Just read a post on Techcrunch that says Google is entering into a deal that will allow users to access Google “content” on their flat screen TV’s.
Japanese manufacturer Matsushita (Panasonic) has signed a deal with Google that will see the company launch flat panel television sets that allow users to access YouTube and other Google services such as Picasa Web Albums. Source: Google Enabled Televisions Coming Soon
Ya, this sounds like a fantastic idea, Youtube “quality” videos and spam on my TV in exchange for them getting to see whatever I watch on TV, as well as the annoying please update your software, or even worse, we just updated your software messages. Then, when Google does finally loose all my info to some hacker, he can see all my buying habits, surfing habits, web surfing habits and all the email I’ve sent using Gmail. Sounds great.
Time to rethink careers here, if every TV ends up with something like this on it, there will bound to be a need to keep older TV’s running…..
Google has added a NASA Google earth layers group to Google Earth, and they have updated the European roads in Google Earth, adding 15 new countries in Europe, as well as adding more content for the Netherlands, like business listings layers and country names in Dutch. Get Google Earth as part of the Google Pack here,
A few months back, Google Earth team and NASA began a collaborative effort to bring awareness and promote knowledge of NASA’s “earth” programs. After months of production, the “NASA” layer group is now live in Google earth.
Personally, I find it quite eye-catching. People are usually familiar with NASA’s space missions, but not everyone knows that NASA also devotes a considerable amount of effort to Earth explorations. This new NASA layer group showcases some of their most interesting content.
The new “NASA” layer has three components:
Astronaut Photography of Earth
Earth City Lights
Source: NASA in Google Earth
The Satellite Imagery layer highlights some of the most interesting Earth imagery taken by NASA satellites over the years. Some place marks also offer the option of downloading additional imagery from different years or seasons and overlaying them on the earth’s surface.
“Earth City Lights” offers a new perspective on this popular image. One can identify some interesting urbanization patterns around the globe. I find it even more interesting to have roads and place name layers on at the same time as I fly over this layer. The United States interstate highway system appears as a lattice connecting the brighter dots of city centers.
Looks like the lines have been drawn in the sand, and the nerds are stepping back to see what happens. eBay has pulled all of their text link advertisements from Google’s search engine in response to a party that Google has setup to conflict with eBay’s Live. The Google party, let freedom ring, is an attempt by Google to gets eBay stores to use Google Checkout, which eBay has blocked. eBay has said this is just one of those things they do to test to determine the best allocation of their advertising and marketing budget.
However, a source familiar with the situation said the move is an angry reaction by eBay’s management to Google’s decision to hold a protest party concurrent with the start of eBay Live, the company’s annual conference for merchants. Google has been reaching out to media to promote the party, aimed at eBay merchants who are upset that eBay doesn’t allow them to use Google’s Checkout online transaction system. eBay Live begins Thursday evening in Boston, which is the time and place Google has chosen for its protest party.
This person also said the situation is fast-developing and fluid, with high-ranking eBay executives holding meetings right now to discuss the extent of the decision. Source: eBay pulls ads from Google ad network
Here is the original blog announcement from Google.
Are you an online seller attending eBay Live! in Boston this week? If so, join us for a celebration of user choice at the Google Checkout Freedom Party on Thursday night (6/14). To get to the party, just hop on the classic Beantown trolley in front of the Boston Convention Center and follow the freedom trail to the Old South Meeting House. We?ll use the same spot where revolutionaries launched the Boston Tea Party to celebrate freedom with free food, free drinks, free live music — even free massages. Join us and bring a friend. RSVP here. Source: Let freedom ring
But guess what? If you click on the link in the article to RSVP, the webpage says “Thank you for your interest in attending. This event will no longer take place as originally planned. We apologize for any inconvenience.” So Google has already backed down, and I don’t see any ads from eBay showing up yet, but that can take a few minutes to start back up for sure. I guess we will have to wait for the official announcements from both companies.
