Things just get worse and worse for mobile users who take advantage of cheap or free wireless hotspots, this attack involves the cookies that are used on websites to keep users information so they don’t have to login every time they go there, Gmail is a great example and one they used to demonstrate how easy it really is.
Prior to the demonstration, which involved the live hijacking of a Google mail account (GMail), many sites were thought to be safe because they encrypted the data swapped back and forth when people login.
However, Mr. Graham carried out his attack on the unencrypted cookies, tiny text files, many sites use to identify people that regularly return.
The tools created by Mr. Graham, called “Hamster” and “Ferret”, watch the traffic flowing in and out of public wi-fi hotspots and let attackers grab cookies as they are passed back to people logging in to their webmail or social network account.
Using the cookie an attacker could pose as a victim and enjoy almost the same level of access to an account as its rightful owner. Source: Warning of webmail wi-fi hijack
Looks like the lines have been drawn in the sand, and the nerds are stepping back to see what happens. eBay has pulled all of their text link advertisements from Google’s search engine in response to a party that Google has setup to conflict with eBay’s Live. The Google party, let freedom ring, is an attempt by Google to gets eBay stores to use Google Checkout, which eBay has blocked. eBay has said this is just one of those things they do to test to determine the best allocation of their advertising and marketing budget.
However, a source familiar with the situation said the move is an angry reaction by eBay’s management to Google’s decision to hold a protest party concurrent with the start of eBay Live, the company’s annual conference for merchants. Google has been reaching out to media to promote the party, aimed at eBay merchants who are upset that eBay doesn’t allow them to use Google’s Checkout online transaction system. eBay Live begins Thursday evening in Boston, which is the time and place Google has chosen for its protest party.
This person also said the situation is fast-developing and fluid, with high-ranking eBay executives holding meetings right now to discuss the extent of the decision. Source: eBay pulls ads from Google ad network
Here is the original blog announcement from Google.
Are you an online seller attending eBay Live! in Boston this week? If so, join us for a celebration of user choice at the Google Checkout Freedom Party on Thursday night (6/14). To get to the party, just hop on the classic Beantown trolley in front of the Boston Convention Center and follow the freedom trail to the Old South Meeting House. We?ll use the same spot where revolutionaries launched the Boston Tea Party to celebrate freedom with free food, free drinks, free live music — even free massages. Join us and bring a friend. RSVP here. Source: Let freedom ring
But guess what? If you click on the link in the article to RSVP, the webpage says “Thank you for your interest in attending. This event will no longer take place as originally planned. We apologize for any inconvenience.” So Google has already backed down, and I don’t see any ads from eBay showing up yet, but that can take a few minutes to start back up for sure. I guess we will have to wait for the official announcements from both companies.
Here is the official announcement from Google about them canceling the let freedom ring party.
eBay Live attendees have plenty of activities to keep them busy this week in Boston, and we did not want to detract from that activity. After speaking with officials at eBay, we at Google agreed that it was better for us not to feature this event during the eBay Live conference. Source: Update to our event on 6/14
Lots and lots of security news today, I will be detailing the SiteAdvisor report in more detail later.
Group rips Microsoft over Internet user profiling research Microsoft Corp. research on Internet user profiling could lead to tools that help repressive regimes identify anonymous dissidents, the Reporters Without Borders advocacy group warned last Friday. In a paper presented at the International World Wide Web Conference last month in Calgary, Canada, four researchers at Microsoft’s Beijing-based lab laid out work that predicted the age and gender ( PDF format) of unknown Web users based on the sites they visited. Their new algorithms correctly guessed the gender of a Web surfer 80% of the time, and his or her age 60% of the time.
The State of Search Engine Safety We find that AOL returns the safest search results, while Yahoo! returns the greatest percentage of risky results. Since May 2006, search engine results have become safer, primarily due to improved safety of sponsored results on Google, AOL, and Ask. Despite this improvement, dangerous sites are found in search results of all of the top five search engines, and sponsored results continue to be significantly less safe than search engines? organic results.
