Google bans AI used for weapons and war


Google CEO Sundar Pichai on Thursday announced that Google is banning the development of Artificial Intelligence (AI) software that could be used in weapons or harm others.

The company has set strict standards for ethical and safe development of AI.

“We recognize that such powerful technology raises equally powerful questions about its use,” Pichai said in a blog post. “As a leader in AI, we feel a deep responsibility to get this right. So today, we’re announcing seven principles to guide our work going forward. These are not theoretical concepts; they are concrete standards that will actively govern our research and product development and will impact our business decisions."

The objectives Google has framed out for this include that the AI should be socially beneficial, should not create or promote bias, should be built and tested safely, should have accountability, and that it should uphold privacy principles, etc.

The company, however, will not pursue AI development in areas where it threatens harm on other people, weapons, technology that violate human rights and privacy, etc.

“Where there is a material risk of harm, we will proceed only where we believe that the benefits substantially outweigh the risks, and will incorporate appropriate safety constraints,” the post read.

However, while the company will not create weapons, it had said that it will continue to work with the military and government.

"These include cybersecurity, training, military recruitment, veterans’ healthcare, and search and rescue. These collaborations are important and we’ll actively look for more ways to augment the critical work of these organizations and keep service members and civilians safe," Pichai said.

This decision comes after a series of resignation of several employees after public criticism of Google’s contract with the Defense Department for an AI that could help analyze drone video, called Project Maven.


Android Devices with Pre-Installed Malware


The Avast threat Labs have recently discovered pre-installed adware  on a few hundred diverse Android gadget models and versions, also incorporating gadgets from makers like ZTE and Archos.
The adware, analyzed has previously been portrayed by Dr. Web and has been given the name "Cosiloon."

The adware has been on the move for no less than three years, and is hard to remove as it is introduced on the firmware level and utilizes solid obfuscation. Thousands of users are said to have been affected , and in the previous month alone it has been observed that the most recent adaptation of the adware on around 18,000 devices having a place with Avast users situated in excess of 100 nations which includes Russia, Italy, Germany, the UK, and as well as a few users in the U.S.

The adware makes an overlay to display an advertisement over a webpage within the users' browser, it can be observed in the screenshots given below:




Google is taking a shot at fixing the malware's application variations on Android smartphones utilizing internally created strategies and techniques. Despite the fact that there is Google Play Protect, the malware comes pre-installed which makes it harder to address. Google is as of now, contacting various firmware engineers and developers to bring awareness to these concerns and energize in making effective steps likewise.

Anyway it is misty in the matter of how the adware got onto the gadgets, and the malware creators continued updating the control server with new payloads. Then again, Producers likewise kept on delivering new gadgets with the pre-installed dropper.

The payload was updated again on April eighth, 2018 and the name in application launcher changed to "Google Download," and some class names in the code changed likely trying to keep away from discovery.Since the malware is a part of the chipset platform bundle which is reused on different brands also and the chipset being referred to happens to be from MediaTek running different Android variants going from 4.2 to 6.0.

Avast says that some anti-virus applications report the payloads, however the dropper will install them back again immediately, and the dropper itself can't be expelled in that way the gadget will always host a strategy permitting an obscure party to install any application they need on it.




A Command Injection Critical Vulnerability Discovered In DHCP




The Dynamic Host Configuration Protocol (DHCP) client incorporated in the Red Hat Enterprise Linux has been recently diagnosed with an order infusion vulnerability (command injection ), which is capable enough to  permit a vindictive mime proficient for setting up a DHCP server or generally equipped for satirizing DHCP reactions and responses on a nearby local network to execute summons with root benefits.

The vulnerability - which is denominated as CVE-2018-1111 by Red Hat - was found by Google engineer Felix Wilhelm, who noticed that the proof-of-exploit code is sufficiently little to fit in a tweet. Red Cap thinks of it as a "critical vulnerability", as noted in the bug report, demonstrating that it can be effectively misused by a remote unauthenticated attacker.

DHCP is utilized to appoint an IP address, DNS servers, and other network configuration ascribes to gadgets on a network. DHCP is utilized as a part of both wired and remote systems. Given that the necessities of utilizing this exploit are basically being on a similar network, this vulnerability would be especially concerned on frameworks prone to be associated with distrustful open Wi-Fi systems, which will probably influence Fedora clients on laptops.

Eventually, any non-isolated system that enables gadgets and various other devices to join without explicit administrator approval, which is ostensibly the purpose of empowering DHCP in any case, is at last a hazard.

