Powered by Blogger.
Showing posts with label Google. Show all posts
Showing posts with label Google. Show all posts

Google's Launched Bug Bounty Program For Google Play Store

bug-bounty-program-google-play-store
Google has finally launched bug bounty program for Google Play Store, inviting bug hunters and security researchers to find and report vulnerabilities.

Google has collaborated with bug bounty platform, HackerOne in which they have set up "Google Play Security Reward", the bug bounty programs offers bug hunters and security researchers to find and fix vulnerabilities in their apps for which Google will be paying $1000 in rewards.


How does it work?

  • Hacker identifies the vulnerability in an in-scope app and reports it directly to the app’s developer via their current vulnerability disclosure process.
  • App developer works with the hacker to resolve the vulnerability.
  • Once the vulnerability has been resolved, the hacker requests a reward from the Google Play Security Reward Program.
  • Android Security team issues an additional reward to the hacker to thank them for improving security within the Google Play ecosystem.

For more details about Google Play Security Reward Program, visit HackerOne.

More Articles Related:
Google Play Store Launches Bug Bounty Program to Protect Popular Android Apps
Google launched Google Play Security Reward bug bounty program to protect apps in Play Store

Advanced Protection: Google's New Strongest Security Feature

The Google's new "Advanced Protection" security features are one the company strongest security features for its users.

"We took this unusual step because there is an overlooked minority of our users that are at particularly high risk of targeted online attacks," the company said in a blog post announcing the program on Tuesday. 
"For example, these might be campaign staffers preparing for an upcoming election, journalists who need to protect the confidentiality of their sources, or people in abusive relationships seeking safety."
To enable Google's Advanced Protection feature, you will need two physical security keys that work with FIDO Universal 2nd Factor (U2F)—which offers a hardware-based two-factor authentication that does not require secret codes via SMS or emails.


To log into your Google account from a computer or laptop will require a special USB stick while accessing from a smartphone or tablet will similarly require a Bluetooth-enabled dongle, paired with your phone.

"They [security devices] use public-key cryptography and digital signatures to prove to Google that it's really you," the post reads. "An attacker who does not have your Security Key is automatically blocked, even if they have your password."

Google's Advanced Protection offer three features to keep your account safe:

1. Physical Security Key: Signing into your account requires a U2F security key, preventing other people (even with access to your password) from logging into your account.

2. Limit data access and sharing: Enabling this feature allows only Google apps to get access to your account for now, though other trusted apps will be added over time.

3. Blocking fraudulent account access: If you lose your U2F security key, the account recovery process will involve additional steps, "including additional reviews and requests for more details about why you've lost access to your account" to prevent fraudulent account access.

Protecting you from targeted online attacks


Get the strongest phishing protection with a physical Security Key




Safeguard your emails and files by limiting access from non-Google services



Block fraudulent account access with extra steps to verify it’s you




The strongest defense against phishing

Phishing is one of the most common techniques hackers use to gain access to your account or personal information. For example, phishing emails or fake sign-in pages could trick you into revealing critical information, like your password.

To provide the strongest defense against phishing, Advanced Protection goes beyond traditional 2-Step Verification. You will need to sign into your account with a password and a physical Security KeyOther authentication factors, like codes sent via SMS or the Google Authenticator app, will no longer work.

Google Adds ESET Malware Detection to Chrome

Google has also made a notable change by partnering with anti-virus software firm ESET to expand the scope of malware detection and protection in its browser through the Chrome Cleanup feature.

Chrome Cleanup now has a malware detection engine from ESET, which works in tandem with Chrome's sandbox technology.

You can sign-up for Google's Advanced Protection here.

Facebook: AEPD Fine $1.43 Million for Violating Users' Privacy in Spain


Social media giant Facebook once again fined by Spanish Data Protection Agency (AEPD). AEPD has issued a €1.2 Million (nearly $1.4 Million) fine against Facebook for breaching laws designed to protect its people's information and confidentiality.

Recently, Tech giant Google was also fine of $2.7 billion (€2.42 billion) by the European antitrust officials on manipulating search results since at least 2008.

The AEPD found Facebook collecting sensitive data on user's ideology, sex, personal tastes, religious beliefs and navigation, either directly from its own services or through third parties without clearly informing it's users how this information would be used.



The AEPD also identified two serious violation of privacy laws, following are:
  1. Tracking people through the use of "Like" button social plug-ins embedded in other non-Facebook web pages—for which it is fined €300,000 ($359,049).
  2. Failing to delete data collected from users once it has finished using it, in fact, the company "retains and reuses it later associated with the same user"—which resulted in another €300,000 ($359,049) fines. 


However, Tech giant Facebook denied any wrong doing and intended to appeal the decision of the AEPD providing the following statement. 

"We take note of the DPA's decision with which we respectfully disagree. Whilst we value the opportunities we've had to engage with the DPA to reinforce how seriously we take the privacy of people who use Facebook, we intend to appeal this decision." 
"As we made clear to the DPA, users choose which information they want to add to their profile and share with others, such as their religion. However, we do not use this information to target adverts to people."
In May, the social media giant was fined €150,000 ($179,532) by for the way Facebook targeted advertising and tracked users.

Google Chrome Warn Users of ‘Man in the Middle’ Attack

Tech giant Google finally rolling a new security feature for it's users in it's most used product Chrome Web browser and taking security measures seriously.

Google announced that it's upcoming chrome 63 browser will be equipped with new security feature that will alert users of 'man in the middle' attacks aka MITM in which the hacker intercepts communication between two systems.

The developer behind this technology is Sasha Perigo who announced the news on her twitter account.
“Excited to announce my intern project is launching in @GoogleChrome M63! New error pages to help users struggling with MITM software,”
Subscribe to: Posts (Atom)
 

Copyright © . Designed By Templatezy