A study recently published by Google suggests that security questions are actually no good at protecting user accounts, quite the contrary. While the easier answers can be very easily guessed even by an amateur hacker, the complicated ones are very difficult to remember.

Google conducted an extensive study during which hundreds of millions of questions and answers were analyzed. The conclusion was that “secret questions are neither secure nor reliable enough to be used as a standalone account recovery mechanism.”

Apparently, people who use security questions to help them recover their accounts are faced with one of two undesired outcomes. Either the private information can be easily exposed – when the question is too easy to answer – or users are unable regain access to their own accounts – when the answer is so complicated that not even they can remember it.

Google offered plenty of statistics to support their findings. For instance, pizza is one of the likely answers to the facile “What is your favorite food?” question, as it was chosen by about 20 percent of the subjects in the study. Results don’t show much promise when it comes to other similar questions.

For instance, if an attacker is persistent enough and tries at least ten times, there is a very high chance he will guess the correct answer in most situations. Your first teacher’s name will be guessed 24 percent of the time, while your father’s middle name can be exposed in 21 percent of the cases. The matter gets even more complicated when the answer is public knowledge, such as your city of birth.

Google then tried to solve the dilemma by determining if security questions are more effective when coupled together. If two easy questions were to be used instead of a single one, the exposure risk would decrease dramatically, and attackers would be able to breach the accounts in only 1 percent of the cases. However, the procedure would get so complicated that not even the users themselves would be able to successfully recover their accounts.

The study showed that the recall rate of a single simple answer is relatively high, as almost 80 percent of Google users remember their answers without much trouble. The same thong does not apply when they are asked to answer two different questions. Google suggests that user recall rate in case of multiple questions is just over 50 percent, which pretty much renders security questions useless.

So, if it’s easy, then it’s easy for everyone. If things get complicated, then you might find yourself locked out of your own account. Security questions will probably become a thing of the past soon, as there are more effective ways of protecting data currently available. Take, for instance, a fingerprint scanner. Or simply add a pin. It may not be much, but it’s way easier to remember.

Image Source: Perimeter USA

Top-secret documents were leaked to the press recently, suggesting that the NSA was planning to infect smartphones with spyware by hijacking the Google and Samsung app stores. According to the information, there were five countries involved in the project, including the United States.

The National Security Agency and its counterparts from Canada, the United Kingdom, Australia and New Zealand were all part of a surveillance program dating a few years back. The intelligence agencies from all five nations, collectively codenamed the “Five Eyes” alliance, were to be placed under the oversight of a special unit called the Network Tradecraft Advancement Team.

The document was obtained by the press courtesy of the infamous NSA whistleblower Edward Snowden. For the time being, however, it is unknown what became of the hijacking program.

The NSA plan did not involve only collecting data from the infected devices, but also using them for surveillance operations. According to the documents, the spyware should have also enabled the agency to use manipulation techniques on certain targets, by sending them “selective misinformation.”

The project was well under way at the time the documents were made. The Five Eyes were already engaged in several workshops in Canada and Australia, still trying to figure out the tactics before actually starting the program.

As far as it is known, the first stage of the NSA surveillance agenda involved infiltrating the Samsung and Google app stores. From there, the spyware was supposed to hijack phone users’ internet connections that would have allowed the agency to send malicious software to designated devices.

The technique is not an NSA invention, and it is widely known among computer programmers as a “man-in-the-middle” attack. A hacker would have been placed between the app servers and smartphones, allowing him to control any data sent between the two – hence, the man in the middle.

According to Citizen Lab human rights group, the move would have been a rather irresponsible decision on behalf of the NSA, as the security breach would have exposed hundreds of millions of smartphone users to attacks from basically any country. Eventually, the program could have backfired in a really ugly way for the agency.

The NSA did not respond in any way to the allegations. As for Google and Samsung, both companies said they refrain from making any comments for the time being.

Image Source: IB Times

Google apologized for the algorithm that suggested the White House as a Google Maps result after typing a combination of racially offensive words. The announcement was made after several people complained that typing the N-word in the Google Maps search box would most likely lead to 1600 Pennsylvania Avenue.

For instance, Bomani Buckhalter reported that searching “N***** house” in Google’s mapping service would point out to the White House, and most of his friends were aware of the fact. Same thing occurred after combining the N-word with other syntagmas – “N***** king” returned the same result, which many people found offensive towards president Obama and black people in general.

Google claims the results are unintended and the company is working hard to resolve the issue as quickly as possible. “Some inappropriate results are surfacing in Google Maps that should not be, and we apologize for any offense this may have caused,” a spokesman for the company said.

Apparently, the tech giant is taking matters very seriously, as the Google Maps editing feature has been temporarily disabled to prevent internet trolls from pulling any pranks through the app. Google product manager Pavithra Kanakarajan reassured users that the moderation system will return shortly, after the required corrections are made.

It will probably take a while before Google finishes refurnishing the search algorithms and the map editing system, and the service will most likely become fully available again around May 27, along with the new Google Maps patch that the company announced.

The N-word conundrum is only a latest unfortunate event on a long list of incidents that put Google under suspicion for deliberately trolling other people. And it was Google Maps that caught the attention each time. For instance, about a month ago someone found out that the White House has been tagged as NSA whistleblower Edward Snowden’s home.

Moreover, several weeks later an Android figurine was discovered urinating on what very much resembled an Apple logo in Pakistan. Google apologized each time the information went public, and claimed that it had no earlier knowledge. But coincidences suspiciously seem to add up to something.

Image Source: African America