Summary
One month ago, High-Tech Bridge launched a free online PCI DSS and NIST compliant SSL test. Two weeks ago we updated the service functionality and added support of non-HTTP protocols to enable testing of SSL/TLS security and reliability of any service, such as email.
Brief Facts and Findings
Here are the most interesting facts the research brought to our attention:
- Almost all email providers still support depreciated SSLv3
- Previously considered one of the most secure email providers Hushmail has the weakest configuration of SSL/TLS encryption
- Fastmail has the highest score, and is the only email service provider that meets PCI DSS compliance requirements for SSL/TLS
- Despite a B+ grade, Gmail has one of the most flexible SSL/TLS configurations compatible with old and outdated email clients
- Outlook.com apparently does not have a centralized SSL/TLS configuration of their email servers, potentially delaying and over-complicating update process
Read Full Article
NZ Government Invests $8M To Keep Residents Safe
The New Zealand Government have announced the release of New Zealand’s Cyber Security Strategy 2019, which sees the government investing $8 million on cyber security. Kris Faafoi, puts an emphasis on partnership as crucial to secure the infrastructure and the residents of New Zealand. “The new Strategy highlights four fundamentals for cyber security in New Zealand: Partnerships are crucial; people are secure and human rights are respected online; economic growth is enhanced, and national security is protected.” – Kris Faafoi. The strategy sets out five priority areas for action...
TLS Pages Used For Phishing
Do not trust TLS pages at face value Everyone has been taught and reminded frequently to trust TLS based websites, look at the padlock sign, https and green bars. Since most people look at only these things and believe the website is secure, it is the same reason it is used for malicious activities by hackers. By trusting the website, hackers abuse the trust between the user and the website and lead them to phishing pages. FBI has issued a warning stating not to simply trust emails, website pages,...
Mental Health App Are Sharing Your Data
92% of apps are sharing your data without consent. Researches have found out that majority of the mental health applications are sharing your data with Facebook and Google. By intercepting the traffic, researchers were able to identify apps sharing usernames, app type and self reporting substance. The application tested did not have an opt-out option, 9 of the apps did not have any privacy policy, while the only 5 which had a privacy policy did not warn the users and few said that the data won’t be shared. While...
Microsoft Support Agent’s Credentials Hacked
Support Agent’s Targeted Microsoft have sent out a letter to it’s affected users regarding the incident which caused “limited” number of accounts being compromised. According to Microsoft, support agent’s credentials were hacked and hackers were able to view folder names, subject lines and the email accounts the account has communicated with in the past. Microsoft urges that hackers were not able to view the content or attachments of the email. “Upon awareness of this issue, Microsoft immediately disabled the compromised credentials, prohibiting their use for any further unauthorized access”...
Are Google And Apple Hosting App which tracks women?
Google and Apple under scrutiny for hosting a plausible tracking app An application called Absher has come under a lot of scrutiny when it was revealed that the app was capable of tracking the women/spouse.By the using the app, “guardians” can register their dependent women and block travel destination to certain countries. Previously women had to present a consent form to the authorities at the airport, but since the launch of Absher, it seems women are trying to evade the restriction by either stealing guardian’s app credential or phone...
Facebook Gets Teens Data Just For $20
Ethical? In recent days, Facebook has been caught secretly paying $20 per month to teens in order to access their data. By connecting through the “Facebook Research” VPN, Facebook was given access to all user data, network traffic and root access to the devices. The age group of the users went from 13-35 years old. The users were also told to screenshot their Amazon history as well. The iOS version of the app has been removed due to the violation of Apple’s agreement. “We designed our Enterprise Developer...
Google To Disturb Human Rights Progress In China
Google and human rights? Google plans to operate its search engine in China. Previously not being accessible by the citizen of China, it is reported by The Intercept that top officials of Google and China are in talks to implement a censored Google Search engine. The official implementation could be less than half a year. Which when implemented will violate numerous human rights. Such as blocking access to books, researchers, political censorship, free speech articles and more. The search engine will acquire the filtered sites through the “Great Firewall”....
Julian Assange To Be Kicked From Ecuador Embassy
Julian Assange Will Be Immediately Handed Over To UK Glenn Greenwald reported that the president of Ecuador is about to, if not already, has finalized an agreement handing over Assange to the UK officials. The ejection of Assange from the embassy can be in the coming weeks. Greenwald suggested that “it appears highly likely that Assange will continue to be imprisoned by British authorities… The only known criminal proceeding Assange currently faces is a pending 2012 arrest warrant for “failure to surrender”” The charge has a prison time of...
Google Secures Chrome Extension Installation
No More Third Party Installation After getting numerous reports from users over deceptive Google Chrome extension installation, Google has decided to block third-party websites to use inline installations. According to Google, the crackdown on deceptive installation will take place in three phase. At first, all inline installation will be made unavailable to all newly published extension. From September 12, 2018, inline installation will be blocked for existing extensions and users will be redirected to Chrome Web Store and final phase, from December 2018, Inline Install API method will be...
US Government Bans Kaspersky Lab
Russian Intelligence and Kaspersky Acting Secretary of Homeland Security Elaine Duke issued a BOD in order to identify and remove any Kaspersky Lab products and related entities. This comes after accusations of Kaspersky Lab handing out data to Russian intelligence. US governments are avoiding any relations with the Russian intelligence after the state sponsored attack which was carried out earlier. Are they? All fronts? But this action does not involve military system, only civil government network, not military. “This action is based on the information security risks presented by...