The Senate Just Confirmed Trump’s Controversial Blogging Nominee To A Federal Appeals Court

The Senate on Thursday confirmed Kentucky lawyer John Bush to a federal appeals court seat, handing another defeat to Democrats and civil rights groups that had hoped to tap into anger on the left over the confirmation of US Supreme Court Justice Neil Gorsuch to block Bush.

Bush faced criticism for his pseudonymous political blogging. His opponents pointed to his posts as proof that he lacked the temperament and objectivity needed to serve on the bench. In one frequently cited post, he wrote that the “two greatest tragedies in our country” were slavery and abortion. Even a Republican who ended up voting to confirm Bush, Louisiana Sen. John Kennedy, told Bush at his confirmation hearing that he was “not impressed.”

But ultimately the Senate voted along party lines, 51-47, to confirm Bush to the US Court of Appeals for the 6th Circuit, a sign that it’s going to be difficult for Democrats to stop the Trump administration from making progress in one area where the White House has had success so far — filling the 100-plus federal court vacancies across the country.

Bush was not immediately reached for comment.

This is the second judge that the Trump administration has had confirmed to the 6th Circuit, which handles cases from Michigan, Ohio, Kentucky, and Tennessee, and already has a majority of Republican-nominated judges. Judge Amul Thapar, Trump’s first lower-court nominee, was confirmed to the court in May. Another 6th Circuit nominee, Michigan Supreme Court Justice Joan Larsen, is pending in the Senate.

Advocacy groups on the left have raised concerns about several of Trump’s lower-court nominees, but they especially focused their energy and their dollars on Bush. Bush, who was backed by Senate Majority Leader Mitch McConnell, said at his confirmation hearing that there were comments he’d wished he hadn’t made in his blog posts — he wrote under the pseudonym “G. Morris” on the blog Elephants in the Bluegrass — and he vowed to treat all litigants who would come before him fairly.

But his explanations and apologies weren’t enough to win over Democrats, and groups on the left hoped that they could swing one or two Republicans, given Kennedy’s remarks at the confirmation hearing. In the end, no Republicans broke ranks.

“It is a sad day for the Senate and the American people when an individual like John Bush can be confirmed for a lifetime position on the federal bench,” Vanita Gupta, president and CEO of the Leadership Conference on Civil and Human Rights, said in a statement. “Few nominees in history have had such a clear record of extreme and intemperate remarks. Federal judges must be impartial and fair – two qualities that Mr. Bush clearly lacks.”

With Bush’s confirmation, there are now 135 pending federal court vacancies, and at least 20 more seats are expected to open up in the coming months, according to the federal judiciary. Trump has 22 nominees pending.

[“Source-buzzfeed”]

SwiftKey Update Brings Emoji Prediction, ‘Oxygen’ Themes, and More Languages

Microsoft today released an update for SwiftKey that includes a handful of new features including emoji prediction and enhancements to 3D Touch gestures.

Users who tap on the emoji key will now see a new prediction panel that automatically suggests up to 18 relevant emoji depending on what they type, saving them the trouble of searching through the entire list.


The update also includes eight new “Oxygen” themes adding up to a spectrum of vibrant colors for SwiftKey keyboards. The new hues can be found in the Design section of the app and include Red, Orange, Yellow, Green, Light Blue, Blue, Purple, and Pink.

In addition, Microsoft said it had made substantial improvements to the responsiveness of 3D Touch gestures in SwiftKey on supporting iPhones, including those that trigger cursor control and cursor movement. Haptic feedback has also been implemented for some keyboard actions, such as opening the emoji panel.

Lastly, SwiftKey added support for 15 new languages including Egyptian Arabic, Tanglish, Bambara, Wolof, Mossi, Greenlandic, and Northern Sami. See here for the full list.

SwiftKey is a free download for iPhone and iPad on the App Store. [Direct Link]

[“Source-macrumors”]

How can we make sports inclusive for differently abled children?

