Category Archives: Google

Google to Add GMail Features – Maybe – For A Fee?

Google has a interesting strategy.  Build prototypes of products.  Show them or leak them.  See if anyone cares.   Kill them if it doesn’t work out – there are lots of examples.  After many users are already using them.

One other thing that they do is attempt to lock users into the Google ecosystem.  Of course.

Tech Crunch is reporting that Google is working on a self destructing email (like Snap Chat for email?).  But it only works if both users are on GMail and only if both users use the web client for GMail.  Sounds a bit limiting.  If one user is not using the GMail web client, they get a link instead that takes them to the web.

They may also be adding a feature to stop printing and stop forwarding.

Again, if they do, it will only work for GMail on both ends and only with the GMail web client.

Information for this post came from The Register.

So what does this mean?

Well first, what seems to be missing is end to end encryption, which seems like a pretty important feature.  

But encryption stops them from reading your email and doing things that they like to do.  They don’t read your emails to target ads – they have better ways to target ads – but they do read them for other features.

Next, the speculation is that this will only be available under the paid GMail model (GMail for business).  The paid version costs either $10 or $25 a month per user.  At that price there are competitors.

As of last year, Google said that they had 3 million paying users.  Microsoft says that they have 60 million paying Office 365 users and adding 50,000 customers (not mailboxes) a month.  Google never wants to play second fiddle.

It is certainly possible that they will give it away for free, but given that they are so far behind Microsoft, maybe not.  With GDPR taking effect in the European Union next month and other countries, not including the U.S. following the EU lead, maybe ad revenue might be less predictable going forward.  Millions of monthly paying customers might be nice.

If you are looking for a free answer for secure email, Proton mail is a good choice.  They also have a paid version with more features, but the free version is pretty good.

Office 365 has nice security features at well below $25 a month.  Microsoft has said that they are about to roll out end to end encryption for all paid Office 365 users at all levels.

The bottom line is that if you are looking for a secure email solution there are some decisions to make.  To me, Google’s solution is not so great.

 

Facebooktwitterredditlinkedinmailby feather

Chrome to Mark All HTTP Sites as Not Secure in July

For those companies that haven’t installed HTTPS certificates on their web site because, you know, why bother – Google has just upped the ante a bit.

Starting in July, the Chrome browser will mark all websites that do not use HTTPS by default NOT SECURE.

It used to be that HTTPS certificates were expensive and complicated, but that has gotten a lot simpler and a lot cheaper in the last few years.

Chrome, which leads the way in market share with about 60% of the market, is often the bell weather for other browser makers to follow.

Additionally, even currently, sites that are not HTTPS get their Google search engine page rank lowered, so they appear further down in the Google listings than other sites.

While they have not said this, if history is any indicator, the next move after this release will be to issue a warning to users saying the site they are about to visit is not secure and do you really want to proceed.  They will have to click on a box to get the browser to display the web page.

Our recommendation is that if you have not already made your site AUTOMATICALLY use HTTPS, now it the time to get that done.

Information for this post came from Google’s Blog.

Facebooktwitterredditlinkedinmailby feather

Google Creates New Security Center for G-Suite Enterprise Customers

Google is trying to keep up with the Jones (AKA Micosoft) and is building some security tools for its enterprise customers.  Microsoft is way ahead in this area and if Google wants to compete in the enterprise space it needs to offer enterprise class tools.

First of all, this only is available to G-Suite Enterprise customers.  Most Google users use the free version.  Above that is Basic at $5 per user per month, then Business at $10 and finally Enterprise at $25.  So this capability is only available to a small percentage of Google customers.

Still, those customers are the ones with the best revenue per customer and Google is losing some of them back to Microsoft.

For enterprise customers, this is a great addition.

For some customers, this may be motivation to upgrade to the next level of pricing plan.

The first piece of the security center is a dashboard that gives admins a view of their overall security posture.  It gives those admins a view across products like GMail, Google Drive and others.

The second feature gives the admin an overview of the company’s cyber security settings and make recommendations for improving security.

Google’s plan is to continue to enhance the dashboard so that it will have more features and functionality.

This is a smart move on Google’s part.  Hopefully, they will give Business class users access to this.  It may be that they are testing it on enterprise customers to tune it or maybe they will create a stripped down version for Business customers.  Clearly, this is a useful tool.

If you are a Google Enterprise customer, you should check this out.

 

Information for this post came from Techcrunch.

Facebooktwitterredditlinkedinmailby feather

Don’t Turn on WiFi on Your Phone Until You Patch it

An interesting vulnerability was just announced that affects both Apple and Google/Android phones.  That is something that is very unusual.

The bug is tied to a part of all cell phones called the baseband processor.  It is the part of the phone that controls the radios inside your phone.  In this case, the chip is the Broadcom 43xx family of chips.  According to Broadcom this chip can control your cellular radio, WiFi, Bluetooth and FM radio all on one chip.

Unfortunately, researchers found a bug in the WiFi code that would allow an attacker to take over the baseband processor and from there, the entire phone.

The reason this affects both Apple and Android phones is that this chip is used by almost everyone.  From iPhone 5s to the newest Android phones, they are all impacted.

