While there are several tweaks and steps you can take to test and improve your internet connection speeds, one of the easiest and quickest ways to speed up your web browsing is modifying the Domain Name System (DNS) servers. Read on to learn how Cloudflare's new 1.1.1.1 public DNS server can speed up and secure your web browsing.

What is DNS and How Does it Work?

DNS is the Internet's master phone book. It turns human-readable domain names, such as nebulanewengland.com, into Internet Protocol (IP) addresses such as 198.49.23.144. For all practical purposes, every time you go anywhere on the internet, you start by interacting with DNS.

This takes time. A complex webpage can require multiple DNS lookups -- one for the text, another for an image, another for an ad on the page, and so on -- before your page loads. Each DNS lookup takes an average of 32 milliseconds (ms). That really slows down many websites. So, when you speed up your DNS lookups, you'll get faster internet performance.

While Cloudflare's 1.1.1.1 is fast, it's biggest improvements comes with protecting your privacy. When the Federal Communications Commission gutted net neutrality, it also opened the door for ISPs to track all your internet searches. ISPs can, and are, selling your browsing data.

How to Update Your DNS Settings

Router

If you're using a router for your office network DNS settings -- and you probably are -- log in and find your DNS server settings. Once there, note down your existing DNS records and replace them with the following:

• For IPv4: 1.1.1.1 and 1.0.0.1

That's it. The next time your computers look up a website, they'll use the 1.1.1.1 DNS services.

Windows

With Windows, click on the Start menu, then click on Control Panel, and do the following:

1. Click on Network and Internet.
2. Click on Change Adapter Settings.
3. Right click on the Wi-Fi network you are connected to, then click Properties.
4. Select Internet Protocol Version 4 (or Version 6 if desired).
5. Click Properties.
6. Write down any existing DNS server entries for future reference.
7. Click Use The Following DNS Server Addresses.
8. Replace those addresses with the 1.1.1.1 DNS addresses:

• For IPv4: 1.1.1.1 and 1.0.0.1
• For IPv6: 2606:4700:4700::1111 and 2606:4700:4700::1001

MacOS

For macOS, open System Preferences, and then do the following:

1. Search for DNS Servers and select it from the dropdown.
2. Click the + button to add a DNS Server and enter 1.1.1.1
3. Click + again and enter 1.0.0.1
4. Click Ok, then click Apply.

iPhone

From your iPhone's home screen, open the Settings app.

1. Tap Wi-Fi, then tap your preferred network in the list.
2. Tap Configure DNS, then tap Manual.
3. If there are any existing entries, tap the - button, and Delete next to each one.
4. Tap the + Add Server button, then type 1.1.1.1
5. Tap the + Add Server button again, then type 1.0.0.1. This is for redundancy.
6. Tap the Save button on the top right.

Android

On Android, it's far harder to set up DNS than with other operating systems.

The easiest way, which works across most Android devices, is to install DNS Changer. This works by creating a local VPN work on your device. This VPN only exists within your device and your mobile or Wi-Fi connection. To use it, you place 1.1.1.1 and 1.0.0.1 in as your DNS entries.

Nearly all Android phones come with useless applications pre-installed by manufacturers or carriers, usually called bloatware, and there's nothing you can do if any of them has a backdoor built-in—even if you're careful about avoiding sketchy apps.

Researchers disclosed details of 47 different vulnerabilities deep inside the firmware and default apps (pre-installed and mostly non-removable) of 25 Android handsets that could allow hackers to spy on users and factory reset their devices, putting millions of Android devices at risk of hacking.

Some vulnerabilities discovered by researchers could even allow hackers to execute arbitrary commands as the system user, wipe all user data from a device, lock users out of their devices, access device's microphone and other functions, access all their data, including their emails and messages, read and modify text messages, sending text messages, and more—all without the users' knowledge.

"All of these are vulnerabilities that are prepositioned. They come as you get the phone out the box," Kryptowire CEO Angelos Stavrou said in a statement. "That's important because consumers think they're only exposed if they download something that's bad."