Here is the official announcement from Google about them canceling the let freedom ring party.
eBay Live attendees have plenty of activities to keep them busy this week in Boston, and we did not want to detract from that activity. After speaking with officials at eBay, we at Google agreed that it was better for us not to feature this event during the eBay Live conference. Source: Update to our event on 6/14
Lots of Google News going on today, especially when you talk about user data and privacy.
It all started with this post here, A Race to the Bottom:
Privacy Ranking of Internet Service Companies In which Privacy International says that Google is at the bottom of all the companies they “researched” and even though some companies come close, none are a endemic threat to privacy like Google is. Here is the conclusion of the report:
While there may be a temptation to focus criticism on Google’s privacy performance, it is important to note that not one of the ranked organizations achieved a “green” status. Overall, the privacy standard of the key Internet players is appalling, with some companies demonstrating either willful or a mindless disregard for the privacy rights of their customers. Even the better performing companies create lapses of privacy that are avoidable. With minimal effort most organizations can improve their privacy performance by at least one grade.
The current frenzy to “capture” ad space revenue through the exploitation of new technologies and tools will result in one of the greatest privacy challenges in recent decades. The Internet appears to be shifting as a whole toward this aim, and the opportunity to create market differentiators based on responsible privacy may diminish unless those avenues are explored immediately. We have been impressed by the good work being achieved by some sites, but consumers are right to feel aggrieved when companies fail to adopt the best privacy tools that are available.
On the basis of the evidence we have seen from this study, there is no excuse for any organization to ignore the opportunity to create strong privacy protections. The technologies are available, the expertise is abundant, and the market appears willing to favor sites that treat their customers with respect. We hope that the 2008 rankings will reflect this potential.
Danny Sullivan from Search Engine Land has the best coverage, so far, of the report in this post, Google Bad On Privacy? Maybe It’s Privacy International’s Report That Sucks, in which he goes step by step down the report to show that Google is at least as good as most of the ones they ranked higher than them, but, even so, Google has the most data on all users, and poses the biggest threat to users should the data get out.
Google Rated Bottom For Privacy Techcrunch coverage.
Google slammed in privacy report? Robert Scoble chimes in here, and says Google?s PR department needs to chime in and get their word out. Google’s main problem is lack of communication with it’s users, and this will be one of those cases.
Why I disagree with Privacy International from Matt Cutts. He says, and rightly so, that many companies gave user queries to the government, leaked millions of user queries or routinely sell user queries and they came off better in the report than Google did.
Google is WRONG On Consumer Privacy says Donna Bogatin, she says Google doesn’t even know where all of the user data is, let alone be able to anonymize it. Peter Fleischer, Google’s privacy point man, says, ?It?s actually very hard to answer the apparently simple question: ?where?s my data? You can?t pin-point the location of the clouds.?
A great write-up on the Google Online Security Blog about the percentage of each web server platform that is distributing malware or hosting browser exploits that lead to drive-by-downloads.
We examined about 70,000 domains that over the past month have been either distributing malware or have been responsible for hosting browser exploits leading to drive-by-downloads. The breakdown by server software is depicted below. It is important to note that while many servers serve malware as a result of a server compromise (by remote exploits, password theft via keyloggers, etc.), some servers are configured to serve up exploits by their administrators.
Compared to our sample of servers across the Internet, Microsoft IIS features twice as often (49% vs. 23%) as a malware distributing server. Amongst Microsoft IIS servers, the share of IIS 6.0 and IIS 5.0 remained the same at 80% and 20% respectively. Source: Web Server Software and Malware
Now, I can already here the Linux and Mac crowd going, of course they are number one, their security sucks, etc, etc. What is interesting about this post, is the breakdown by country of origin.
See that? Almost all of the IIS web servers in China and about 75% of them in South Korea are distributing malware or hosting browser exploits. They attribute that in the article to software piracy, mostly because you can’t update it if it is pirated, of course, but I am sure part of it is that it makes it easier to host the browser exploits and malware, etc. Although, in Germany, Apache is the most likely web server to get you infected, in contrast to most other areas. Always try to keep your web server software as patched as you can, and only host with companies that are proactive about doing such things, if there are any out there.