Children with disabilities engage less in social and sporting activities compared to their peers.

A lot of these children shy away from people, are embarrassed to be with their peers, and do not participate in activities like sports because of physical challenges and related psychological issues.

However, this needs to change and everyone can make this change happen with a few small but positive steps.

What we need is more inclusive practices in sports grounds, and educational institutions and character development by parents to make our spaces open for all children.

There needs to be education and awareness on restructuring mindsets, cultures, policies and practices in our homes, neighbourhoods and schools so that we respond to the diversity of children in our society.

A recent campaign by Blue Band Margarine which comes with the hashtag of #achaibarhanaydo, is trying to show how we can all adopt this change and provide differently abled children an equal, open and participative space.

The campaign tries to pave way for a much-needed social change, inviting discussion on the topic of inclusion of physically challenged children, and also very meaningfully, presenting a solution to how we can all become a part of it.

The ad depicts a group of young boys, including a physically challenged child. These children are shown to be friends and are seen in a game of throw-ball with the game fair for everyone to enjoy.

The ad is also inviting parents to remove barriers to participation for children who feel left out as they are unable to play or join sports and other social activities due to physical or mental challenges. The ad is also an attempt to empower kids who shy away from social interaction because they grow up with the perception of not being ‘good enough’.

Messages like this, especially directed towards the upcoming generation, are exactly what we need to build a society where every individual has equal rights and equal opportunities to define their future and also to contribute their best to help build the country.

There is a need to acknowledge that all children can participate in social activities and enjoy them, with everyone respecting their individual differences.


Being a multi-national company, Unilever spends billions on annual basis on shaping perceptions and is using its power in a positive and responsible manner. Unilever is globally committed to developing purpose-driven campaigns. Be it challeging traditional gender stereotypical roles by bringing men in the kitchen or celebrating the beauty of all women, Unilever’s campaigns hit all the right spots with beautifully incorporated social messages.

With its latest campaign for Blue Band Margarine #achaibarhanaydo, Unilever has yet again brought a positive contribution to Pakistan’s advertising industry.


This content is a paid advertisement by Unilever and is not associated with or necessarily reflective of the views of Dawn.com and its editorial staff.

[“Source-dawn”]

Your WordPress plugins might be silently losing business data

If your WordPress site uses third-party plugins, you may be experiencing data loss and other problematic behavior without even knowing it.

Like many of you, I’ve become quite attached to WordPress over the past 15 years. It is by far the most popular content management system, powering 28 percent of the Internet, and still the fastest growing, with over 500 sites created on the platform each day. Considering myself well versed in the software, I was surprised to discover — while working on a digital design project for a client — what could be the Y2K of WordPress. Many WordPress plugins are suffering data loss, and it looks like this problem will soon explode if not properly addressed.

The issue is essentially due to the fact that WordPress discards entire datasets even when only one of the data elements within the set contains too many characters for the insertion field. Because WordPress doesn’t log the data loss or any errors related to it, few developers are aware of the issue. And because of one particular scenario involving storing a visitor’s data when they’re connecting with an IPv6 address, the situation is exponentially worse.

Example: Say a WordPress site owner has a plugin installed that lets users add comments. Plugins like that typically store the user’s IP address along with comments they submit, for analytics purposes. For years, plugin developers have assumed that IP addresses were always in the standard IPv4, 15-character format that looks like this: 216.123.123.123. Thus, plugin developers typically set the maximum allowed characters for the IP address database field their plugin uses to about 15-20 characters. However, IPv6 has a much longer 39-character format that looks like this: 2001:0db8:85a3:0000:0000:8a2e:0370:7334.

