Google is fighting with Symantec over encrypting the internet

Google, which has accused Symantec and its partners of misissuing tens of thousands of certificates for encrypted web connections, quietly announced Thursday that it’s downgrading the level and length of trust Chrome will place in certificates issued by Symantec.

Encrypted web connections — HTTPS connections like those on banking sites, login pages or news sites like this one — are enabled by Certificate Authorities, which verify the identity of the website owner and issue them a certificate authenticating that they are who they say they are. Think of a Certificate Authority like a passport agency and the certificates they issue like passports. Without the CA’s authentication of a website owner’s identity, users can’t trust that the site on the other end of their HTTPS connection is really their bank.

Symantec is a giant in the world of CAs — its certificates vouched for about 30 percent of the web in 2015. But Google claims that Symantec hasn’t been taking its responsibilities seriously and has issued at least 30,000 certificates without properly verifying the websites that received them. It’s a serious allegation that undermines the trust users can place in the encrypted web, and Google says it will begin the process of distrusting Symantec certificates in its Chrome browser. Symantec lashed out at Google’s claims, calling them “irresponsible” and “exaggerated and misleading.”

“Since January 19, the Google Chrome team has been investigating a series of failures by Symantec Corporation to properly validate certificates. Over the course of this investigation, the explanations provided by Symantec have revealed a continually increasing scope of misissuance with each set of questions from members of the Google Chrome team; an initial set of reportedly 127 certificates has expanded to include at least 30,000 certificates, issued over a period spanning several years,” Google software engineer Ryan Sleevi wrote in a forum post outlining the case against Symantec. “This is also coupled with a series of failures following the previous set of misissued certificates from Symantec, causing us to no longer have confidence in the certificate issuance policies and practices of Symantec over the past several years.”

To remedy the situation, Sleevi said that Chrome would reduce the length of time the browser trusts a Symantec-issued certificate and, over time, would require sites to replace old Symantec certificates with newer, trusted ones.

Sleevi said that Symantec’s behavior failed to meet the baseline requirements for a Certificate Authority, creating what he called “significant risk for Google Chrome users.” He added:

Symantec allowed at least four parties access to their infrastructure in a way to cause certificate issuance, did not sufficiently oversee these capabilities as required and expected, and when presented with evidence of these organizations’ failure to abide to the appropriate standard of care, failed to disclose such information in a timely manner or to identify the significance of the issues reported to them.

These issues, and the corresponding failure of appropriate oversight, spanned a period of several years, and were trivially identifiable from the information publicly available or that Symantec shared.

Chrome’s spat with Symantec stretches back over more than a year. In October 2015, Google discovered that Symantec has misissued certificates for Google itself and for Opera Software.

Symantec investigated the issue and claimed that all of the misissued certificates had been issued as part of routine testing. “Our investigation uncovered no evidence of malicious intent, nor harm to anyone,” Symantec said at the time.

Symantec pushed back on Google’s current allegations Friday, saying that Google had singled out Symantec and had exaggerated the number of misissued certificates leading to the problem in the first place.

“Google’s statements about our issuance practices and the scope of our past mis-issuances are exaggerated and misleading. For example, Google’s claim that we have mis-issued 30,000 SSL/TLS certificates is not true. In the event Google is referring to, 127 certificates — not 30,000 — were identified as mis-issued, and they resulted in no consumer harm,” Symantec wrote in a blog post. “While all major CAs have experienced SSL/TLS certificate mis-issuance events, Google has singled out the Symantec Certificate Authority in its proposal even though the mis-issuance event identified in Google’s blog post involved several CAs.”

Google’s Sleevi said in another post that Symantec partnered with other CAs — CrossCert (Korea Electronic Certificate Authority), Certisign Certificatadora Digital, Certsuperior S. de R. L. de C.V., and Certisur S.A. — that did not follow proper verification procedures, which led to the misissuance of 30,000 certificates.

