Tag Search: google
An anonymous reader quotes a report from Ars Technica: Hackers are abusing Google Analytics so that they can more covertly siphon stolen credit card data out of infected ecommerce sites, researchers reported on Monday. Payment card skimming used to refer solely to the practice of infecting point-of-sale machines in brick-and-mortar stores. The malware would extract credit card numbers and other data. Attackers would then use or sell the stolen information so it could be used in payment card fraud. One challenge in pulling off the hack is bypassing website security policies or concealing the exfiltration of massive amounts of sensitive data from endpoint security applications installed on the infected network. Researchers from Kaspersky Lab on Monday said that they have recently observed about two dozen infected sites that found a novel way to achieve this. Instead of sending it to attacker-controlled servers, the attackers send it to Google Analytics accounts they control. Since the Google service is so widely used, ecommerce site security policies generally fully trust it to receive data. "Google Analytics is an extremely popular service (used on more than 29 million sites, according to BuiltWith) and is blindly trusted by users," Kaspersky Lab researcher Victoria Vlasova wrote here. "Administrators write *.google-analytics.com into the Content-Security-Policy header (used for listing resources from which third-party code can be downloaded), allowing the service to collect data. What's more, the attack can be implemented without downloading code from external sources." The researcher added: "To harvest data about visitors using Google Analytics, the site owner must configure the tracking parameters in their account on analytics.google.com, get the tracking ID (trackingId, a string like this: UA-XXXX-Y), and insert it into the web pages together with the tracking code (a special snippet of code). Several tracking codes can rub shoulders on one site, sending data about visitors to different Analytics accounts." The "UA-XXXX-Y" refers to the tracking ID that Google Analytics uses to tell one account from another. As demonstrated in the following screenshot, showing malicious code on an infected site, the IDs (underlined) can easily blend in with legitimate code.
Cloud subscriptions are undoubtedly valuable, but creating a new set of login credentials users have to memorize adds another level of inefficiency. With single sign-on (SSO), you can create one user profile that logs you into all of your online accounts. If you're overwhelmed by the need to create and manage strong passwords, SSO is for you.
Is your site getting a large amount of traffic, but you're not seeing a product or service sales boost? Many small business owners face this dilemma at one time or another. The fact is that a large number of visitors doesn't necessarily translate into engaged customers. A crucial metric that you should look into is engagement. Here's how Google Analytics can help.
Google and its industry allies are making a late bid to water down the first major data-privacy law in the U.S., seeking to carve out exemptions for digital advertising, according to documents obtained by Bloomberg and people familiar with the negotiations. Bloomberg reports: A lobbyist for Google recently distributed new language to members of California's state legislature that would amend the California Consumer Privacy Act. As currently drafted, the law limits how Google and other companies collect and make money from user data online, threatening a business model that generates billions of dollars in ad revenue. It's due to kick in next year and there are only a few more days to amend the law. The lobbying push seeks legislative approval to continue collecting user data for targeted advertising, and in some cases, the right to do so even if users opt out, according to the documents and the people familiar with the negotiations. It's unclear if the language circulating in the state capitol's corridors was drafted by Google, and other lobbyists are likely asking for similar changes. Industry groups, such as the California Chamber of Commerce and the Internet Association, often help write legislation and have been the face of industry during two years of debate over the CCPA. It's also common for interested parties to suggest late changes to bills. The Google representative, who distributed the revised language in recent weeks, has yet to find a lawmaker to sponsor the amendments, according to people familiar with negotiations. The proposal must be in a bill by Sept. 10 to be eligible for lawmakers to vote on it before they adjourn for the year on Sept. 13. One of the proposals would let Google and others use data collected from websites for their own analysis, and then share it with other companies that may find it useful. Currently, the CCPA prohibits the sale or distribution of user data if the user has opted out, with limited exceptions. Another proposal would loosen the definition of "business purpose" when it comes to selling or distributing user data. The law currently defines this narrowly and has a list of specific activities, such auditing and security, that will be allowed. Google's lobbyist shared new language that significantly broadens the rule by replacing the phrase "Business purposes are" with "Business purposes include," before the list of approved activities.
Google recently made changes to its search tools to prioritize mobile searches over web searches. Why has Google done this and what does this mean for businesses and users? Get the answers by reading on.
Google Chrome and Mozilla Firefox Lite support web-based biometric authentication. The leading mobile browsers now allow users to sign in to online profiles through fingerprint scanners, facial recognition, and the like. What's more, online biometric authentication through these browsers requires no additional software.