Online tunes are more risky than Web porn More data from the SiteAdvisor article. About 9% of adult sites produce spyware, adware or spam, compared with 19% of digital music sites found in a study by McAfee.
McAfee Reports Drop in Malicious Search Results Article from PCMag that talks about the drop in malware when compared to the previous years SiteAdvisor article.
Google As Terror Tool? Terrorists use Google Earth instead of their own video.
Microsoft unveils integrated security Microsoft shared details of its long-term security product strategy as part of its ongoing TechEd 2007 training conference on June 4, lifting the lid on plans to deliver an integrated suite of its software by mid-2009.
Gaping holes exposed in fully-patched IE 7, Firefox Polish hacker Michal Zalewski has ratcheted up his ongoing assault on Web browser security models, releasing details on serious flaws in fully patched versions of IE 6, IE 7 and Firefox 2.0.
Here are some of the latest technology stories floating around the internet today.
Wal-Mart to begin selling Dell PCs Initial word was that the Dell PCs would go on sale this weekend. A representative for Wal-Mart on Thursday morning said that the PCs are slated to be in stores on June 10, with two models each offered in a bundle priced below $700. Details on the PCs were not provided. Sam’s Club and Wal-Mart Canada stores will carry different models.
Copying HD DVD and Blu-ray discs may become legal Under a licensing agreement in its final stages, consumers may get the right to make several legal copies of HD DVD and Blu-ray Disc movies they’ve purchased, a concession by the movie industry that may quell criticism that DRM (digital rights management) technologies are too restrictive.
This is crazy. I can’t believe I just posted a story that said users MAY get the right to copy their OWN property. The movie and music industries suck and they are killing it all by themselves.
Flexible, full-color OLED On May 24, Sony unveiled what it is calling the world?s first flexible, full-color organic electroluminescent display (OLED) built on organic thin-film transistor (TFT) technology. OLEDs typically use a glass substrate, but Sony researchers developed new technology for forming organic TFT on a plastic substrate, enabling them to create a thin, lightweight and flexible full-color display.
Dell Offers Three Consumer Systems With Ubuntu 7.04 Later today, Dell will offer U.S customers three different systems with Ubuntu 7.04 installed: the XPS 410n and Dimension E520n desktops and the Inspiron E1505n notebook. These systems will be available at www.dell.com/open by 4pm CST today. Starting price for the E520n desktop and the E1505n notebook is $599; the XPS 410n starts at $849.
Why Are CC Numbers Still So Easy To Find? Some “script kiddie” tricks still work after all: Take the first 8 digits of a standard 16-digit credit card number. Search for them on Google in “nnnn nnnn” form. Since the 8-digit prefix of a given card number is often shared with many other cards, about 1/4 of credit card numbers in my random test, turned up pages that included other credit card numbers, and about 1 in 10 turned up a “treasure trove” of card numbers that were exposed through someone’s sloppily written Web app.
DOG (Distrust/Disdain of Google) moves in Me? Google is too secretive. Too unwilling to engage. Too aloof. Oh, and Eric Schmidt, Google?s CEO, has lost touch with how normal people think (if these quotes are correct, and that?s a big ?if?). If they are correct I think it?s evidence that he?s been hanging around too many advertising execs lately. Their goal is to put impulses into your mind so you take certain actions (like buy Diet Coke instead of Diet Pepsi). Believe it or not advertising execs talk like that. So, when Eric is reported to have said, during a visit to Britain this week: ?The goal is to enable Google users to be able to ask the question such as ?What shall I do tomorrow?? and ?What job shall I take??? we all get a little freaked out. We don?t want Google to know that much about us.
Windows XP SP3 in the Works – Microsoft Confirms They have confirmed service pack 3, but the date on that article is wrong, according to Microsoft the release date will be 1st half of 2008, whatever that means.
