Major email providers including Google, Yahoo and AOL are set to tighten rules on incoming email – making accounts more secure against SPAM and demanding more of bulk senders who want to see their emails delivered.

Google and Yahoo alone represent more than two billion email accounts, many of them belonging to individual consumers for personal use. Estimates suggest around 70% of these have no protection against domain spoofing.

Until recently, even many basic security protocols such as SPF (checking whether email header and ‘sent from’ address match) were not enforced on major email platforms such as gmail – allowing fraudulent emails to unsuspecting users. This made phishing emails easier to circulate, harder to detect, and has been recognised as one of the biggest enablers for cyber security attacks.

DKIM – a protocol that signs both the real domain and email with a cryptographic signature that email clients can cross-reference for authenticity – is also often absent, with email providers increasingly looking to demand better standards from email senders.

From February 2024, bulk email senders must adhere to the following requirements outlined by Google and Yahoo:

New Sender Rules

SPF & DKIM Enforced – Business and organisations that need their emails to be delivered safely will have to add SPF & DKIM settings to their domains and mail servers that verify whether emails purporting to be from them are genuine, and have not been tampered with. Without checks in place, Gmail and Yahoo may reject those emails altogether.

Easy Unsubscription – bulk emails must offer ‘one-click’ unsubscribe options for recipients, making it easy for email recipients to opt-out of repeated unwanted messages, and keep clutter under control.

DMARC, the most challenging of the requirements, will be enforced for bulk email senders sending more than 5,000 emails per day, aimed at preventing rapid phishing scams and other mass attempts at fraudulent communications.

For those communicating with the public, the changes are likely to prove crucial, and IT managers need to prepare carefully to ensure their emails continue to be trusted.

For Cyber Security assistance and expertise, please contact our team today.

Three major tech providers have agreed to introduce support for passkey-based login, in line with recommendations of the FIDO Alliance.

Passkeys have been proposed as one of the possible futures for the death of passwords, and would be freshly generated with each biometric login to a registered device to help prevent password-theft.

In future Google Chrome, Microsoft Edge and Apple’s Safari will all facilitate passwordless login as an option – and major tech providers will offer passkey login for important online services including Active Directory and Azure.

• Apple: “An Expansion of Passwordless Standard Support“
• Google: “One Step Closer to a Passwordless Future”
• Microsoft: “Expansion of FIDO standard and new updates for Microsoft passwordless solutions”

Microsoft estimate that around 330,000 people have removed their password from their Microsoft Account in the last six months – with most using Microsoft Authenticator as a kind of passkey instead.

‘Hackers don’t break in, they log in’ is an often repeated mantra among cybersecurity professionals – reflecting the fact that most online accounts are breached via a normal login attempt, but with stolen credentials.

The FIDO alliance is the the online movement to replace password authentication entirely with single-use passkeys – although the organisation admits there are barriers to entry, including organisations’ cost to develop their own versions of the technology, an unfamiliar user experience, and the reluctance to ‘go first’.

It is hoped that with major tech providers building passkey support into their browsers, many more developers will be able to adopt the new standard to help keep users secure.

For Cybersecurity expertise and support, please contact our team today.

Google have previewed a design study of sensory notification devices designed for a less stressful digital life.

‘Little Signals’ demonstrates interesting ways the end-user might receive notifications in a calmer, more subtle way than via their smartphone screen – using ambient sound, changing shadows and discrete movements.

The friendly-looking set of six tabletop devices are a zen paradise of pastel shades and soft movements designed to be less anxiety-inducing than a constant blizzard of push notifications.

Little Signals is one of several Google ‘Digital Wellbeing’ experiments – with others including ‘digital detox’, a visual ‘anchor’ that prevents infinite doom scrolling, and a minimalist ‘paper phone’.

Some of the devices can be interacted with, or are intended to have minor affects on surrounding objects to get the user’s attention.

Each prototype hides an onboard Arduino micro-computer, but none of the devices use either display screens or artificial light, demonstrating how Internet-of-Things (IoT) devices might become better disguised as part of our physical environment.

For IT support and expertise, contact our team today.