There are several tools out that can help you check your website to see if it is ditributing malware, one such tool is Spybye, and on their site they list a couple others.
During HotBots last month, I presented a paper on a systematic approach for detecting malware on the web called “The Ghost In The Browser”. The paper enumerates all the different ways in which a web page can become malicious and contains some measurements on the prevalance of drive-by-downloads; an in depth analysis of 4.5 million URLs detected 450,000 that were surreptitiously installing malware. All the more reason for tools such as SpyBye. Fortunately, I am not the only one working on such tools. Christian Seifert from the New Zealand Honeypot Alliance recently announced a web interface to their Capture honey client which runs a browser against URLs specified by you. In a similar vein, Shelia is a tool that scans your mail folder and follows URLs contained in it for malware and exploits. Source: SpyBye: Finding Malware
I believe the author was one of the writers of the Ghost in the Browser paper, I first mentioned here.
RSnake from ha.ckers.org has posted an example of a zero day exploit using Google Desktop that he says you could use to do almost anything on someone’s computer who has Google Desktop installed. Someone could could use a wireless hotspot to monitor for a user with Google Desktop installed and then use the exploit against them. This is one big reason you should be careful with which internet applications you allow total access to your computer, and I am sure there will be many more examples using other programs from Google and other software vendors.
The demo does not try to hide what it is doing by making the overlay visible, but this is a demonstration of how it works, so you can see each component. In the video, as mentioned, we launch hyperterm.exe, although we could have launched almost anything you can imagine, including programs that connect out to the web, uninstall programs, etc… We stopped once we realized we could do this much damage, but we are certain this could be used for far more nefarious things. Source: Google Desktop 0day
The video demonstration is below.
Hitting some of the technology highlights.
Data Recovery Using Linux Recovering data from a Windows system using Linux tools.
Well we really screwed this one up? In trying to remove some Live Journals that were violating their terms, specifically pedophile journals and communities, they deleted some that should not have been deleted and are trying to explain what happened and what they are doing to get them back. Related article from News.com here.
Can you say du huh. Studies: music industry overstating threat of P2P piracy Unauthorized sharing of digital music remains a huge issue for the global music business, but is most of that sharing taking place on peer-to-peer networks? For years, peer-to-peer was the bogeyman, the red Communist music monster than was going to devour the industry’s revenues. But new research suggests that sneakernets may be as big a problem as darknets.
EMI Music, Google and YouTube strike milestone partnership Soon, you will be watching videos and recordings from EMI Music artists, through a deal between EMI and Google.
BBC to broadcast in ‘Second Life’ In the Second Life economy, more than $600,000 changes hands every day. Now the virtual world is about to play host to a BBC show about that economy and how people have made real money from it.
A picture’s worth a thousand clicks Google has bought Panoramio, a community photos website that enables digital photographers to geo-locate, store and organize their photographs — and to view those photographs in Google Earth. Big surprise huh?
Google brings developers offline with ?Gears?; new offline Reader ?Google Gears,? an open source project that will bring offline capabilities to Web Applications ? aimed at developers. From the Gears API Blog Gears is a browser extension that we hope — with time and plenty of input and collaboration from outside of Google — can make not just our applications but everyone’s applications work offline. From Read/Write Web And guess who is most at risk with this announcement? Yes, Microsoft. Google after all has many of the top ‘best of breed’ web apps now, and Mozilla wants more market share against Microsoft’s Internet Explorer browser. Adobe and Microsoft are also engaged in an ongoing battle for Rich Internet App supremacy, which probably explains why Adobe is involved in Gears. And of course, this will have major implications for the Web Office – where Google Apps is directly competing against Microsoft Office (whether Google admits it or not!).
Here are some of the latest technology stories floating around the internet today.