Cyber Crooks Hijack Activities of Large Web-Hosting Firm Brian Krebs talks about IPOWER Inc, on of the hosting companies that was recently featured by Stopbadware.org as one of the largest hosting companies that are currently silently installing malicious software, as detailed here, Exposing Hosting Companies with Malicious Websites. Brian says organized crime is responsible and IPOWER says it was one compromised server run by another company.
Google is failing the Microsoft litmus test If you want to evaluate the ?evil? quotient of any company?s strategy/behavior, consider how you?d feel about it if it were Microsoft in the driver seat.
Vista no panacea for PC sales Although Microsoft has characterized itself as happy with Vista adoption so far?and Bill Gates said last week at WinHEC that Microsoft had shipped 40 million copies?the release of the new operating system has not resulted in a significant bump in PC sales.
Skype Worm Variant Targets Other Instant Messaging Clients Yesterday, I discovered what appears to be a new collection of “Skype Worm” infection binaries in circulation – it uses the tried and tested methods employed by similar infections over the past few months, with the ultimate payload being the Stration Worm. Aside from that, there’s another little surprise waiting but we’ll get to that shortly…
Categories: Dell, Google, Malicious Websites, Microsoft News, Tech News Tags: Blu-ray, Dell, Disdain of Google, DOG, DRM, Google, Service Packs, Skype, Stopbadware.org, Walmart, Windows Vista, Windows XP
In a post from the OpenDNS blog, David Ulevitch says Google turns the page? in a bad way, in it he says Dell and Google have teamed up and are installing software on Dell Computers that borders on being spyware. The issue is that they, meaning computer manufacturers like Dell, Gateway, Sony, etc, are installing this program called Browser Address Error Redirector to redirect users who mistype url’s or enter search terms in the address bar like they do a search box, to a search results page that is filled with sponsored listings, the ones that Dell and Google will make money from if users click on them. Here is why this could happen:
This page was generated because of one of these two reasons:
The web address you typed did not resolve correctly.
You typed a keyword query in the browser address bar.
This page is meant to provide you with helpful related content, including web search results and paid advertisements, based on the meaning of the web address/keyword query that you typed. This program can be uninstalled from the Control Panel “Add/Remove Programs” in Windows XP or “Control Panel > Program > Programs and Features” in Windows Vista. Look for the application named Browser Address Error Redirector. Older versions may be called GoogleAFE.
Sounds pretty innocent to me, if you take them at their word, but the ads, err I mean the search results they serve up are dominated by Google ads, in fact, on most users screens, they probably would not be able to see the actual Google search results. Now, David says it is Google and Dell who is doing it, but I wonder if it is Dell’s decision alone to decide how many ads to place on a search results page such as this? I know I decide how many I show on my site, but I have no exclusive deal with Dell to compare it to. I guess the terms and decision makers will come out when Dell and Google respond, if they haven’t already. David goes on to give some reasons why Dell and Google would do this.
The computer hardware business has razor-thin margins which means making a profit is tough. So the opportunity for Dell to get a recurring revenue stream from an existing customer long after the sale of the computer is more than just enticing, it?s huge. It also means a couple other things:
Dell and Google have an incentive to make it very hard for users to turn this off.
Because users can?t get rid of it, Dell and Google can get away with putting more ads on the page and pushing user-relevant content off the page. Source: Google turns the page? in a bad way
Now, I myself have not seen the redirector in action, most of the Dell computers that I end up seeing are re-imaged when they are received by the buyers, so, this crap does not live on those computers very long, and, as a matter of fact, the last one I looked at did much the same thing, but with a Microsoft results page that was a little more helpful than the Dell/Google page, it only had three sponsored listings and a most popular products listing before the search results. OpenDNS is a service users have to go get, and they do much the same thing, but they are way more friendly on their results page, adding a did you mean this link, like when you misspell something, at the top, and the search results right below it, with the sponsored listings on the right, much like the default Google search page. So, lots of commenters are saying OpenDNs only brought it up because they are in competition and that they are trying to make it sound worse than it is by throwing terms around like spyware and saying it is hard to remove. It is easy to find and obviously named in the Add/Remove programs applet in the control panel, so it is not hard to remove.