Android version 13, codenamed ‘Tiramisu’, has been previewed to developers – the new operating system will spend February and March in preview build, with the final release expected in August of this year.

Android is clearly thinking ahead about how individuals will use their phones in future. Detailed in the developer notes are clear preparations for a time when an Android device has to sit even more at the core of many people’s broader technology usage:

Among the improvements already announced are a new ‘Photo Picker’ tool – an important security improvement that allows users to share specific images to 3rd-party apps installed on their device, without having to grant that app access to an entire media folder.

In a similar upgrade, Android 13 also adds a new device permission for apps that join to nearby Wi-Fi devices without sharing GPS permissions, for example allowing users to use smart devices in their home, without granting outright location permissions in the process.

Visual customisations first introduced in version 12 are being extended – with Google’s own ‘themed app’ colour settings granted to 3rd-party app developers, allowing far greater customisation of a phone’s look and feel.

Furthermore Android 13 will expect more apps to route updates via the Google Play store, continuing the trend of tightening security, against the (sometimes risky) app ultra-flexibility that was once Android’s hallmark.

For IT expertise and support, contact our team today.

Google Workspace, previously known as G Suite, was launched back in October 2020 and served as a combination of Google’s apps such as Docs, Slides and Gmail which was only available for businesses and enterprises initially who paid a subscription fee for a G Suite business account.

The standard Workspace productivity site service has now been made free to everyone with a Google account and this is set to see growth to the already three billion strong Workspace users currently as Google attempt to rival both Microsoft Teams and Zoom in the videoconferencing and workplace collaboration market spheres.

Workspace’s recent updates have included a plethora of new functionalities including changes to Google Meet to enable collaboration equity, the development of ‘Rooms’ in Google Chat to ‘Spaces’ and new privacy/security settings across Workspace.

A highlight of the new security features introduced is that Google will offer users client-side encryption where they will be able to shield their data with encryption keys they possess making the data indecipherable to Google themselves or potential cyber criminals.

One major feature of the 14^th June update rollout was the announcement of Google Workspace Individual. Priced at $9.99 per month, Workspace Individual expands the productivity suite’s availability to small businesses with options to upgrade their Gmail accounts for calendaring, email newsletter and video chat capabilities.

Google states that Workspace Individual allows the user to “create a secure collaboration space in Google Chat to keep everyone up-to-date, share ideas, and keep track of all your important info in one place, from videos and pictures of your last trip to a Google Sheet of your family’s annual budget”

Workspace Individual is deploying out soon to six markets, including the United States, Canada, Mexico, Brazil, Australia and Japan.

Android users around the world have reported problems with apps crashing randomly, following a widespread fault with WebView.

In particular, the problem seems common to email clients including Google Gmail, Microsoft Outlook, Yahoo! Mail and more – with one early warning sign being the repeated display of messages warning that apps ‘keep closing’.

It’s as yet unclear how the bug found its way into the live build of so many users’ hardware. In a statement, Google acknowledged they are aware of the fault, and advised users looking to self-fix the problem to uninstall Android System WebView.

A further fix was issued to Android as of 11pm Pacific Time on Monday which updates WebView directly. Webview is a piece of software which helps load content from the web and receives regular updated alongside Google Chrome.

So far only Google and Samsung support have acknowledged the issue directly, although it’s likely to affect all recent Android phones not yet updated to Chrome version 89.0.4389.105.

For IT Support and expertise, contact our team today

Google have re-branded GSuite as Google Workspace, in an effort to consolidate the Google software brand for business users.

The re-designed platform brings Gmail, Google Drive, Google Docs apps, Google Meet and more all under one banner more officially, and follows other recently announced updates to the platform including new file deletion rules for Google Drive.

New collaboration tools for the post-lockdown world have been added – including simpler sharing of co-authored documents, previewing documents before opening them, and introducing popout video calling during co-authoring.

“…We’re bringing Meet picture-in-picture to Gmail and Chat, so you can actually see and hear the people you’re working with, while you’re collaborating.”

Google Workspace Blog

More eagle-eyed customers will notice that Google’s GSuite license types have also been adjusted: although UK users may see a price cut in the overall monthly cost, the corresponding apps and services available to each user have also been limited to reflect this.