Wal-Mart to begin selling Dell PCs Initial word was that the Dell PCs would go on sale this weekend. A representative for Wal-Mart on Thursday morning said that the PCs are slated to be in stores on June 10, with two models each offered in a bundle priced below $700. Details on the PCs were not provided. Sam’s Club and Wal-Mart Canada stores will carry different models.
Copying HD DVD and Blu-ray discs may become legal Under a licensing agreement in its final stages, consumers may get the right to make several legal copies of HD DVD and Blu-ray Disc movies they’ve purchased, a concession by the movie industry that may quell criticism that DRM (digital rights management) technologies are too restrictive.
This is crazy. I can’t believe I just posted a story that said users MAY get the right to copy their OWN property. The movie and music industries suck and they are killing it all by themselves.
Flexible, full-color OLED On May 24, Sony unveiled what it is calling the world?s first flexible, full-color organic electroluminescent display (OLED) built on organic thin-film transistor (TFT) technology. OLEDs typically use a glass substrate, but Sony researchers developed new technology for forming organic TFT on a plastic substrate, enabling them to create a thin, lightweight and flexible full-color display.
Dell Offers Three Consumer Systems With Ubuntu 7.04 Later today, Dell will offer U.S customers three different systems with Ubuntu 7.04 installed: the XPS 410n and Dimension E520n desktops and the Inspiron E1505n notebook. These systems will be available at www.dell.com/open by 4pm CST today. Starting price for the E520n desktop and the E1505n notebook is $599; the XPS 410n starts at $849.
Why Are CC Numbers Still So Easy To Find? Some “script kiddie” tricks still work after all: Take the first 8 digits of a standard 16-digit credit card number. Search for them on Google in “nnnn nnnn” form. Since the 8-digit prefix of a given card number is often shared with many other cards, about 1/4 of credit card numbers in my random test, turned up pages that included other credit card numbers, and about 1 in 10 turned up a “treasure trove” of card numbers that were exposed through someone’s sloppily written Web app.
DOG (Distrust/Disdain of Google) moves in Me? Google is too secretive. Too unwilling to engage. Too aloof. Oh, and Eric Schmidt, Google?s CEO, has lost touch with how normal people think (if these quotes are correct, and that?s a big ?if?). If they are correct I think it?s evidence that he?s been hanging around too many advertising execs lately. Their goal is to put impulses into your mind so you take certain actions (like buy Diet Coke instead of Diet Pepsi). Believe it or not advertising execs talk like that. So, when Eric is reported to have said, during a visit to Britain this week: ?The goal is to enable Google users to be able to ask the question such as ?What shall I do tomorrow?? and ?What job shall I take??? we all get a little freaked out. We don?t want Google to know that much about us.
Windows XP SP3 in the Works – Microsoft Confirms They have confirmed service pack 3, but the date on that article is wrong, according to Microsoft the release date will be 1st half of 2008, whatever that means.
Cyber Crooks Hijack Activities of Large Web-Hosting Firm Brian Krebs talks about IPOWER Inc, on of the hosting companies that was recently featured by Stopbadware.org as one of the largest hosting companies that are currently silently installing malicious software, as detailed here, Exposing Hosting Companies with Malicious Websites. Brian says organized crime is responsible and IPOWER says it was one compromised server run by another company.
Google is failing the Microsoft litmus test If you want to evaluate the ?evil? quotient of any company?s strategy/behavior, consider how you?d feel about it if it were Microsoft in the driver seat.
Vista no panacea for PC sales Although Microsoft has characterized itself as happy with Vista adoption so far?and Bill Gates said last week at WinHEC that Microsoft had shipped 40 million copies?the release of the new operating system has not resulted in a significant bump in PC sales.