“Symantec has acknowledged they were actively aware of this for at least one party, failed to disclose this to root programs, and did not sever the relationship with this party,” he wrote. “At least 30,000 certificates were issued by these parties, with no independent way to assess the compliance of these parties to the expected standards. Further, these certificates cannot be technically identified or distinguished from certificates where Symantec performed the validation role.”

 While Google and Symantec continue their fight — Symantec said it is “open to discussing the matter with Google in an effort to resolve the situation” — website owners that use Symantec to verify their HTTPS connections will need to start taking steps to ensure Chrome users can access their sites without getting hit with security warnings.

Symantec has severed ties with the four firms associated with the misissued certificates, so Chrome will trust new Symantec certificates going forward — site owners just need to swap out their old certificates for new ones.

Here’s the schedule, according to Sleevi:

To balance the compatibility risks versus the security risks, we propose a gradual distrust of all existing Symantec-issued certificates, requiring that they be replaced over time with new, fully revalidated certificates, compliant with the current Baseline Requirements. This will be accomplished by gradually decreasing the ‘maximum age’ of Symantec-issued certificates over a series of releases, distrusting certificates whose validity period (the difference of notBefore to notAfter) exceeds the specified maximum.

Symantec, for its part, seems hopeful that Google will back off and not require any changes at all. “We want to reassure our customers and all consumers that they can continue to trust Symantec SSL/TLS certificates. Symantec will vigorously defend the safe and productive use of the Internet, including minimizing any potential disruption caused by the proposal in Google’s blog post,” the company said.

Google Gives Google+ Some Nips and Tucks

Google on Tuesday announced three new updates to Google+ in an effort to revive interest in the faltering product.

The added features will be rolled out next week, when the old Google+ layout will vanish.

First, lower quality comments will be hidden, although Google didn’t explain how comments will be judged or who will make those calls.

Google has tweaked the Google+ user interface to display more posts and less white space.

Further, a zoom functionality has been added to photos on Google+.

Google+ Paris photo

Google is also bringing back the Events feature so users can create and join events on Google+ as they used to. However, Events will not be available to G Suite users.

The company will continue working on Google+ and is soliciting user feedback.

The Red-Headed Stepchild of Social Media

Google+ has not fared well in the social media space, and Google last year recharacterized it as a content curation site rather than a social network.

It redesigned the Google+ site, offering tools for moderating communities, as well as adding images and linking to comments.

There’s a dearth of statistics and information about Google+ online to support either side of debate over the validity of its existence.

Although some have compared it to the walking dead, Google+ has an estimated 120 million unique monthly users, according to eBizMBA, which ranked it sixth on its top 15 list of most popular social networking sites in January. Its eBizMBA rank — which is a continually updated average of each website’s global Alexa rank and U.S. Compete and Quantcast ranks — is 34.

Facebook, YouTube, Twitter, LinkedIn and Pinterest were the five most popular social networking sites in January. and Tumblr, Instagram, Reddit, Flickr and Vine are among the sites trailing after Google+ in the top 15.

“Google+ has had a hard time getting traction,” noted Michael Jude, a program manager at Stratecast/Frost & Sullivan.

That’s because it was late to the game, he told TechNewsWorld. “Most people have accounts on other social sites, and adding yet another is too much overhead for most.”

The Tweaks’ Impact

The latest changes to Google+ “should make the device more efficient,” said Rob Enderle, principal analyst at the Enderle Group.

However, while positive, they are more “along the lines of a hotel saying they’re going to repaint the bathrooms and get rid of the smell,” he told TechNewsWorld. “They may lead fewer people to leave the service, but aren’t compelling enough to bring people back.”

Any improvement is good, Jude noted, but Google+ “is not a dominant player in social, so unless [the changes make it] remarkably better, it will still be an also-ran.”

Strengths, Weaknesses, Potential

The principal attraction of Google+ is the way it integrates with the Google solution set, Frost’s Jude remarked. “It’s possible to do everything in Google, rather than use several service providers.”

