Tim Berners-Lee, the inventor of the world wide web, has officially launched the Contract for the Web, a set of principles designed to “fix” the internet and prevent us from sliding into a “digital dystopia,” The Guardian reports. The Contract lists nine core principles for governments, companies, and individuals to adhere to, including responsibilities to provide affordable, reliable internet access and to respect civil discourse and human dignity.

At launch, the initiative has received the backing of over 180 organizations, including tech companies such as Microsoft, Google, DuckDuckGo, and Facebook, and nonprofit groups such as the Electronic Frontier Foundation. The Guardian initially reported that Amazon and Twitter were absent from the list of backers, however now Twitter’s logo appears on the Contract’s homepage. Twitter’s increasing role in political discourse was recently brought into sharp focus after it chose to ban political ads on its platform, citing the “challenges to civic discourse” that they create.

The contract’s launch comes as tech companies such as Facebook and Google have faced mounting pressure around both the amount of user data they collect and how they collect it. The Contract for the Web includes principles designed to prevent this, including a requirement for companies to respect people’s privacy and personal data. If companies do not show that they are working to support these aims, they risk being removed from the list of the project’s endorsers.

It’s not that we need a 10-year plan for the web, we need to turn the web around now,” Berners-Lee said. The Contract, which includes 72 clauses alongside its nine principles, offers a shared vision for the web that Berners-Lee’s Web Foundation wants to see built, as well as a roadmap for action. Finally, it also provides a tool to try and hold companies and governments to account.

The governments of Germany, France, and Ghana have also signed up to the Contract’s founding principles. The Contract calls on governments to ensure everyone can connect to the internet, and to keep the internet available all of the time. This latter point feels especially timely in light of the Iranian government’s recent decision to shut down the internet in an attempt to prevent protests from spreading.
​
“The forces taking the web in the wrong direction have always been very strong,” Berners-Lee said, noting that it will be vital for citizens to hold governments and companies to account if the situation is to improve.

The Standing Committee of the 13th National People’s Congress in China has passed the cryptography law on Saturday, and it will be effective on January 1, 2020, according to a Chinese media report.

The announcement came one day after Chinese President Xi Jinping’s call on the country to seize opportunities in blockchain technology.

While China still bans cryptocurrency trading and its national digital currency is yet to be introduced, cryptography, as an integral underpinning of blockchain technology, could be critical to the country’s push to be more competitive in the blockchain space.

The new law aims to tackle emerging regulatory and legal challenges in commercial cryptography use-cases as they play an increasingly important role in developing the Chinese economy, according to the law’s latest draft proposal before approval.

According to the proposal:

“Clear guidelines and regulations are needed to evaluate commercial cryptography technologies used in the major fields related to the national interest as the current ‘loose’ system is not suitable for the industry anymore.”

China’s national congress said the new law will encourage research and development on commercial cryptography technologies while building up an inclusive standardized regulatory system for the market.

The Chinese congress released a draft proposal for the new law last July, soliciting public comments.

The proposal includes a range of issues from how compatible the industry standards should be with other international cryptography systems to whether companies should voluntarily verify their commercial use-cases with authorities.
​
According to the Chinese congress, the new law will also encourage nationwide educational efforts, such as public exhibitions, to promote cryptography among government officials, companies, and social groups.

Google is kicking off Cybersecurity Awareness Month by rolling out new tools that give customers greater control over their privacy when using Google Maps, YouTube, and Google Assistant. The company has confirmed that it’s launching incognito mode for Maps, which will debut on Android this month before expanding to iOS “soon.” 

When you turn on incognito mode in Maps, your Maps activity on that device, like the places you search for, won’t be saved to your Google Account and won’t be used to personalize your Maps experience,” Google’s Eric Miraglia wrote in a blog post. 

As for YouTube, Google is introducing the same rolling auto-delete feature that can already automatically clear out your location history and web data at an interval of your choosing. “Set the time period to keep your data — 3 months, 18 months, or until you delete it, just like Location History and Web & App Activity — and we’ll take care of the rest,” Miraglia wrote. Pretty straightforward.

