Cloudflare security breach exposes data from Uber, Fitbit, OKCupid among 3,400 websites; password changes recommended

User data from 3,400 websites has been leaked and cached by search engines as a result of a bug in Cloudflare, a content delivery network. Sites affected over the course of several months include major ones like Uber, Fitbit and dating site OKCupid. 1Password also uses Cloudflare, but says that end-to-end encryption means that no customer data was exposed.

ArsTechnica reports that the leaks were spotted by Google security researcher Tavis Ormandy.

We observed encryption keys, cookies, passwords, chunks of POST data and even HTTPS requests for other major cloudflare-hosted sites from other users. Once we understood what we were seeing and the implications, we immediately stopped and contacted cloudflare security.

Cloudflare has admitted that the breach occurred, but Ormandy and other security researchers believe the company is underplaying the severity of the incident …

more…

November security patch rolling out to Pixel/Nexus devices, factory images and OTAs live

Despite their October release, the Pixel 2 and Pixel 2 XL launched with the September security patch. Thankfully, Google’s latest devices are now finally up-to-date thanks to the November patch that is also rolling out to the original Pixel devices and older Nexus ones.

more…

Sony beats Google’s Pixel, begins pushing out Feb. security patch to several Xperia phones

Every month Google gives device manufacturers an updated build of Android with security patches that remove vulnerabilities and fixes bugs. Although we normally see these patches hitting Pixel and Nexus devices first, it would appear that Sony is on top of its game this month and is already rolling out the February security patch to several of its handsets before it arrives on any of its competitor’s devices…

more…

Google introduces G Suite for Enterprise w/ security controls and data-loss prevention for Drive

Millions of businesses pay for Google’s G Suite each month, and for good reason ─ Google’s collection of productivity apps are excellent. Today, the company is enhancing G Suite with G Suite Enterprise Edition and several new security and management features.

more…

Google Pixel’s audio distortion and popping issues fixed with February security patch

One of the more prevalent issues affecting the Google Pixel and Pixel XL has been audio distortion at higher volumes. After some back and forth on whether this was a hardware or software defect, yesterday’s February security patch includes a fix for the issue. Meanwhile, last week’s 7.1.2 Developer Preview is still affected…

more…

Top 3 Galaxy S8 getting started tips — screen resolution, button order, and security [Video]

The Galaxy S8 launches tomorrow, and if you preordered one you might already have it by now. It’s Samsung’s latest flagship, and as such it packs a myriad of new and improved features. But Samsung has a tendency to overload its users with excessive features and settings. Here are a few tips to make setting up your Galaxy S8 a bit easier…

more…