In other words, if you run a web site that fails to meet Google’s mobile-friendly requirements, that site will now appear lower down in Google’s search results, when the search is performed on a mobile device.
There’s no reason to panic, however. Mobile-friendliness is only one of numerous factors that determine where a site ranks in Google search results.
A recent Cloudmark analysis shows that spam traffic originating in Canada has dropped by as much as 37% since Canada’s Anti Spam Law (CASL) took effect last year. Canadians are also receiving 29% less spam than before CASL.
This is terrific news, particularly as there had been some doubt as to whether the new law would prove effective.
Recent studies from Verizon and Symantec show that malicious hackers almost always gain unauthorized access to computer systems because of misconfigured software and user errors. You don’t have to be a genius hacker to get into a supposedly secure system if a sysadmin left the door wide open, or if you can fool a gullible user into revealing their password.
As a user, you’re probably getting tired of being told to be careful when clicking links on the web and in email. But it’s good advice. If you receive an email message that includes a link, and tells you to click the link, think before you click. If someone asks you for your password, do not give it to them.
Noted technology blogger Jeff Atwood discusses passwords in a recent post on his entertaining and informative site Coding Horror.
Jeff wants web-based services to get better at both insisting on strong passwords, and helping users to choose those passwords; or to switch to authentication technologies provided by Facebook, Google, and others. Based on his testing, he also observes that passwords shorter than twelve characters are easy to crack using brute force methods.
Up to this point, there has been some doubt as to whether the CRTC and the Competition Bureau would follow through on the promise of the new law. Doubt no more: the worst offender was a Quebec company called Compu-Finder, which received a whopping 1.1 million dollar fine.
It’s not often that I find a reason to praise the CRTC, but this is one of those times. Nice work, folks! Keep it up.
If you’re not familiar with the term, you should be. ‘Malvertising‘ refers to the increasingly common tactic whereby malicious persons include exploit code within what otherwise appears to be legitimate, web-based advertising.
Organizations that provide advertising platforms – including Google – need to deal with this threat quickly. If they don’t, there’s likely to be a surge in users installing ad-blocking software in their browsers. I personally use and recommend NoScript, a browser plugin that blocks all Javascript (and Malvertising) by default.
It’s been about two weeks since the FREAK vulnerability was first reported. The flaw itself has existed for at least ten years, and we now know that it affects mobile devices, Mac OS X, and Windows.
FREAK (Factoring Attack on RSA-EXPORT Keys CVE-2015-0204) is a weakness in some implementations of SSL/TLS that may allow an attacker to decrypt secure communications between vulnerable clients and servers.
Google has released an updated version of its Android OS and Chrome browser for OS X to mitigate the vulnerability. Microsoft has released a Security Advisory that includes a workaround for supported Windows systems.
It’s now clear that this is a teaching moment for the Internet. The FREAK flaw exists because of the ridiculous (and short-lived) insistence by the US government that encryption software designated for export be made deliberately weak. The imposed restrictions ended, but the code involved in switching between strong and weak encryption remained. This intentional weakening of encryption is similar to the kind of ‘golden key’ (back door) for which intelligence organizations are currently clamouring. The lesson: Encryption Backdoors Will Always Turn Around And Bite You In The Ass. Bruce Schneier calls this a ‘security rollback‘. The Economist puts it succinctly, “…mathematics applies to just and unjust alike; a flaw that can be exploited by Western governments is vulnerable to anyone who finds it.”
If you’ve registered domains using the Google Apps for Work service, there’s a good chance your registration (WHOIS) information is now available to unscrupulous persons.
Apparently a software defect in Google Apps started leaking the registration info (names, phone numbers, physical addresses, e-mail addresses, etc.) in mid-2013. The defect was recently discovered by a security researcher. Google acted quickly to stop the leaking, but for many, the damage has already been done.
If your information was leaked, you’ll likely start seeing an increase in spam to associated email addresses. The information may also be used in spear phishing attacks.
Note that while domain registration information is public, most domain registrars (including Google Apps) allow for this information to be hidden or only accessible indirectly. This likely encouraged many registrants to use accurate information, making the leak that much worse.
In the wake of the Snowden revelations, there’s been a lot of new interest in Virtual Private Networks (VPN).
A VPN service works by creating a secure, encrypted network that extends across the public Internet, allowing users to communicate securely with remote systems. VPNs have been used for corporate networks – which are often distributed across many physical locations – for years.
While a VPN service can be set up by anyone using open source software and network hardware, a simpler approach for typical users is to use one of the many VPN service providers currently available.
With so many people now depending VPN services, TorrentFreak wondered just how private those services really are, and came up with a list of questions for VPN providers. For example, some VPN providers keep logs of user IP addresses, which – when handed over to the NSA – could lay bare your supposedly private communications.
Ramnit began operations in 2010, and has evolved from a simple worm to include advanced features for stealing personal/banking information and self-propagation. In its latest incarnation, Ramnit is capable of compromising infected computers in numerous ways. In 2012, Ramnit was used to gain access to 45,000 Facebook accounts.
Only time will tell whether this crackdown has actually succeeded in ridding the world of this particular piece of malware.
Rants and musings on topics of interest. Sometimes about Windows, Linux, security and cool software.
Close
Ad-blocker not detected
Consider installing a browser extension that blocks ads and other malicious scripts in your browser to protect your privacy and security. Learn more.