Chrome OS is already one of the most secure operating systems in use today – light-years beyond MacOS and Windows in many ways however it is far from perfect. Here is my security wish-list for features I would love to see in future Chrome OS devices. Note, this page is just for security related changes, there are plenty of non-security feature I would like to see as well.
I have been a user of hardware security tokens for a long time. My key-chain always has a Feitian MultiPass FIDO Security Key on it at all times to allow me to authenticate to many web services, including the admin section of KMyers.me. I was shocked to learn that Google has hidden a fully functional U2F token in the Pixelbook. I doubt you really need another reason to buy a Pixelbook but this is really a massive feature that was never officially announced. Here is how you can activate it
Normally it is a very trivial process to get a typical Chromebook into developer mode however this process is very different on the HP Chromebook X2 and other future Chrome OS Tablets. This is because Google actually requires dedicated circuitry to ensure the switch to developer mode was a deliberate action done by the user and not accidental or by a malicious application. Here are the steps to get the HP Chromebook X2 Into Developer Mode and these instructions should also work on all future ChromeOS Tablets
Google has gotten a fair amount of phrase over the updated GMail redesign that was made available for users to begin testing yesterday. GMail has adopted a modern re-design that is simply stunning. Aside from the re-design, Google has introduced a few new features such as smart replies, integration with Keep and other Google Applications and self-destructing messages. Sadly one feature that is missing is one that has been requested for years – Native OpenPGP support!
While browsing social networks, it is not common for users to point out that Android is a security mess with no data to actually back those statements up. Some users try to fabricate facts without doing any research. Over the next few weeks, I will be releasing a series of posts on KMyers.me called “Facts about Android Security and Malware” to try to shine some light on this and hopefully debunk some of the data that it floating around and to help users understand more about the security of their mobile devices.
In this first installment, I would like to make sure that we are all using the same common vocabulary. This post contains several of the common types of Android Malware as well as details for each. In future posts, I will be going over best practices to avoid malware and to explain why many of the details floating around the internet are not based in facts.
As a disclaimer – I am a huge Android Fanboy and will be doing my best to produce well researched and objective content for this series – each post takes several hours of research and writing. This series is mainly about Android however a lot of this could apply to other platforms. If you happen to spot any errors or content that you disagree with, please feel free to get in contact with me via my contact page, social networks or simply leave a comment below.
I am sure that everyone has heard that the popular dating website that specialized in marriage infidelity was hacked a few weeks ago. The brazen hackers have essentially open-sourced the entire AshleyMadison.com website and released several massive database dumps containing customer profiles, customer details (name, address, email address, phone number) and a limited amount of payment information including the last 4 digits of the credit card number. Several people I have spoken to in person do not see this as a threat as you would need the entire card number (and CVV2) before you can use the card for fraud. I have to disagree as it is fairly trivial to turn the last 4 digits of the credit card number into the entire credit card number using nothing more then a phone and a bit of charisma.
By now, it is likely that you have seen postings about a serious new iOS messaging bug in your various social networking sites. This bug allows a person with malicious intent to cause an iPhone to reboot or lock up with nothing more then a simple text message containing some specially crafted Unicode text. Furthermore your messaging application will fail to launch until the attacker sends a second message or you perform a workaround such as sharing a photo from the Apple Photos App. Apple is aware of the issue and are already working on a patch for a future update. There are some workarounds floating around the internet with a short term fix however this blocks message previews, this blog post will go over a long term fix that will render your phone immune to this bug.
We owe a lot to the widely used, yet under-appreciated encryption system known as the GNU Privacy Guard, also known as GnuPG. Although GnuPG has been around for a very long time, it recently made it into the news as one of the tools used by Edward Snowden to encrypt emails containing sensitive information. What is hard to believe is that the GnuPG software stack was built and maintained by one single person, Werner Koch who makes his living giving the software away for free. Werner has unfortunately come under some hard times as donations have dried up and he is looking for help.
I tend to get very attached to my Android devices although I do not like to part ways with my devices, I would rather have them being appreciated by others rather then collecting dust on my bookshelf. I have sold my fair share of Android Devices over the past few months and have put together a comprehensive guide to selling your old phones and tablets.
I spend a lot of time online reading technical and security websites and am often baffled on the amount of misinformation I keep seeing. Several of these websites seem to promote several different third party products and services that are not really necessary in most cases. This is a modern version of the old defunct argument for Android Task Killers. Instead of promoting any third party products, lets look at three practical Android Security Tips that will keep you safe.