Danny Sullivan says:
I wouldn’t consider it spyware, but it certainly isn’t friendly ware. But you can understand why some people would think it’s spyware, when their computers seem to be acting in a strange way. Some searches brought up plenty of people who are confused by the software and what it is doing.
One of the most ironic things in all this is to compare what’s happening to the statements Dell and Google have made about consumer choice in the past. When the deal came out in May 2006, Dell said:
Our motivation is to deliver customers tools that enable them to search and organize information quickly and easily, right out of the box…Dell customers will have the option of choosing Microsoft as their default if they prefer. Source: Google & Dell’s Revenue-Generating URL Error Pages Drawing Fire
As Danny said, Google says they just have to change the defaults in IE 7, if they prefer, but that is something that Google said in the past was too hard for people to do. They even argued that Microsoft was taking the choice away from consumers by setting the search default to Microsoft’s search engine, something Google does in Firefox and now Dell computers. Pot meet kettle, kettle meet pot. They said their motivation was to allow their customers to search and organize information quickly, something this search results page does not do, it is geared for the quick cash.
Ryan Naraine says he has pinged Google to ask them about it, and he asks, what if the software has an exploitable software vulnerability? Something I am sure we will find out soon enough.
Symantec false positive cripples thousands of Chinese PCs A signature update to Symantec’s anti-virus software crippled thousands of Chinese PCs Friday when the security software took two critical Windows .dll files for [tag]malware[/tag].
According to numerous blog entries from Chinese computer users, a virus signature database seeded yesterday mistook two system files of a Chinese edition of Windows XP SP2 as a Trojan horse which Symantec dubs “Backdoor.Haxdoor.” The anti-virus software — Norton AntiVirus, for example, or the anti-virus component of the Norton 360 or Norton Internet Security suites — then quarantined the netapi32.dll and lsasrv.dll files.
“With these files removed, Windows XP will no longer start up, and even the system Safe Mode no longer functions,” said one user writing to the alt.comp.anti-virus newsgroup this morning.
Google Licenses Technology for 3D Maps Google has licensed technology that will enable [tag]Google[/tag] to map out 3-D versions of cities world wide.
According to a Mercury News report, the technology was developed by a team of Stanford University students and was used to run a robotic car that won the 2005 DARPA Grand Challenge.
Although Google is the market leader in mapping, to date it has lagged behind Microsoft?s Virtual Earth in terms of 3-D functionality.
Dell announces the models for Ubuntu We will be launching a Linux based OS (Ubuntu) on the E520, 1505 and XPS 410 starting next Thursday, 5/24. We expect these systems to be less than 1% of our OS mix for the entire year which is ~20,000 systems annually. Please cover the huddle deck below with your team by EOB Sunday. If any questions come up, please let me know so I can address them before launch.
The goal of launching Linux is to continue to give our customers more choices to customize their new Dell. Providing more options to our Linux Enthusiast customer group will hopefully create even more Raving Fans!!
Governments using filters to censor Internet, survey finds With the aid of sophisticated software, government censorship of the Internet is spreading into a global phenomenon, with tech-savvy governments filtering forbidden themes from politics and human rights to sexuality and religion, according to a new academic survey of 40 countries.
In the past five years, the practice has grown beyond a handful of countries, including Iran, China and Saudi Arabia, to 26 nations that block a wide range of topics as they adopt filtering techniques, according to an OpenNet Initiative report to be issued Friday in Oxford, England.
Lots of interesting tech news today, lets get to it.
Universal search: The best answer is still the best answer Google updated their search engine results, they are introducing content from Images, Maps, Books, Video, and News into the search results, and making one big pile of stuff, instead of keeping it separate like they used to.
