Google Strengthens Gmail Security to Prevent Phishing, Malware and Hacking

Google introduced a visual element to encryption security on Safer Internet Day in February.The new warning of state-sponsored attacks can be …


Verizon Suffers Massive Hack: Data on 1.5 Million Customers Held Ransom

A trove of data containing the information of over 1.5 million Verizon customers is now up for sale on the dark net. A prominent hacker found and exploited a hole in the servers of Verizon Enterprise Solutions, the part of the company tasked with helping others respond to security threats. He’s now selling access to the entire database for $100,000 or $10,000 for slices of 100,000 customers. You can also fork over an undisclosed sum for information on the vulnerabilities that allowed the hacker to break into Verizon’s systems in the first place.

The price may seem a little steep considering the hacker only nabbed basic contact information — so no Social Security or bank account and routing numbers. But you’d be surprised by how quickly phishing scams can yield major paydays. Think you’re invulnerable? In a CBS News test of close to 20,000 people last year, 80 percent of participants fell for at least one of the sample phishing scams. Verizon itself reports that 23 percent of people who receive phishing emails open them, and 11 percent open the emails and click on the malicious link.

“Verizon recently discovered and remediated a security vulnerability on our enterprise client portal,” the company said in an emailed statement to Krebs on Security, which originally broke the news of the hack. “Our investigation to date found an attacker obtained basic contact information on a number of our enterprise customers. No customer proprietary network information (CPNI) or other data was accessed or accessible.”

A typical company with 1,000 employees already spends $3.7 million annually to deter phishing scams. Now, Verizon has opened its customers up to a world of new threats, and considering the mark was Verizon Enterprise Solutions, the victims are mostly corporate officials that paid for security help. So companies that brought Verizon in to help avoid the threat of hackers are finding themselves at greater risk than ever before.

Lucky for us, the irony of the situation was not lost on the Internet:

Photos via Creative Commons; Wikipedia


Gmail Adds New Level of Security

As the debate over government access to personal data continues, Google seems to be focusing on helping its customers maintain their privacy. The company this week rolled out new features in Gmail, its free e-mail application, that are aimed at preventing malware, phishing and hacking, as well as warnings of government-sanctioned intrusions.

A new feature offers an updated warning system on links sent via Gmail that might lead to unsafe sites. If users happen to click on a dangerous link in Gmail, they will be warned about it before connecting and greeted with a full-page warning if they decide to click anyway. The new feature also provides users with access at that point to more information about how to protect their computers. The feature, called Safe Browsing, existed before, but only as a single warning before the user clicked on a dodgy link.

Are You Being Watched?

Google also is providing a more thorough warning in the relatively unlikely event of a state-sponsored hacking attempt. Such intrusions happen to fewer than 0.1 percent of Gmail users — usually such people as activists, journalists and policy-makers, according to Google. Nevertheless, if Gmail detects that an account holder might be a target of such an attack, it will issue a full-page warning. The warning will include instructions on how to protect the account, along with the previously used warning, which put a red strip on top of the Gmail page with a link to further information.

“Government-backed attackers may be trying to steal your password,” reads the warning, in part. “If they succeed, they can spy on you, access your data, or do other activities. We recommend: Enable two-factor authorization and set up a Security Key.”

As with Safe Browsing, the warning of government intrusion in Gmail isn’t new, but has been enhanced. Gmail has been notifying users of possible state-sponsored hacking attempts since 2012, but the warning previously only appeared as a bar on top of the Gmail Web site.

Encouraging Security

For Safer Internet Day in February, Google debuted a new visual cue, a broken red lock icon, that lets users know when they’re corresponding with an account that doesn’t support encryption. Since rolling out that feature, Google said, the amount of inbound mail sent using encryption has increased by 25 percent.

“Given the relative ease of implementing encryption and its significant benefits for users, we expect to see this progress continue,” wrote Nicolas Lidzborski, Gmail security engineering lead, and Jonathan Pevarnek, engineer with Google tech incubator Jigsaw.

Earlier this week, it was announced that Google was part of a consortium of engineers that helped develop a new standard for better securing email. SMTP Strict Transport Security (SMTP STS) would protect users against attackers trying to intercept or modify email in transit either by impersonating the destination server or by breaking through the Secure Sockets Layer (SSL), the standard security technology for establishing an encrypted link between a web server and a browser.

Nathaniel Harrell Jr:

Posted: 2016-03-25 @ 12:06pm PT

Thank you Google…