Tag: Security

After a limited rollout nearly a year ago, Instagram has rolled out two-factor authentication to all users.  The new security feature can be enabled through settings and once it is done, it will require that you authenticate not only with your password but with a SMS code sent to you phone.  This will only be required if you log out of the app and not every time you use it (assuming you keep yourself logged in).

Two-Factor authentication is something I highly encourage readers to enable on all their accounts, especially social networks.  It significantly cuts down on your risk of your account being compromised.  Yes it is a pain to have to deal with but it is better than the alternative.

With the March Android Security Update rolling out, February’s update is just now being rolled out by AT&T to some Samsung devices.  The update for the Galaxy Note 4, Note 5 and S5 Active are just now hitting customers. The updates themselves are quite small, under 200MB, and only contain the security update changes & fixes.  To put things into perspective, T-Mobile released the February Android Security Update for the Note 5 on their network on February 1st, the day the patch was released.

The challenge of upgrades and security patches is a well trodden road that we don’t need to visit yet again.  But it speaks volumes of the problem facing the platform when one carrier is releasing a security patch some 5 weeks after it was originally released.

Samsung Galaxy Note 5

The update for these devices shouldn’t take long to download given their size.  Once you have the download completed, your will need to reboot your device to apply the update which, all in, should take about 20 minutes to get done.  For reference, the build numbers for the updates are as follows:

• Galaxy Note 4 – MMB29M.N910AUCS2EPK4
• Galaxy Note 5 – MMB29K.N920AUCS4CQB2
• Galaxy S5 Active  – MMB29M.G870AUCS2DPK5

Unless you just absolutely have to do so, I strongly encourage readers to avoid carrier locked devices from any carrier.  Updates tend to be much slower from carriers while unlocked devices from manufactures, as a general rule, will get updates faster.  That doesn’t always hold 100% true but close enough.  Obviously devices from Google like the Pixel and Nexus phones get updates the quickest.

Evernote has announced a policy change that goes into effect on January 27, 2017.  In that change, the company outlines that a limited number of Evernote employees could access and read your notes as part of their “oversight of machine learning” that the company has deployed.  And, more or less, you can’t do much about it.  The company has provided an opt-out for this new machine learning process but even if you opt-out, employees could still access your notes.

Not cool on so many different levels.

So first, not every employee can access your notes.  The list is small but there is a bit of a mystery as to what gets an employee on that list and how often they could access your information.  In the broader Privacy Policy of Evernote, they list the following as reasons that your account could be accessed by employees:

• We believe our Terms of Service has been violated and confirmation is required or we otherwise have an obligation to review your account Content as described in our Terms of Service;
• We need to do so for troubleshooting purposes or to maintain and improve the Service;
• Where necessary to protect the rights, property or personal safety of Evernote and its users (including to protect against potential spam, malware or other security concerns); or
• In order to comply with our legal obligations, such as responding to warrants, court orders or other legal process. We vigilantly protect the privacy of your account Content and, whenever we determine it possible, we provide you with notice if we believe we are compelled to comply with a third party’s request for information about your account. Please visit our Information for Authorities page for more information.

The problem is, especially with the first three on this list, that could be left up to interpretation.  Basically an employee on this list could claim that they believe ToS is being violated and access your account.

Google has launched an all new personal security app, Google Trusted Contacts.  As the name suggests, Trusted Contacts allows you to designate friends or family contacts as trusted where you can send them your location information or they can request it in case of an emergency.  The app allows your friends or family to see your activity, including your location and online activity, and determine if you are okay.  If they have not heard from you for a while, they can request your location information.  If you reply or deny the request, your contacts are notified that you are okay.  If you don’t respond within 5 minutes however, your location is automatically sent to your designated contacts so they can reach out to you or contact emergency services.

One of the best password management apps out there, LastPass, has given everyone a reason to be happy:  They have lowered their price to… free!  The even better news, they haven’t stripped the app down to the barebones either.  The free app now gives you the ability to sync your password and other secure content to your phone, PC, Chrome extension and tablet.  To this point, that sync feature was part of the premium package for the app (which was a quite affordable $1/month).

From the company’s blog…

I’m thrilled to announce that, starting today, you can use LastPass on any device, anywhere, for free. No matter where you need your passwords – on your desktop, laptop, tablet, or phone – you can rely on LastPass to sync them for you, for free. Anything you save to LastPass on one device is instantly available to you on any other device you use.

If you have been looking for a password management app, you need to seriously consider LastPass as an option.

In a report from NSS Labs, the research company found that Microsoft Edge, the latest browser from the Redmond company, is more secure against phishing and malware than both Google Chrome and Mozilla’s Firefox.  The set of reports, which can be downloaded here, tested three current versions of each browser over the months of September and October to get the results which will likely come as a surprise to some.  The versions tested for the reports were:

• Google Chrome 53.0.2785
• Mozilla Firefox 48.0.2
• Microsoft Edge 38.14393.0.0

The first report focused on phishing where Edge achieved a 91.4% over the course of 12 days of testing at the NSS Labs in Austin, Texas in recognizing phishing URLs presented to it.  Chrome was at 82.4% while Firefox came in at 81.4%.  This is an important consideration in choosing a browser given the social engineering nature of phishing attacks which can lead to compromised accounts for users.