Apple just released iOS 10.3.3 (which may or may not have been downloaded to your iPhone yet) and Google just released an Android patch in the July updates.  Unlike Apple devices, Android users have to wait for manufacturers to pick up Google’s fixes and test them and then wait again for carriers to make them available.  The only users who do not have to wait are Google branded Android phone users.  Those users get their patches directly from Google.

What can you do?

Three answers.

If you are an Apple user, download iOS 10.3.3 and install it.  Done!

If you are a user who is running a relatively new version of the Android OS on your phone AND your phone manufacturer/carrier is actively releasing updates, you should install the July update as soon as it is available.  That might be 30 days or more.

If you are running an older version of the Android OS and/or your carrier/phone vendor is not releasing security updates, you are kind of out of luck.  Turn off your WiFi and DO NOT TURN IT ON EVER AGAIN.  This is probably. for most people, time to get a new phone.

Why, you say, am I so aggressive about this?

The report is that you only have to be within radio range of the WiFi access point which is trying to attack you in order to be compromised.  You DO NOT need to connect to that access point.  You do not need to open a web browser.  You do not need to install an app.  You do not need to click on a link.  All you need to do is be near a rogue WiFi access point – which could easily be hidden in someone’s backpack.

So, for now, until you have installed the patch, if you can, leave WiFi off.  If you can’t, then only turn it on when you have to.

We will know more after the researcher presents his findings at Blackhat later this month, but at least from what we have heard, this don’t not affect Windows or Mac computers, only mobile devices. But, stay tuned;  this is not the end of the story.

Information for this post came from Threatpost.

Facebooktwitterredditlinkedinmailby feather

Google Adds Easy iOS Management Option for G-Suite Users

For those Google G-Suite (AKA Google Apps and Google Apps for Work) users, Google has released a new option for managing iPhones and iPads.

What is great about it is that it does NOT require installing an agent on the phone or pad.

Google calls it the Basic Mobile Management option for iOS and it allows G-Suite administrators to manage iOS devices without having to install an agent or a profile.

It allows administrators to enforce screen locks or passwords on the devices including the minimum or maximum number of characters in a password and the expiration period.

It can also force a factory reset after too many failed login attempts.

Administrators can wipe the entire device if it is lost or stolen or just G-Suite data if the user is leaving the company.

The software allows an administrator to see all of the devices connected to their domain which is certainly a nice feature.

Administrators will be able to set up corporate accounts on the devices similarly to setting up personal accounts.

Google does offer a more robust product, advanced mobile management, for users that want even more features, but for a lot of companies. Basic will be sufficient.

Curiously, this only works on non-Google (Apple) devices.  Users have to install an agent on Android devices to do the same thing.

Google Mobile Management is available at no extra charge for G-Suite users.

Information for this post came from eWeek and Google Support and G-Suite admin help.

 

Facebooktwitterredditlinkedinmailby feather

The End of the Road for HTTP://

Google has decided to lead the way on web, as it often has.  In this case, Google has announced that as of January 1, 2017, web pages that transmit credit cards or ask for passwords over HTTP (vs. HTTPS) will be marked with this flag in the address bar:

not-secure-2

Some of will say that this is as it should be, and I will be the first to agree with you. Any web site that asks for your userid and password over an unsecure connection needs to be flogged appropriately.  Likewise if a web site asks for credit card information in clear text, it is, at the very minimum, in violation of the merchant agreement that the company signed with its bank.  It too needs to mend its ways.

My guess is that there are way too many sites that will get scooped up in this NOT SECURE net come January 1.  It likely will be like the changeover to chip based credit cards.  When last September came, people said “crap” – or some to that effect – they aren’t kidding;  they really are going to leave this deadline in place and companies started doing what they should have been doing a year prior to that. However, they discovered that fixing this problem was harder than they thought.  As a result, almost a year past this deadline, there are still hundreds of thousands of businesses that have not converted.  I do predict that almost every single major site will have this handled well in advance.  No doubt Google is already talking to major web properties privately.

In this case, people may think that Google will blink.  While no one knows for sure, I would not bet on that outcome.

But this is not where it ends.  It ends with, in Google’s view, the death of HTTP.

The next step is to label all pages that are loaded without encryption when the user is in incognito mode as NOT SECURE.

Finally, the last step is to label all pages loaded with HTTP as NOT SECURE.  They have not provided a date for this, but it may well be during 2017.

Of course, this only affects users who use a Google browser on their computer or phone, but according to W3Schools, this is over 72% right now – and growing.  Last August, that percentage was only 64% (see stats here).

Since most businesses do not want their customers to see that message when going to their web site, they will finally, reluctantly, migrate all traffic to HTTPS.

And to be clear, this does not mean optionally HTTPS;  this means mandatory HTTPS.

The biggest challenge will be for companies that have hundreds or thousands of web sites.  They will need to touch each one of them.  They may need to order an SSL certificate for each one.  It will require some work.

My recommendation is to start now and avoid the New Year’s Eve rush.

 

Information for this post came from Google’s security blog.

 

[TAG:TIP]

Facebooktwitterredditlinkedinmailby feather