For example, vulnerabilities in Asus ZenFone V Live could allow an entire system takeover, allowing attackers to take screenshots and record user’s screen, make phone calls, spying on text messages, and more.

Kryptowire has responsibly reported the vulnerabilities to Google and the respective affected Android partners, some of which have patched the issues while others are working diligently and swiftly to address these issues with a patch.

However, it should be noted that since the Android operating system itself is not vulnerable to any of the disclosed issues, Google can't do much about this, as it has no control over the third apps pre-installed by manufacturers and carriers.

phishing attacks have been around for years, but today’s cybercriminals are adept at using them in an ever-increasing variety of ways to get what they want. According to the most recent FBI figures, phishing and its variants was the third most popular cybercrime type in 2017, representing nearly $30m in victim losses.

The bad guys want your personal information to commit ID theft, or else they need you to click on a malicious link/open a malware-laden attachment to hijack your bank account, lock your PC with ransomware, bombard your screen with ads and more.  So how do you fight back?

The answer lies with a combination of technology and user awareness. There are tools you can use to filter a great volume of phishing attempts, but a few will always sneak through, and it only takes one misplaced click to land yourself in trouble. That’s why the frontline in the war on phishing messages ultimately lies with improved user awareness.

Don’t get caught out

So, what should users look out for? Phishing messages come in a variety of flavors, but here’s a typical email scam purporting to come from the IRS:

Tell-tale signs of a scam:

• From field: is the ‘sender’s’ email address familiar? Does it look made up? Is it consistent with the purported sender of the email? Does it appear different if you hover over it with your cursor? All of these could indicate a phishing attempt. To field: If the sender addresses you generically as ‘user’ or ‘customer’ or ‘recipients,’ in this case, this should be a warning sign.
• Date and time: Was it sent at an unusual time; that is, not during normal ‘business’ hours?
• Subject line: Phishing emails often try to create a sense of urgency to hurry you into making a rash decision. Words like “urgent,” “immediate” and “important” are not uncommon.
• Body: The content of the message often contains spelling and grammatical mistakes and continues with the sense of urgency to get you to click without thinking.
• Link/attachment: Phishing emails will try to trick you into clicking on one of these, as with ‘Update Now,’ either to begin a covert malware download or to take you to a legitimate-looking phishing site to fill-in your details.

How do I stay safe?

• Learn to recognize all the tell-tale signs of a phishing message. Avoid clicking on any links or opening attachments from unsolicited emails.
• If you need to double-check, contact the company that supposedly ‘sent’ you the email to see if it’s genuine or not, or go directly to the website (e.g., online banking) to log-in. Again, do not use the links provided to go there.
• Your default attitude when you’re online should be “suspicious.”
• To learn more about phishing, you can also go to org. The site provides a wealth of more information on the types of phishing you may encounter, what you can do to prevent being taken-in, and includes further resources for study.

We’re all exposed to phishing attacks on a near daily basis, whether at work, out and about, or at home. But armed with an understanding of what to look out for and the right tools in place, you can keep your data under lock and key, and your identity and finances safe from harm.

To a large portion of the general populace, the idea of autonomous vehicles still draws a lot of skepticism and even flak - considering the incident where Uber’s self-driving car killed a pedestrian a few months back in Tempe, Arizona. A widely talked about accident, it raised concerns on the safety of letting machines run their own course on the roads, with people voicing the need to always have a human behind the wheel to stop such untoward accidents.

Unfortunately, there aren’t enough data points on autonomous driving incidents to conclude on the validity of the claims, especially when the statistics of road accident-related deaths and injuries are taking a turn for the worse every year. The National Highway Traffic Safety Administration (NHTSA) estimated that 37,461 people were killed on the road in 2016, which averages out to 102 people per day. Companies working in the autonomous driving realm believe that technology could help alleviate this.

The sentiment seems to have rubbed off on the Arizona government, which has mostly been welcoming of companies looking to test their autonomous cars. Waymo, an Alphabet-owned self-driving startup has been running fully autonomous tests in Phoenix, Arizona since March, and has successfully stayed away from gaffes over the course of these tests. Last week, the company announced its plans on tying up with Valley Metro, the Phoenix region’s public transportation authority to drive people to bus stops and train and light-rail stations.