Skype Worm Variant Targets Other Instant Messaging Clients Yesterday, I discovered what appears to be a new collection of “Skype Worm” infection binaries in circulation – it uses the tried and tested methods employed by similar infections over the past few months, with the ultimate payload being the Stration Worm. Aside from that, there’s another little surprise waiting but we’ll get to that shortly…
Categories: Dell, Google, Malicious Websites, Microsoft News, Tech News Tags: Blu-ray, Dell, Disdain of Google, DOG, DRM, Google, Service Packs, Skype, Stopbadware.org, Walmart, Windows Vista, Windows XP
In a post from the OpenDNS blog, David Ulevitch says Google turns the page? in a bad way, in it he says Dell and Google have teamed up and are installing software on Dell Computers that borders on being spyware. The issue is that they, meaning computer manufacturers like Dell, Gateway, Sony, etc, are installing this program called Browser Address Error Redirector to redirect users who mistype url’s or enter search terms in the address bar like they do a search box, to a search results page that is filled with sponsored listings, the ones that Dell and Google will make money from if users click on them. Here is why this could happen:
This page was generated because of one of these two reasons:
The web address you typed did not resolve correctly.
You typed a keyword query in the browser address bar.
This page is meant to provide you with helpful related content, including web search results and paid advertisements, based on the meaning of the web address/keyword query that you typed. This program can be uninstalled from the Control Panel “Add/Remove Programs” in Windows XP or “Control Panel > Program > Programs and Features” in Windows Vista. Look for the application named Browser Address Error Redirector. Older versions may be called GoogleAFE.
Sounds pretty innocent to me, if you take them at their word, but the ads, err I mean the search results they serve up are dominated by Google ads, in fact, on most users screens, they probably would not be able to see the actual Google search results. Now, David says it is Google and Dell who is doing it, but I wonder if it is Dell’s decision alone to decide how many ads to place on a search results page such as this? I know I decide how many I show on my site, but I have no exclusive deal with Dell to compare it to. I guess the terms and decision makers will come out when Dell and Google respond, if they haven’t already. David goes on to give some reasons why Dell and Google would do this.
The computer hardware business has razor-thin margins which means making a profit is tough. So the opportunity for Dell to get a recurring revenue stream from an existing customer long after the sale of the computer is more than just enticing, it?s huge. It also means a couple other things:
Dell and Google have an incentive to make it very hard for users to turn this off.
Because users can?t get rid of it, Dell and Google can get away with putting more ads on the page and pushing user-relevant content off the page. Source: Google turns the page? in a bad way
Now, I myself have not seen the redirector in action, most of the Dell computers that I end up seeing are re-imaged when they are received by the buyers, so, this crap does not live on those computers very long, and, as a matter of fact, the last one I looked at did much the same thing, but with a Microsoft results page that was a little more helpful than the Dell/Google page, it only had three sponsored listings and a most popular products listing before the search results. OpenDNS is a service users have to go get, and they do much the same thing, but they are way more friendly on their results page, adding a did you mean this link, like when you misspell something, at the top, and the search results right below it, with the sponsored listings on the right, much like the default Google search page. So, lots of commenters are saying OpenDNs only brought it up because they are in competition and that they are trying to make it sound worse than it is by throwing terms around like spyware and saying it is hard to remove. It is easy to find and obviously named in the Add/Remove programs applet in the control panel, so it is not hard to remove.
Danny Sullivan says:
I wouldn’t consider it spyware, but it certainly isn’t friendly ware. But you can understand why some people would think it’s spyware, when their computers seem to be acting in a strange way. Some searches brought up plenty of people who are confused by the software and what it is doing.
One of the most ironic things in all this is to compare what’s happening to the statements Dell and Google have made about consumer choice in the past. When the deal came out in May 2006, Dell said:
Our motivation is to deliver customers tools that enable them to search and organize information quickly and easily, right out of the box…Dell customers will have the option of choosing Microsoft as their default if they prefer. Source: Google & Dell’s Revenue-Generating URL Error Pages Drawing Fire
As Danny said, Google says they just have to change the defaults in IE 7, if they prefer, but that is something that Google said in the past was too hard for people to do. They even argued that Microsoft was taking the choice away from consumers by setting the search default to Microsoft’s search engine, something Google does in Firefox and now Dell computers. Pot meet kettle, kettle meet pot. They said their motivation was to allow their customers to search and organize information quickly, something this search results page does not do, it is geared for the quick cash.
