The US National Security Agency (NSA) published last week a security assessment of today’s most popular video conferencing, text chatting, and collaboration tools. From a report: The guidance contains a list of security criteria that the NSA hopes companies take into consideration when selecting which telework tool/service they want to deploy in their environments. The NSA document is not only meant for US government and military entities but the private sector as well. The idea behind the NSA’s initiative is to give military, public, and private organizations an overview of all of a tools’ features, so IT staff don’t make wrong decisions, expecting that a tool provides certain features that are not actually living up to the reality. Per the NSA’s document, the assessed criteria answers to basic questions like:

Does the service implement end-to-end (E2E) encryption?
Does the E2E encryption use strong, well-known, testable encryption standards?
Is multi-factor authentication (MFA) available?
Can users see and control who connects to collaboration sessions?
Does the tool’s vendor share data with third parties or affiliates?
Do users have the ability to securely delete data from the service and its repositories as needed (both on client and server-side)?
Is the tool’s source code public (e.g. open source)?
Is the service FedRAMP approved for official US government use?

Read more of this story at Slashdot.

Source: Slashdot – NSA’s Guide For Choosing a Safe Text Chat and Video Conferencing Service

Google announced this week new rules for the Chrome Web Store in an attempt to cut down the number of shady Chrome extensions submitted and listed on the site. From a report: Starting August 27, Google says it intends to enforce a new set of rules, which will result in a large number of extensions being delisted. These rules are meant to crack down on a series of practices extension developers have been recently employing to flood the Web Store with shady extensions or boost install counts for low-quality content. They include:
1. Developers cannot submit duplicate extensions anymore. (e.g. Wallpaper extensions that have different names but provide the user with the same wallpapers when installed.)
2. Extensions are not allowed to use “keyword spam” techniques to flood metadata fields with multiple terms and have the extension listed across multiple categories to improve the extension’s visibility in search results.
3. Developers are not allowed to use misleading, improperly formatted, non-descriptive, irrelevant, excessive, or inappropriate metadata. Extension metadata needs to be accurate, and Google intends to be strict about it.
4. Developers are now forbidden from inflating product ratings, reviews, or install counts by illegitimate means, such as fraudulent or paid downloads, reviews, and ratings.

Read more of this story at Slashdot.

Source: Slashdot – Google Announces Chrome Web Store Crackdown For August 2020

An anonymous reader shares a report: HTC’s Exodus blockchain smartphones will soon receive their own mining app, letting them mine Monero cryptocurrency when plugged in and idle, The Block reported earlier this month. The DeMiner app, which is being developed by Midas Labs, is scheduled to launch in Q2 2020. According to Midas Labs’ Jri Lee, one of HTC’s Exodus 1S smartphones should be able to mine $0.0038 of Monero a day, which doesn’t exactly turn the phone into a moneymaking machine. In fact, Decrypt ran the numbers and found that, at that rate, you’d be in line to make just over a dollar a year ($1.387). That means you’d pay off $237 Exodus 1S in around 170 years — excluding electricity costs, that is.

Read more of this story at Slashdot.

Source: Slashdot – HTC’s Blockchain Phone Takes Over a Century To Mine Enough Crypto To Pay For Itself