WebProNews

Category: NetworkNews

NetworkNews

  • Google to Remove HTTPS Secure Indicator in September

    Google to Remove HTTPS Secure Indicator in September

    The Secure URL label HTTPS will no longer be seen on Google Chrome by September of this year. Google believes that secure websites should be the norm and as such, do not need any more labels.

    The news was confirmed on May 17 by Google Chrome Security Product Manager Emily Schecter on the company’s official blog. According to Schecter, users of Chrome version 69 will no longer see the green “Secure” label and lock icon beside HTTPS secure websites starting in September. Meanwhile, sites without HTTPS certificates will trigger a “Not Secure” label on Chrome 70 by October.

    Schecter also explained that the move is because of the company’s belief that users understand that the web is a relatively safe place. HTTPS should be what all websites aim for and should be the default status. Therefore, it would be better if search engines give a warning about the few potentially dangerous sites rather than label the majority of websites as safe.

    To those who are still confused over HTTP and HTTPS, the latter is a more secure version of the former. The “S” at the end of the acronym actually stands for “Secure.” The program makes it a safer communication protocol for websites, thereby making it more difficult for malicious individuals to hack sites and snoop in data packets.

    Chrome’s move to do away with “Secure” labels and focus on red warning icons mean that site owners should be taking steps to secure their websites. It’s clear that the previous belief that only eCommerce sites would need to secure an SSL certificate no longer holds true.

    Every website will be affected by Google’s decision and a prominent warning icon attached to your site could have a detrimental effect on your business. Visitors and potential customers will be scared away, thus raising bounce metrics and possibly hurting your reputation.

    [Featured image via Pixabay]

  • Did Senate Democrats Really Save Net Neutrality? The House Has Yet to Vote

    Did Senate Democrats Really Save Net Neutrality? The House Has Yet to Vote

    The US Senate voted on Wednesday to save net neutrality. The chambers used the Congressional Review Act (CRA) to stop the Federal Communications Commission’s (FCC) decision to undo regulations regarding Internet usage set during the term of President Barack Obama.

    The bill was passed with a 52 to 47 vote, with the Democrats and Independents receiving some surprising support from Republicans John Kennedy and Lisa Murkowski. The duo represents Louisiana and Alaska respectively. As expected, Republican Senator Susan Collins of Maine also voted in favor of net neutrality.

    Collins had long announced her support for the CRA move, but Kennedy and Murkowski’s stand on the matter was relatively unknown.

    Kennedy later admitted to the Washington Post that it was difficult to make a decision but it all boiled down to who you were going to trust. As Kennedy explained, those who trusted their cable companies won’t be happy with his vote but “If you don’t trust your cable company, you will.”

    Meanwhile, Murkowski emphasized in a statement that she’s still against some of Obama’s FCC’s regulations but understands the need to safeguard the rights of Internet users.

    I have voted to pass this resolution today so that we can reset the discussion and move beyond the politics at play here to what is really needed—lasting legislation that will provide certainty and move us beyond shifting regulatory standards that depend on who is running the FCC,” the senator explained.

    Under the Obama administration, regulations prevented broadband providers from blocking, limiting or discriminating against lawful internet content. However, the FCC voted last December to disregard those rules. The FCC’s decision was slated to take effect on June 11, but the new Senate measure effectively blocks that order.

    While the vote to block the FCC might be a major triumph for those supporting net neutrality, they still have a long fight ahead of it. For one, the bill still needs to be approved by the House and signed by President Trump.

    This is where things will potentially get tricky, as net neutrality activists would still have to secure the support of more than 20 Republicans. This is despite having the unanimous support of Democrats. Meanwhile, the White House has been vocal of its support for FCC head Ajit Pai’s move to reverse the regulations set under the previous administration.

    Net neutrality supporters remain hopeful, though. After all, President Trump has changed his mind several times on key issues. There’s also the fact that some Republicans might feel that siding against net neutrality could cause problems in the upcoming midterm elections.

  • Google’s Web Store Spreads Malware Again, 100,000 Users Infected By Malicious Chrome Extensions

    Google’s Web Store Spreads Malware Again, 100,000 Users Infected By Malicious Chrome Extensions

    Security firm Radware has uncovered malicious extensions believed to infect more than 100,000 Google Chrome users. According to a report released on Thursday, malware was discovered in the browser’s official Web Store.

    Using machine-learning algorithms, Radware was able to pinpoint a zero-day malware threat to one of its clients. These malicious extensions spread via links sent over Facebook, pilfering login credentials, mining cryptocurrencies, and engaging in click fraud, among others.

    Cybercriminals involved with the latest malware campaign were said to have been active since March 2018. Since that time, they infected 100,000 users worldwide, the company said in its blog post. Called “Nigelthorn”— a name derived from the Nigelify application, the malware redirects victims to a fake Youtube page and prompts them to install a Chrome extension to play the video. Once installed, these computers become part of the botnet as harmful JavaScript download additional code from the command center. The infection process continues when the victim’s Facebook contacts click on the sent malicious link.

    Image via Radware Blog

    To bypass Google’s extension validation checks, attackers modified copies of legitimate extensions and added malicious script inside. Thanks to Google’s security algorithms, seven of these extensions were removed right after their discovery, including Nigelify, PwnerLike, Alt-j, Fix-case, Divinity 2 Original Sin: Wiki Skill Popup, keeprivate, and iHabno. Radware emphasized that the malware only infected Chrome users on Windows and Linux so other browsers are unaffected by the attack.

    Radware pointed out that the malware went undetected despite tight security over the network. The firm also warned that attackers might identify other ways to bypass security controls with mutated malware disguised as browser plug-ins. And it seemed that bad Chrome extensions are one of Google’s weak spots.  