Unbeknownst to many users, site owners, and developers alike, these longer IPv6 addresses are becoming increasingly widespread. Those new addresses won’t fit into the database fields developers have been using for years. Furthermore, for security purposes, WordPress specifically validates that each part of a data set about to be stored will fit. In the example above, if the IP address is too long, WordPress discards the entire data set (not just the oversized IP address string). Worse, WordPress doesn’t log an error when this happens. The data is simply lost to the ether, without leaving a trace. This two-year-old WordPress bug thread shows how long the WP core devs have known that the community didn’t like this, but they still haven’t addressed it.

Yes, this currently just affects data coming from IPv6 addresses (currently about 17 percent of users). But while IPv6 use may be in the minority right now, it won’t be for long, and as it becomes the majority, these unexplained issues with data loss will reach pandemic proportions if left untreated.

Just how widespread is this?

1.02 million active WordPress plugin installs are silently discarding real visitor logs, content submissions curated by users, and more, right now, all because IPv6 addresses are present in the data being stored. Here are some other interesting stats:

  • 50,336 plugins are available at wordpress.org today
  • 200 plugins (~1 in 250) create IP address fields that are too short
  • Those 200 plugins have over 1 million active installs — a total of 1,023,280.
  • Here’s a publicly-accessible Google Sheet my team created that lists all known offending plugins. For each plugin, that sheet includes one example where that plugin declares an IP address field that is too short.

The fix is easy peasy: You simply need to change the table schema for the column that stores IP addresses from 15 to 39 (or more).

This problem can affect applications other than WordPress; really, any application that utilizes IP addresses and stores them in MySQL/PostgreSQL tables (especially in STRICT mode, which would prevent row inserts) where the column max is expecting a 15-character IPv4 IP address.

Debuggin’ the plugin

I uncovered this situation while recently working on a site that needed a rating system that allowed authenticated users to vote on specific post types. So naturally, I did a search of existing plugins that could meet the requirements and found one fairly quickly, CBX Rating, and it was a breeze to configure and get working. Then came the intermittent reports of the form submissions not going through.

I spent hours deactivating other plugins, digging through code, and guiding users via screenshare. I was unable to narrow it down or find any smoking gun. No success message, no error message, no errors in the console log, nothing in the server logs. How could form submissions be failing without errors?

I remembered something I had seen in WordPress before: row inserts silently failing if the data strings were longer than the table column maximums. So I shifted my attention to the back end, and that’s where I found the problem and my boss, Erik Neff (the company’s CTO), helped identify exactly why it was happening.

MySQL databases, not in STRICT mode, will truncate values if they’re over the max character count for a particular column and will insert the new record with a warning. When in STRICT mode, MySQL will not accept the record and will return an error. WordPress, on the other hand, won’t execute a query if it determines the length is longer than the max, and will instead return false, with no error or warning.

When using the WordPress $wpdb->insert method, you get back a 1 upon success and a 0 upon failure. But a function is called before any mySQL statements are executed, and that’s where the problem lies. The function is called protected function process_field_lengths, and it checks to see if the data’s length is less than the max allowable length for that table column. If the length is longer than allowed, the entire insert is aborted and false is returned with no error message or explanation. This is a known issue with WordPress core, and makes debugging that much harder.

The CBX Rating plugin we were using didn’t account for this failure point. I checked the plugin’s table schema and started increasing varchar max lengths across the board. Touchdown! Soon after, I got wind from users of all types that all forms were now being submitted successfully.

My mind raced to how this could be an epidemic, so Erik and I set out to determine the scale. The result of a (rather lengthy) check of WordPress plugins yielded a list of every place an IP address field was declared with an incorrect length. You can find those results in the Google sheet that I’ve made public.

Brett Exnowski is senior developer at Primitive Spark and specializes in complex web applications.

[“Source-venturebeat”]

How to make your site user-friendly while boosting SEO

Many Search Engine Optimisation (SEO) specialists, content writers, and web designers think of on-site SEO as distasteful, user-hostile work. However, I believe SEO can actually improve the user experience when implemented correctly.

yourstory_SEO

It requires a paradigm shift in the perception of SEO. You must shed outdated SEO concepts such as keyword stuffing, and getting massive amounts of (irrelevant) backlinks etc. An SEO strategy built on top of these tactics is no longer sound, and leaves a bad taste in everyone’s mouth.

