All posts in “hacking”

Keep hackers at bay with this smart home privacy device that’s seeking funding on Kickstarter

Smart homes should be fun and help make your life easier. Your relaxation shouldn’t have come with a constant worry that someone could be using your devices to hack into your life. A new device on Kickstarter is hoping to make that possible. Say hello to your new watchdog: Akita Instant Privacy is the security device you never knew you needed.

The scenario: You purchase a smart doorbell or a smart light switch, connect it to your phone, and don’t really think past that. However, according to Akita’s Kickstarter page, the number of cyber attacks in smart homes has gone up, which could be related to the uptick in entry points where hackers can weasel their way in through connected devices. Scary, right?

Akita is another device that you can plug in and forget about, but could help you rest easy in the process. Using threat intelligence, behavioral analysis, and machine learning, Akita will scan your network for unusual activity and immediately shut it down, without slowing your connection. 

Check out the Kickstarter video:

The coolest part? When Akita says they’ll keep your information private, they mean it: Unlike other home security devices, Akita won’t use Deep Packet Inspection (which means even they don’t see your personal info). Instead, it will use an IPS security method that only looks at which IoT devices should be communicating (AKA: your phone and your smart device) and flags anyone who shouldn’t be there. Akita also has on-call privacy experts to help if you run into any problems.

Shipping beings in April with prices starting at just $89 — a small price to pay to keep hackers out of yo’ business. Protect your home from IoT invasions and back the Akita campaign here.

Here’s what every Chrome user should do in the wake of #Spectre

The new year kicked off with a bang on Jan. 3 when security researchers revealed two major software vulnerabilities that affect, to some extent, most types of computer processors on the planet. Laptops, desktops, Chromebooks, smartphones, and enterprise machines are all potentially at risk, theoretically allowing attackers exploiting what have been dubbed Meltdown and Spectre to steal your passwords and other sensitive data. 

And while the ultimate fix may be a costly hardware one, there are steps you can take today to at least mitigate your risk. If you’re a Chrome user in particular, Google has one very specific recommendation for protecting against Spectre.

Now here’s the rare dash of good news: It’s super easy to implement. 

Buried within Google’s lengthy (and informative!) blog post on its response to Spectre (Variant 1 and 2) and Meltdown (Variant 3) is a link to a page listing the “mitigation status” of affected products. Essentially, this page lists out all the Google services that are at risk, and what steps the company has taken to address that risk. In some cases, it includes stuff you have to do yourself.

Notably, this doesn’t mean that doing these things will 100 percent protect you, but, taken in the aggregate, they represent a line of defense against some seriously big security holes. 

This is where we come back to Chrome, and a little something called Site Isolation. According to The Chromium Projects, and this gets technical pretty quickly, “[Site Isolation] makes it harder for untrusted websites to access or steal information from your accounts on other websites.”

That sounds good, especially considering that a Google spokesperson told Mashable via email that “Variant 1 (Spectre) can be used in Javascript to pull secrets from a user’s browser, by attacking the process memory of the browser.”

[embedded content]

“The Site Isolation protection loads each individual remote website in a separate process,” continued the spokesperson. “By doing so, if a user runs into an attack from a bad site, the process memory for the site the user is trying to reach is unavailable to be attacked. That way, your login secrets for one site cannot be stolen by another.”

This is definitely a welcome additional layer of security. So, how to enable it? In Chrome, go to chrome://flags/#enable-site-per-process and click “enable” on “Strict site isolation.” You’ll need to restart your browser, but otherwise that’s it.

Pretty simple, right?

We also reached out to Google to determine if this will have any adverse affects on your browsing experience — say, reduced speeds — and were pleased to hear that we shouldn’t really worry about that. 

“The performance loss for Chrome specifically should be negligible,” the spokesperson assured us. 

So, yeah, download all your patches and enable Site Isolation on Chrome. Your data will thank you. 

This story has been updated with additional comment from Google. ed41 036e%2fthumb%2f00001

Google says it’s got your back on major CPU vulnerability

On it.
On it.

Image: NurPhoto/Getty Images

Two newly disclosed processor vulnerabilities threaten the security of devices around the globe, but Google is here to tell you that it totally has your back. Well, for one of them, at least. 

The Mountain View-based company explained Wednesday on its security blog that it’s been aware of the risks posed by the “speculative execution” vulnerability for some time now, and has been working to fix potentially at-risk systems.

“As soon as we learned of this new class of attack, our security and product development teams mobilized to defend Google’s systems and our users’ data,” Google explained in the blog post. “We have updated our systems and affected products to protect against this new type of attack.”

Someone exploiting this bug could theoretically steal passwords and other sensitive data off a computer. In other words, it’s bad. 

Importantly, it appears the Google blog post specifically addresses the vulnerability dubbed Spectre, and not necessarily Meltdown. Thankfully, however, Meltdown patches do exist — Microsoft, for example, already issued one. 

[embedded content]

Google helpfully published a detailed list noting “affected Google products and their current status of mitigation against CPU speculative execution attack methods.” It includes steps that the company has already taken, and has suggestions for users of various products like Chrome (and you should probably heed the company’s security advice).

A few of the highlights: Updated Android devices (because this threatens mobile too) are protected, as are fully updated and supported Nexus and Pixel devices. You also don’t need to stress about Gmail or G Suite.

If you use the Google Cloud Platform, though, you might have some work to do on your end. 

Either way, Google clearly wants you to know that even if everything is totally messed up in the world of cybersecurity, it’s still looking out for you.  

Https%3a%2f%2fblueprint api uploaders%2fdistribution thumb%2fimage%2f82586%2ff7a1eda3 f82d 475d 9236 4c64b475f4c8

Russian hacking group Fancy Bear targets hundreds of journalists

The "Kyiv Post"newsroom has been targeted by Russian hacking group Fancy Bear.
The “Kyiv Post”newsroom has been targeted by Russian hacking group Fancy Bear.

Image: Volodymyr Petrov/AP/REX/Shutterstock

The Russian hackers behind Hillary Clinton’s leaked emails are still at it. This time, Fancy Bear is being accused of targeting hundreds of journalists

The Associated Press found at least 200 journalists have been part of a long-term attack dating back to at least mid-2014. The most recent hacks happened just months ago.

The list AP obtained from cybersecurity firm Secureworks included 50 New York Times journalists, a Washington Post columnist, and a Daily Beast reporter. Along with U.S. journalists, other major hack attempts were focused on the Kyiv Post and other media members in Ukraine and Russia.

After diplomats and U.S. Democrats, journalists were the largest group targeted.

Fancy Bear is accused of hacking the Democratic National Committee, which led to the leaking of Hillary Clinton’s emails. 

The aim of the recently exposed hacking campaign was to discredit the media with compromising information found via email. 

Journalists globally told the AP how phishing emails had been coming in for years in an attempt to break into networks and gain access to sources and information. It’s believed the hacks came from Fancy Bear.

President Donald Trump was hesitant to blame the Russians for the DNC hack. Let’s see what he says when they attack the news media. ed41 036e%2fthumb%2f00001