Category: Blog

Google Wants Children Watching YouTube Kids App

More often than not, Google is seen as a force for good on the internet. However, in one area in particular, their actions and words haven’t been in alignment, and it’s gotten them in trouble.

Here’s Google’s official statement about their YouTube Kids service:

“Protecting kids and families has always been a top priority for us.  Because YouTube is not for children, we’ve invested significantly in the creation of the YouTube Kids app to offer an alternative specifically designed for children.”

That statement is true as far as it goes, but there’s an important catch.  The YouTube Kids app is frustratingly difficult to get.  You can’t install it on your Xbox.  Most smart TV’s on the market today don’t support it, and you can’t put it on a PC.  Aside from a few models of LG and Sony smart TVs, and smartphones, it’s just not an option.

Contrast that with the regular YouTube app, which has been rolled out to just about every platform there is, and it’s easy to see where Google’s primary focus is.

It’s not hard to understand the reasoning behind the difference in availability.  One of the key differences between YouTube and YouTube Kids is that the latter doesn’t have targeted advertising, while the former does. Google makes a lot of money on YouTube ads.  It’s simple economics.

Unfortunately, it’s also gotten the company into hot water.  They’ve had complaints from more than 20 consumer advocacy groups, who have banded together and taken their case to the FTC.

In part, the complaint reads as follows:

“Google has made substantial profits from the collection and use of personal data from children on YouTube.  Its illegal collection has been going on for many years and involves tens of millions of US children.”

Ultimately, what the advocacy groups want is for Google to move all kid-centric content over to YouTube kids. However, the company would be extremely reluctant to do that because their kid-friendly app has such limited availability.

This is a thorny issue with no easy answers, and at this point, it’s unclear how Google is going to respond to the complaint.

FBI Advises Users To Reboot Their Routers

Cisco’s Talos Security Team has identified a new threat, and it’s a nasty one impacting more than half a million consumer-grade routers in the US.  According to the Talos Team’s report, the new malware is impacting a broad cross-section of routers made by TP-Link, QNAP, Netgear, Mikrotik, and Linksys.

Known as “VPNFilter,” the malware currently infecting routers appears to be the first stage in a multi-phase attack, with the first segment allowing the hackers to collect a wide range of communications data and slave the device to launch attacks on others.  The code also contains a kill command that allows the hackers to destroy the device at will.

As of now, the FBI has already taken swift action and has seized a domain used by the hackers as a means to deliver the later stages of the attack. They report that the primary and secondary means of further infection have been dismantled.  They also report, however, that the hackers still have a fallback method of infection, which relies on sending “poisoned” data packets to each infected device.

Based on an evaluation of the code and the presence of redundant mechanisms for delivering the later stages of the infection, the code has been traced to a Russian hacking group with deep ties to the Russian government.  The group is known by a variety of names, including Fancy Bear, Sofacy, APT 28, and Pawn Storm.

On the heels of seizing the domain, the FBI released a statement that includes:

“The FBI recommends any owner of small office and home office routers reboot the devices to temporarily disrupt the malware and aid the potential identification of infected devices.  Owners are advised to consider disabling remote management settings on devices and secure with strong passwords and encryption when enabled.  Network devices should be upgraded to the latest available versions of firmware.”

Windows 10 Gets iTunes App For Apple Users

Apple promised that its iTunes app would be available on the Microsoft Store by the end of 2017.  The announcement was greeted with enthusiasm, but unfortunately, the company didn’t meet their own deadline. They cited the need for more time to build a more robust user experience for Windows users.

The wait is finally over, and its big news, because some Windows 10 machines can only download apps, and prior to this, iTunes was offered as a standalone download only.

The app is fairly sizeable, weighing in at 476.7MB, and is compatible with both x86 and x64 PCs.

A recent Microsoft blog post had this to say about the announcement:

“Now you can download iTunes from Microsoft Store and easily play your favorite music, movies and more – right from your Windows 10 PC.  iTunes is also home to Apple Music, where you can listen ad-free to over 45 million songs and download your favorites to enjoy without using WiFi.  iTunes is free to download, and you can try Apple Music free for three months.  There’s no commitment, and you can cancel anytime.”