Existing Gsuite customers will not face contract changes for at least 12 months, although redesigned app icons and extra features will begin appearing during October 2020, and new Google Workspace customers will be expected to choose from the new licensing packages immediately.

More information for both existing and new customers is available on the officially rebranded Google Workspaces Blog here.

For knowledge of cloud services and excellent IT expertise, please contact our team today.

Google Drive trash will soon impose a new 30-day automatic deletion deadline on trashed files.

At present users may delete files, but these are retained indefinitely in their Google Drive trash until deleted manually – causing a loss of storage space, encouraging hoarding of files, and convincing users that they need not worry about file retention limits.

The change, which begins on October 13th, brings Google Drive more into line with Gmail and other free Google Services – as well as rivals such as Microsoft OneDrive and Dropox – which also auto-empty trashed files after set periods. New warnings inside Google Drive will notify all users.

You can learn more on the GSuite updates blog, published here. As before, G-Suite admins will have the ability to recover post-trash deletion for a further 25 days, although this is a hard limit and only available for active users.

We’ve written before about the need for businesses to think carefully about cloud-retention. Post-trash files are not held indefinitely, such that organisations need a plan for accidental and malicious deletion – such as 3rd-party automated backup of their cloud accounts.

For Cloud IT services and expertise, contact our team today.

The volume of Covid-19 scams and phishing emails has increased dramatically in recent weeks according to cybersecurity authorities.

Email security software and cybersecurity provider Barracuda Networks has reported a 667% increase in phishing emails throughout the pandemic.

Common scams include pretending to represent Government, law enforcement or medical authorities to obtain information or financial payment, blackmailing users with threat of infection, donation requests for fake organisations, and malware distribution – including one new ransomware even dubbed ‘Coronavirus.’

Via Barracuda: Source 

In a joint statement published in April, the UK National Crime Cyber Security Centre and US CISA (Dept. of Homeland Security) notes the sudden rise in Covid-19 scams, and even highlight instances of SMS text-messaging phishing attempts mimicking UK Government text alerts.

In the example cited, a fake compensation payment is offered to entice the user to hand over details via an imitation UK Government website.

There has also been a growth in online hackers and trolls targeting Zoom and other video conferencing platforms. Users unfamiliar with this kind of software in particular may prove an easy target for cyber criminals.

Phishing scams are part of a larger trend of online Covid-19 themed fraud. In March, the NCSC removed around 500 fake online shops claiming to be selling fraudulent virus-related items over the internet.

Google currently estimate that Gmail filtering is blocking over 100 million phishing emails each day, and that almost 20% of online email scams now refer to Coronavirus (around 18 million) – likely to be the largest phishing ‘theme’ in history.

For cybersecurity expertise and assistance, please contact Lineal today.

Google have released aggregated smartphone location data which shows the UK under lockdown.

According to the newly published ‘Community Mobility Report’, in which Google GPS data from the location settings of Android phones is broken down by country, the UK has seen a dramatic drop in those going outside during March, as people stay in lockdown for the duration of the Covid-19 crisis.

‘Retail and Recreation’ visits, which includes restaurants, cafes, shopping centres, theme parks, museums, libraries and cinemas are down 85% against normal rates, and ‘Parks’ show a 53% decrease.

‘Transit Stations’ including public transport hubs are down an astonishing 75% as people remain at home rather than travelling.

‘Grocery & Pharmacy’ visits show a smaller decrease, at 46%, as people continue to shop sparingly for essentials.

However, Google GPS data varies across the UK – with Google warning readers not to compare rural and urban areas. Remoter parts of Scotland and Wales are less consistent both in lockdown severity but also available data to measure.

This measurement difficulty is something also noted by the Kings College Covid-19 sympton tracker app, which gathers self-reported data from across the UK and has risen rapidly up the Google Play and Apple App Store app charts in recent days.

Data for Devon suggests the lockdown is being observed slightly more strictly, with even lower rates of shopping and leisure trips being made compared to the UK average, but marginally higher attendance at workplaces and at public transport hubs.