    Meanwhile, Trend Micro has identified the return of FacexWorm, a malicious extension that propagates via socially engineered links on Facebook Messenger similar to Digmine. Apart from stealing credentials, FacexWorm redirects potential victims to cryptocurrency scams and referral links of attackers, installs bad mining codes, and takes over transactions on trading platforms and in web wallets. It was first spotted in August of last year but resurfaced recently in certain countries.

    In January, analytics firm ICEBRG identified four extensions that were likely used in a click-fraud scam to generate revenue. These were removed from the Web Store once discovered, but not after infecting 500,000 Chrome users.

    Despite being regarded as one of the safest browsers, Chrome is far from being invulnerable. Attackers continue to work around security protocols through third-party extensions loaded with malicious codes. Chrome users should verify an extension before installing it. That, or just stay away from third-party providers, even if they’ve been vetted by Google’s stringent security process.

    [Featured image via Pixabay]

  • The End is Near: Net Neutrality Rules Set to Expire on June 11

    The End is Near: Net Neutrality Rules Set to Expire on June 11

    The Federal Communications Commission (FCC) has announced that net neutrality protections will be repealed on June 11, 30 days after the notice was filed on Thursday. Alongside the expiration, new rules governing Internet service providers will also take effect.

    According to FCC Chairman Ajit Pai, previous rules were deemed as “utility-styled and heavy-handed.” He also emphasized that the Internet has always been open and free, so there was no need for any restrictions made during the Obama presidency.

    “The Internet wasn’t broken in 2015, when the prior FCC buckled to political pressure and imposed heavy-handed Title II rules on the Internet economy,” Pai expressed in a statement. Despite opposition, Pai’s “Restoring Internet Freedom” proposal was green-lighted in December of last year. However, by April of 2018, only a few of the provisions were implemented due to a prolonged bureaucratic process. But on May 2, the Office of Management and Budget finally signed off the remaining key points.

    Set in the Obama-era, open-internet rules prevented service providers from blocking or slowing down access to specific sites and charging consumers more for faster content loading. Several Internet service providers (ISPs) were accused of throttling and restricting the access of their customers to rival companies with similar offerings. It was a practice that indicated a massive government oversight and jumpstarted FCC investigations under the 2015 rules.

    Once net neutrality rules expire, transparency rules will take effect and ISPs like Comcast, Verizon, and AT&T are mandated to inform their customers when they will limit or restrict content and offer faster options at higher fees. These companies also pledged to be impartial against legal content.

    For net neutrality advocates, the fight for an open Internet continues ahead of the June deadline. Democrat senators have presented a petition to reverse Pai’s repeal and the Senate is set to vote on it next week. Even if the legislation passes Senate and Congress hurdles, President Donald Trump is expected to reject it.  

    More than 20 states have filed a lawsuit to block the net neutrality repeal. Several states have adopted laws enforcing the principles of net neutrality within their borders. FCC, however, has asserted authority over any state legislation inconsistent with the repeal.  

  • Microsoft Warns of Rising Tech Support Scams, Calls for Industry-Wide Cooperation

    Microsoft Warns of Rising Tech Support Scams, Calls for Industry-Wide Cooperation

    Incidents of tech support scams targeting susceptible PC users are increasing, Microsoft warned. The company received 153,000 reported complaints from consumers in 2017, 24 percent higher than the prior year, according to its detailed security report released on Friday.

    Tech support scams reported to Microsoft

    Image via Microsoft cloud blog

    Reported incidents came from 183 countries, suggesting a widespread global problem. Of those who fell prey to the scam, roughly 15 percent lost money averaging between $200 and $400. There were cases of victims paying significantly more. In December 2017, Microsoft was notified of a tech support fraud in the Netherlands that resulted in the financial loss of 189,000, or about $109,000.

    Called social engineering attacks, scammers use a variety of ways to initiate the fraud. Cybercriminals send phishing emails, display strategic online ads or full-screen error messages, install malware, or place unsolicited phone calls to convince victims that their systems or devices have been compromised.

    Once victims contact the call center for help, a fake technical support specialist instructs them to install remote administration tools (RATs). This allows fraudsters to have complete control over the device and unrestricted access to sensitive information. They make changes inside the device and point out system errors to convince victims of the ‘problem’. This then prompts unsuspecting consumers to pay for the removal of fake or nonexistent malware.

    According to Microsoft, the widespread problem is not limited to its platform but has affected users of MacOS, iOS, and Android systems as well. The FBI received 11,000 tech support fraud complaints in 2017 from 85 countries. Of these, claimed losses amounted to approximately $15 million, representing an 86 percent increase compared to prior year.  

    The FBI also noticed an emerging trend: re-targeting past victims of tech support fraud. Scammers pose as government officials or law enforcement and offer assistance in recovering losses in exchange for fees. Other fraudsters act as collection services and threaten the victim with legal action for nonpayment of outstanding tech support fees. Some criminals use obtained personal information to commit additional fraud, such as unauthorized bank transfers or opening of new accounts for unlawful payments.  

    Microsoft expressed concern over tech support scams that bypass secure platforms like Windows 10 easily and coerce users into giving unrestricted access to their devices. Because the problem is far-reaching, the company called for industry-wide collaboration and law enforcement partnership. Microsoft continues to form partnerships with web hosting providers, telecom networks, browser developers, antivirus solutions, and financial networks in detecting tech support scammers.  

    The graphic below shows how the scam usual works.

