for entry-level devices.

“We need to do a lot more work to make sure our technologies and our services actually work really well for these users, including designing the right products for their unique needs,” Caesar Sengupta, vice president of Google’s Next Billion Users group, tells Forbes. “The amount of work we have left to do is still huge.”

In the past year, Google has faced a handful of controversies about how it cooperates with foreign governments. In August, the Intercept reported that the company was working on a version of its search engine in China that would comply with the country’s strict censorship laws. U.S. politicians, human rights activists and Google employees criticized the project, describing it as a tool for oppression and a slap in the face of Internet freedom. Google eventually told Congress in December that it has “no plans” to launch a search engine in China.

This spring, Google (and Apple) received widespread criticism for offering a Saudi Arabian smartphone app that allows husbands to track their wives. The country’s “male guardianship system,” which requires women to obtain male approval for certain actions, makes tracking legal, and Google said it would not remove the app.

Sengupta, who reportedly had a leadership role in the Dragonfly project, said that the company is “really engaged” in debates about the services it provides.

“The world is evolving fast,” he said. “We need to be constantly looking at what we’re doing and what are the right ways to be doing something.”

Contact this reporter at jdonfro [at] forbes.com. Have a more sensitive tip? Reach Jillian via encrypted messaging app Signal at 978.660.6302 using a non-work phone or contact Forbes anonymously via SecureDrop (instructions here: https://www.forbes.com/tips/#6ebc8a4f226a).

I’m a San Francisco-based staff writer for Forbes reporting on Google and the rest of the Alphabet universe, as well as artificial intelligence more broadly.

Source: How Google’s Work With Motorbike Riders In India Demonstrates Its Plan For Emerging Markets

Why Google’s Theme For Its Big Developers’ Conference Could Fall Flat

This week, thousands of visitors will swarm Google’s home city of Mountain View, California, for the company’s annual I/O developers’ conference. The event serves as a state of the union of sorts for Google, allowing it to parade out new products, share milestones for existing ones, and lay out its vision for the future as techies and press from all over the world tune in.

“This year, you’ll hear a lot about how we’re building a helpful Google for everyone,” the company wrote in a press teaser ahead of the show, which starts Tuesday (the bold emphasis is the company’s).

But while Google hopes to wow audiences with presentations on artificial intelligence and accessibility, that rosy messaging may fall flat in light of the company’s recent controversies.

In the past year, Google has faced an unprecedented level of criticism from experts and its own employees on issues like censorship, workplace misconduct, and AI ethics. One consistent theme of the various accusations has been how Google has not, in fact, been helpful for everyone. Google’s timeline since its 2018 conference is studded with complaints of exclusionary behavior.

Take, for example, last fall when The Intercept revealed that the company was secretly developing censored search products in China. Lawmakershuman rights activists, and Google employees alike denounced the plans, and in an open letter, workers admonished the company for building technology that would “aid the powerful in oppressing the vulnerable.” Google ultimately said it has tabled its plans.

Not long after, employees staged a massive walkout to protest what organizers described as a “workplace culture that’s not working for everyone” following a New York Times report on how Google shielded executives from misconduct claims. Demonstrators shared stories of inequity and harassment, including for Google’s “shadow workforce” of temporary and contract workers, who have less job security and fewer protections than their direct-employee peers. Google has updated a handful of policies and practices since the walkout, but its organizers have continued to push for other changes.

More recently, employees and outsiders called out Google for including Kay Coles James, the president of a conservative think tank, on a new advanced technology advisory council, citing her anti-LGBTQ views. Google eventually disbanded the so-called AI ethics board, saying in a statement that it had “become clear that in the current environment, [the council] can’t function as we wanted,” but didn’t address protestors’ arguments about underrepresented groups, like LGBTQ people, being especially at-risk for unintended consequences for AI.

For Google to hang its conference on the theme of being helpful for everyone without acknowledging its slew of exclusion-based issues may make the company’s intended theme seem hollow or ironic.

This wouldn’t be the first time Google has undermined its own messaging: Last year it sabotaged its recurring I/O mantra about developing “responsible AI” by launching a product that imitated humans but didn’t self-identify as a robot, which raised major ethical red flags.

Gartner research director Werner Goertz, who plans to attend the conference, doubts that any of the many product managers and executives who get up on the main stage will directly address Google’s litany of recent controversies. Viewers will hear details about a cheaper Pixel smartphone and the next edition of Android, but no atonement.

“Remember, I/O is a developers’ conference,” he says. “Google will focus on addressing the technical details, and I don’t think these other topics will really distract from that message.”

Perhaps they should.

Contact this reporter at jdonfro [at] forbes.com. Have a more sensitive tip? Reach Jillian via encrypted messaging app Signal at 978.660.6302 using a non-work phone or contact Forbes anonymously via SecureDrop (instructions here: https://www.forbes.com/tips/#6ebc8a4f226a).

I’m a San Francisco-based staff writer for Forbes reporting on Google and the rest of the Alphabet universe, as well as artificial intelligence more broadly.

Source: Why Google’s Theme For Its Big Developers’ Conference Could Fall Flat

Google Confirms It Will Automatically Delete Your Data — What You Need To Know

uncaptioned
ASSOCIATED PRESS

Ahead of the annual Google I/O developer festival opening its doors on Tuesday, Google has already made one major announcement: it will soon start deleting your data automatically.