You can find the Google’s COVID-19 Community Mobility Report for the UK and other countries here.

For IT Support and technical expertise, please contact Lineal today.

Google Chrome 79 will contain a Chrome hacked password alarm to notify at-risk users.

‘Password Checker’, which first appeared in October, will regularly compare user passwords saved in-browser against publicly-known data breaches.

The service will feel familiar to those who’ve tried the (often terrifying) but essential https://haveibeenpwned.com/ – which shows visitors where their email addresses have been compromised.

Chrome’s update is being gradually rolled out to new users, and is available within Settings > People > Sync and Google Services > Other Google Services, and is named ‘Warn you if passwords are exposed in a data breach.’

The alert mechanism is just the latest in a series of attempts to push users to safer browsing: 2019 also saw Google Chrome actively warn users of websites without valid security certificate, and penalise such websites in Google search rankings.

Chrome 79’s new hacked password alarm mechanism should prompt systematically when account credentials need password updates, and allow users to keep their accounts secure.

For IT support and cybersecurity expertise, contact Lineal today.

Thousands of devices were left with broken browsers this week, after a Google Chrome experiment rolled out a hidden change to the world’s most-used browser.

Launched exclusively on ‘stable’ versions, the update left IT admins around the world puzzled at blank tabs that refused to load.

The test initiated a new WebContents Occlusion feature, designed to reduce Chrome’s device resource use for tabs while not currently being viewed – no doubt part of Google’s effort to address Chrome’s reputation for heavy resource usage and the ever-increasing pattern of users deploying more and more tabs during the shift to cloud services.

Online forums were suddenly filled with complaints from system admins fielding complaints from users and businesses all over the world – including US wholesaling giant Costco, who claimed their entire call centre environment was unavailable.

Larger organisations typically use device control to specify applications such as which browser an employer uses – which left System Admins at large enterprise businesses unable to simply direct users to an alternative browser, and furious that Google can roll-out unexpected changes to the platform.

Google has now issued an apology:

“After the rollout, we received reports that in some virtual environments, Chrome on Windows displays a blank page, which may be because Chrome mistakenly believes it’s covered by another window. As soon as we confirmed the reports, the feature was disabled.

“If Chrome on Windows is displaying blank pages, restart Chrome. On the next start, this feature will be disabled.

We also want to provide an explanation of how this change was rolled out. For some features, Chrome uses a gradual rollout process that happens more slowly than the main rollout. This allows us to quickly revert a change if we discover a bug that wasn’t uncovered in prior testing.

Once we received reports of the problem, we were able to revert it immediately. We sincerely apologize for the disruption this caused.”

For IT Support and expertise, contact Lineal today.

Chromebooks

Chromebooks will soon run Android apps, after Google announced their Chrome and Android operating systems are to become fully compatible.

The minimal hardware, low cost, web-access laptops will now mirror existing Android smartphones and tablets. Apps available through Google Play on Android will operate fully on Chrome OS, granting many third-party software developers access to the rapidly growing numbers of Chromebook users out there.

The announcement itself comes at a fascinating time for Chromebooks, which with over 2 million devices purchased according to data from IDC analysts, outsold Macs in the United States for the first time during Q1 of 2016.

The popularity of Chromebooks, especially in sectors where cost-effective, limited capability devices are favoured (such as in education, or to equip remote workers) have been a surprise hit – which could have some interesting consequences for the industry.

Will the new capabilities spook Microsoft and Apple? Entirely possible: with most of the big brand hardware manufacturers releasing Chromebook models of their own, it’s clear that both the hardware has become widely available and the concept itself has taken flight.

More importantly, the traditional argument for buying a Windows PC was the use of Windows exclusive desktop applications, such as Microsoft Office. Office 365 and similar apps has been fully mobile on portable Android devices for a while now, but many users still prefer a larger screen with a keyboard for document processing – forcing them to buy a traditional desktop PC at traditional costs.

With a wide range of these ‘PC’ type apps becoming available on your Chromebook, that’s about to change.

For IT hardware products, advice and support – contact Lineal today: 01271 375999

Despite not being available in China, sales of new larger devices set record!

Continue reading…