    Image via Microsoft cloud blog

    Customers, on the other hand, can protect and empower themselves through education. Be wary of error or warning messages with phone numbers or emails with malicious attachments. Shut down your device once you receive a pop-up message or locked screen. If you have been a victim, notify your bank to reverse the charges and change all your passwords. Uninstall any application used during the tech support and run a virus scan for remaining malware.

    [Featured image via Pixabay]

  • Google Cloud Introduces VPC Flow Logs, Allows Users to Collect Network Telemetry at Various Levels

    Google Cloud Introduces VPC Flow Logs, Allows Users to Collect Network Telemetry at Various Levels

    Last Thursday, Google introduced a new feature to its Virtual Private Cloud (VPC) users for tracking network operations between their servers in the Google Cloud. Called VPC Flow Logs, the tool logs and monitors all network flows sent from and received by the virtual machines (VM) inside a VPC in five-second intervals.

    The new feature is set to improve monitoring by Google Cloud Platform (GCP) admins and increase transparency in the VPC network, including traffic between Google Cloud regions. It is similar to Cisco’s NetFlow “but with additional features,” as explained in the company’s blog post.  

    According to Google,“It also allows you to collect network telemetry at various levels. You can choose to collect telemetry for a particular VPC network or subnet or drill down further to monitor a specific VM Instance or virtual interface.” 

    Aside from capturing telemetry data at each level, VPC Flow Logs can also track internal VPC traffic, flows between a VPC and on-premise deployments, flows between servers and any Internet endpoint, and exchange between servers and Google services.

    Users can then export the collected data to Stackdriver Logging or BigQuery if they opt to keep it on the Google Cloud server. They can also use Cloud Pub/Sub in exporting the logs to other real-time analytics or security platforms. Moreover, VPC Flow Logs has integrated with two leading logging and analytics platforms, Cisco Stealthwatch and Sumo Logic. The data updates every five seconds without any effect on the performance of deployed applications.

    VPC Flow Logs lets network operators gain more insight about the network, as well as debug and troubleshoot app-related issues. The tool allows them to optimize network usage with more available information about global traffic. It also allows GCP admins to perform network forensics in investigating suspicious behavior, such as traffic from unusual sources or substantial volumes of data migration.

    [Featured image via Google Cloud website]

  • Cloudflare Makes the Internet More Private With 1.1.1.1 DNS Service

    Cloudflare Makes the Internet More Private With 1.1.1.1 DNS Service

    Cloudflare recently announced a way for the public to enjoy faster and more private Internet. The top performance and security company just rolled out 1.1.1.1, the first DNS service of its kind developed specifically around the concept of putting privacy first and foremost.

    A lot of Internet users are unaware that everything on the web begins with a DNS request. Known as the Internet’s directory, a DNS translates a name into a numerical online address that a computer understands. However, DNS is an unsecured and unencrypted system. It’s also very slow.

    Every Internet Service Provider (ISP) has the capability to monitor DNS requests and see every app or website that a person visits, even if said site is encrypted. This information is sometimes sold and used for ad targeting.

    Cloudflare’s 1.1.1.1 provides an alternative to that. The service offers users unmatched security and speed. With 1.1.1.1, loading time of web pages become shorter and key user data are kept secret from ISPs. The service also supports DNS over HTTPS and encrypted DNS. Plus, data from logs is erased after 24 hours and no user data or IP addresses are stored.

    Cloudflare co-founder and CEO Matthew Prince says the practice of selling user data to advertisers is “creepy,” especially since the data will be used to target consumers without their knowledge and consent. Prince also said that what people do on the Internet is no one’s business and that Cloudflare designed 1.1.1.1 to ensure that the company and the ISPs of the world won’t know what users are doing online.

    The 1.1.1.1 service is reportedly easy to set up. The system doesn’t require any special software or technical skill. Anyone can have the system up and running in less than five minutes. To use the service, the user has to change the DNS server settings on their device. Instructions on how to go about this can be found on Cloudflare’s website.

    Installation is free and is available for desktop computers and mobile devices. However, Cloudflare says paying clients will receive biggest speed boosts.

    [Image via Cloudflare]

  • Microsoft to Ban Language It Finds Offensive on Private Accounts

    Microsoft to Ban Language It Finds Offensive on Private Accounts

    Microsoft users might want to take a closer look at the company’s update to its service agreement. Set to take effect this May, privacy experts are alarmed about the changes seem to suggest that Microsoft will now have the right to review user content even without prior consent.

    The questionable changes were first reported on by Jonathan Corbett at the Professional Troublemaker site. Microsoft warned against the use of offensive language as well as the sharing of inappropriate content. The company stated that violating the modified rules could result in the closure of a user’s Microsoft account.

    “In the Code of Conduct section, we’ve clarified that use of offensive language and fraudulent activity is prohibited. We’ve also clarified that violation of the Code of Conduct through Xbox Services may result in suspensions or bans from participation in Xbox Services, including forfeiture of content licenses, Xbox Gold Membership time, and Microsoft account balances associated with the account.”

    But what worried privacy experts, even more, is that aside from banning users from the company’s services, using offensive language can even be used by Microsoft as grounds to conduct an investigation and go through the user’s private data. As pointed out by Corbett, the term “offensive language” is a bit too ambiguous and its definition can vary greatly between different people.

    “Enforcement. If you violate these Terms, we may stop providing Services to you or we may close your Microsoft account. We may also block delivery of a communication (like email, file sharing or instant message) to or from the Services in an effort to enforce these Terms or we may remove or refuse to publish Your Content for any reason. When investigating alleged violations of these Terms, Microsoft reserves the right to review Your Content in order to resolve the issue. However, we cannot monitor the entire Services and make no attempt to do so.”