One thing to be aware of is that if you already have an older version of iTunes installed on your machine and you download this app, it will automatically replace your older version.  It is recommended, therefore, that you back up your data before downloading the latest.  While it does offer a better user experience, it’s not worth the loss of your existing library of files.

Kudos to both Apple and Microsoft here. Apple for bringing an excellent free app to the Microsoft Store, and Microsoft for continuing to play nice with their longtime rival, and allowing their massive user base the pleasure of enjoying a portion of Apple’s wonderfully robust ecosystem.

Apple Users Are Getting Group Facetime

Apple’s Legions of users love FaceTime, but there’s a problem with the highly popular app.  It only allows you to see and talk to one person at a time.  Apple fans have been clamoring for Group FaceTime for almost as long as the app has existed, and soon, they’ll get their wish.

Beginning with iOS 12, Group FaceTime will finally be “a thing,” allowing you to simultaneously talk with up to 31 of your contacts.  Even better, the new functionality will allow you to turn any iMessage group chat into a group FaceTime session, and switch back to iMessage at will.

Don’t want to be on camera in a group setting?  Apple has an answer for that too.  The company has announced that when Group FaceTime is rolled out, you’ll be able to place an Animoji over your face, or apply one of several different photo filters to disguise you. This is because they know that some days, you just might not feel “camera ready.”

At the end of the day, Group FaceTime is probably going to be a lot like tabbed browsing was for many users.  Until you try it, and until it’s readily available, you won’t truly appreciate its value. Once you try it for the first time, it won’t be long before you’re unable to imagine life without it.  It’s a cool, indispensable addition whose time has come.

Kudos to Apple’s loyal fan base for keeping Group FaceTime on the radar, and kudos to Apple itself for finally listening to their customers and giving them what they want.  While we could quibble that they took longer than we’d like to make this feature a reality, in the end, they listened.  That is the essence of business, isn’t it?  Giving your customers what they want.

Can Computer Data Be Stolen Through Power Lines?

If you have an air-gapped computer, you probably think you’re safe.  You may think that barring physical access to the machine, no hacker could possibly steal the data on that machine.  Unfortunately, you’d be incorrect.

Security researchers from the Ben Gurion University of the Negev, in Israel, have discovered a new way of stealing data using power lines.  While that may sound like science fiction, it’s actually real and a genuine threat, even to computers thought to be highly secure.

If you’re not familiar with the term, an air gapped computer is one that is isolated from local networks and the internet.  Because it’s not connected to anything, these machines have long been regarded as the ultimate in data security and are used by governments and corporations to store their most sensitive data.

Here’s what the researchers had to say about their discovery:

“As a part of the targeted attack, the adversary may infiltrate the air-gapped networks using social engineering, supply chain attacks, or malicious insiders.  Note that several APTs discovered in the last decade are capable of infecting air-gapped networks (e.g. Turlal, RedOctober and Fanny).

However, despite the fact that breaching air-gapped systems has been shown feasible, the exfiltration of data from an air-gapped system remains a challenge.”

Up until now, anyway.

The researchers have dubbed this new technique “PowerHammer,” and it accomplishes the task of siphoning data from air-gapped systems by creating fluctuations in the flow of electrical current to create a Morse-code-like pattern, which can be used to create a simple binary system.

That accomplished, the only other thing that’s needed is a piece of hardware to monitor the flow of electricity as it passes through power lines and then, decode the signal.  According to the research team, data transfer speeds of up to 1000bps can be achieved.

This should scare the daylights out of anyone in data security.

Embedded Sound Waves Could Damage Your Computer

It seems like a new attack vector emerges on a weekly basis, and this week is no exception.  The latest threat:  Emails containing specialized audio files whose acoustic vibrations can damage your computer’s hard drive. This is possibly damaging to the point of causing system failure, data corruption, and making it impossible to successfully reboot your machine.