This bug influences RHEL 6.x and 7x, and in addition to CentOS 6.x and 7.x, and Fedora 26, 27, 28, and Rawhide. Other operating frameworks based over Fedora/RHEL are probably going to be influenced, including HPE's ClearOS and Oracle Linux, as well as the recently interrupted Korora Linux. Since the issue identifies with a Network Manager Combination script, it is probably not going to influence Linux circulations that are not identified with Fedora or RHEL as they aren’t easily influenced.



Gmail Gears Up For Tougher Data Privacy Laws


Google's email service as it gets ready for tougher data privacy laws has now added the option to enable messages to become unreachable after a definite set time.

The new "confidential mode" can be utilized to stop recipients being readily able to forward, copy, download or print correspondence sent by means of Gmail.

BBC News reports that the new facilities are a part of a much pervasive overhaul of the cloud-based administration.Experts say that the options were "long past due" although should enable Google to persuade more organizations and businesses to join.

Chris Green, from tech consultancy Lewis says:

"Other platforms, like Microsoft Exchange, let you use plug-ins to do something similar. So this isn't anything unique. But none of the cloud-based mail services have offered these data protection features until now, so they are quite distinctive in that respect.”

Since screen grabs and photos of a computer display are as yet conceivable , the anti-copy functions though won't keep the determined users from replicating  messages – - yet they have planned to limit the risk of the confidential information being coincidentally passed on to the wrong party, which may constitute an information break or in other simpler terms , a data breach.

This move comes a month prior to another EU data privacy law - the General Data Protection Regulation (GDPR) - comes into force.

It requires organisation to inform nearby information curators of a breach inside 72 hours of getting to be mindful, and expands the amount that they can be fined for non-conformity.

"The timing of this is not a coincidence," Mr Green adds later “A lot of this will be about ensuring that Gmail will continue to be a viable for enterprise users, as it will help them show they are GDPR-compliant.”



Google Appeals Watchdog That Declared It Guilty of “Search Bias”

Google has allegedly filed an appeal at the National Company Law Appellate Tribunal (NCLAT) against the Competition Commission of India’s (CCI) judgement that ruled the search giant guilty of “search bias.”

Two sources who were aware of this matter informed Reuters, and according to one of them, the appeal was filed on Monday.

The CCI had in February imposed a $20.95 million fine on Google for taking advantage of its dominance in the online search and advertising markets, stating in its 190-page judgement that, "Google was found to be indulging in practices of search bias and by doing so, it causes harm to its competitors as well as to users."

A CCI official called their judgement “robust” and said that the competition watchdog will be defending its verdict at NCLAT.

The commission had discovered that using search results from its database, Google had placed its commercial flight search function at a prominent position on the resulting search page.

The CCI ruling has brought to an end a probe started in 2012 due to complaints by matchmaking website Bharat Matrimony and Consumer Unity and Trust Society (CUTS).

This judgement is the latest anti-trust setback to the search engine company. In a similar case last year, the European Commission had imposed a €2.4 billion fine on Google for being biased towards its own shopping service and demoting its rivals.

Google Rejecting All Cryptocurrency Mining Extensions Submitted To The Chrome Web Store

Google is taking action against all Chrome extensions that incorporate a cryptographic money mining segment and is banning them from the Chrome Web Store. Up until now, Google had permitted cryptocurrency mining extensions till mining was the extension's just reason, and clients were appropriately informed about this conduct, Google's Extensions Platform Product Manager James Wagner noted in a blog post on Monday .

While the organization has no issue listing extensions with a solitary reason for straightforwardly mining digital coins in the background rather, Google has an issue with the developers uploading and posting Chrome extensions promoting one particular functionality, and furthermore furtively mining digital coins in the background without the client's assent.

In the course of recent months, there has been an ascent in virulent extensions that seem to provide useful functionality at first glance, acknowledged Wagner and this happens he further adds, while the embedded and concealed cryptographic money mining scripts keep running in the background without the user's assent.

 These mining scripts often consume significant CPU resources and can severely impact system performance and power consumption.

"Unfortunately, approximately 90 per cent of all extensions with mining scripts that developers have attempted to upload to Chrome Web Store have failed to comply with the company’s policy, of adequately informing users about the full behaviour of a listed extension and have been either rejected or removed from the store," Wagner adds.