    The updated rules could be particularly problematic for users of Microsoft’s gaming service Xbox Live. This is because, within gaming circles, trash-talking is normal among players.

    This was pointed out by Corbett who couldn’t help but ask, “If I call someone a mean name in Xbox Live, not only will they cancel my account, but also confiscate any funds I’ve deposited in my account?”

    Aside from Xbox Live, the updated agreement will also cover users of other Microsoft services such as Skype and Office. Given the scope, Corbett fears that the amended terms would allow any Microsoft staff to pry open anyone’s private data such as Skype call recordings as long as they are “investigating” something.

    At the moment, Microsoft declined to comment on the issues raised related to the amended agreement.

  • What You Should Know About Google’s GDPR Consent Plan for Publishers

    What You Should Know About Google’s GDPR Consent Plan for Publishers

    Google wants its publishers in Europe to solicit users’ consent on its behalf under the new General Data Protection Regulation (GDPR) privacy rules. The GDPR rules which will take effect on May 25, requires companies to gain explicit consent for collection and use of personal information in targeted ads. And Google’s consent plan is something that ad giants like Facebook and Amazon can follow.

    “To comply, we will be updating our EU consent policy when the GDPR takes effect and the revised policy will require that publishers take extra steps in obtaining consent from their users,” the company explained in its blog post on Thursday.

    Obtaining users’ permission secondhand is legal, according to the experts. But for own platforms such as Google.com, Gmail, and YouTube, Google will directly get consent from its users.

    Under the GDPR, there are two categories of data handlers, the controller, and the processor. Controllers are identified as the source of data, like website owners and publishers. Processors, such as marketing technology providers, do the actual processing of data collected from external sources.

    Google, with its myriad of products, platforms, and services, cannot be simply classified as a controller or processor. The company identifies itself as a controller for some of its ad products, including DoubleClick for Publishers (DFP), DoubleClick Ad Exchange (AdX), AdWords, and AdSense. On the other hand, Google operates as a processor of personal data gathered in services like Ads Data Hub, and Google Analytics, among others.

    Image result for gdpr scale google

    However, Google said that it will introduce new contract terms and take on the role of co-controller of user data for its publishers. This gives the tech giant autonomy over gathered data and its for their own purposes. At the same time, Google is sharing the burden of protecting the data especially since noncompliance with the new law could result in hefty fines.

    “The concern with GDPR is, everybody in the data supply chain could become liable. If the publisher fails to get sufficient consent for Google when [Google’s] tags or pixels are on [the publisher’s] site, the publisher could be potentially liable. Google, of course, could certainly be liable for collecting that data without the proper GDPR compliance process,” Gary Kibel, partner at law firm Davis & Gilbert, explained.

    By formulating its own consent plan as a joint controller, Google may be able to ensure compliance from its publishers. Likewise, it reduces the risk of publishers collecting data without obtaining consent.

    But as more people decline to give consent for personal data use, publishers might have a hard time earning money from targeted ads. As a countermeasure, Google plans to roll out non-personalized ads to help publishers. It will also be working with industry groups, such as IAB Europe, for other solutions ahead of the May 25 deadline.

    [Featured image via Google]

  • Dropbox’s Initial Public Offering is Priced at $21, Company Market Cap Reaches $9.1 Billion

    Dropbox’s Initial Public Offering is Priced at $21, Company Market Cap Reaches $9.1 Billion

    Investors, especially those who specialize in picking tech stocks, will now have one additional company to consider as an investment option. A decade after its founding, Dropbox is now a publicly traded company starting Friday, March 23, 2018.

    The San Francisco-based firm successfully hosted its IPO on Thursday where investors bought Dropbox share at $21. Popular for its cloud-based files storage and syncing service, the company was able to raise a whopping $750 million from the event.

    The IPO price of $21 per share is already way above the $16 to $18 price range previously proposed by the company earlier this month. The final price was even higher than the latest estimate when Dropbox raised it to between $18 and $20 in its regulatory document filed on Wednesday.

    At its current share price, Dropbox is now a publicly traded behemoth with a market capitalization of $9.1 billion. However, this amount still falls short compared to the $10 billion valuation it received during its last round of private funding in 2014.

    Of course, many are fearful that the tech company’s valuation trend will go downhill after its IPO, which seem to hound some tech listings. For instance, investors had to wait for almost a year before Snapchat’s shares rebounded and started trading above its June 2017 IPO price of $17 per share. This is a turn off for short-term investors who do not wish to hold on to a share for too long.

    But most investors remain upbeat on Dropbox’s future earning potential. The company is already cash flow positive and performed well last year. Its sales are on the rise, garnering a massive $1.11 billion in revenues for 2017 alone. The figure represents a 30 percent increase compared to 2016’s performance.

    [Featured image via Dropbox]

  • Mark Zuckerberg Under Fire Over Facebook’s Data Breach During US Presidential Election

    Mark Zuckerberg Under Fire Over Facebook’s Data Breach During US Presidential Election

    Lawmakers from the United States and Britain are heaping criticisms on Facebook and founder Mark Zuckerberg after reports revealed that Cambridge Analytica, a data company said to have been instrumental in Donald Trump’s presidential win, received data from 50 million Facebook users through inappropriate means.

    The social media giant announced on Friday that it suspended Strategic Communication Laboratories (SCL) and Cambridge Analytica, its data analytics arm, for violating Facebook’s Terms of Service. It was alleged that the two companies gathered and shared the personal data of around 50 million Facebook users without consent.

    The decision to suspend SCL and Cambridge Analytica came one day before The New York Times and The Observer came out with reports detailing how Cambridge Analytica acquired and utilized private information of millions of Facebook users to develop voter profiles that were used to design highly targeted political ads during the last US Presidential Elections.

