Microsoft Releases New Edge Browser to Compete with Google
Microsoft released its new Edge browser on April 8, 2019, hoping to finally make a dent in the hold that Google Chrome has had over the browser market. This is not the first time Microsoft has tried to be more competitive against Google. Approximately three years ago, Google released an updated Edge browser. However, despite having made significant investments, Microsoft failed to have the browser measure up against Google Chrome. At the end of 2018, Microsoft announced that it would employ a different tactic and use Chromium’s Blink rendering engine to rebuild the Edge Browser.
Open-Source Engine May Produce a Better Outcome
Chromium is a Google open-source web browser that has proven to be a favorite of developers. Chromium powers several third-party browsers, including Samsung Internet, Vivaldi, Brave, and Opera. Microsoft has actually been collaborating with Google to increase Chromium’s reach and has been using the Chromium engine to power its Edge browser on iOS and Android devices.
Testing and More Testing
Consumers should not get too excited yet, as it will take some time for the test versions to be reviewed and tweaked. In fact, it is not even in the beta stage. Two test versions of the rebuilt browser are accessible only to developers. The prototypes, called Developer and Canary, can be downloaded from the Edge insider website.
What is the difference between Canary and Developer? Canary, as its name would suggest, is a real-time channel. At the end of each day of work, developers will release it to Canary. Microsoft will test new features and fix bugs on the Canary channel. For developers, it means they can test out the version, hot off the press, as long as they don’t mind navigating through the bugs.
The Developer channel will also be fresh, but not real-time like Canary. The bugs identified on Canary will be fixed, user feedback will be analyzed and incorporated, and then it will go to the Developer channel. Developers can use this version of Microsoft Edge if they would like a smoother experience.
The Gentoo Linux GitHub Account Cybersecurity Failure
While one may expect software developers to usually have better-than-average security systems in place, the team behind Gentoo Linux’s GitHub account were the victims of an unfortunate event in June 2018. Hackers gained control of the account’s code repository, made changes to its content, and locked out its developers, preventing them from using GitHub for five days. Gentoo has still not been able to discover who was behind the attack.
How Did the Attackers Gain Access to the Gentoo GitHub Account?
Gentoo suffered from several deficiencies that made it easier for the attack to be perpetrated. Evidence collected in the investigation of the incident led the Gentoo security team to the understanding that the hackers gained access using a password scheme that enabled them to obtain the administrator’s password and thus to simply guess the passwords for other sites. The Gentoo developers did not have a backup copy of the GitHub organization detail and the system repository was not mirrored from Gentoo, rather it was stored directly on GitHub.
The attack did cause all the other developers to received email alerts, as they were systematically locked out of the GitHub account, which spurred them to take action and stop the attack in just over an hour. The private keys of the account were also not stolen, which helped keep the attackers from completely deleting and removing all files.
How the Attack Could Have Been Avoided
Attention to the simplest fundamentals of cybersecurity could have prevented the attack from ever happening in the first place. Two-factor authentication for access to a website is an essential aspect of any cybersecurity plan and makes sure that an authorized individual must authenticate access. On a practical level, this usually means that when a password is entered on a website, a message is sent to a mobile phone or secondary email address with a token (another password) that has to be entered to gain access. Even if hackers could gain access to the first password with relative ease, it would be harder to obtain the second term or to access the email account as well.
Lessons That Can Be Drawn From the Attack and Applied Universally
Gentoo has released a list of their new implementations to help reinforce their security protocols. Anyone who has access to or control over sensitive or proprietary information would do well to learn from this attack and apply these simple security measures to their own organizations:
• Back up everything regularly in case of an attack or even a system failure. Backups should be stored offsite and should have the capability of being reached easily in case of an emergency.
• Enable two-factor authentication by default on all accounts where access is available to a group of people.
• Have an incident-response plan along assigning designated users to act immediately upon notification of a security breach.
• Ensure that former employees and group members have their access completely revoked if they are no longer working on a specific project.
New MacBook Security Feature Helps Prevent Microphone From Being Hacked
Apple has introduced a new MacBook security feature called the T2 security chip that is meant to help stop hostile takeovers of the computer’s camera and microphone that would allow hackers to eavesdrop on users. The company explained in the chip’s guide that the feature has been implemented in the computer’s hardware and that it physically disconnects the microphone when the lid of the computer is shut, thus prohibiting any software from using the microphone regardless of the level of its privileges. (Apple argued that since the camera’s field of view is totally blocked anyway when the lid is closed, there was no need to do anything more about that.)
You Have to Shut Your Lid
Although the new T2 chip security feature is effective in principle, it does not do anything about the camera and microphone being commandeered when the lid is open and the computer is in use, which is what the FruitFly malware attacks did to biomedical research center computers in 2017. While the addition of the feature is a positive development, a better idea might have been had Apple also installed a manual switch that would have allowed users to manually toggle their computer’s camera and microphone on and off.
What Else Does the T2 Chip Offer?
The T2 chip also enables better security through a secure enclave coprocessor that provides the foundation for new encrypted storage and secure boot capabilities. The chip also works with the MacBook’s FaceTime HD camera to allow for enhanced tone mapping, improved exposure control, and auto-exposure and auto-white balance based on face detection.