This is because Google has come a long, long way since it became everyone’s search engine of choice in the early 2000s. Search is now smarter, faster, and – more importantly – human.

Lessons I’ve learned about the internet in 5+ years of blogging

Lessons I've learned about the internet in 5+ years of blogging

After blogging for more than five years, I have logged a great deal of time on the internet. As a result, I’ve had a wide variety of experiences and I have learned a lot. A whole lot. Because knowledge is power, I wanted to share that information with you. Hopefully it starts some conversations with your kids.

There’s a lot of good on the internet.

I’ve seen some remarkable acts of true kindness, often between people who have never met.

People online share helpful information and resources, support each other, and build communities – all of which is wonderful.

People have united to change the world.

When I see goodness, I point it out to my teen. I encourage and expect her to put kindness into both the visual and real worlds. Help kids understand what a wonderful tool the internet can be.

There is also a lot of bad on the internet.

Few things in life fall into the categories of all good or all bad, and the internet is certainly no exception. It is a double-edged sword, to be sure.

There are scary people, including a fair number of child predators. There are also people looking to do harm to others, physically or financially.

Aside from the scary people, there’s a boat load of negativity. I’ve had commenters tell me that I am unfit to parent, that I’m perpetrating sexism and that I am awful excuse for a human being.

I’ve been called a host of really offensive names for a variety of reasons, including that I occasionally drove my child to elementary school and that I dislike Starbucks’ smores frappuccinos. (The horror!)

I’ve even had someone set up an email account with the name “[email protected]” to tell me how much I suck. I’m guessing that with the unusual spelling of my first name that that wasn’t just a coincidence, but hey, you never know.

Frankly, “delete your account” seems downright polite now.

When you go online, be aware. Know how you are going to handle threats. Remember that taking a screen shot and reporting are among the first actions you should take. Be prepared for criticism, often when you least expect or deserve it.

The internet is powerful.

As the two prior points illustrate, the internet is remarkably powerful.

Remember that with power comes responsibility.

In fact, there are television shows made about how quickly and dramatically the internet has changed people’s lives, including The Internet Ruined My Life.

There is a surprising number of people online with a surprising amount of free time.

I’m guessing that you rarely sit down at your computer and think “I have nothing at all to do and no responsiblities to tend to right now.” You have a full life that often keeps you busy, I suspect. Most people I know would say that’s true for them.

That is not, however, true for a lot of people online. Take the gentleman above who created an email account just to express his dislike of me. I know that’s not a huge time investment, but it did take at least a few minutes. There are people who have commented on things I’ve posted, saying “I don’t comment on posts that do X, Y, and Z.” I want to point out that they actually did comment, but, well, I don’t. Which brings me to my next point.

You can’t fight crazy.

When it comes to trolls, haters, people having really bad days and taking it out on bloggers they don’t know, I have a rule: don’t engage. It took me a while to learn this one, and I’d love to save you the time, if I can.

I tried to be polite, but it turns out that even “let’s agree to disagree” is a waste of your time (because you really do have better things to do) and it is giving them exactly what they want – interaction, or a reaction. Don’t feed the beast.

Trust that the rest of the reasonable world will see that you were logical, insightful, funny, and more. And you might be surprised that others will be upstanders for you.

You have very little control of what you post online. Actually, you have no control. None. 

Once you share words, photos, images, anything online, you have released it to the universe. And literally anything can happen after you do that, including:

  • people claiming your work as their own,
  • companies using what you’ve shared for commercial purposes without permission,
  • individuals posting your links on a webpage and encouraging others to head to your site and tell you that you suck,
  • websites using your photos to sell products that are not actually in the photos,
  • people completely misinterpreting what you’ve written,
  • posts going viral and being read by 1 million people.