Writing in the official Google safety and security blog, David Monsees and Marlo McGriff, the product managers for Google search and maps respectively, say that the company is responding to user feedback asking to make managing data privacy and security simpler. “You can already use your Google Account to access simple on/off controls for Location History and Web & App Activity,” they say, “and if you choose, to delete all or part of that data manually.” What’s new is the soon to be rolled out “auto-delete controls” that will enable users to set time limits on how long Google can save your data.

Said to be arriving within weeks, the new controls will apply to location history as well as web and app activity data to start with. Users will be able to choose a time limit of between three and 18 months after which the data concerned will automatically delete on a rolling basis. You can already delete this data manually if you want, but the ability to have it deleted automatically is long overdue in my never humble opinion. Especially given reports last year that suggested Google was storing location data even when users had turned off location history and considering the somewhat arduous manual deletion process.

Not that everyone will want to delete this data of course. As with most things online these days it comes down to a choice between privacy and function. Actually, make that a balance between the two as it’s rare for anyone to be totally binary when it comes to such matters truth be told. Google says that this data “can make Google products more useful for you, like recommending a restaurant that you might enjoy, or helping you pick up where you left off on a previous search.” If you are of the don’t store any of my location data thank you very much persuasion, then disabling location history altogether would seem like a better option given that some mobile apps can track location data when they aren’t running. For everyone else, the new auto-deletion controls will be a welcome weapon in the “taking back control of at least some of your data” arsenal.

Keep checking the Data & Personalization section of your Google account settings, specifically the “Manage your activity controls” option I would imagine, to see if the function has rolled out for you in the coming weeks.

Please follow me on Twitter or connect with me on LinkedIn, you can find more of my stories at happygeek.com

I have been covering the information security beat for three decades and Contributing Editor at PC Pro Magazine since the first issue way back in 1994.

Source: Google Confirms It Will Automatically Delete Your Data — What You Need To Know

French regulator orders Google to take measures on advertising — peoples trust toronto

http://bit.ly/2RqgIqZ January 31, 2019 PARIS (Reuters) – France’s competition regulator has ordered Google to take measures regarding some of its advertising methods, saying these had hit French firm Amadeus which runs a directory service in France. “Google will need to quickly clarify the rules for its Google Ads online advertising platform that apply to electronic […]

via French regulator orders Google to take measures on advertising — peoples trust toronto

Trust Hijacker -How To Steal Google Traffic SEO To Any Site With 3 Clicks

Learn how, using this New Technology you can “Lock In Recurring SEO Income Easily” SEO Clients stop paying? Too easy,send the organic laser targeted traffic to their competitors. Or Learn how to send this traffic to more than 1 client! We all know SEO clients hate paying for our services after you get them ranked. Not any longer! Retain your Income for this traffic forever. The idea of building your own sites, that you get to Keep is so better than building authority to someone else website where you own some money but don’t own any equity in the site and you don’t even know if you’ll get paid or only 1/2 paid which happens sometimes as we all know……….

Read more: https://infinityseosoftware.com/trustjacker/

George Gilder- Life After Google Blockstack Berlin 2018

George Franklin Gilder is an American investor, writer, economist, techno-utopian advocate, and co-founder of the Discovery Institute. His 1981 international bestseller Wealth and Poverty advanced a practical and moral case for supply-side economics and capitalism during the early months of the Reagan administration and made him Ronald Reagan‘s most quoted living author.[2] Married to Nini Gilder, he has four children.

In the 1970s, Gilder established himself as a critic of feminism and government welfare policies, arguing that they eroded the “sexual constitution” that civilized and socialized men in the roles of fathers and providers. In the 1990s, he became an enthusiastic evangelist of technology and the Internet by several books and his newsletter, the Gilder Technology Report. He is also known as the chairman of George Gilder Fund Management, LLC…….

 

 

 

Your kindly Donations would be so effective in order to fulfill our future research and endeavors – Thank you

 

 

Google is Not Just An Answer Machine It Monitors Your Responses Too – Ed Finn & Andrew Maynard

1.jpg

In 1998, began humbly, formally incorporated in a Menlo Park garage, providing search results from a server housed in Lego bricks. It had a straightforward goal: make the poorly indexed World Wide Web accessible to humans. Its success was based on an algorithm that analyzed the linking structure of the internet itself to evaluate what web pages are most reputable and useful. But founders Sergey Brin and Larry Page had a much more ambitious goal: They wanted to organize the world’s information. Twenty years later, they have built a company going far beyond even that lofty goal……

Read more: https://www.business-standard.com/article/technology/google-is-not-just-an-answer-machine-it-monitors-your-responses-too-118092700143_1.html

 

 

Your kindly Donations would be so effective in order to fulfill our future research and endeavors – Thank you

 

 

Google And Goldman Back Bitcoin Startup For Small Businesses – Michael del Castillo

1.jpg

Marwan Forzely has come a long way since his days at Western Union. The serial entrepreneur, who sold his previous company to Western Union to help the money-transfer giant directly connect to customer bank accounts, has raised $25 million to cut intermediary banks out of the payment process altogether.Instead of relying on a series of correspondents to move money between different jurisdictions around the world, Marwan’s latest venture, Veem, uses bitcoin to directly connect its clients’ bank accounts with suppliers and customers…….

Read more: https://www.forbes.com/sites/michaeldelcastillo/2018/09/26/google-and-goldman-back-bitcoin-startup-for-small-businesses/#539a7ad546d9

 

 

Your kindly Donations would be so effective in order to fulfill our future research and endeavors – Thank you

%d bloggers like this:
Skip to toolbar