As the researchers point out, “Intentional acoustic interference causes unusual errors in the mechanics of magnetic hard disk drives in desktop and laptop computers, leading to damage to integrity and availability in both hardware and software such as file system corruption and operating system reboots.  An adversary without any special-purpose equipment can co-opt built-in speakers or nearby emitters to cause persistent errors.”

It should be noted that as scary as this type of attack sounds, in practice, it is of limited value.  An increasing percentage of laptops and desktop PCs sold today come with SSDs for storage, which are not vulnerable to this type of attack.

In addition to that, not just “any” sound will do.  For the attack to be successful, the acoustic vibrations have to be strong enough to do real harm, and quiet enough that the attack is difficult to detect, lest it be aborted immediately.  The combination of those two factors make it unlikely that this one will gain widespread attention from the hacking community.  Nonetheless, it pays to be both mindful and vigilant, especially if you have an older PC or work in an office with older equipment.

The research team who discovered the new attack vector have created a new sensor fusion model that could be delivered through a firmware update.  Once updated, it would prevent unnecessary head parking in the hard drive, thus limiting the potential damage the attack could cause.  So far, there has been no word that PC manufacturers are considering making the necessary changes to their firmware.  Time will tell.

G-Mail Users Will Soon Have To Use New Design

<img class=”alignnone size-full wp-image-7970 alignleft” src=”https://www.securepc-wi.com/wp-content/uploads/2018/07/gmail-resized.jpg” alt=”” width=”300″ height=”225″ />Change is coming, and not everyone is happy about it.  Recently, Google redesigned its G-mail interface, and since then, they’ve allowed their free users to opt into the new changes.  G-Suite users may or may not see the option to try the new interface, depending on whether their administrators have enabled the option and made it visible.

The company just announced that beginning in July, 2018, administrators will be required to give all users the ability to opt into the new interface.  Then, sometime in September 2018, all users will be switched to the new interface by default, although the option to switch back to the old interface will be available for approximately one month.  After that, the option to use the old interface will vanish, and all G-Suite users will only be able to use G-Mail using the new interface.

The company has not made any official announcement regarding users who have free G-Mail accounts. However, most industry insiders expect that given the timetable outlined above for G-Suite users, free G-Mail users can expect an email or other communication from Google about when the option to use the old interface will be going away for good.  Ultimately, Google means for everyone to use their new interface design, and will certainly enforce that.

Google’s handling of the change has been exceptional.  Change comes to us all, and in business, sometimes it can descend at a terrifying pace.  Only by slowing things down to a more human scale can you give your employees time to adapt and grow accustomed to the coming change.

Kudos to Google for a job well done, and business owners, take note.  Change may be inevitable, but it doesn’t have to be scary.  Just give your employees time to get used to the idea.

Microsoft Purchases GitHub – What Does This Mean For Open Source?

Microsoft just made a big, significant purchase that has raised more than a few eyebrows.  They just acquired GitHub for a hefty $7.5 billion.

What makes the purchase interesting and potentially troublesome is that Microsoft is the world’s largest proprietary software company, and GitHub is the world’s largest open source hosting service.

The natural question on everyone’s mind then, is what does this mean for open source?  Is it doomed?  Is it soon to go the way of the dinosaur, or will Microsoft hold the reins of power loosely and let open source continue to flourish?

Those are fair questions, especially given that GitHub is used by more than 28 million developers around the world, and is home to more than 85 million code repositories.  In addition to that, the company was built on Git, which is an open source version control software written by Linus Torvalds (the creator of Linux). Its founders have worked hard to develop innovative workflows that have made the hub easy to use and work with.

The fear is that Microsoft will start strangling those developments and insist that GitHub begin using proprietary Microsoft products.  While it’s too early to say for certain, the early indications are encouraging.  Microsoft has stated that GitHub will be allowed to retain its status as an “open platform” and its service will continue to be offered for free.