    Cambridge Analytica is partly owned by Richard Mercer, a billionaire who was previously involved in Ted Cruz’ 2015 presidential campaign before assisting Donald Trump’s presidential bid in 2016. The company was supposedly brought in by Trump’s campaign team to assist with its digital operations, which was being headed by Jared Kushner, Trump’s son-in-law.

    Facebook has admitted that the data Cambridge Analytica received came from Dr. Aleksandr Kogan, a psychology professor from the University of Cambridge, who designed an app that gave him permission to access the personal information of the users as well as that of their friends.

    According to Facebook, Kogan gained access to the data legitimately and “through the proper channels that governed all developers” on the platform at the time. But afterward, Kogan passed the data he gathered to Cambridge Analytica. This was a clear breach of the social media’s regulations.

    A former employee of Cambridge apparently said to the Times that the information collected from Facebook became the basis of “its work on President Trump’s campaign in 2016.”

    Cambridge Analytica’s suspension, coupled with The Observer and The New York Times reports, garnered some harsh reactions from lawmakers. Massachusetts’ Attorney General Maura Healey has said her office will investigate this situation while several congressmen want Facebook CEO Mark Zuckerberg to appear and testify before their committees.

    It’s not just American lawmakers who are unhappy with Zuckerberg and his company. Their British counterparts are also demanding that Zuckerberg or another senior executive talk to them about the alleged data breach and the continued risk to user’s personal information.

    UK lawmaker Damian Collins said the company’s previous representatives gave “false assurance” that Facebook’s policies are strong and well-managed. But now he wants Zuckerberg to “stop hiding behind his Facebook page and actually come out and answer questions about his company.”

    [Featured image via YouTube]

  • Intel to Make Chip With Built-In Spectre & Meltdown Malware Protection

    Intel to Make Chip With Built-In Spectre & Meltdown Malware Protection

    In January of this year, the revelation of memory-related vulnerabilities known as Spectre and Meltdown rocked the entire computing world—everyone had been sitting on top of a potential landmine for decades that hackers could have taken advantage of. After the initial shock wore off, various chip manufacturers immediately came up with a host of fixes and updates to deal with the discovered bugs. However, Intel is going a step further by redesigning its future processors to be completely Spectre/Meltdown-proof.

    The chip maker announced that its next-generation processors have been redesigned to incorporate new levels of protection against the Spectre variants. The assurance was made by Intel CEO Brian Krzanich who confirmed that the upcoming products will address these vulnerabilities through “partitioning.”

    As explained by Krzanich, this partitioning can be viewed as an extra layer of protection between running applications, which effectively addresses Spectre-like vulnerability issues. The redesigns will be implemented in the upcoming 8th-generation Core chips as well as Xeon Scalable “Cascade Lake” processors.

    “Think of this partitioning as additional ‘protective walls’ between applications and user privilege levels to create an obstacle for bad actors,” the Intel CEO explained in a blog post.

    It is not yet clear if the redesigns and the introduction of partitioning into its processors are going to negatively affect their computing speeds. However, Krzanich’s post seems to hint that performance might not be a big issue at all as he assured that Intel’s “goal is to offer not only the best performance but also the best secure performance.”

    Krzanich also gave assurance for those who are currently using older models of Intel processors. According to the CEO, the company’s processors launched in the past five years are now 100 percent protected against Meltdown and Spectre through software updates and fixes.

    Convincing the public about the safety of its products is critical for Intel at this moment. Recently, the chip maker was slapped with 30 class-action suits related to the vulnerabilities and was even criticized for trying to downplay the impact of the potential threat of Spectre and Meltdown vulnerabilities.

    [Featured image via Intel]

  • Microsoft Previews New Privacy Controls for Windows 10 in Insider Test

    Microsoft Previews New Privacy Controls for Windows 10 in Insider Test

    With the rising concern over online privacy, Microsoft is taking greater steps to improve security for users of its browser. The software giant is testing out a new Windows 10 preview build for PCs which is already available on Windows Insider, its open software testing program. The new build comes with 13 bug fixes as well as a layout for the browser’s privacy screen settings.

    Microsoft released the Windows 10 preview build 17115 on Tuesday which offers a host of fixes and improvements. One of the major changes that will be introduced with the new update is the redesign of its privacy setting which, according to the company, “conveys focused information to help our customers make focused choices about their privacy.”

    A blog post by the company included a snapshot of the new privacy settings screen showing a very streamlined way Windows 10 users may tweak their browser experience. For instance, they can turn on or turn off Find My Device, Location, and even Speech Recognition very easily because these options can be all found on the same page.

    Windows 10 Privacy Setup

    For those who really want absolute control over their browser data, they can disable the Inking & Typing option which prevents the browser from sending data to Microsoft. This is good news for users who are a little bit concerned over the potential privacy issues posed by Windows 10’s built-in “keylogger,” a feature that records typed characters and other data with the aim of improving next word prediction and autocompletion features.

    However, Windows Insiders participants might not be seeing the same kind of privacy setting. Apparently, Microsoft is testing two very different styles of the redesign. While one design favors a single screen crammed with all options available, the other design opts for seven separate screens to handle all privacy settings tweaks. It seems that the software giant is hoping to gain insight from participant’s feedback to find the right balance between the two designs.  

    Microsoft announced that the Windows 10 update will arrive this spring. No specific release date was announced.

