Connect with us

Security

GOOGLE’S NEW RECAPTCHA AUTOMATICALLY TELLS YOU ARE NOT A BOT

Published

on

Over the years, Google has utilised a number of methods to distinguish between human and bots on the web. Its take on the CAPTCHA (Completely Automated Public Turing test to tell Computers and Humans Apart) test, known as reCAPTCHA, has required you to transcribe distorted words, confirm Street View addresses or simply just tick a box. Soon, you won’t need to do the hard work, because Google’s making the system invisible.

Using a combination of machine learning and advanced risk analysis, Google has updated its system to detect user habits without dedicated interaction. When you arrive on a web page, the controls should disappear and serve the relevant content. However, if you do trip Google’s risk analysis algorithms, you may need to quickly solve one of the search giant’s puzzles.

While the new system is invisible, it will still consider variables like your IP address and the movements of your mouse. Google says its technology will “actively consider a user’s engagement with the CAPTCHA — before, during, and after — to determine whether that user is a human.” That means no more transcription, which offered a human balance to Google’s optical character recognition, but you may now find what you were looking for a lot quicker.

Source:https://www.engadget.com/2017/03/10/google-new-invisible-recaptcha/?sr_source=Twitter

Continue Reading
Click to comment

Leave a Reply

Your email address will not be published. Required fields are marked *

This site uses Akismet to reduce spam. Learn how your comment data is processed.

Security

Google replaces its Bluetooth security keys because they can be accessed by nearby attackers

Published

on

By

  • Google offered free replacements of its Bluetooth Titan Security Keys after it found that nearby attackers could access them.
  • Google said the issue does not impact the tool’s ability to prevent remote phishing attacks.
  • The company advised users to continue using the key until a replacement arrives.
CNBC Tech: Google Titan Key 5

Logging in to Gmail on a phone is a cinch.Magdalena Petrova | CNBC

Google found a security issue that could give an attacker access to a users’ device based on a tool meant to keep it secure, the company disclosedWednesday.

Google is offering free replacements of its Bluetooth Low Energy Titan Security Keys after it found that anyone within about 30 feet could communicate with the key and its paired device while a user tried to activate the key or pair their devices.

The Titan Security Key is meant to provide an additional layer of protection for users hoping to prevent their accounts from being taken over by phishing attacks. While Google said the issue does not interfere with the key’s ability to protect users from a remote phishing attack, it still reveals a significant gap in the device’s security.

The flaw could undermine Google’s recent messaging around privacy and security, which has become a hot issue in Silicon Valley. Google CEO Sundar Pichai penned a New York Times op-ed earlier this month advocating for the democratization of privacy after unveiling a host of new privacy features at Google’s developer conference.

Google recommended continuing to use the affected keys until their replacement arrives. As an extra precaution, users should use the keys when they aren’t near other people who may try to gain access to their devices, then immediately unpair the key after signing on, Google said. However, iOS users who have updated the version 12.3 will not be able to sign into any accounts linked to the key until they receive a replacement, according to Google. The company advised staying logged onto accounts on iOS devices until the new replacement arrives.

Google said that only BLE versions of the keys are affected. Devices with a “T1” or “T2″ on the back are eligible for the free replacement by visiting google.com/replacemykey.

Google’s new security key will protect you from phishing attacks

Source: https://www.cnbc.com/2019/05/15/google-finds-security-issue-with-its-bluetooth-titan-security-keys.html

Continue Reading

Internet

Google Chrome Update — ‘A Threat To Children, Cybersecurity And Government Snooping’

Published

on

By

The way we access websites is about to change. As a result, crisis talks have now been scheduled between the U.K. government and the internet industry to discuss the risks. The primary concern is a proposed but as yet unconfirmed update to Google’s popular Chrome web browser, one that would hit many of the techniques used to monitor internet content for both safety and snooping. It isn’t just Google that will change. But the market-leading position of its Chrome browser has focused governmental minds.