And last, Google is letting you wipe recent voice commands or questions to Google Assistant without having to open an app on your phone. Now you can say “Hey Google, delete the last thing I said to you” or “delete everything I said to you last week” and that data will be erased. Unfortunately, you can’t delete more than a week’s worth of Google Assistant history using your voice. For that, you’ll still have to dig into the Assistant’s settings menu. 

Assistant is also now better prepared for a question like “Hey Google, how do you keep my data safe?” According to Miraglia, the answer you get “will share information about how we keep your data private and secure.”
​
Alongside these new options, Google is also building a password checkup feature right into its password manager, which syncs logins across Chrome and Android. You’ll be able to quickly check if your password was compromised in a third-party breach, find any passwords you’re reusing in multiple places, or replace weak, easy-to-guess passwords you might have in place for some accounts.

More than 400 police agencies across the United States are working with the Amazon-owned Ring home surveillance system, and now you can check if your local department is one of them.

Ring disclosed the number late month, and it’s double what reports had previously revealed. It also published an interactive map where anyone can check whether their hometown cops are part of the controversial effort through which police can see all the Ring cameras in a given neighborhood, can seamlessly request the footage and are encouraged to promote the device.

The map, where you can also check when each department started working with Ring, is available here, along with a blog post about the Ring-law enforcement partnership. The company will be updating the map as new departments are added, it says.

The release coincided with an in-depth Washington Post story, which disclosed the full number of agencies for the first time.

The Ring system includes its surveillance cameras (most famously the motion-activated camera doorbells) as well as the Neighbors app (where people can share footage from their cameras and discuss crime in their areas) and the Neighborhood Portal (where police can see a map of Ring cameras and quickly submit a request for footage during an investigation). In recent months, Vice, CNET, and Gizmodo have reported on police’s close relationship with the company, which, for example, gives departments discounts or free cameras to distribute among residents. In some cases, police have used the giveaways as leverage to demand that people hand over their footage, although Ring says it is supposed to be voluntary.
​
Critics worry about the privacy implications of such a built-out surveillance network, especially one that is controlled by a private company. What’s more, “neighborhood watch” apps like Neighbors or Nextdoor have had problems with racism and racial profiling, after users have raised the alarm after merely seeing people of color in their area.

A new security product has been launched, and it’s packed with features for a reasonable price. Authen2cateis a single-sign-on (SSO) and multi-factor authentication (MFA) service provider. Authen2cate provides a full-service, end-to-end solution that includes consulting services, implementation, integration, and ongoing maintenance and support.

Reduce Security Risk. The need for multi-factor authentication in today’s world is only becoming more and more apparent. According to The Password Exposefrom LastPass, the average employee is managing 191 passwords. Even a genius would sweat at the thought of remembering 191 unique, strong passwords from memory. This promotes the re-use of basic passwords and is a looming threat to every company. Remember, a simple eight-character alphanumeric password can be cracked in a matter of minutes.

As the internet and cloud solutions become an even more significant part of everyday life, especially in the workplace, ensuring identities can be properly authenticated and access is securely granted to only the right people, passwords alone are an outdated security measure. The National Institute of Standards and Technology (NIST)states that “MFA should be used wherever possible for any external access like VPN, Outlook Web Access or Citrix” and advised that many of the security issues they see today stem from passwords. Also, NIST recommended that businesses should incorporate Multi-Factor Authentication in their login policies, and that password management and policies are not “one-size-fits-all.” Authen2cate is designed to help with these issues. 

By implementing Authen2cate’s unified Identity and Access Management solution, users can prevent identity attacks and data compromise with an added layer of security. 

Meet Compliance Requirements. Security and privacy are essential topics in many industries: Healthcare, Government, IT, Education, and more. Most industry compliance guidelines and requirements from HIPAA, HITECH, PCI, FIPS, NIST, and others require or highly recommend added layers of security. By implementing Authen2cate’s Multi-Factor Authentication solutions, users can better prepare for audits and meet compliance standards to protect their organization.

