Google Study Compares Security Expert and Non-Expert Users

Google did a study comparing the security practices of security experts and non-expert users. “The study, based on the responses of 231 security experts and 294 non-experts, shows that there is a big discrepancy in the security practices each of these categories follow. For example, security experts have named software updates as the top online safety practice. In contrast, regular users don’t consider software updates a priority when it comes to online safety. Non-experts don’t clearly understand how effective updates are, and some users even believe they are risky because they could contain bugs or hide malicious software.”

A Bunch of MongoDB Data Has Been Exposed Online

A bunch of MongoDB data has been exposed on the Internet. “A total of 595.2 terabytes (TB) of data is exposed on the internet via publicly accessible MongoDB instances that don’t require any form of authentication. That is the claim of blogger and Shodan developer John Matherly, following an investigation. Shodan is a search engine designed to expose online devices.”

Woman Joins Google Suit After Being Recruited and Rejected FOUR Times

A woman who was recruited by Google and rejected by Google four times has joined an age discrimination lawsuit. “According to the lawsuit, a Google recruiter contacted [Cheryl] Fillekes in 2007 for possible employment in either Google’s engineering and testing group or its software development group. There were a series of phone interviews and an in-person interview at Google’s headquarters in Mountain View, California. In 2010, a different Google recruiter contacted her and said that from her previous interview scores, she was an ideal candidate. This happened again in 2011 and late 2013. In each case, a Google recruiter contacted her and there were a series of phone interviews, concluding with in-person interviews, but no job offer.” Sue them for wasting your time!

Etsy (!) Issues Transparency Report

What’s the latest company on the transparency report bus? Why, it’s Etsy! “You may notice our report is different than the reports that others have issued. That’s because we want any insights and context we share to reflect Etsy’s unique marketplace, community and mission. We’re not only including information about requests for member information and intellectual property takedowns — which are both generally associated with transparency reporting — but we’re also providing insight into how we strive to keep our marketplace a reliable, trustworthy place to shop and do business as well as how we offer protection to buyers and sellers.”

Windows XP Support Is Officially Done

Unless you’re the US Navy or some similarly exceptional organization, Windows XP support is officially done. “Keeping to its word, Microsoft ended security support for existing Microsoft Security Essentials customers running Windows XP, a little more than a year after support officially ended April 8, 2014. Microsoft said last year that signatures and updates for Microsoft Security Essentials would continue for a limited time, and the Microsoft Malicious Software Removal Tool would also be available for XP users for a limited time.”

Wikimedia Foundation Releases Third Transparency Report

The Wikimedia Foundation has released its third transparency report. “In August 2014, we published our first transparency report, which detailed the number of requests we received to disclose user data or alter or remove content from the Wikimedia projects between July 2012 and June 2014. We updated the report in April 2015 with new data, real-life examples of the types of requests we receive, and additional categories such as “voluntary disclosures” and “right to be forgotten” requests. We are happy to continue this tradition with our latest update, covering January to June 2015. During this time, we received 234 alteration or takedown requests and 23 user data requests, none of which we granted.”

OPM Launches Resource Site After Hacking

The US Office of Personnel Management is launching an information site after the recent hacking of over 21 million social security numbers and other data. “Today, OPM launched a new, online incident resource center at https://www.opm.gov/cybersecurity to offer information regarding the OPM incidents as well as direct individuals to materials, training, and useful information on best practices to secure data, protect against identity theft, and stay safe online. This resource site will be regularly updated with the most recent information about both the personnel records and background investigation incidents, responses to frequently asked questions, and tools that can help guard against emerging cyber threats, officials said. A call center will follow in the weeks to come, they added.”

Chrome Starts Blocking Major Torrent Sites

Chrome has started blocking major torrent sites. “Over the past few hours the browser has started to block access to several of the most popular torrent sites including KickassTorrents, Torrentz, ExtraTorrent and RARBG. Instead of a page filled with the latest torrents, visitors are presented with an ominous red warning banner.” Unfortunately the story does not, at this writing, have any comment from Google.

Yet Another Flash Zero-Day

Eeesh. There’s a new Flash zero-day out there — please make sure you’re all patched up! “Hacking Team specializes in surveillance software which it resells to various governments around the world, and in particular to some oppressive regimes, a major issue that has activists outraged. The data stolen from the firm contains several gigabytes worth of exploits, malware and other very sensitive information. Among them, a new Flash Player zero day affecting Flash Player up to version 18.0.0.194 was found and is making headlines.”

Amazon Sued Over Its Search Results

Amazon is being taken to court over its search results. “Just like how Google has faced criticisms for the way it displays its search results, it seems that this is an issue that Amazon has run into as well, so much so that they’re being taken to court over the way the company displays its search results for products. The company taking Amazon to court is MTM, a watchmaker known for their ‘Military’ watches.” I had wondered about that, like sometimes when you search for certain authors, you’ll get book results that are not that author at all, aren’t anywhere close to the author’s name, etc.

Keyword Stuffing With PDF Documents

Sneaky black hat SEO: Using PDF documents to keyword stuff. “Always refining its search algorithms, Google is constantly on the lookout for new methods that attackers and unscrupulous search engine optimization (SEO) practitioners use to manipulate its system to gain higher search rankings. The practice of ‘cloaking’ to fool Google’s page indexer has been known for a while. It’s a method of serving the Googlebot with content stuffed with keywords to mislead it into thinking a site is relevant to trending search terms.” Apparently with Google focusing so much on HTML-type pages, bad guys are now looking at exploiting PDFs.

Washington Post Starts Encrypting Part of Its Site

The Washington Post has begun encrypting part of their Web site. “The Washington Post will begin encrypting parts of its Web site Tuesday, making it more difficult for hackers, government agencies and others to track the reading habits of people who visit the site. The added security will immediately apply to The Post’s homepage as well as stories on the site’s national security page and the technology policy blog The Switch. The encryption will roll out to the rest of the site over the coming months.”

Medium Letting Users Log In Without Passwords

Blogging site Medium wants you to be able to log in without a password. “Instead, users will be able to enter in an email address, then click a link sent to them in order to sign in to the site. Previously, the company allowed its users to sign in using their Twitter or Facebook credentials, but it received feedback from many who said they wanted an option to use Medium without having to authenticate with their social networking credentials. Or, in some cases, users said they didn’t have a Facebook or Twitter account, and didn’t want to create one just to use Medium.”