Insights For Success

Strategy, Innovation, Leadership and Security

Google

OnePlus policy that makes it a better buy than Samsung, HTC or LG

GeneralEdward KiledjianComment
7dde5baaa7509370f2b16982bfd0605d_260_0.png

As a security technologist, the security philosophy of the OEM is a crucial determinant of my decision to buy or recommend a device. This is where Apple shines with it's iPhone update strategy. Every single iPhone receives updates (security and version) at the same time. 

This is why I highly recommend Google's Pixel devices. The Pixel line offers the same regular and speedy update schedule. The other Android manufacturer that has shown it cares about upgrades is OnePlus. Until this week, it did a great job delivering updates quickly, but it didn't formally commit to a software upgrade schedule. 

OnePlus Software Maintenance Schedule.png

All of that changes this week when OnePlus unveiled its new operating system (Android) maintenance schedule. It has copied the Google Pixel model and will deliver major upgrades for two years and security updates for three years. 

As per the maintenance schedule, there will be 2 years of regular software updates from the release date of the phone (release dates of T variants would be considered), including new features, Android versions, Android security patches and bug fixes and an additional year of Android security patch updates every 2 months.
— OnePlus OS Maintenance Schedule

Conclusion

OnePlus has always offered solid well-designed devices at competitive prices. This new software maintenance schedule commitment makes their offering that much more compelling. 

I can no longer recommend devices from manufacturers that do not regularly deliver security and version upgrades. This is why I only recommend Android devices from Google, Blackberry Mobile and OnePlus. 

Google launches New Tasks App (Mobile & Web)

GeneralEdward KiledjianComment
Capture.PNG

In a blog post entitled "With new security and intelligent features, the new Gmail means business", David Thacker (Google VP Product Management, G Suite) announced, "We’re also introducing a new way to manage work on the go with Tasks."

The new refreshed Tasks system will be available on the web and have accompanying mobile apps (Android and IOS). The new updated Tasks system will allow you to create tasks & subtasks with due dates and notifications. 

Gmail_Convergence_Enterprise_Image_7.max-1000x1000.png

The current tasks was an anemic stand-alone product that barely worked. The new one will integrate into the G Suite and allow you to drag & drop emails from GMAIL, files from Google Drive and more. 

Now you can quickly reference, create or edit Calendar invites, capture ideas in Keep or manage to-dos in Tasks all from a side panel in your inbox.
— David Thacker

The announcement is happening in the G Suite (Enterprise blog), but this update will flow to the free consumer-friendly version as well. 

The Google help centre provides additional information about how all of this will work.

Download the new Android version here and the IOS one here

Best URL shorteners

GeneralEdward Kiledjian4 Comments
UTL_short.jpg

URL shorteners are something you either use a lot or never. Google launched it's own URL shortening service in 2009 with unique (at the time) features like third-party API access, QR code generation, ability to use easily on mobile. 

But Google is retiring this public facing service and replacing it with Firebase Dynamic Links (FDL) accessible by developers only. 

This is not surprising since Twitter retired Deck.ly when it acquired TweetDeck.

If you have links, Google is giving you until March 30, 2019, to figure out what you are going to do (even though you will lose the ability to create new short links on April 13). 

google_short1.PNG

What are the best Goo.gl alternatives?

bitly.PNG

1 - Bit.ly

The first alternative has to be Bit.ly which is one of the most popular URL shortening services on the internet and one of the oldest. You create an account and then generate short links as required (you can also choose a tag to group your URL). 

Bitly allows you to create custom branded short URLs, which is excellent for marketing. 

Owly.PNG

2 - Ow.ly

Hootsuite runs a service called Ow.ly. Ow.ly offers all of the features of Bit.ly but integrates with HootSuite. So if you use Hootsuite to manage your social media presence, this could be the best option for you.

The big difference is that Bit.ly allows you to quickly shorten a link from their main webpage without having to sign-up whereas Ow.ly does not.

rebrandly.PNG

3 - rebrandly.com

Many lists include Firebase from Google but I am omitting it since it is only designed for use by developers in apps (not useful for the average Joe). My last recommendation is Rebrandly.com which offers custom URL shorteners. Many large cloud companies are Rebrandly customers (such as Microsoft, Dropbox, etc).

rebrandly1.PNG

Before you get scared and look away, they offer a free tier that will meet the needs of most users.