Making The Switch From Twitter to Jaiku Tired of the downtime Twitter has had lately? In a post from Techcrunch, Duncan Riley talks about people making the switch and some of the tools already available and some they want. He’s not switching, btw, and neither am I, at least not until everyone else does. Mine has been quiet recently, but you can check it here, Jimmy Daniels Twitter microblog.
More Firefox Bloat? Say It Ain’t So, Mozilla Do you feel bloated? Er, I mean, does your Firefox feel bloated? You’re not alone…
New Stuff At My Yahoo Michael Arrington covers the new stuff from My Yahoo. No, not my Yahoo, your Yahoo, no, just read it…
BitTorrent in Focus: TV-series are Hot TorrentFreak says TV is hot online, with 50% of people on BitTorrent downloading TV shows, while TV shows only make up 10% of the available “content”. Interesting, sounds like good news for Joost.
Latest AACS revision defeated a week before release Remember when Kevin Rose lost control of digg? I said they should just give up on the [tag]DRM[/tag] because someone will always be around to crack it for them, well they already have. A new volume key used by high-def films scheduled for release next week has already been cracked. The previous AACS volume key was invalidated by AACS LA after it was exposed and broadly disseminated earlier this month. The latest beta release of SlySoft’s AnyDVD HD program can apparently be used to rip HD DVD discs that use AACS version 3. Although these won’t hit store shelves until the May 22, pirates have already successfully tested SlySoft’s program with early release previews of the Matrix trilogy.
Google to Yahoo and Microsoft: the $1.65 billion was worth it Can you say du huh?
Microsoft apologizes for Halo 3 problems, extends beta The press invites sent out before the Halo 3 beta became widely available were the calm before the storm apparently, as there was a problem with gamers who had the Crackdown invites grabbing the file yesterday. Frank was caught up in the foolishness and it seemed like the entire Internet was going to come down. I know how hard it is to plan something this big, but seriously, this is Microsoft. They should have been better prepared. Now we’re at the point of apologizing, after a very unhappy player-base spent a frustrating day yesterday pulling out their hair waiting for the beta to become available.
Some of the interesting technology stories around.
Security: Thumb sucking, slurping, snarfing, Excuse me? Sounds like a kid show, but security experts are using better names to make these hacks, data theft and more in the publics mind.
Phisher Says He Makes a Fortune Using Re-used Passwords What caught me was the phisher’s acknowledgment that he uses passwords stolen from social networking sites to break into e-mail accounts, where he then searches for financial account details. He says he can make $3-$4,000 a day selling this information. Interview is here.
Google buys a start-up once every few days, or around one a week “Google buys a start-up once every few days, or around one a week, Schmidt estimated” comes from a eWeeek article recapping a Google reporter briefing earlier this week. One of the things I have learned from being on the Fortune 100 side is that large amounts of cash in reserve typically don’t remain in reserve. Whether its stock buyback, capital expansion or acquisitions, the cash must go.
Yahoo To Finally Upgrade MyBlogLog Techcrunch talks about MyBloglog being upgraded, their past problems and are hoping it is looking up. “MyBlogLog, the ubiquitous blog widget that shows pictures of recent visitors to a site, was one of the “instant” success stories of 2006 – Yahoo acquired the company before most people even had a chance to hear about it. Like many blogs, we had the MyBlogLog widget on TechCrunch for months. We eventually removed it due to performance issues (it slowed down the site on a couple of occasions) and this incredible amount of spam that started to appear.”
Microsoft takes on the free world Microsoft claims that free software like Linux, which runs a big chunk of corporate America, violates 235 of its patents. It wants royalties from distributors and users. Users like you, maybe. Fortune’s Roger Parloff reports.
Joost Invitations: 2000+ Sent I?m happy to say Mashable has distributed thousands of Joost invitations over the past 2 weeks – I?m guessing in excess of 2000, although I haven?t done a manual count for obvious reasons. Praises be to those readers who reciprocated by inviting others, and curses upon those who didn?t. They still have a Joost invite thread here, but if you can’t get one, leave a comment here and I will send you one, I still have several hundred left.