All of those have happened to me as least once. And I’ve had posts go crazy viral twice. If you want to feel vulnerable, have 1 million people read something you’ve written. It’s oddly terrifying, in part because you can’t control how people interpret your work. That lack of control is scary. Invariably, people will take something in a manner other than what you intended, even those close to you.

The best way to address it is to be very careful when you post. Think about it. Then think about it again. Remember that there is no requirement that you post something online. If you’re not certain, don’t share/post/publish it.

The internet can be a great way to bond with your tweens and teens.

Whether laughing over a funny animal video, sharing a great meme or using a headline as a conversation starter (because kids are far more likely to start taking about people other than themselves). It can be a great way to find resources and support.

The internet can be a wonderful way to find a community of parents on the same or similar roller coaster ride of raising adolescents that you are.

May you and your family use it in good health and may it bring good things your way.

[“Source-chicagonow”]

How fashion bloggers are converting their pastime into full-blown online biz

Mehak Sagar, a former risk analytics manager at financial services firm American Express, started fashion blogging in 2009. On a site called Peach and Blush, she would share beauty product reviews, and tips on everything from denim vests and lipsticks to skin care.

Five years and scores of posts later, when the Delhi School of Economics alumna was about to tie the knot, she realised the opportunity the wedding planning space offered. Whether it was finding a make-up artist, photographer or a suitable venue, the market was completely disorganised.

Sagar decided to find a solution to this information asymmetry. She established WedMeGood, a wedding planning portal, along with her husband Anand Shahani.

The Hyderabad-based startup connects prospective couples with over 3,000 vendors, and houses listings related to decor, jewellery brands, designer wear and catering firms. WedMeGood, which has a team of 25, had secured Rs 2.7 crore in seed funding from Indian Angel Network in 2015.

Making the switch from content publishing to a full-fledged business required learning and unlearning in equal measure. “When one runs a business, one needs to learn a lot about marketing, promotion and advertisements. When you’re a blogger, everything you do reflects what you think…but with a business, what counts is people’s opinions. We focus a lot on user reviews,” Sagar says.

Being a blogger, however, has certain advantages, such as direct access to one’s loyal user base. “You interact with your readers every day. It helps a lot,” she explains.

Sagar is not alone. Several other fashion bloggers in India have turned entrepreneurs, distilling their learnings and internalising them to come up with new, exciting ventures (see graphic).

“I knew that I had a certain number of readers and followers…After three years of blogging, I started my own business,” says Masoom Minawala, who started high-street e-commerce label Style Fiesta in 2012. On Style Fiesta, Minawala sells jewellery, accessories and fringed bags, among other things. The merchandise is curated in a way that it resonates with her personal style.

A funded startup, Style Fiesta is based in Mumbai and currently run by a team of six people.

For Minawala, investing in the right resources and hiring the right people are the biggest challenges. “It’s important to understand the market you want to cater to and understand why your product is special,” she explains.

Delhi-based Kritika Khurana’s laidback fashion style inspired her to create her own label, The Hype. On the e-commerce platform, she sells boho-themed clothes, jewellery, footwear and accessories, among other things.

A lot of this blogging-to-entrepreneurship movement can be attributed to the rise of social media, with platforms like Instagram helping fashion bloggers amass massive online following. The fan base gives the bloggers a launchpad to build their brand. Besides, platforms like Instagram and Facebook have also helped many an entrepreneur market and sell their products directly to their target audience.

Another edge that bloggers have is that their content marketing is effective and targeted, and they don’t have to spend crucial capital winning customers.

Globally, too, there are several examples of bloggers and social media influencers floating their own ventures.
Milan-based Chiara Ferragni’s blog, The Blonde Salad, paved the way for her label, the Chiara Ferragni Collection. It reportedly generates upwards of $15 million in annual revenue.