However, it’s one more application to manage, he said.

Another weakness is that Google “has not been exactly trustworthy with personal information,” Jude pointed out. “Many people distrust putting all of their personal lives under Google’s scrutiny.”

Google+ “could be a far better way to do social networking, but like the kid in school with great potential, if [Google isn’t] willing to put in the effort, that potential will never be reached,” Enderle observed.

The service “could be a useful way to manage internal company communications and teams,” Jude suggested.

As for why Google is continuing to work on Google+, given the service’s relatively weak showing and its failure to compete with Facebook, it may be that company officials “just haven’t got around to shutting it down yet,” Enderle said. “Unless their interest changes, I expect that decision is still coming.”

Google Surpasses Apple to Become the Most Valuable Brand in the World: Report

Breaking Apple’s five-year record, Google has taken the top spot as the most valuable brand in the world. In the latest Brand Finance Global 500 report, Apple comes in second, followed by Amazon, AT&T, Microsoft, Samsung, Verizon, Walmart, Facebook, and ICBC.

Google Surpasses Apple to Become the Most Valuable Brand in the World: Report

Brand Finance’s analysts feel that Apple has “over-exploited the goodwill of its customers” and has “repeatedly disillusioned its advocates with tweaks when material changes were expected.” Here the report is talking about the minimal changes introduced on iPhone devices year after year. Furthermore, the report says that “the snaking queues of early adopters have shrunk almost to the point of invisibility,” and that “Apple’s loss has been Google’s gain.” Google has been given a brand value of $109.47 billion (roughly Rs. Rs. 7,36,016 crores), compared to Apple’s $107.141 billion (roughly Rs. 7,20,294 crores)

“Put simply, Apple has over-exploited the goodwill of its customers, it has failed to generate significant revenues from newer products such as the Apple Watch and cannot demonstrate that genuinely innovative technologies desired by consumers are in the pipeline. Its brand has lost its lustre and must now compete on an increasingly level playing field not just with traditional rival Samsung, but a slew of Chinese brands such as Huawei and OnePlus in the smartphone market, Apple’s key source of
profitability,” the report reads.

Google held the world’s most valuable brand title in 2011, and has now regained it back. Most of the credit is gone to its Search business, which largely remains unchallenged, and is the mainstay of its advertising income. The report states that the “ad revenues were up 20 percent in 2016, despite a fall in cost per click, as ad budgets are increasingly directed online. Desktop advertising remains far more lucrative than mobile, despite its prematurely diagnosed decline.” Furthermore, 2016 marks Google’s foray into the mainstream smartphone market as well – with the launch of the Google Pixel and Pixel XL, which according to the report have received great sales figures.

Right after Apple, Amazon took the third spot with 53 percent brand value growth. The analysts feel that the “firm is growing strongly as it continues to both reshape the retail market and to capture an ever larger share of it.” In its latest earnings report, Amazon has stated it will create 100,000 jobs in the US over the next 18 months. With this growth confidence, the analysts feel that Amazon could well be on the top spot next year. Even social giant Facebook found a spot in the top 10, and secured the 9th position with an 82 percent brand value growth.

Android N name could be acknowledged in a ‘Few Weeks’

Last month at the employer’s developer-centered conference Google I/O, the hunt large took it upon itself to take Android enthusiasts on a solely-for-leisure-functions experience by means of asking them for call guidelines for its most up-to-date model of the mobile OS, Android N.

Android N Name Will Be Known in a 'Few Weeks'

That contest, so to talk, changed into presupposed to ultimate until June eight and now that the date has come and long gone, Google has said that it will monitor the name for Android N – which would possibly or won’t be a fan concept – in “some weeks” time. The employer additionally made a video harking back to its April 1 efforts again then to encourage human beings to come up with names, and it is following that up with another one that you could see under.

Android N will release in the fall with the new Nexus devices, after which will ship out to assisting gadgets over a length of two weeks to 6 months, relying on how responsive the manufacturer of your cellphone is. which means the world of Android customers is heavily fractured at any given point, with Android 6.zero Marshmallow simplest currently hitting the double-digit mark.