These days, almost everyone is familiar with the concept of internet domain names and the fact that memorable, human-readable addresses are translated into machine-readable IP addresses. But most people have likely never heard of DNS over HTTPS or DOH, and so will be unaware of a planned change to how all this works.

However, DOH is now being fast-tracked, and it has agitated U.K. child safety and intelligence agencies enough to convene a crisis meeting on 8 May, citing child safety, cybersecurity and even terrorism as concerns.

DOH will encrypt the addresses of the websites we visit, potentially bypassing local Internet Service Providers (ISPs), and connecting directly to central nameservers that could well be managed by the companies behind the browsers themselves. This means that many of the filtering and protection tools in place today, usually administered by ISPs, would no longer work.

The new approach brings definite security advantages, notwithstanding that we’ll be entrusting Google and its peers with even more data on us. If the addresses of the websites you want to visit can’t be seen, they can’t be filtered or policed. And campaigners claim that this has implications for the fights against terrorism and extremism, as well as for child safety.

Coming at a time when the monitoring of online content has never been more in the news, and when cybersecurity breaches are reported weekly, the clear need to improve online security is driving welcome change. But the unintended consequences of those changes are apparently now a major concern.

All change

The Internet’s Domain Name System (DNS) is one of its greatest strengths and also one of its greatest weaknesses. The internet is easy to use, but that comes with the risk of the manipulation of DNS names, with snooping on open traffic, and, in many parts of the world, with local monitoring and filtering. So it’s little surprise that the Internet Engineering Task Force (IETF) has been working on a revised approach.

As open traffic, your IP address and browsing activities can be profiled and your requests can potentially be intercepted and manipulated. Who you are and what you’re looking at can be monitored. But with more and more of what is done online being encrypted, the very act of accessing specific websites can be encrypted as well. This is what DNS over HTTPS is all about, bypassing locally held DNS nameservers, sending encrypted traffic to a central server instead.

The change would see web browsers (or other central services) handling domain queries, transparently to users, rather than fielding these as open internet traffic through the ISP. More secure and less open to interception, yes, because all of this would be encrypted HTTPS traffic, but it means that you would be serviced from a central location and not by an operator under your country’s legislative control. Think of it as a built-in, always-on VPN.

presentation from BT on the ‘Potential ISP Challenges with DNS over HTTPS’ earlier this month, acknowledged that “DOH could be a game changer in operator/application dynamics” with fast-tracked standards bringing potentially adverse implications on cybersecurity and on safety from online harms. BT cited a reduced ability to derive cybersecurity intelligence from malware activity and DNS insight, significant new attack opportunities for hackers, and the inability to fulfill government mandated regulation or court orders as potential concerns.

Online responses to the ‘crisis’ suggested that this latter point, the impact on government snooping, was much more of a concern for the authorities than any impact on online safety filters.

Crisis meeting scheduled

According to the Sunday Times, a crisis meeting has now been convened for 8 May to bring together the country’s major ISPs, including BT, Virgin, Sky and TalkTalk, with the country’s National Cyber Security Centre (NCSC) to discuss the implications. The primary concern is that it will be impossible for the country’s ISPs to filter out illegal or inappropriate material. This could have implications for terrorism, extremism, child safety and, of course, password-protecting the U.K.’s countrywide porn habits from July 15, as announced last week.

Because DOH is expected to be largely centralized, and (at least initially) managed by the major browsers, this is where Google comes in. Chrome is the U.K.’s most popular browsing application. With DNS queries not being serviced by an ISP’s nameservers, the ISPs would have no way of tracking, filtering or policing browsing. It would invalidate child safety locks and render useless the planned porn filter. For the ISPs, it could also mandate a rethink in the ways content is cached through efficient and cost-effective content delivery networks.