Nonetheless Google is further planning to delist every current extension that mines cryptocurrency in "late June" however extensions with "block chain-related purposes other than mining" are still permitted. The ban has nothing to do with ads running mining scripts in the background, yet rather the plans and schemes related with the "unregulated or speculative financial products.”


Less Than 10% Gmail Users Enable Two-Factor Authentication

At the Usenix Enigma 2018 security conference this week, a Google software engineer revealed that only about 10% of Gmail users actually have Two-Factor Authentication enabled.

He further said that even this 10% has had trouble figuring out how SMS authentication codes work.

Two-Factor Authentication, or 2FA, is an additional layer of security that prompts users to enter an additional bit of information before they’re allowed to log in, usually codes sent via SMS or through an app like Google Authenticator.

At the question of why Google doesn’t make 2FA default, Grzegorz Milka, the above-mentioned software engineer, answered, “It’s about how many people would we drive out if we force them to use additional security,” saying that it’s about the “usability.”

According to research, people don’t use two-factor authentication because they don’t trust it and fear that their privacy will be compromised.

Experts have agreed that these fears aren’t entirely baseless as SMS authentication has a risk of interception by attackers who spoof phone numbers. However, things have become safer since Google rolled out “Google Prompt,” which offers built-in verification in Google Play services for Android and the Google app on iOS.

The company also launched a new service called “Advanced Protection Plan” for high-profile accounts which enables them to use hardware-based USB 2FA security keys instead.

Chrome Stable v17.0.963.65 addresses 14 High Severity Vulnerabilities


Google released a new version of Chrome, v17.0.963.65 addresses 14 High severity Vulnerabilities including Use-after-free in v8 element wrapper,Use-after-free in SVG value handling,Buffer overflow in the Skia drawing library,Use-after-free in SVG document handling.

Google gave reward to researcher who found vulnerabilities in Chrome;  researcher get reward from $500 to $3000.  Also google reward researcher who found bugs with $10,000.

The full details about the bug and security-flaw can be found in the official Google chrome release blog.

 "We have always reserved the right to arbitrarily reward sustained, extraordinary contributions. In this instance, we’re dropping a surprise bonus. We reserve the right to do so again and reserve the right to do so on a more regular basis! Chrome has a leading reputation for security and it wouldn’t be possible without the aggressive bug hunting of the wider community." wrote in the blog post.

If you are google chrome browser, then download the latest version and stay secure.


Google Provides Secure search(SSL encryption) for Signed in users


"Google Search will be redirected to secure google search connection(https://), if you are signed in" Google said in their official blog.  This will provide security for users search queries by SSL encryption.  They set SSL as a default connection for Gmail in January 2010, four months later they introduced secure search in this link:
https://encrypted.google.com/ 

Recently, Other Giants like Twitter, facebook also introduced the SSL support. 

As searching query is important and risky thing(especially if you are in public cafe), the google is introducing the default SSL encryption in google Search for Signed in users.  If you are signed in, the google search will be redirected to (https://www.google.com), usually it search in direct connection(http://www.google.com).

If you are not google user or not signed in, you can still use the Encrypted Search by visiting https://www.google.com directly.(Don't forget the 's')

Source:
http://googleblog.blogspot.com/2011/10/making-search-more-secure.html

Google partnered with Citizens Advice Bureau provides Online Security Tips


Google joined with Citizens Advice Bureau  and provides Online security tips with title" Good to Know".  This page gives public awareness about the Online risks and need of Security.  The topics separated as four categories namely
  • Stay safe Online
  • Your Data on Google
  • your data on Web
  • Manage your Data
Stay Safe Online:
This section provides basic Online security tips about:
  • Phishing and malware attacks(If you are reader of eHackingNews, then you might aware of it).
  • importance of Sign out(most of users fail to sign out.  if you are in public cafe, others can steal your accounts)
  • Secure Connection(https://)
  • Online shopping safety
  • 2-Step Authentication service(Mobile Authentication service that will send random authentication number, whenever you login to gmail)
  • Mobile Security
Your Data on Google:
It covers about the Google search logs and web history and more.

Your data on Web:
Basic knowledge about the Importance of cookies, accounts and IP address.

Manage Your data:
This section covers about the Google Dashboard, How to manage cookies, and more..

Good To Know is available here:
http://www.google.co.uk/goodtoknow/

Every Internet users must read this page in order to protect them self from online risks. 

Note:
If you want more security tips, you can check our Security Tips Blog: http://www.breakthesecurity.com. We have cover this topic before 6 months.  Also we have developer HashCodeCracker to check the Password Strength.