Multi-Factor Authentication allows for added security to protect user logins and sensitive data. In today’s technical world, where everything is saved on a computer, in a server, or the cloud, it is more important than ever to protect personal information further. Should a username and password become compromised, MFA serves as a second layer of security preventing access to sensitive information.

Provisioning. One of the critical requirements of all compliance standards is not only creating access for a new user but also making sure that when a user leaves the organization, access is revoked. Authen2cate’s solution allows the administrator to seamlessly and automatically provision a new user by simply adding them to the application group in the directory. Applications like Office 365, Salesforce, Oracle, SAP, and many more take only a few minutes to deploy. When a user leaves the organization, delete them from the directory or remove them from the application group, and access is terminated for all applications they had previously been assigned.

Simple User Experience. Authen2cate's unified Identity and Access Management solution offers a seamless and straightforward experience for all users while adding another layer of security. How can Authen2cate make your life easier and more secure?

•   Single Sign-On Portal: Sign in once to your customized portal and get instant, secure access to all your apps in one central platform.

•   Mobile App: Three benefits all in one application. Implement Multi-Factor Authentication to add another layer of security to your applications. Securely reset your passwords straight from the app. And lastly, unlock your account if you completed too many failed login attempts.

Pricing. Authen2cate offers a 45-day free trial, and its subscription is $3/user/month with a minimum of 10 users.

Microsoft’s Windows 10 OS has been facing multiple problems in recent months. In the latest development, Microsoft has now released an important new Windows 10 warning to 800 million users. 

The company has identified a serious and long-running bug on its OS platform. The bug is more of a problem that was inadvertently introduced through design implementations. Microsoft has admitted to quietly switching off Registry backups in Windows 10. It has been observed that Registry backups would randomly show that backup operation has been completed despite no backup file being created. 

For users and businesses, Registry Backups are critical, as they are the last line of defense. If the Windows System Restore point fails, the registry backup is the only option for users. According to Microsoft, “Starting in Windows 10, version 1803, Windows no longer automatically backs up the system registry to the RegBack folder. If you browse to the WindowsSystem32configRegBack folder in Windows Explorer, you will still see each registry hive, but each file is 0kb in size.” 

Windows 10 1803 was released in October last year. While users flagged the issue to Microsoft, the company never admitted it. The disclosure comes just two months after Microsoft pledged to offer control, quality, and transparency to Windows 10 users. 

According to Microsoft, the company has done this to reduce the overall disk footprint size of Windows. The registry backup is usually 50 to 100 MB in size. To recover the system with a corrupt registry hive, Microsoft recommends using a system restore point. You can enable the period registry backup by manually editing the registry entry. 
​
Windows will back up the registry to the RegBack folder when the computer restarts. Windows stores the task information in the Scheduled Task Library in the Registry folder.

Travelers might finally be getting a break from the ever-frustrating airport security rules. Thanks to the introduction of new carry-on baggage scanners called CT (Computed Tomography), travelers won’t have to take electronics or liquids out of their bags. The TSA announced the rollout of this new technology, which would ultimately cut down on long security lines and make the airport experience much smoother.

The new machines can create 3D images of a bag’s contents and automatically detect and scan items you are currently required to remove. This includes electronic devices like laptops and even liquids. According to Bloomberg Government, 300 of these new machines have been ordered by the TSA so far, and they will begin to appear in airports this summer. Eventually, the goal is to replace all current X-ray machines with these new CT scanners. The TSA has been testing these machines since 2017, and once airport employees become comfortable operating the new equipment, shorter security lines are expected.
​               
The list of airports that will receive the new CT machines has not yet been released, though they are currently being used at the following airports:

• Hartsfield-Jackson Atlanta International Airport (ATL)
• Baltimore-Washington International Airport (BWI)
• Chicago O’Hare International Airport (ORD)
• Cincinnati/Northern Kentucky International Airport (CVG)
• Detroit Metropolitan Wayne County Airport (DTW)
• Houston Hobby Airport (HOU)
• Indianapolis International Airport (IND)
• John F. Kennedy International Airport (JFK)
• Logan International Airport (BOS)
• Los Angeles International Airport (LAX)
• Oakland International Airport (OAK)
• Phoenix Sky Harbor International Airport (PHX)
• St. Louis Lambert International Airport (STL)
• Washington-Dulles International Airport (IAD)

 

When you’re on the road, Starbuck’s ‘third space’ idea can become compelling. You might want to get out of your hotel room for a change of atmosphere, or you might need a better cup of coffee. And you probably still need to get online with something other than your phone, and coffee shops mean Wi-Fi as much as caffeine.