Ryan Naraine says he has pinged Google to ask them about it, and he asks, what if the software has an exploitable software vulnerability? Something I am sure we will find out soon enough.
Couple of interesting security related stories I wanted to touch on. Google has been picking up the pace recently in being proactive about removing and blocking malicious websites from their search engine, recently they posted a study by them and Provos that said over 450,000 web pages are launching drive-by downloads of malware and another 700,000 web pages that launch downloads of suspicious software. Lots of news articles followed saying that Google said 1 in 10 websites are potentially malicious, lots of them, I thought they were misreading it, but I wasn’t for sure until today when Google launched a security blog saying it was being misreported.
Unfortunately, the scope of the problem has recently been somewhat misreported to suggest that one in 10 websites are potentially malicious. To clarify, a sample-based analysis puts the fraction of malicious pages at roughly 0.1%. The analysis described in our paper covers billions of URLs. Using targeted feature extraction and classification, we select a subset of URLs believed to be suspicious for in-depth investigation. So far, we have investigated about 12 million suspicious URLs and found about 1 million that engage in drive-by downloads. In most cases, the web sites that infect your system with malware are not intentionally doing so and are often unaware that their web servers have been compromised. Source: Introducing Google’s online security efforts
Here is a map of the globe highlighting the worst countries for drive-by downloads, of course most of the sites are in China, Russia, the US and Germany, they are highlighted in red. Orange means medium activity, yellow means low activity and green means no activity.
Should be an interesting read, hope they really keep us up to date, and don’t just use it to react to stuff. Microsoft has released Microsoft Security Advisory (937696), Release of Microsoft Office Isolated Conversion Environment (MOICE) and File Block Functionality for Microsoft Office. Both features are designed to make it easier for customers to protect themselves from Office files that may contain malicious software, such as unsolicited Office files received from unknown or known sources. MOICE makes it easier by providing new security mitigation technologies designed to convert specific Microsoft Office files types, while File Block provides a mechanism that can control and block the opening of specific Microsoft Office file types. The Zero day blog says,
The tool, called MOICE (Microsoft Office Isolated Conversion Environment), can be used in tandem with Group Policy settings to convert documents in legacy (.doc) formats to OpenXML formats, stripping out potentially harmful elements that could pose a potential security risk.
The conversion process takes place in a safe, quarantined sandbox environment, so the user?s computer is fully protected. (See previous blog entry on the MOICE plans). Source: Microsoft releases Office exploit isolation tool
And in a related post, Zero Day describes the latest Monthly Intelligence Report from Messagelabs and says there is a surge in targeted malware against a known Word vulnerability and is suggesting an exploit generator kit may be circulating online.
These attacks increased dramatically since March 2007 from four attacks going to four single recipients to 66 attacks going to 273 recipients in April.
?On first sight, it appears that more than one hacker ring is using this Microsoft Word exploit, and so an exploit generator kit might exist, although this has not yet been found,? said Alex Shipp, senior anti-virus technologist at MessageLabs.
The report said a Taiwanese crime ring called ?Task Briefing? continued its use of Microsoft Office exploits during April, launching spear-phishing attacks with PowerPoint documents embedded in e-mails.
The ring made six attacks this month, sending 61 emails accounting for 10 percent of all targeted e-mails in April, the longest of which lasted 45 hours. In March, the same gang sent 151 emails accounting for more than 20 percent of targeted attacks.
During April 2007, MessageLabs said it intercepted 595 e-mails in 249 separate targeted attacks aimed at 192 different organizations. Of these, 180 were one-on-one targeted attacks aimed at a specific organization. Source: MS Word exploit generator circulating?
The security landscape sure is changing, and if you think you aren’t vulnerable as a person or an agency, your are severely mistaken. The report is available here.