Similarly, Argentinian-Italian blogger Nicole Guerriero’s skincare line Best Damn Beauty had become an instant hit among her followers.

California blogger Julie Sarinana, or Sincerely Jules (as she is famously known on Instagram), sells a clothing line that mostly comprises laidback apparel, such as joggers, tank tops and hoodies. Sincerely Jules has over 4.6 million followers on Instagram.

Besides, many Indian bloggers have set up vlogs (short for video blogs) and YouTube channels to showcase their personal styles.

Fashion blogging might still be nascent in India, but its virality potential is encouraging bloggers to look beyond becoming Internet phenomena. That could be a great sign for a country with a sizeable young demographic and rising fashion consciousness.

[“Source-vccircle”]

Google rolls out new warnings for G Suite and Apps Script

Google today started rolling out new warnings for G Suite and Apps Script to inform users about the potential dangers of new web apps. The company also plans to expand its verification process to existing apps “in the coming months.”

Although Google won’t say so explicitly, this is a response to the widespread “Google Docs” phishing email that affected many Google users in May. At the time, Google disabled the accounts responsible for abusing the OAuth authorization. A week later the company tightened the review process for web apps that request user data, and earlier this month it beefed up G Suite security with OAuth apps whitelisting. Now the company is preparing new warnings for unverified apps.

Starting today, G Suite users will see a new “unverified app” screen for new web applications and Apps Scripts that require verification. This interstitial precedes the permissions consent screen for the app and replaces the “error” page that developers of unverified web apps currently receive. The goal is to let potential users know that the app has yet to be verified in the hope of reducing the risk of user data being phished.

When users try to use an app that needs to be verified, they will be alerted after selecting their account, and then will be directed to the standard consent screen. A side benefit of this is that because the interstitial can be dismissed, developers can now test their applications without having to go through the OAuth client verification process (more information).

Starting this week, new Apps Scripts requesting OAuth access to data from consumers or from users in other domains will also see the above “unverified app” screen (documentation). Additionally, Apps Script users will also see new cautionary language reminding them to “consider whether you trust” an application before granting OAuth access, as well as a banner identifying web pages and forms created by other users.

Again, all of the above is for new apps. For existing apps, Google is recommending that developers verify their contact information is up to date because the company will getting in touch in the coming months. If you’re a developer, make sure the appropriate accounts are granted either the Project Owner or Billing Account Admin IAM role in the Google Cloud Console and that the OAuth Consent Screen configuration is correct in API Manager.

[“Source-venturebeat”]

Dueling ETFs Target Millennial Theme

Image result for Dueling ETFs Target Millennial ThemeMillennials are getting significant attention these days, with global businesses fairly salivating to attract the largest post-boomer generation. As their numbers grow, they’re gathering consumer steam in its wake, so it’s not surprising two ETFs seek to exploit that potential.

The Global X Millennials Thematic ETF (MILN) was the first to hit the market, in May 2016, followed by the Principal Millennials Index ETF (GENY) in August. Both funds currently have about $7 million in assets under management, and despite their similar themes, they really are quite different.

They do not differ too much when it comes to costs. GENY is the cheaper of the two, at 0.45%, with MILN costing 0.50%.

More importantly, MILN takes a domestic perspective, while GENY a global one. MILN has nearly 80 holdings, while GENY has 110. The two funds have 32 securities in common, but where they diverge creates some interesting differences.

Domestic Vs. Global

Both include all of the FANG stocks (Facebook, Amazon, Netflix and Google), but MILN’s U.S. focus means it omits well-known international firms like Tencent Holdings, Naspers and Adidas. GENY also excludes some U.S. firms with substantial global clout, such as Walt Disney and Twitter.

MILN has other popular U.S. names in its portfolio—like Etsy, Yelp.com and lululemon—that are less global in nature.