If you pick the big chains, the Wi-Fi is pretty reliable. If you choose a smaller shop, the coffee is often far tastier, but the wireless can be hit and miss. A journalist writing about this problem, went into a little coffee place in Seattle to get out of the rain and catch up on some work over a weekend, his phone warned him that it could connect to the Wi-Fi but not to the internet.

He had the same problem when he connected his laptop to the coffee shop Wi-Fi. It’s not always possible to diagnose what’s wrong with a Wi-Fi connection; often the bandwidth is overloaded by the number of people connected to free Wi-Fi, or the router isn’t correctly configured to hand out IP addresses to devices. That means waiting for a few people to leave or asking the staff to restart the router.

But frequently, the problem with networks is DNS; the wi-fi router is probably using the DNS server of the ISP to which it’s connected. Switch to a public DNS service like Cloudflare’s 1.1.1.1, and you should get connected – and probably find websites a bit more responsive, too.

In Windows 10, click the network indicator in the taskbar to open the network menu and choose Change adapter options to open the Network Connections control panel with the list of network hardware you can use. Right-click on the wi-fi connection and select Properties. Click on Internet Protocol Version 4 (TCP/IPv4) and choose Properties again, then click to fill in your DNS details. Fill in 1.1.1.1 to use the Cloudflare service; you can use 1.1.1.0 for the alternative DNS server if you want Cloudflare as the fallback, or 8.8.8.8 to use Google’s DNS service.

You can do the same thing on a Mac. Choose System Preferences / Network and select your wi-fi connection, then click Advanced and choose the DNS tab. Again, fill in 1.1.1.1 to use the Cloudflare service; you can use 1.1.1.0 for the alternative DNS server if you want Cloudflare as the fallback, or 8.8.8.8 to use Google’s DNS service. 
​
On an iPad, look under Settings / Wi-Fi and tap next to the Wi-Fi network name. Scroll down and select the Configure DNS option, then tap Manual and fill in the addresses. Then you can get back to your coffee and  on with some work.

Currently, 3.9 million Americans work remotely, which marks a 115% increase from 2005. Estimates indicate that more than one-third of employees will work remotely in the next ten years. The desire for greater flexibility and work/life balance is partially responsible for this trend, in addition to an ever-increasing number of businesses that are based entirely online. With cloud and mobile technologies making it easier than ever before to communicate and collaborate regardless of location, organizations are embracing remote work as a way to cut costs and satisfy employee demand.

Despite the productivity and cost-saving benefits of remote work, the concept introduces serious cybersecurity risks that have the potential to devastate entire businesses. For example, if an employee logs on to their email via a coffee shop’s public Wi-Fi, that individual runs the risk of sending their work emails, customer information and other business data directly to hackers rather than to the Wi-Fi connection point.
Small and medium businesses (SMBs) are particularly vulnerable to remote work security risks, as they usually have fewer resources to prevent or recover from cyber-attacks proactively.

Here are five best practices that will help establish the proper level of control over cybersecurity threats.

Enforce Basic Cybersecurity Hygiene.An organization's cybersecurity is only as strong as its weakest link, and all it takes is one employee – even a well-intentioned one – to cause that chain to break. Enforce cybersecurity best practices such as using strong passwords, not sharing passwords across multiple accounts, implementing two-factor authentication (often free) and accessing sensitive files only from trusted devices and VPNs. Also, some simple and inexpensive employee cybersecurity awareness training can ensure employees are familiar with the most common and current attack schemes and educated on how to handle a situation if they think a cybersecurity incident has occurred.