Google has created another blog, this time for Google Earth and Google Maps, called Google Lat Long Blog, and they are talking about the Geoweb.
So… what is the “geoweb”? Some people will scratch their heads and call it buzzword proliferation. Others, including Mike Liebhold, who has a long history of thinking and writing about this area, have a very well defined notion of what they believe it is (or should be). I don’t think that there is agreement on what the geoweb is, but I think there is a lot of enthusiasm and energy across many fronts to make it happen. I expect the “it” will evolve substantially over the next few months and years as we (the geo ecosystem on the web) collectively figure out how “earth browsers,” embedded maps, local search, geo-tagged photos, blogs, the traditional GIS world, wikis, and other user-generated geo content all interrelate. Those of us who work on geo products and services at Google believe we have an opportunity to make the web more useful — and ultimately, to improve people’s lives through better information and understanding. Source: A new world unfolding
One searcher at a time…
A new feature called geo search, gives users the ability to search all kinds of geographical information and makes it possible for people to discover these maps through normal “local” searches simply by clicking on the “see user-created content” link. Looks pretty cool.
A company from California has created software that will allow creators, etc, to layer sounds in Google Earth. The firm is already in talks with Google, smart, but no official agreement has been made.
As well as homing in on visual feasts around the globe, users of Google Earth may soon be able to listen to the sounds that accompany them.
A Californian company has created software that can layer relevant recorded sounds over locations in Google Earth, New Scientist reports. Source: Sounds bring Google Earth to life
An example of a use they mentioned was people are talking about selective logging and how is was a good way of not harming the environment, but, even though the images are the same, the sounds coming from the natural world is completely different.
Be sure to check out the Google Earth Layers, Google Pack from which you can download Google Earth, click this link, Google Earth Search to search for everything relating to Google Earth and click this link to download Google Earth here
Microsoft has revived talks with Yahoo about a possible acquisition, or a merger, although I would think Microsoft would just buy them, but what do I know.
Microsoft Eyes Search Giant In Proposed Takeover Stung by the loss of Internet advertising firm DoubleClick to Google last month, Microsoft has re-invigorated its pursuit of a deal with Yahoo!, asking the company to re-enter formal negotiations. While Microsoft and Yahoo have held informal deal talks over the years, sources say the latest approach signals an urgency on Microsoft’s part that has up until now been lacking, i.e. desperate to beat Google. Both companies declined comment.
Microsoft, Yahoo Reconsider Merger In what appear to be early-stage discussions, executives at Yahoo and Microsoft are taking a fresh look at a merger of the two giant companies or some kind of match-up that would pair their companies’ respective strengths, say those people who say they are familiar with the situation.
Microsoft pursues Yahoo! takeover The same report values Yahoo at $50 billion; and the world renowned bankers Goldman Sachs are giving Microsoft advice on the deal. If the deal comes through, the takeover would be one of the largest corporate takeovers in American corporate history, and likely the largest ever in the Technology sector. Yahoo’s stock was up almost 18% at the time of this posting.
MASSIVE: Microsoft May Acquire Yahoo for $50 Billion Microsoft has reacted to Google’s purchase of DoubleClick by stepping up it’s talks with Yahoo about a possible acquisition/merger. The estimated price tag for Yahoo? $50 billion. Good fit? Bad fit? Frankly, I think it would be an awesome pairing, and (if executed well), it could/should provide a powerful challenger to Google’s web dominance. Why wouldn?t Microsoft buy Yahoo?
One reason I can think would be the possible exodus of Yahoo employees. And some sites are reporting that the deal is for 50 billion, while the Wall Street Journal estimated the price, it didn’t say they were offered that much.
I think it could be a great deal too, not the money, just the pairing, combining of forces and knowledge, and all of that. It will be interesting if it happens.