Having said that, there will be some changes, including the fact that Microsoft will be offering integration between its AppCenter mobile testing service and projects hosted on GitHub.  This builds on previous collaborations between Microsoft and GitHub.  Last year, GitHub announced that they would support Microsoft’s “Git Virtual File System,” which the company designed for enterprise-sized data repositories.

The skeptics are right to be skeptical, but so far, the early indications are positive.  Note that it’s not a done deal just yet.  The merger is subject to regulatory approval in both the US and the EU.

Hacked Routers Being Used To Spread Malware

Beware of compromised routers spreading malware.  This is according to both Kaspersky Labs and a recently released government report.

Using hacked routers to spread malware is nothing new.  Security insiders have known about it for years. However, since 2008, the number of instances where routers are being used to push malicious code has been steadily increasing. Researchers are observing marked increases in their use by APTs (Advanced Persistent Threat) around the world.

APTs are nothing new either, although their ranks have been growing in recent years.  Many are state-sponsored hacking groups with virtually unlimited resources. Some are simply tight-knit groups of hackers banding together under a single banner.

Many people view hackers as lone wolves and that there are millions of lone wolves hacking networks across the globe.  Increasingly though, these are becoming minor actors on the world stage.  The real threat is now well-organized groups of hackers who can execute highly coordinated globe-spanning attacks and create botnets comprised of tens, or even hundreds of thousands, of compromised computers.

In addition to identifying and calling attention to a little-known attack vector, the recent announcement underscores an important weakness in current cybersecurity thinking.  Most people are still laboring under the faulty assumption that they’re facing individual hackers operating out of a dark room in someone’s basement.

While those types of threats are no doubt present, it’s false to assume that’s where the biggest danger lies.  If you get hacked, it’s just as likely (perhaps even more likely) that you’re actually facing a well-organized group who may have more resources at their disposal than your entire IT department.  While you’re preparing to fight a skirmish, the barbarians are coming to your gates with an army.  Most people are simply planning to fight the wrong type of battle, and that could prove to be a devastating mistake.

Study Shows Employee Satisfaction Is Higher With Technology Improvements

A new study recently published by HPE Aruba called “The Right Technologies Unlock The Potential Of The Digital Workplace,” reveals some interesting details about technology in the workplace that’s worth paying attention to.

The study was conducted by collecting feedback from more than seven thousand companies of various sizes around the globe.  These were broken broadly into two groups: “Digital Revolutionaries,” which made more and better use of cutting edge technology, and “Digital Laggards” which were slower to adopt the latest and greatest technologies.

The headline statistic is that 51 percent of employees working in companies employing more technology reported greater job satisfaction, and an impressive 72 percent of employees in these companies reported a greater ability to adopt new work-related skills.

Other intriguing statistics include:

  • 31 percent of respondents in the “Digital Laggard” category indicated that tech aided their professional development, compared with 65 percent in the “Digital Revolutionary” category
  • 92 percent of respondents said that more technology would improve the workplace overall
  • 69 percent of respondents indicated a desire to see fully automated equipment in more widespread use in the workplace

Joseph White, the Director of Workplace Strategy, Design and Management at Herman Miller said in a press release:

“No matter the industry, we’re seeing a move toward human-centric places as enterprises strive to meet rapidly changing expectations of how people want to work.  This depends upon combining advances in technology -which includes furnishings- with the cognitive sciences to help people engage with work in new ways.  This will not only mean singular, premium experiences for individuals, but also the opportunity for organizations to attract and retain the best talent.”

The study notes, however, that cyber security issues remain as challenging as ever.  Survey respondents reported lower than average cyber security awareness, which could lead to greater risks and exposure as workplaces become increasingly digitized.

While a small majority (52 percent) of respondents reported thinking about cybersecurity often (daily), fully a quarter have connected to unsecured WiFi and one in five reported using the same passwords across multiple web properties. These are the two most dangerous cybersecurity-related behaviors.

Clearly, increased technology has its risks.