Google Makes Chrome for Android a 2FA Option

Google’s Chrome for Android is reportedly being added as a security key option for Google Accounts protected with two-factor authentication.

9to5Google reports that the Chrome 93 for Android beta now prompts users when someone attempts to sign in to the same Google Account on a nearby device. The change wasn’t mentioned in Google’s announcement of the latest beta release, however, or in the Chromium blog post that’s supposed to offer more information about new features coming to the browser


Olympics Broadcaster Announces His Computer Password on Live TV

In what is, at least so far, the biggest cybersecurity blunder of the Tokyo Olympics, an Italian TV announcer did not realize he was on air when he asked the password for his computer.

“Do you know the password for the computer in this commentator booth?” he asked during the broadcast of the Turkey-China volleyball game, apparently not realizing he was still on air.

“It was too hard to call the password Pippo? Pippo, Pluto or Topolino?” he complained, referring to the Italian names for Goofy, Pluto and Mickey Mouse.

Whoopsy-Doodle Sauce

Here’s what that Google Drive “security update” message means

“A security update will be applied to Drive,” Google’s weird new email reads. A whole bunch of us on the Ars Technica staff got blasted with this last night. If you visit, you’ll also see a message saying, “On September 13, 2021, a security update will be applied to some of your files.” You can even see a list of the affected files, which have all gotten an unspecified “security update.” So what is this all about?

Google is changing the way content sharing works on Drive. Drive files have two sharing options: a single-person allow list (where you share a Google Doc with specific Google accounts) and a “get link” option (where anyone with the link can access the file). The “get link” option works the same way as unlisted YouTube videos—it’s not really private but, theoretically, not quite public, either, since the link needs to be publicized somewhere. The secret sharing links are really just security through obscurity, and it turns out the links are actually guessable.


Google Launches Bug Hunters Platform

Rewarding security researchers for reporting bugs helps to keep online services safe and secure. Google has been doing it for 10 years now, and is celebrating by launching a new platform called Bug Hunters.

Posting on the Google Security Blog, Jan Keller, Technical Program Manager for Google VRP, reveals that the company’s multiple Vulnerability Reward Programs (VRP) have so far rewarded 2,022 researchers spread across 84 countries, who reported 11,055 valid bugs. In total, Google has paid them $29,357,516 in rewards.


Here’s the first credible Microsoft Surface Duo 2 leak

The Surface Duo was one of the biggest hardware flops in recent memory, but Microsoft is still charging ahead with a sequel to the device, and now we have the first credible pictures of it. The story here is kind of weird. We’re not actually sure where the pictures are from (they’ve been uploaded to this random YouTube channel with other uncredited content), but Windows Central’s Zac Bowden says the images are legit, and since he has had an impeccable history of nailing Surface Duo rumors, his affirmation is good enough for us. Bowden calls the two devices shown off in the leak “near-final prototypes.”

The most obvious change in the pictures is a huge camera bump on the back of the device. The bump houses three cameras, along with what looks like an LED flash to the right and one more sensor, perhaps laser autofocus, just below the flash. The standalone fingerprint reader on the side is gone (Windows Central speculates it will be integrated into the power button), and the USB-C port on the bottom is now centered. Sadly, we don’t know what the inside looks like yet.


Malware Is Being Distributed Via Fake Windows 11 Installers

Malware is being distributed using a fake Windows 11 installer, according to Kaspersky.

The security firm says one example malware contained in a file called “86307_windows 11 build 21996.1 x64 + activator.exe” increased its file size to 1.75GB using “one DLL file that contains a lot of useless information” to create the illusion that it was a legitimate Windows 11 installation tool. That illusion extended beyond the size of the executable file, too.


Amazon Is Preparing to Accept Cryptocurrency

Amazon doesn’t allow you to pay for orders using cryptocurrency. There are ways around that, but they won’t be necessary for much longer as the company has confirmed it is gearing up to start accepting cryptocurrency as a valid form of payment.

As Tom’s Hardware reports, the first sign this shift is happening was spotted via a new job listing. Amazon is looking to hire a Digital Currency and Blockchain Product Lead who will be tasked with using their “domain expertise in Blockchain, Distributed Ledger, Central Bank Digital Currencies and Cryptocurrency to develop the case for the capabilities which should be developed, drive overall vision and product strategy, and gain leadership buy-in and investment for new capabilities.”


Here’s Why Porn Is Appearing on News Websites Across the Web

The internet is a wonderful place for finding out information, connecting with friends, and being entertained. But it can surprise you when, for example, visiting The Washington Post or Huffington Post results in hardcore porn flashing up on your screen.

As Vice reports, that’s exactly what’s happening at the moment due to a popular video hosting site shutting down and a porn company acquiring its domain name. That, combined with nobody bothering to check if old video embeds still work correctly, is causing quite a bit of embarrassment for both the websites involved and the people visiting them.


FTC Votes to Crack Down on Illegal Right-to-Repair Restrictions

The FTC has voted to ramp up enforcement of illegal repair restrictions that’ve prevented consumers from fixing their electronics without the vendor’s help.

“While unlawful repair restrictions have generally not been an enforcement priority for the Commission for a number of years, the Commission has determined that it will devote more enforcement resources to combat these practices,” the FTC declared in a new policy statement.