Of all the autonomous driving companies out there, Waymo is by far the most sophisticated of the lot, as it has a lot more self-driving miles than its competition and also defines a clear-cut strategy to take the technology to the masses. The curve to autonomy has been arduous, but rewarding - Waymo took more than six years to reach its milestone of driving 1 million miles in 2015, but has racked up 7 million more since then.

Waymo has a four-pronged strategy for approaching the self-driving market - ride-hailing, trucking, personal vehicles, and public transportation - with attention given to each of the verticals. Waymo has inked deals to transform 62,000 hybrid Pacifica minivans and 20,000 electric I-Pace SUVs into self-driving vehicles over the next few years and then add them to its growing fleet. Similarly, it also runs its self-driving fleet of Peterbilt Class 8 semi trucks across Alphabet facilities in Atlanta, albeit with backup drivers in them - a situation which might soon change.

Ground zero at Phoenix, Waymo’s cars would be shuttling Valley Metro’s staff to and from public transportation stops nearby. Waymo believes that the ‘first-and-last mile’ transit facilities would be in sync with the already available public transportation, making the transition seamless for the public.

The unit-economics of self-driving cars are also a revelation. On average, a ride-hailing service costs around $2 per mile which could be reduced to around 70 cents per mile, as self-driving fleets would negate the need to sustain human drivers. Over time, with improvements in route optimization, intelligent fleet management, and reducing human observers in the backend, the costs could reduce further.

However, all this envisioning of self-driving fleets replacing human-driven cars is idealistic at best. Case in point, the reasoning behind autonomous driving companies showing a concerted interest in testing their vehicles on the roads of Arizona. Though it could be interpreted as the state of Arizona’s resolve to bringing in cutting-edge technology to its streets, the environmental and demographic conditions at play in the state cannot be ignored.

Arizona, with its sunny climate, idyllic roads, and a grid-shaped housing topology provides a near utopian-level of cushioning to testing, when considering the fact that self-driving cars need to be trained in radically different and robust environments to attain the goal of full autonomy. Regardless of this, autonomous vehicles would still be a reality in certain locations around the U.S., and if Waymo’s ingenuity sustains over time, we still might end up sighting self-driving cars around us sooner than we thought.

Another day, another significant data breach!

Reddit social media network today announced that it suffered a security breach in June that exposed some of its users' data, including their current email addresses and an old 2007 database backup containing usernames and hashed passwords.

According to Reddit, the unknown hacker(s) managed to gain read-only access to some of its systems that contained its users' backup data, source code, internal logs, and other files.

In a post published to the platform Wednesday, Reddit Chief Technology Officer Christopher Slowe admitted that the hack was a serious one, but assured its users that the hackers did not gain access to Reddit systems.

"[The attackers] were not able to alter Reddit information, and we have taken steps since the event to further lock down and rotate all production secrets and API keys, and to enhance our logging and monitoring systems."

According to Slowe, the most significant data contained in the backup was account credentials (usernames and their corresponding salted and hashed passwords), email addresses and all content including private messages.
 

Attacker Bypassed SMS-based Two-Factor Authentication

Reddit learned about the data breach on June 19 and said that the attacker compromised a few of the Reddit employees' accounts with its cloud and source code hosting providers between June 14 and June 18.

The hack was accomplished by intercepting SMS messages that were meant to reach Reddit employees with one-time passcodes, eventually circumventing the two-factor authentication (2FA) Reddit had in place attacks.

The security breach should be a wake-up call to those who still rely on SMS-based authentication and believes it is secure. It's time for you to move on from this method and switch to other non-SMS-based two-factor authentication.

Reddit is also encouraging users to move to token-based two-factor authentication, which involves your mobile phone generating a unique one-time passcode over an app.

Reddit said that users can follow a few steps mentioned on the breach announcement page to check if their accounts were involved.

Moreover, Reddit will reset passwords for users who may have had their login credentials stolen in the breach, and also directly notify all affected users with tips on how they can protect themselves.