Google announced last week that they are launching hardware security keys for two-factor authentication. Named Titan, the keys will go up against similar products such as YubiKey and Nitrokey.
Google always championed Yubico products for two-factor auth. Interestingly, they gave YubiKeys to all their staff members a few years ago and were kept fully protected. Now they’ve jumped on the wagon and created their own product.
Hardware security keys are used to protect PC users from phishing attacks etc, as they are used as physical two-factor authentication. Security keys are used to log into computers or online services, along with other means of authentication, such as a password.
Titan is FIDO-compatible and will come in two versions. One is for Bluetooth to support mobile devices, and the other will be for USB ports.
The keys will be released ‘soon’ and available to Google Cloud customers, via the Google Store.
Firefox and Chrome are currently working to reduce the amount of memory and other resources that the browsers use for loading web pages.
We’ve all experienced frustrating moments where web browsers freeze or slow down. As websites are getting bigger and browsers now have features that make them more like operating systems than just document viewers, they’re using a lot of memory whilst they’re in use.
The newly released Chrome 68 has a feature called the Page Lifecycle interface that lets the browser pause websites that aren’t currently active and start them up again when you’re using it. It’ll allow the browser to consume less power and memory.
Firefox has a similar project called Fission MemShrink, which aims to get rid of 7MB of hundreds of computing processes that the browser uses to open a web page on your screen.
Hopefully both resource management features will help to provide a better user experience with faster performance and longer battery life on mobile devices.
Dixons 2017 hack on bigger scale
2017 was a bad year for Dixons. The huge cyber breach left customers concerned about their personal information, and serious questions were asked about the company’s security measures.
Dixons has just confirmed that the major 2017 cyber attack was much bigger than they originally anticipated. Back in June this year they estimated that it had affected 1.2 million customers, but a recent report from investors has revealed that the breach could have affected 10 million customer accounts.
Personal information such as names, addresses, email addresses were thought to have been accessed in the breach.
Hackers allegedly gained access to 5.9 million payment card details, but Dixons say that they were all protected by the Chip & Pin system, and were encrypted. There have not been any known reports of any fraudulent activity so far.
Dixons has said that they have put new security systems in place and are working with experts to prevent any future intrusions.
Malware by Snail Mail
Some Chinese hackers have taken it back to old school methods with a clever form of social engineering.
The hackers sent CDs full of malware to state officials. The package contained a message and a CD containing a set of Word files with script-based malware. The scripts run when victims open the documents on their computers.
Whilst it seems highly unlikely that anyone would use a random CD sent in the mail, it shows that hackers are taking a lot of different measures to gain access to sensitive information. But who still has a disc drive anyway?
There haven’t been any reports of anyone falling victim to the scam yet, but this kind of social engineering is used quite often, especially with USB sticks.