The well-populated databases of dangerous sites held by ISPs would be bypassed. But, it would also make government online snooping much more difficult. According to the Sunday Times, “BT, which has 9m broadband customers, said in a statement that parental controls, the first line of defense for millions of households, could be rendered ‘ineffective’ by the new system. It added that it could ‘hamper our ability to protect customers from online harms’.”

A spokesperson for the U.K.’s Internet Services Providers’ Association, the trade association representing more than 200 ISPs, including BT, Sky and Virgin, told me that “U.K. broadband providers are actively involved at a national and international level in ensuring that encrypted DNS is implemented in a way that does not break existing protections provided to U.K. internet users. If internet browser manufacturers switch on DNS encryption by default, they will put users at serious risk by allowing harmful online content to go unchecked. Internet browser companies must ensure that parental controls and cybersecurity protections offered by broadband companies continue to work and protect users. We would expect internet browsers to provide the same protections, uphold the same standards and follow the same laws as U.K. ISPs currently do.”

No need to panic?

The encryption of DNS name traffic is not the issue. The central management of the system, bypassing local controls, is the issue. There’s no reason that the new ecosystem cannot work in the existing framework. But it won’t start out that way, and it puts significant control in the hands of the device browsers. Theoretically, there could be device- or even application-specific DOH datasets accessed. And any user filtering would need to be at a device level instead of relying on the ISP. These changes need to be fully communicated and documented in how-to guides before being made.

For their part, Google has confirmed that an encrypted version of Chrome is already available but is not yet included as standard. In a statement, the company said that “Google has not made any changes to the default behavior of Chrome.”

Source: https://www.forbes.com/sites/zakdoffman/2019/04/22/crisis-as-changes-to-google-chrome-threaten-child-safety-and-cybersecurity/#7d0977f05704

Continue Reading

Security

Here’s Why You Need A VPN — And Which One To Choose

Published

on

By

Whether you are a tin foil hat wearing cyber security aficionado or not, it’s a sad but true fact that our privacy is in danger. Even when surfing the web, data is collected in droves by big brands people used to trust. Add to this the internet blocks being introduced even in western nations, and people are realizing the need to actively protect their own privacy.

Last week, when the UK government announced porn users would have to enter their details to be age verified from 15 July this year – signalling a potential privacy disaster – people all over the nation started showing more interest in virtual private networks (VPNs).

A VPN works by allowing you to browse privately and securely, encrypting your data and hiding your location. But not all VPNs are built the same. You need, for example, to be wary when a service is free and of course a VPN that logs your data is a definite no.

Set against a backdrop of increasing internet surveillance, data breaches and insecure public Wi-Fi, VPNs are an essential tool. Here is a useful guide including what to look out for and what to avoid when choosing a VPN, with some options to consider.

Some VPNs log data

VPNs that log data defeat the point of having one at all.

“One of the most important aspects to consider when choosing a VPN is security,” Ariel Hochstadt, co-founder of vpnMentor tells me. “A VPN that logs your data is not safe to use. You need to ensure you’re picking a reliable no-log VPN so that your data won’t be susceptible to leaks and attacks.”

And most of the data logged is totally uncalled for: Free VPNs such as Hola know the websites you visit; how much time you spend on those pages; and timestamps. Meanwhile, they might sell your data to their partners.

Trust and security

Trust is important. “Generally, you have to trust your VPN provider with your traffic more than you trust your network,” says Jerry Gamblin, principal security engineer at Kenna Security.  

He thinks large commercial VPN providers, such as NordVPN or Private Internet Access (PIA), are best, because they are “invested in making sure that your traffic is delivered safely and quickly”.

“I have used PIA in the past, but due to some sites filtering those IP addresses, I have moved to building my own VPN server.”

Can VPNs be hacked? Yes, but it’s not easy: VPN Base says it’s best to avoid PPTP or L2TP/IPSec protocols; instead use only the latest versions of the OpenVPN protocol, which is considered to be extremely secure. “In terms of encryption, make sure your VPN provider offers 2048-bit or 256-bit encryption as they are harder to crack,” the site reads. “Rest assured, if anyone ever tries to hack you, these protocols and encryptions will be a real nightmare.”