Currently, the latest version of Android is available as a “developer preview” for a pick bunch of devices. Android N is predicted to bring in quite a few upgrades that we already realize of, from higher multi-tasking, seamless updates and likely the killer characteristic of all – instant apps.

Google additionally announced heaps of recent things alongside Android N trends at Google I/O final month, maximum extensively the Alexa competitor Google home, a brand new VR framework Daydream and new messaging apps – Allo and Duo – amidst enhancements to Android put on, auto and tv.

To refresh your memory, you can test out our full insurance of the three-day event in a written shape, or pay attention to the devices 360 podcast if you prefer a arms-loose experience.

Android 6.0 Marshmallow Now Running on 0.7 Percent Active Devices: Google

Android 6.0 Marshmallow Now Running on 0.7 Percent Active Devices: Google

Google has updated its Google Play distribution data for the seven-day period ending January 4. As Google’s Android 6.0 Marshmallow version rolls out to more devices, its adoption has gone up – slightly. According to Google’s latest Android distribution chart, the Android 6.0 Marshmallow now runs on 0.7 percent active Android devices. This is 0.2 percent increase from the December figure of 0.5 percent.

Sharing the distribution data of different versions of Android, Google reported that Android Lollipop has a total share of around 32.6 percent of active Android devices (with Android 5.0 Lollipop running on 16.9 percent of devices and Android 5.1 at 15.7 percent) that check into Google Play.

According to the latest data, Android 4.4.x KitKat version is going down steadily in charts and now powers 36.1 percent devices compared to 36.6 percent last month – a decrease of 0.5 percent.

The Android distribution data also shows that Android Jelly Bean has a combined share of 24.7 percent – falling 2.2 percent from December’s 26.9 percent. Android 4.1.x is seen on 9 percent devices (down from 10 percent), Android 4.2.x on 12.2 percent (down from 13 percent), and Android 4.3 on 3.5 percent devices (down from 3.9 percent).

android_distribution_chart_jan_7_official.jpg

Android 4.0.x or Ice Cream Sandwich, in Google’s latest numbers, registered a share of 2.7 percent, down 0.2 percent from December. Android Gingerbread (v2.3.3-2.3.7) and Android 2.2 Froyo’s device distribution shares are 3.0 percent (down 0.4 percent) and 0.2 percent (at the same number) respectively in the latest charts. To note, the figures are gathered from devices visiting the Google Play app, which supports Android 2.2 and above.

The OpenGL version distribution across active Android devices, on the other hand, saw OpenGL 2.0 dominating at 54.3 percent (from 55 percent last month), and OpenGL version 3.0 steadily rising to 38.9 percent (38.8 percent last month).

Google Releases January Android Security Update for Nexus Devices

Google Releases January Android Security Update for Nexus Devices

Google has been keeping its promise of releasing Android security update every month. The company released security updates in November and last month, it bundled the security update with the Android 6.0.1 Marshmallow update release. Now, Google has started pushing the January Android security update for its Nexus range of devices.

In its ‘Nexus Security Bulletin’ for the month of January, Google has listed one of the most severe vulnerability that could enable remote code execution on an affected device through multiple methods such as email, web browsing, and MMS when processing media files. The company however said that it received no reports of active customer exploitation of the newly reported issues.

Some of the other critical security vulnerabilities listed by Google include elevation of privilege vulnerability in misc-sd driver, elevation of privilege vulnerability in the imagination technologies driver, elevation of privilege vulnerabilities in trustzone, and elevation of privilege vulnerability in kernel. The company also revealed that partners were notified about the issues on December 7 or earlier. Google will be releasing source code patches for the new issues to the Android Open Source Project (AOSP) repository in the next 48 hours.

Unlike the December security update, the January Android security update is purely focused on security fixes.