    [Featured image via Microsoft]

  • Net Neutrality Repeal Takes Effect in April, States are Fighting Back with Last-Minute Lawsuits

    Net Neutrality Repeal Takes Effect in April, States are Fighting Back with Last-Minute Lawsuits

    The days of net neutrality are numbered. The Federal Communications Commission (FCC) has finally set April 23 as the date when the Obama-era regulations will cease to take effect according to a copy of the order published on Thursday with the Federal Register. But of course, various net neutrality supporters are not going to take this one lying down and are expected to file lawsuits as a last-ditch effort to challenge the repeal.

    Net neutrality regulations were put in place during the Obama administration to ensure that all internet traffic is treated equally. With this safeguard in place, broadband companies can’t just slow down or block traffic from certain sites or prioritize other sites when it comes to bandwidth allocation. In addition, internet service providers are barred from accepting money to prioritize certain companies’ websites and make them more accessible to customers.

    Since broadband companies and ISPs act more or less as the net’s gatekeepers, the rules are seen by their supporters as a way to deter abuse of this power. Big tech companies such as Twitter, Google, and Facebook were supportive of net neutrality while big telecom firms such as Verizon, Comcast, and AT&T opposed the regulations and clamored for their repeal.

    Net neutrality opponents scored a major victory last December when FCC voted 3-2 to have the laws repealed. However, supporters are expected to fight back by filing lawsuits questioning the repeal. In fact, attorneys general in more than 20 states, as well as tech companies such as Mozilla, have already filed lawsuits last month to stop the repeal from taking effect. They are expected to refile their lawsuits within 10 days after FCC’s order was published in the Federal Register.

    Congress is given a 60 day period to pass a resolution to reverse FCC’s repeal. Democrats, who support net neutrality, say that they already have 50 votes in the Senate and lack only one more to pass the bill. Such a bill might face a tough time in the House of Representatives considering that Republicans control a larger majority.

    However, some states are not waiting for a vote on the bill and have passed net neutrality laws within their areas. For instance, New Jersey, New York, and already have their own net neutrality policies that ISPs need to adhere to.

    [Featured image via Pixabay]

  • Dropbox Gets Ready to Go Public After Earning $1.1 Billion in Revenue for 2017

    Dropbox Gets Ready to Go Public After Earning $1.1 Billion in Revenue for 2017

    Investors looking for a way to diversify their investment portfolios with some tech stocks will have a rare chance to do so later this week. Dropbox, the San Francisco-based file hosting and syncing service, will have its initial public offering (IPO) on Friday giving investors the opportunity to own shares of the popular tech firm valued at $10 billion.

    A decade after its founding, the company finally decided to go public. Based on documents submitted to the SEC, Dropbox plans to raise $500 million in this offering. The company will be traded on Nasdaq under the “DBX” symbol.

    Thanks to its filing, important data from the company’s books is now available to the public. For instance, its revenue for 2017 was revealed to be $1.11 billion, a massive 31 percent increase from 2016’s figure. In addition, the tech company has about 500 million registered users representing an increase of 100 million users compared to the number it had at the start of 2017.

    Of the 500 million registered users, 11 million of these are paying subscribers. The average annual revenue from each paying user is $111.91.

    Despite its revenue growth from the previous year, the filing also shows that Dropbox actually experienced a net loss of $111.7 million in 2017. However, this is a significant improvement from 2016’s net loss of $210.2 million. The loss was mainly driven by its high R&D budget but the company is optimistic about its future earnings potential and has highlighted the fact it already became free-cash-flow positive in 2016. In addition, it does not rely on enterprise sales teams to shore up its revenue and noted that most of its earnings came from users directly purchasing their subscriptions.

    Dropbox was founded in 2007 by MIT students Drew Houston and Arash Ferdowsi. After it rolled out its services to the public the next year, it quickly grew in popularity due to the simplicity of its file syncing.

    [Featured image via DropBox]

  • Hackers are Now Buying Legit SSL Certificates to Hide Malware

    Hackers are Now Buying Legit SSL Certificates to Hide Malware

    Making sure that you are secure every time you surf the net is getting more challenging these days. No matter what type of high tech security system you may have installed, it seems hackers will inevitably find some creative way to breach it. Reportedly, hackers are now buying SSL certificates to make their malware appear legit and, as a result, make them easier to bypass security protocols.

    This latest trend in cybercrime was discovered through research conducted by the Recorded Future’s Insikt Group. Apparently, there is an online market where anyone, including hackers, can just buy legitimate certificates from issuing authorities.

    Of course, this is a jarring contrast to the common belief that SSL certificates used in illegal activities were only obtained through theft from companies and developers. According to researchers, these certificates were not stolen from their rightful owners but were purposely created for specific buyers and registered under stolen corporate identities. When malware is given this level of apparent legitimacy, it will be harder for traditional network security measures to detect them.

    “It’s been generally accepted that security certificates circulating in the criminal underground were stolen from legitimate owners prior to being used in nefarious campaigns,” Recorded Future director of advanced collection Andrei Barysevich explained. “However, our most recent analysis indicates this is not the case. We have confirmed—with a high degree of certainty—that counterfeit certificates are created for specific buyers, per request only, and registered using stolen corporate identities.”

    SSL certificates are used in a process known as code signing. The process identifies the author or developer of a particular code and is used to authenticate its trustworthiness. They can be considered an extra layer of defense against cyber threats. In fact, some companies like Apple will not allow a program to be executed if it is not code-signed.

    Prices for these SSL certificates vary greatly in the underground digital market. According to the report, they can be purchased for as little as $299 while the pricier ones could cost up to $1,599. However, the Recorded Future team does not believe that the legitimate owners of these SSL certificates are aware that their corporate digital data is used for these activities.