Conclusion

A URL shortener is a service that you will rely on for years, and I have presented the companies (services) that look to be the most stable. Remeber that when the service disappears's your links break which could wreak havoc on your social strategy.

Run a speed test from Google Search

GeneralEdward KiledjianComment
athletics-3108413_1920.png

There are dozens of sites and services that promise to test your internet speed. The most popular are:

Now you can also add Google to the list.

1 - Go to the Google Search Page (on a PC or Android device)

2 - Enter Speed Test

Capture.PNG

3 - Choose the Run Speed Test option and ignore the search results

Capture1.PNG

4 - Wait until Google delivers your speed test results

Capture3.PNG

Android Smartphones - This tool also works on Android devices. Just search for Speed Test on the Google search bar on your launcher and it will perform the same test and return results with a similar look & feel.

Some public WIFI hotspots seem to block it while allowing other services to run. Not sure why.

Does it work in other languages?

 I tried the search on the Google Canada French site using both "Speed Test" and "test de vitesse" and I was not given the speed test web applet. Looks like this may be reserved for english language searches only for now.

Capture4.PNG

 

Conclusion

Nothing special or different here but this could be one more feature in your cap. I do like the fact that Google interprets the results and explains (in plain English) what kind of video streaming performance you should be able to expect from your connection. 

    OPSEC - Security when making calls

    GeneralEdward KiledjianComment
    radar-2799606_1920.jpg

    RELATED: OPSEC - Introduction to Malware

    RELATED: OPSEC - How to securely delete files

    If you are making calls using a cellphone or landline phone then you should assume that your conversation can easily be intercepted by the carrier (providing the service or a government agency that has control over that carrier). Security researchers have even proven that with $1,500 in parts, they can build a cell phone call interception device by pretending they are a cell tower.

    Regular phone calls on your cell phone (including SMS and MMS messages) are easily intercepted and should be considered insecure.

    What about VOIP?

    VOIP stands for Voice Over IP and any app that allows you to make voice calls is typically using VOIP (Whatsapp, Skype, DUO, etc). Many carriers have started offering Voice Over WIFI and Voice Over LTE. VOWIFI and VoLTE have the same security (or insecurity) as making a regular call using your carrier's normal cell network.

    Some VOIP software offers decent or good end-to-end encryption. These require both parties to have the same software and typically callout that they use encryption in their literature. But be careful, not all encryption is created equal. Telegram Messenger advertises that it is secure but a deep dive into its model shows it uses "bad" (my opinion) encryption and shouldn't be trusted. 

    RELATED: Telegram Messenger isn't as secure as you think

    So some VOIP services offer good reliable encryption and others don't. Here are the ones you can rely on.

    Signal

    I have written about the free open-source Signal messaging app for years. Signal is the defacto reference on how to build solid end-to-end encryption. Their model was so good, they helped Whatsapp when it wanted to improve its security. 

    RELATED: Whatsapp to become more secure than Apple Messages

    Signal is cross-platform (Windows, Mac, ChromeOS, Chrome Browser). Signal offers a simple encrypted text messaging service and secure encrypted calling service. 

    Signal uses your existing number and address book to simplify your authentication and connection with other users. Therefore there is no separate username or password to remember.

    I have to highlight the fact that a motivated attacker can still collect metadata from signal calls because the central management servers are still owned by Whisper Systems. Whisper Systems does not have a way to listen in on calls or read messages but they do know who you spoke to, when and for how long. Having said this though, they still offer the most secure and best build encrypted messaging app around, and it is all offered for free.

    Jitsi for encrypted video chats

    If you want a free open-source tool for encrypted video chats (does audio too) then take a look at Jitsi. It also supports group chats. There is no requirement to sign-up for anything and therefore your personal information isn't sitting on some third-party server, 

    You visit the site, enter a meeting name (without spaces and difficult to guess) and share that link with the other participants. It's really all there is to it. Safe, Easy and Secure.

    What about Skype or Google Hangouts?

    Most VOIP solutions offer transport encryption (which means a third-party like your carrier can't eavesdrop) but the data is managed unencrypted once it reaches the provider's network. In most cases, I discourage the use of these services for situations where security is the utmost priority. One caveat is that Skype has announced that it will work with the Signal team to implement end-to-end encryption (like Whatsapp did) but that is still many months away.  

    There are dozens of products that use security to differentiate themselves and most have not been independently reviewed. I recommend you stick to the 2 products mentioned above.

    Conclusion

    Good security requires some planning but is well worth the effort. Hopefully, this article helps