The factory images for Nexus range of devices are also available on Google’s Android Developers’website. Both the OTA update and factory images are for devices running Android 6.0 Marshmallow. The Nexus 5X and Nexus 6P will get the new Android security OTA update with build MMB29P. TheNexus 5 and the Nexus 9 Wi-Fi only and LTE will receive OTA updates with build MMB29S. The Nexus 7Wi-Fi only and LTE will get an update with build MMB29O. Nexus Player will start receiving OTA security updates with build MMB29T while the Nexus 6 will get MMB29S build.

Google Nexus 5X 32GB now available

The LG-made Google Nexus 5X smartphone has received yet another unofficial price drop in India. The phone’s 32GB model is now available for Rs 29,990 on Amazon India. The 16GB model that got a significant price droplast week is retailing for as little as Rs 24,400. The Nexus 5X was originally launched in India in October for Rs 31,990 and Rs 35,990 for the 16GB and 32GB editions respectively.

LG-Nexus-5X_thumb.jpg

To recap, the main highlights of the Nexus 5X (first impressions | unboxing) include a Nexus Imprint fingerprint sensor at the back, a USB Type-C port, a 5.2-inch full HD display, and a 64-bit Snapdragon 808 hexa-core CPU. Its other specs include 2GB of RAM, a 12.3MP rear camera with a dual-LED flash, a 5MP front snapper, 4G LTE, and a 2,700mAh battery.

Google’s Pixel C team confirms that the upcoming Android N will bring a split-screen feature

Google’s Pixel C team has confirmed that it is working on a lot of things at the moment for the next version of Android. The team has confirmed that the split-screen feature for Android is in the works and should come with Android N , the next big update for Google’s mobile OS. “The Pixel C team took questions in a Reddit Ask Me Anything (AMA) recently, and spilled the beans that one of the more useful software optimizations for Android could be on the way in the next update.”


Android Chrome Pixel

 

After the announcement of the Android M Marshmallow update, the next logical upgrade would be Android N. But this is the first time we are actually hearing about the update, and getting an idea about the expected new goodies it’ll bring. In addition to bringing the split-screen feature, the next Android version will reportedly also bring the DisplayPort feature over USB Type-C, as well as a feature similar to Windows Continuum.

There’s no official word when exactly Google plans to release the Android N update. However, the reports suggest a release towards the end of the next year.

Google releases new designer watch faces for Android Wear

Google has launched several new designer watch faces for Android Wear. The company has partnered with nine fashion brands including Ted Baker, Melissa Joy Manning, Vivienne Tam, Nicole Miller, Y-3, Mango, Zoe Jordan, Harajuku Kawaii!, and ASICS for the new watch faces.

Android Wear designer watch faces

All the new watch faces from the aforementioned fashion brands are available for free on the Play Store. As for users with an iPhone, Google says that in the coming days the new watch faces will be available through theAndroid Wear app for iOS.

The new watch faces are compatible with most Android Wear devices including the Fossil Q Founder, Tag Heuer Connected Watch, Huawei Watch,Moto 360, Sony Smartwatch 3, ASUS Zenwatch, LG Watch Urbane, Samsung Gear Live, and the LG G Watch R.

Google partners with RailTel to offer free Wi-Fi services at railway stations across India

At the Google for India event in New Delhi today, the company’s CEO Sundar Pichai talked about Google’s plans to support the Digital India initiative. The brand announced that the ASUS Chromebit HDMI stick with Chrome OS will be launched in India in January. In addition, the company has also said that it will be working with Indian Railways to bring free Wi-Fi services to train stations in the country.

Google Sundar Pichai

Google has partnered with PSU RailTel to implement the Wi-Fi facilities at railway stations in India. The company will be using RailTel’s fibre optic network to connect stations. Google already announced its plans to connect 400 railway stations across the country through Wi-Fi earlier this year. The company is currently running a pilot project in Mumbai Central station that will go live in January 2016. Pichai said that by the end of 2016, 100 stations will get free Wi-Fi.