That said, GENY has outperformed MILN by a significant margin since its inception, with an increase of nearly 20% to MILN’s 11%. Year-to-date, GENY is up roughly 19%, while MILN is up more than 13%. That global component looks like it’s adding some extra oomph to GENY’s returns.

 

Chart courtesy of StockCharts.com

 

 

Really, what investors need to decide when looking at these two funds is whether they consider millennials a U.S. phenomenon or a global trend.

The U.S. makes up 58% of GENY’s portfolio, followed by China, at nearly 9%. Three China stocks are included in GENY’s top 10 components, as well as a Hong Kong company. Given that China’s population dwarfs that of the U.S., it’s not surprising that there are nearly 400 million millennials in China. In the U.S., that number is in the vicinity of 80 million.

Based on China’s performance, the exposure to Chinese companies is likely part of what’s boosting GENY.

Other countries with sizable weights in GENY include South Africa at 5%, and Australia and the U.K. at approximately 4% each.

Question Of Sectors

Sector distribution could be another factor accounting for the difference in performance between the two funds. Both see their holdings fall into five sectors: consumer cyclicals, consumer noncyclicals, technology, financials and industrials. However, the funds have different weightings in those categories.

Consumer cyclicals is the largest for both, representing slightly more than half of MILN’s portfolio and roughly 45% of GENY’s. Technology is the second-largest sector, at a nearly 30% weighting for MILN, and more than 33% for GENY.

But the third-largest sector is different for each fund. For MILN, it’s financials, with a weighting of 12%, while GENY has roughly the same weighting to consumer noncyclicals, suggesting it has a stronger consumer focus than MILN, to the tune of a combined weighting of 67% to the consumer sectors. Consumer noncyclicals is the smallest sector in MILN, with a weighting of 3%, and financials is the smallest sector in GENY, also with a weighting of 3%.

Industrials is the fourth-largest sector for both funds, with a weighting of about 4% in MILN and nearly 6% in GENY.

Final Thoughts

With two funds available that offer different perspectives on the same theme, investors who want exposure to millennial-related trends are forced to think more precisely about how they define the theme.

Do they see it as a global phenomenon, or one that is driven mainly by young people in the U.S.?

Do they see it as a primarily consumer-focused trend, or one that has more of a dispersion across the financials and technology sectors?

[“Source-etf”]

Google rolls out new protections against phishing plugins

Google is making it even harder to accidentally install a malicious plugin. Today, the company announced new changes to the way Google services handle plugins, adding new warnings for users and a more involved verification system for apps. The result is more scrutiny on apps plugging into Google services, and more active involvement from Google when an app seems suspicious.

The changes come after a sophisticated phishing worm hit Google Drive users in May, masquerading as an invitation to collaborate on a document. The malicious plugin was not controlled by Google, but because it was named “Google Docs,” the app was able to fool many users into granting access. Once granted access, it sent a new request to everyone in the target’s contact list, allowing the app to spread virally. Ultimately, the app was blacklisted by Google, but not before it reached tens of thousands of users.

Today, such an attack would be much harder to perform. Shortly after the worm, Google strengthened its developer registration systems, making it harder for anonymous actors to plug unknown apps into Google accounts. The announcement today takes that system even farther, warning users whenever an unverified app requests access to user data.

Malicious or compromised plugins remain a significant security risk for Google and other platforms, as a string of recent incidents have demonstrated. The security group OurMine has specialized in those attacks, posting false messages from accounts controlled by Sundar Pichai, Jack Dorsey, and Sony Music, which tweeted a false report of Britney Spears’ death.

In each case, OurMine gained access by compromising a third-party application which was authorized to post to the targeted account. An active social media user might have hundreds of plugins authorized to access their Twitter or Facebook account, giving hackers hundreds of potential ways in. Users can protect against these attacks by monitoring authorized applications, and revoking access for any apps they no longer use.

[Source:-theverge]