Reign in 'Shadow IT.'Shadow IT refers to computer systems, applications or devices being used without explicit organizational knowledge or approval. For example, do any of your employees access their work email from their personal cell phone? Attempting to completely shut down Shadow IT isn't realistic, nor is it necessarily helpful to your business. However, it's essential to identify any apps or devices that could pose the highest risk. Clearly communicate which products or services are forbidden and explain why so your employees don't feel unjustly blocked and circumvent the rules. Also, consider putting processes into place that allow your IT team to quickly approve or disapprove new applications in which employees express interest.

Organize Back-End Technologies. Cloud-based apps can be a godsend for ensuring a seamless work environment for remote employees, and many also provide the invaluable service of backing up all of the data being generated outside an office's walls. Services such as G Suite or Microsoft Office 365, for instance, can allow employees to create, edit, organize, share and automatically back up documents, spreadsheets, presentations and more, no matter their location or device. Consider migrating some or even all of your file storage to a trusted cloud provider to optimize flexibility and more efficiently manage, secure and backup your business data.

Duplicate Storage.With its infinite scalability and relative affordability, cloud technology can be an ideal data storage resource. However, rather than relying entirely on the cloud or trusting your employees to only use secure cloud services with automatic backup capabilities, duplicate your most critical business data, so at least one copy is kept separate from cloud data centers and stored offline via encrypted backup tapes. This is an essential action to protect your business from the impact of a ransom attack, where a hacker blocks access to your systems or data until a ransom is paid.
​
Get Cyber Insurance.Cyber insurance is an important, final step for protecting your business against the dangers of employees working remotely. Considering the significant financial demands many SMBs face as a result of a security incident, look for plans that cover immediate business costs (e.g., lost revenue due to the interruption of business, ransom, regulatory or legal fines). Also, be sure to implement coverage that includes such crisis response services such as coaching and guidance on how to respond to a breach.

Networks today are subject to many threats including ransomware, cryptocurrency-miner threats, or state-sponsored hackers.

In line with other security industry pros, Microsoft has confirmed in its 24th annual security intelligence report that ransomware has taken a backseat to pesky cryptocurrency miners. 

But the company also warns that supply-chain attacks are on the rise. These are where an attacker uses a supplier or business partner to spread an infection. 

Past examples include the NotPetya not-ransomware outbreakthat caused over a billion dollars in losses for global firms and the Dofoil BitTorrent attacks. 
    
"Supply-chain attacks are insidious because they take advantage of the trust that users and IT departments place in the software they use," Microsoft warns in the report. 

"The compromised software is often signed and certified by the vendor, and may give no indication that anything is wrong, which makes it significantly more difficult to detect the infection. They can damage the relationship between supply chains and their customers, whether the latter are corporate or home users.

"By poisoning software and undermining delivery or update infrastructures, supply-chain attacks can affect the integrity and security of goods and services that organizations provide."

While attacks are changing and Windows 10 built-in security is improving, the company's advice to customers remains the same. However, there are conflicting data about the best approach to staying secure.  
Microsoft recommends only using software from trusted sources, though this 'security hygiene' measure could be undermined in a supply-chain attack. 

The company also recommends "rapidly applying the latest updates to your operating systems and applications, and immediately deploying critical security updates for OS, browsers, and email."

Deploying patches quickly is generally a good idea. However, Microsoft recently revealed that vulnerabilities in its software are most likely to be exploited as a zero-daybefore the company has even had a chance to release a patch. 

However, its other tips don't present obvious security conflicts.  

"Deploy a secure email gateway that has advanced threat protection capabilities for defending against modern phishing variants," Microsoft warns, adding that businesses should "Enable host anti-malware and network defenses to get near real-time blocking responses from the cloud (if available in your solution)." 

The other important measures organizations should take include implementing access controls, and teaching employees to be suspect of messages that ask them to divulge sensitive information. 

Microsoft also recommends keeping "destruction-resistant backups of your critical systems and data" and using cloud storage services for online backups. 
​
"For data that is on premises, regularly back up important data using the 3-2-1 rule. Keep three backups of your data, on two different storage types, and at least one backup offsite," says Microsoft.