Pichai also announced that Google is exploring ways to bring Project Loon to India. The idea behind the project is to bring internet facilities to hard-to-access rural areas via hot air balloons. The project is currently awaiting clearance from several Indian ministries.

Google Nexus 6P Gold launched in India

Google launched the Huawei-made Nexus 6P (review) smartphone in India in October in two variants – Aluminium and Graphite models. Now Huawei has launched the Nexus 6P Special Edition with a gold finish in India, which will be exclusively available on Flipkart.

Huawei Nexus 6P Special Edition

The Nexus 6P Special Edition comes only in a 64GB internal storage variant. It is priced at Rs 43,999, Rs 1,000 more than the standard Nexus 6P edition. The new edition is up for pre-order on Flipkart. The brand is offering an additional 10 percent off on the special Nexus 6P edition for Standard Chartered and Citibank debit or credit card holders. A Huawei back-cover also comes bundled with the pre-orders. The phone will go on sale from December 29th, and ships starting from December 31st.

The Nexus 6P Special Edition offers the same specs as the regular edition. It comes with a 5.7-inch quad-HD (2K) display, an octa-core 64-bit Qualcomm Snapdragon 810 processor, 3GB of RAM, a 12.3MP rear camera, an 8MP front snapper, 4G LTE, a USB Type-C port, Nexus Imprint fingerprint sensor, Android Marshmallow, and a 3,450mAh battery with fast charging support.

Google Play Store offers discounts of up to 95 percent on games and movies this holiday season

Google has kicked off holiday deals on the Play Store for Android users. As part of the year-end deals, the company is offering discounts of up to 95 percent on popular game titles, and a flat 75 percent discount on movie rentals. These are limited period year-end deals, so make sure to avail them as soon as you can.

Year-end GOogle Play Games deals

Talking about the games deals first, Minecraft Story Mode is available for just Rs 6.63, down from Rs 319.61, and the Minecraft Holiday Skin is available for Rs 33.14 (down from Rs 114.02) in Minecraft: Pocket Edition.

List of other year-end game deals:

  • Lara Croft Go with a discount of 80 percent for Rs 77.94
  • LEGO Batman: Beyond Gotham for Rs 65.66 (down from Rs 130)
  • Dark Echo for Rs 15 (down from Rs 60)
  • Hitman: Sniper for Rs 29 (down from Rs 300)
  • Leo’s Fortune for Rs 65 (down from Rs 310)
  • Monument Valley for Rs 61.25 (down from Rs 250)
  • Modern Combat 4 for Rs 60 (down from Rs 350)
  • Riptide GP2 for Rs 15 (down from Rs 60)
  • Rayman Fiesta Run for Rs 16.99 (down from Rs 195)
  • Goat Simulator for Rs 25 (down from Rs 350)
  • Surgeon Simulator for Rs 39.45 (down from Rs 350)
  • Castle of Illusion for Rs 65.64 (down from Rs 650)
  • Framed for Rs 47 (down from Rs 155)
  • PAC-MAN CE DX for Rs 65.53 (down from Rs 350)
  • Joe Danger for Rs 49.28 (down from Rs 156)
  • Final Fantasy Tactics: WotL for Rs 390.59 (down from Rs 780)
  • Sleeping Prince: Royal Edition for Rs 64 (down from Rs 350)
  • Civilization Revolution 2 for Rs 332.37 (down from Rs 480)
  • Trivia Crack (Ad Free) for Rs 65.65 (down from Rs 180)
  • Final Fantasy III for Rs 445 (down from Rs 890)

Google Play year-end Movies deal

Movie rentals on the Play Store are available with discounts of 75 percent. Popular movie titles like Ant-Man, Minions, Inside Out, Mission: Impossible – Rogue Nation, Star Wars: Return of the Jedi, Frozen, Avengers: Age of Ultron, Titli, Bahubali: The Beginning and Queen are available with discounts under the offer till January 4th 2016.