    [Featured image via Pixabay]

  • Google’s Project Zero Team Exposes Microsoft Edge Bug

    Google’s Project Zero Team Exposes Microsoft Edge Bug

    Microsoft has been pretty aggressive in marketing its Edge browser and even launched two commercials earlier this year specifically pointing out its advantages over rival Chrome. After being silent for a while, it appears that Google finally counterattacked by disclosing Edge’s security flaw.

    Google’s Project Zero, which found the vulnerability last November, h released the technical details of their discovery. Due to the existence of the flaw, it is theoretically possible for hackers to bypass Edge’s security features and insert their own malicious code into their target’s computer. While indeed a possibility, it must be noted there has been no reported instance of the problem being successfully taken advantage of by hackers so far.

    Google’s policy gives companies 90 days after its discovery to fix any security flaw before announcing its findings. Since the discovery was made back in November and Microsoft has yet to roll out a patch to address the problem, the Project Zero team decided to make the issue public.

    Apparently, Microsoft is still working on a fix for Edge’s security issue. In a response to Google’s disclosure, Microsoft announced plans to release a patch by mid-March.

    “The fix is more complex than initially anticipated, and it is very likely that we will not be able to meet the February release deadline due to these memory management issues. The team is positive that this will be ready to ship on March 13th.” 

    Microsoft has been trying its best to cut into Google Chrome’s nearly 60 percent worldwide browser market share. Early this year, it released two ads touting the advantages of the Edge browser over its rival.

    In one of the ads, Microsoft boldly claimed that Edge was 48 percent faster than Chrome. In another ad, the company tried to convince internet users that Edge was also more secure, blocking 18 percent more phishing attacks than Chrome.

  • Is Your Company Wasting Money on the Cloud?

    Is Your Company Wasting Money on the Cloud?

    There’s no denying that cloud technology is the way to go for businesses that want to run more efficiently. Thanks to the cloud, numerous business processes can run smoothly and an untold amount of data can be stored. The technology has become so vital that companies are set to spend more money on the cloud in 2018 than the previous year. Conversely, businesses are also wasting a lot of money on it, too.

    Cloud Spending on the Rise

    RightScale recently came out with the results of a survey they conducted among almost a thousand technology specialists. According to the cloud delivery specialist, enterprises (or companies with more than a thousand employees) are spending more on the cloud. The report reveals that 26 percent of companies are allocating more than $6 million annually to spend on the public cloud. About 26 percent of companies also admit they currently spending around $1.2 to $6 million for cloud services.

    That number is expected to increase this year, with 71 percent of enterprises admitting they will increase their cloud budget by more than 20 percent. Meanwhile, 20 percent of companies plan to double what they previously spent on the cloud.

    Image result for right scale survey cloud spending

    And it’s not just large corporations that are shelling out money on this technology. Small and medium-sized companies spend an average of $120 thousand on cloud providers per year.

    Respondents in the RightScale survey use multiple cloud servers to run their applications. Some companies use about five different servers while experimenting with at least one more. Amazon remains the top provider of public cloud services, with AWS user numbers rising to 64 percent market share in 2018 as opposed to last year’s 57 percent. Azure and Google Cloud also saw a boost. Azure is up to 45 from 34 percent while Google Cloud saw an increase from 15 to 18 percent. IBM Cloud also rose from 8 to 10 percent.

    What Companies are Doing Wrong

    While different sectors view the increase in cloud spending in a positive light, the RightScale survey also implies that one-third of the money spent is wasted. Survey participants projected 30 percent wasted spending but RightScale has pegged the exact amount of waste to be nearer to 35 percent. So if an enterprise is paying their service cloud provider about $6 million annually, more than $2 million of that money goes to wasted or unused.

    Image result for right scale survey cloud spending

    The RightScale report does not clearly pinpoint or discuss what companies are doing wrong. However, it’s clear that the eagerness of companies to utilize the cloud has contributed to the wasted spending. For instance, people subscribe or buy cloud services for their department or for their own duties. This has led to identical accounts being created for the same services.

    The cloud’s reputation as being easy to use and affordable has also caused companies to become complacent about their budget. Businesses tend to be more open about expanding their cloud usage.

    There’s also the very fluid pricing structure used by cloud providers. Rates depend on supply and demand, so as the demand for data rises, so does the cost.

    How to Stop Wasting Money on Cloud Services

    Enterprises are aware of how much money is being wasted on the cloud and how easily this uncontrolled spending can end in disaster. Most admit that improving how they utilize the service is now their top priority.

    There are other strategies that companies can take to make cloud usage more beneficial and save money.

    • Determine and Stop Abandoned Applications: The ease that applications are developed or run on the cloud has led to numerous abandoned apps. Unfortunately, this doesn’t mean they have been disabled. Some are still running inside different cloud service environments (ex. SaaS) despite companies not using them anymore. Determining these forgotten apps and decommissioning them can save companies some serious money.
    • Picking the Appropriate Storage Model: Businesses are demanding data at an increasing rate due to cheap cloud storage options. But problems arise when the administrator chooses the wrong storage model. Remember that every data is different. Some are accessed more often while others are rarely used. The former needs to be stored somewhere where it can be retrieved quickly. This usually means a more expensive storage model. Meanwhile, older data or those that are rarely accessed can be stored in the more affordable storage tiers.
    • Schedule Server Use: There’s no reason to maintain all cloud instances running constantly, especially when applications are mostly used during specific periods. It’s better to set an automated schedule that turns off cloud services during off-peak hours. There are numerous scheduling tools that companies can use for this.

    Is your company’s budget evaporating into the cloud? Now is as good a time as any to run an audit to find out how you can use data services more efficiently to cut down on your operations cost.