Mac computers that contain the T2 security chip include the iMac Pro as well as Mac Mini, MacBook Air, and MacBook Pro models from 2018.
Data Breach Caused £77 Million in Losses
On 16 and 21 October 2015 Matthew Hanley hacked the TalkTalk website and stole personal details of over 150,000 customers. This included their full names, postal addresses, telephone numbers, dates of birth and banking details. Hanley handed the data over to Connor Allsopp to sell to Daniel Kelley, who had the intention of committing fraud with the information. Kelley then tried to extort 465 bitcoins (around US$2 million) from Dino Harding – the CEO of the company at the time.
TalkTalk suffered massive losses. The breach cost the company a staggering £77 Million in financial losses, including a fine of £400,000 levied on the company by the Information Commissioner’s Office (ICO) for their failure to carry out fundamental security measures required to prevent a security breach such as this from happening. This is not to mention the implications the attack has on future business for the company. Who wants to subscribe to a vulnerable supplier? The attack also caused severe distress and misery to the people whose confidential information were stolen and then passed on to a third party.
Two individuals of extraordinary talent
The court case took place on Monday, 19 November at Old Bailey where Judge Anuja Dhir presided. The Judge said that it is tragic that the two hackers have such extraordinary talent. During the trial, Matthew Hanley (23), and Connor Allsopp (21) admitted to the crimes against TalkTalk. Until his arrest on October 2015, Hanley was an unwavering hacker – he was fully aware that what he was doing is illegal, and of the risk involved in it. The hacker was sentenced to one year in prison and his associate Allsopp received an eight-month sentence. Described by Judge Dhir as a ‘dedicated hacker’ Hanley’s sentence was longer than Allsop’s who ostensibly played a lesser role in the cybercrime.
Android OEMs Forced to Provide Updates
Android is great. It’s established a solid reputation when it comes to the wide and varied choices in handsets, reliable hardware, fast charging and a fantastic range of apps. Unfortunately, Android is not that great on all fronts. In fact, when it comes to security updates it’s quite a mess.
The problem with Android updates
There’s no issue with the availability of Android security updates. Even when security patches are rolled out in time, Android device manufacturers often take their time by delivering patches to their customer base. This leaves major parts of the Android ecosystem vulnerable to hackers. To combat this, it is crucial that patches are delivered regularly and on time – which is currently not happening.
What Google is doing about it
In Google’s I/O Developer Conference in May, the company revealed a plan to compel Android device manufacturers to roll out security patches on a regular basis. Later in the year, an unverified copy of Google’s new contract with OEMs was leaked. According to the contract, manufacturers will have to provide regular security updates for popular devices for at least two years. This is defined as all devices that have been launched after 31 January 2018 and have achieved over 100,000 users. The mandate specifies a minimum of four security updates during the first year but fails to specify an amount pertaining to the second year. It also stipulates that patches created for security risks may not be delayed for more than 90 days.
Change is on the horizon
According to a spokesperson from Google, 90 days is a minimum requirement when it comes to security hygiene. It was also stated that the most recently-deployed Android devices are running an update from the last 90 days. Although this ties in with the leaked contract, its authenticity has not been verified. Should it be genuine, the changes made by Google are set to make a profound impact on the state of Android security and be of serious benefit to Android users. In other news, Google has announced a plan to start charging licensing fees to Android OEMs in Europe who want to include Gmail, the Play Store, Maps, Chrome and YouTube on Android handsets.
HolistiCyber Offers Protection Against WannaCry Ransomware
In May 2017 what is believed to be the biggest ransomware campaign yet hit hundreds of companies around the globe. Identified as a variation of WannaCry ransomware, it blocks access to the victim’s computer system and files and demands a payment of as much as US$300 per computer to unblock it. Once a single computer is infected with the ransomware, it searches for other vulnerable computers in the network and infects everything in its path. Because of vulnerabilities in Microsoft products after a Windows exploit was recently hacked from the NSA, the dangerous campaign is spreading at an astounding pace. In only a few hours more than 45,000 computers in at least 74 countries were infected.
Cyber Attacks Could Bring the World to Its Knees
This particular attack affected 16 UK hospitals to such an extent that they had to shut down work. In Spain over 85% of the country’s main telecommunications firm Telefonica was infected. These hackers are turning out to be a powerful global threat. With cyber attacks not only increasing in frequency but also in severity, it is becoming clear that significant investments in cyber defence technologies should be made. End-to-end holistic cyber security solutions have to be implemented to ensure safety from this massive threat.
World-Class Cyber Protection
HolistiCyber delivers integrated defence options with the express aim of keeping clients safe from highly sophisticated hackers. I co-founded the company in 2016 together with brigadier general Ran Shachor and former air force officer Moshe Ishay. All employees are former military intelligence, both Israeli and American. As a company, we focus on developing cyber solutions for advanced protection against cyber attacks on a wide variety of fields including the insurance industry, credit companies and more. Our main markets are the US and Europe. With a comprehensive service portfolio, HolistiCyber is equipped to identify, prevent and neutralize all major security threats.