Modernizing Transport Security

It has a long history stretching back to the nearly twenty-year-old TLS 1.0 and its even older predecessor, SSL. Over that time, we have learned a lot about how to build secure protocols.TLS 1.2 was published ten years ago to address weaknesses in TLS 1.0 and 1.1 and has enjoyed wide adoption since then. Today only 0.5% of HTTPS connections made by Chrome use TLS 1.0 or 1.1. These old versions of TLS rely on MD5 and SHA-1, both now broken, and contain other flaws. TLS 1.0 is no longer PCI-DSS compliant and the TLS working group has adopted a document to deprecate TLS 1.0 and TLS 1.1.In line with these industry standards, Google Chrome will deprecate TLS 1.0 and TLS 1.1 in Chrome 72. Sites using these versions will begin to see deprecation warnings in the DevTools console in that release. Modernizing Transport Security

thumbnail courtesy of googleblog.com

Building a Titan: Better security through a tiny chip

To better protect that information at a hardware level, our new Pixel 3 and Pixel 3 XL devices include a Titan M chip.We briefly introduced Titan M and some of its benefits on our Keyword Blog, and with this post we dive into some of its technical details. Titan M is a second-generation, low-power security module designed and manufactured by Google, and is a part of the Titan family. As described in the Keyword Blog post, Titan M performs several security sensitive functions, including: Storing and enforcing the locks and rollback counters used by Android Verified Boot. Securely storing secrets and rate-limiting invalid attempts at retrieving them using the Weaver API.Providing backing for the Android Strongbox Keymaster module, including Trusted User Presence and Protected Confirmation. Titan M has direct electrical connections to the Pixel’s side buttons, so a remote attacker can’t fake button presses. These features are available to third-party apps, such as FIDO U2F Authentication. Building a Titan: Better security through a tiny chip

thumbnail courtesy of googleblog.com

Fiserv Flaw Exposed Customer Data at Hundreds of Banks

Fiserv, Inc., a major provider of technology services to financial institutions, just fixed a glaring weakness in its Web platform that exposed personal and financial details of countless customers across hundreds of bank Web sites, KrebsOnSecurity has learned. Fiserv Flaw Exposed Customer Data at Hundreds of Banks

thumbnail courtesy of krebsonsecurity.com

 

This is why banks make me nervous as heck.

Chime in: Have you had good or bad experiences with McAfee AntiVirus?

The antivirus debate is a hot one. Many people swear that the Windows Defender Security Center baked into Windows 10 is enough to keep a PC safe, while others go to great lengths to find the perfect antivirus that balances performance and security. When buying a new laptop, many manufacturers will include a trial period for third-party antivirus software, including McAfee AntiVirus. Windows Central Forum Member Closingracer recently created a thread asking whether or not McAfee is indeed worth re-upping a subscription. I just bought a Dell G7 and it came with 1 year free of McAfee. I usually avoid both like the plague but I do have some recent experience with Dell since I got an All on 1 for free to review and liked it so I figured between price and the fact it is the only laptop with the 1060 Max Q under $1,000 I will get this laptop. Chime in: Have you had good or bad experiences with McAfee AntiVirus?

thumbnail courtesy of windowscentral.com

I have had both good and bad experiences with Mcafee antivirus.  To be honest with you I haven’t had a good experience with the product since John Mcafee sold the company several years ago.  I currently recommend Sophos Antivirus and Malwarebytes for security.

Patch Tuesday, August 2018 Edition

Adobe and Microsoft each released security updates for their software on Tuesday. Adobe plugged five security holes in its Flash Player browser plugin. Microsoft pushed 17 updates to fix at least 60 vulnerabilities in Windows and other software, including two “zero-day” flaws that attackers were already exploiting before Microsoft issued patches to fix them. Patch Tuesday, August 2018 Edition

thumbnail courtesy of krebsonsecurity.com

Is Antivirus Software Still Needed?

Antivirus software programs remain prominent in the tech market, but fewer people are buying them, despite the fact that scammers are more active than ever, and newer and more innovative ways to harvest personal data continue to emerge. This article explores the reasons why many appear to have lost faith in antivirus software but also why it still has a role to play in keeping you safe online. The expansion of the internet  In times gone by, antivirus software was the only defence against unwanted entities making their way into your device. However, these days, internet powerhouses such as Google and Facebook actively fight this themselves, and the positive effects of this trickle down to make the net safer for everyone else. Clearly, these giants of the internet have far more power to tackle viruses that the likes of Norton and AVG Ultimate which are often sold along with a new PC. So you may wonder what I’m getting with AVG Ultimate, for example. Is Antivirus Software Still Needed?

thumbnail courtesy of t2conline.com

Compared to 10 years ago, I see a fraction of viruses on computers these days.  The majority of infections that I encounter are malware, adware, and ransomware.  However, I would recommend using at least a free antivirus.

FBI Warns of ‘Unlimited’ ATM Cashout Blitz

The Federal Bureau of Investigation (FBI) is warning banks that cybercriminals are preparing to carry out a highly choreographed, global fraud scheme known as an “ATM cash-out,” in which crooks hack a bank or payment card processor and use cloned cards at cash machines around the world to fraudulently withdraw millions of dollars in just a few hours. FBI Warns of ‘Unlimited’ ATM Cashout Blitz

thumbnail courtesy of krebsonsecurity.com

Google Public DNS turns 8.8.8.8 years old

(Sunday, August 12th, 2018, at 00:30 UTC marks eight years, eight months, eight days and eight hours since the announcement.) Though not as well-known as Google Search or Gmail, the four eights have had quite a journey—and some pretty amazing growth! Whether it’s travelers in India’s train stations or researchers on the remote Antarctic island Bouvetøya, hundreds of millions of people the world over rely on our free DNS service to turn domain names like wikipedia.org into IP addresses like 208.80.154.224.Google Public DNS query growth and major feature launchesToday, it’s estimated that about 10% of internet users rely on 8.8.8.8, and it serves well over a trillion queries per day. But while we’re really proud of that growth, what really matters is whether it’s a valuable service for our users. Namely, has Google Public DNS made the internet faster for users? Does it safeguard their privacy? And does it help them get to internet sites more reliably and securely?In other words, has 8.8.8.8 made DNS and the internet better as a whole? Google Public DNS turns 8.8.8.8 years old

thumbnail courtesy of googleblog.com

U.S. states can now force consumers to pay online sales tax

In other words, you might have to start paying tax on B&H orders. On Thursday, June 21, the Supreme Court voted in favor (5-4) of allowing states to require online buyers pay sales tax no matter what site they’re shopping at. In 1992, it was ruled that consumers didn’t have to pay sales tax on an item if it was being shipped from a store that didn’t have a physical presence in the state of the buyer. However, following this recent decision from the Supreme Court, that’s no longer the case. According to The Hill —

Delivering the opinion of the court, Justice Anthony Kennedy said the physical presence rule in that former case, known as Quill Corp. v. North Dakota, is unsound and incorrect. For readers of our site, one of the biggest implications this ruling will have is on B&H. U.S. states can now force consumers to pay online sales tax

thumbnail courtesy of windowscentral.com

 

I am curious what are your thoughts on this?