    [Featured image via Pixabay]

  • Intel Releases Xeon D-2100 Processor for Edge Computing

    Intel Releases Xeon D-2100 Processor for Edge Computing

    As technologies like automation, linked sensors, self-driving cars, and the Internet of Things (IoT) become more mainstream, new chip designs are needed. Intel is looking to answer those demands with the Xeon D-2100 processor. This new System-on-Chip (SoC) processor is designed specifically for edge computing, allowing devices to process data instead of sending it to the cloud.

    The Silicon Valley giant described its newest processor as building on the innovation and performance of the Xeon Scalable program. The Xeon D-2100 processor is expected to meet the distinct power and space requirements that edge computing demands. The chip can handle analytics, computing, data security, networking, and storage.

    Sandra Rivera, Intel’s Network Platforms Group’s Senior Vice President and General Manager, explained that in order to take advantage of the opportunities opened up by 5G and cloud networks, service providers have to enhance their data center and edge structure. Otherwise, they won’t be able to meet the demands of end users and their smart devices.

    Rivera added that the D-2100 processor makes it possible for “service providers and enterprises to deliver the maximum amount of compute intelligence at the edge of the web tier while expending the least power.”

    Intel’s new processors will also allow for CoSPs to provide high-performing, improved networking services with optimized performance using less power when using virtual customer premise equipment (vCPE) like encryption services and VPNs.

    The Xeon D-2100 processor is comprised of as much as 18 “Skylake-server” generation Xeon cores and QuickAssist Technology. It comes with around 100Gps of integrated cryptography, encryption, and decryption acceleration. Intel also gave assurances that the new processors will carry enhanced system software that safeguards against “Meltdown” and “Spectre” security exploits.

    Intel believes the new chip will be especially valuable in conjunction with 5G technologies, like virtual reality apps that are currently being developed for mobile devices. The company is also confident it will be helpful for use in communications networks like VPNs and wide area networks.  

  • Microsoft Announces Plans to Bring Progressive Web Apps to Windows 10

    Microsoft Announces Plans to Bring Progressive Web Apps to Windows 10

    It was over a year ago when Microsoft outlined its plans to bring Progressive Web Apps (PWA) to Windows 10. Now that plan is becoming a reality, with Microsoft giving users a preview of PWAs and breaking down its strategy to bring them to the Microsoft Store.

    Progressive Web Apps are web applications that are run and delivered similar to a regular app from the Microsoft Store. These apps are built on or optimized by web technologies like Cache API, Fetch networking, Push notifications, Service Worker, and Web App Manifest. This suite of tools will all be automatically enabled when EdgeHTML 17, the latest version of the Edge’s rendering engine, goes live sometime in the spring.

    Users can download PWAs from the Microsoft Store. It will run in its own sandboxed area as an AppX file, doing away with the need for an open browser. Since these apps do not require any platform-oriented code, developers can design apps that can run on various platforms.

    In a blog post, the Microsoft team revealed that they have been using the Bing Crawler to search out and review PWAs that they’re thinking of offering in the app store. There’s reportedly a shortlist of PWAs that have already been picked for initial testing.

    Microsoft is also welcoming developers to proactively send their Progressive Web Apps to them. But the applications would have to meet certain standards, though. The Redmond-based company has set several quality control measures for developers building PWAs. Some of these measures include sites mandated to be secure and should take into account automated testing for quality. Web App Manifests should have quality and Service Workers should be viewed as an enhancement. Lastly, the PWA has to comply with the policies of the Microsoft Store.

    Submitting their PWAs to the Microsoft Store gives developers control over how their app would appear, along with other benefits like access to user ratings and reviews and analytics on the number of installs, uninstalls, performance, crashes, and shares.

    [Featured image via Microsoft]

  • Microsoft Edge Browser Will Soon be Available on Apple iPad

    Microsoft Edge Browser Will Soon be Available on Apple iPad

    Edge, Microsoft’s latest browser that replaced the venerable Internet Explorer, could be coming to iPad soon. According to reports, an iPad version of the browser is in the works and a beta is likely to happen by February.

    The Microsoft Edge browser was already available on Android devices and iPhones since last year. In fact, it is doing quite well on the iOS platform as one of its top 5 utility apps. However, what is notably missing, is the iPad support for the browser. But that gap is about to be remedied soon if reports are correct.

    In a Twitter post, Microsoft Edge product manager Sean Lyndersay revealed that an iPad version of the browser is now in the product testing stage. What’s even more exciting for iPad users is that a beta testing of the app, which anyone with iPad can participate in, will likely happen by February.

    “Shh, don’t tell anyone, but the iPad version is in internal testing and looking great,” Lyndersay wrote. “It’ll take a little longer to bake, so we’re going to roll out it to our TestFlight users early next month and get feedback from them before making it widely available. Thanks for using Edge!”

    Microsoft has been pretty aggressive in marketing the Edge browser. The company recently raised some eyebrows when it released ads early this year touting the superiority of the new browser over its rivals.

    “Microsoft Edge is up to 48 percent faster than Google Chrome,” Microsoft said in a recent 30-second ad highlighting its superiority over the Google Chrome browser in terms of speed. The ad then concluded that it is “the faster way to get things done on the web.”

    In another ad, Microsoft claimed superiority over Chrome in terms of browsing security. “Microsoft Edge blocks 18 percent more phishing sites than Google Chrome,” the ad claimed. It then concluded that using Edge is “the safer way to get things done on the web.”

    It is understandable why Window would specifically target Chrome in its marketing. Google’s browser remains the most popular browser to this day, owning an enviable 50 percent of the market.

    [Featured image via Pixabay]