Speed

VPNs by their nature can be slow, because they work by encrypting your data and sending it to another server. To avoid this, Hochstadt recommends choosing a server in your own country: of course, the further your data has to travel, the slower the connection will be. Other features such as server network size, encryption, censorship, and torrenting should also be taken into account, he says.

The fastest VPNs are ExpressVPN, Surfshark, NordVPN and CyberGhost, according Hochstadt, who has tested 300 VPNs.

Government surveillance

Some VPNs will be located in countries with governments that allow their surveillance agencies to spy. For the highest level of anonymity, it’s a good idea to use a provider located outside of the “14-eyes” jurisdiction.

14-eyes is a list of countries that allow surveillance agencies to spy on people. Members include the UK, US, Australia, Canada and New Zealand.

Where you can use them                 

Some people find their VPN is blocked in airports or hotels. At the same time, nations such as China ban or control VPN use. However, VPNs are made to bypass restrictions and make your connection anonymousis, so a good product should work anywhere.

Five VPNs to consider 

Here are five highly rated VPNs that don’t log your data:

ExpressVPN

ExpressVPN, which comes highly rated by users and reviewers, works on devices including Windows, Android, iOS, Linux and routers. Based in the British Virgin Islands, it costs around $6.67 a month if you take out a 12-month plan. With a network of more than 2,000 servers in 94 countries, Express offers top notch coverage in Europe and the US. It also works pretty well in Asia, South America, the Middle East and Africa. It uses its own DNS servers and employs high end encryption tech to ensure your security and privacy.

ProtonVPN

ProtonVPN offers a truly free VPN but there are sacrifices to make if you don’t want to pay: The free version only allows you to connect one device at a time and speeds are slower. But there are paid for versions starting at $4 per month going up to $24 for 10 connected devices. Proton is also a trustworthy brand: most of you will be familiar with the highly-secure ProtonMail used by journalists and activists. Developed by CERN and MIT scientists, Proton doesn’t log your data so it’s never revealed to third parties.

Surfshark

A newcomer to the VPN market, Surfshark is quickly gaining popularity. It’s easy to see why. With over 500 servers in 50 countries, the VPN claims it is fast; it doesn’t collect logs and it allows you to connect as many devices as you like. Costing $11.95 a month and with discounts for multiple months, Surfshark offers Windows, Mac, iOS and Android apps and there’s 24/7 support if things go wrong.

Private Internet Access (PIA)

With over 3,300 servers in 32 countries PIA offers apps for Mac, Android, Windows, iOS and Linux, and browser extensions for Firefox, Opera and Chrome. Costing $9.95 a month, PIA blocks ads, trackers and malicious websites. It uses OpenVPN on desktop and mobile devices, making it a highly secure and trustworthy option whatever you want it for.

NordVPN

Like ExpressVPN, NordVPN is a big provider. Available on Windows, MacOS and Linux – and with apps for iOS, Android, and Android TV and encrypted proxy extensions for Chrome and Firefox – NordVPN allows you to connect up to six devices. It’s also fast, with 5,100 servers in 60 countries and a one month plan for around $12.

Three more to consider

The following come highly rated by users:

Cyberghost VPNFreedome by FSecureand IPVanish.

Which one should you choose?

Making a final decision will depend on your technical expertise, what you want to use a VPN for and where you want to use it. Personally, I use ExpressVPN but that doesn’t mean it’s right for you. Proton is super-trustworthy and PIA also comes very highly-regarded. There are of course, VPNs to avoid, but hopefully by using this article plus a little research, you will feel confident in making the decision.

Source: https://www.forbes.com/sites/kateoflahertyuk/2019/04/19/heres-why-you-need-a-vpn-and-which-one-to-choose/#6b9808623c9d

Continue Reading
Advertisement

Trending

%d bloggers like this: