Tag Archives: Google
Posted by peter on February 11, 2010 – 1:41 pm
Google’s new Twitter-like tool in Gmail called Google Buzz has prompted some privacy advocates to cry foul. Here’s how to turn it off.
Google’s new Twitter-like tool it calls Google Buzz was added this week in its popular Gmail webmail service. While many are praising its inclusion as a way to easily integrate updates with friends and family, privacy advocates are miffed over the way Google has rolled out the new tool.
Gmail users were initially prompted to try Google Buzz, but even if you skip the trial, Google Buzz is automatically turned on by default. And many Google Buzz features are enabled by default.
Then Google chose to make Google Buzz automatically follow certain friends and family members who you supposedly “frequently” email in your contact list. While it seems like a helpful way to get started, the privacy issue stems from the fact that anyone you have emailed can view your followers and see who you communicate with frequently. All they need to do is visit your publicly available profile. I didn’t even realize my information was public until I learned that I was being followed by my wife and several others in my contact list.
Cnet video podcaster Molly Wood explains some of the other initial Google Buzz privacy issues in this blog post and explains why she’s turning off the feature. Wood says it immediately attempted to share some of the photos on her Android phone – photos which she had not uploaded. In addition, though it’s not turned on by default, Google Buzz has a feature that can broadcast your location to your followers.
While Gmail is used frequently for personal email, some small businesses and even midsize companies are using the webmail service for primary business email to cut down on costs. I’m sure having contact lists automatically broadcasted to others wouldn’t bode well with those users.
Here’s how to turn off Google Buzz:
- Log into Gmail
- Scroll down to the very bottom of the page.
- Click the link that says “Turn off Google Buzz.”
That’s it. It’s that easy. There are ways to turn off some of the features, but Google hasn’t made it easy and intuitive for users to find and edit those settings. The best way to ensure your privacy is to turn off the service.
Posted by peter on January 26, 2010 – 1:26 pm
Google has released Chrome 4.0.249.78 for Windows to address multiple vulnerabilities. These vulnerabilities may allow an attacker to execute arbitrary code, obtain sensitive information, bypass security restrictions, or cause a denial-of-service condition.
US-CERT encourages users and administrators to review the Google Chrome Releases
blog entry and update to Chrome 4.0.249.78 for Windows to help mitigate the risks.
Posted by peter on January 15, 2010 – 3:00 am
Secure HTTP access to Google's free Gmail service is now active by default, the company announced earlier this week, making Gmail messages less susceptible to unauthorized access.
Google says that the new functionality will help protect users who have not already switched to HTTPS. The company wrote on the official Gmail blog that they had carefully weighed the tradeoffs between security and speed, since HTTPS data transfers tend to move slightly slower than those sent without encryption.
The option to use HTTPS for Gmail connections has been present since 2008, but it was turned off by default. Users will still be able to use Gmail over standard HTTP, but Google says that only those users confident in their network security settings should disable HTTPS.
PC World speculates that the move may have been prompted by the recent hacking attempts by Chinese cyber criminals to gain access to the email accounts of human rights campaigners. The attack has also provoked a decision by Google to stop filtering search results for its Google.cn portal, which is likely a signal of the end of the company's presence in China.
Posted by peter on December 22, 2009 – 8:00 pm
Security researcher BitLand has said in a report that the ReCaptcha technology used by Google to secure itself against logins by bots is flawed, but Google says that it is BitLand's analysis that is defective.
In the report, BitLand researchers used optical character recognition (OCR) technology to break the Captchas from various sources, including those provided by ReCaptcha. The team demonstrated the general ineffectiveness of many of the techniques used to distort the characters in a Captcha, and showed that modern OCR software could easily recognize the letters and numbers in many Captchas previously thought to be safe from such tactics.
However, Google disputes the methodology used in the BitLand study, saying that it uses outdated Captcha's to make it seem as though the machine solvers were more effective than they actually were, and that there had been advances in technology since then.
Captchas have been in use for many years in the internet, keeping automatic processes out of message boards and webmail services. Their name is an acronym for Completely Automated Public Turing test to tell Computers and Humans Apart.
Posted by peter on December 17, 2009 – 3:47 am
The use of popular internet trends to distribute malicious software is nothing new - in fact, experts say that it's more or less the standard modus operandi for some types of phishing and malware - but the creativity of criminal gangs continues to raise eyebrows.
One of the most recent malicious campaigns targeted Google results relating to the Esperanto flag displayed on the 150th anniversary of founder L.L. Zamenhoff's birth. The flag was displayed, like many date-appropriate curiosities, on Google's front page, in the same way as pictures of snowmen or Santa Claus at Christmas. Clicking on the "Doodle," as it's called, performs a Google search for the appropriate terms.
However, the cyber criminals had struck first in this case. Many of the top search results from clicking on the Doodle contained malware, pushed to the top of the rankings by illicit SEO techniques. Users unfortunate enough to click through to one of the sites were affected by scareware rogue anti-virus scams.
Scareware combined with black-hat SEO has exploded in popularity among cyber criminals in 2009.
Posted by peter on December 16, 2009 – 1:21 am
Established link-shortening services like bit.ly and TinyURL are waiting to see the reaction from the tech world, now that search giant Google has launched its own link-shortening service, for use with microblogging sites like Twitter.
Twitter's 140-character-per-post limit makes posting longer URLs impractical, so link-shortening services have sprung up to break them down into bite-sized chunks. However, experts say that the renamed links can be a security problem, since they give no indication as to what content they lead to and the services themselves do not use robust web filtering.
The shortened links are also problematic because of their source. Their prevalence on social networking websites leads to them being considered a trusted source that potential victims wouldn't think twice about clicking on. Experts urge caution in clicking on shortened links that seem even a little suspicious.
PC World reports that some utilities are available to help make shortened links more transparent, enabling users to see the full-sized link contained within. These are available either as stand-alone applications like Tweetdeck or browser plug-ins like ExpandMyURL and LongURLPlease.
Posted by peter on November 19, 2009 – 1:04 am
Search giant Google has said that it will lay down the law where scam artists and malvertisers are concerned: Permanent bans will be the result of any fraudulent activity on the company's AdWords service.
Nick Fox, business product director for the AdWords program, told Advertising Age that "initially we wanted to give these users the benefit of the doubt; maybe they made a mistake? What we're seeing is that's not really the case. When an advertiser creates one scam, it is likely they did it intentionally, and it's also likely the next site they create is going to be a scam."
Some experts, like Patricio Robles at eConsultancy, say that malicious ads "pose a significant threat to Google," according to a recent blog post. By undermining public trust in the integrity of Google's search results, the scammers can seriously dent the company's lifeblood, advertising revenues.
Analysts say that the step is an unusually draconian one for the California-based behemoth, which prizes its sunny, open public image. While some say that the one-strike policy risks punishing blameless advertisers, others applaud the company's strong stand against online fraud.
Posted by peter on October 16, 2009 – 8:17 pm
Cybercriminals exploiting popular interest in trending topics on search engines have recently caught on to stories about President Obama's Nobel Peace Prize and Google Wave for distributing malware.
Web security researchers at Websense reported that cybercriminals are poisoning Google search results for Google Wave with search engine optimization (SEO) tactics - or black hat SEO - to lure searchers to their websites laden with malware.
Trend Micro reported on its Counter Measures blog that scammers are offering to sell Google invites to the beta-testing phase of Google Wave, a service that combines instant messaging with email for live communications.
Obama's receipt of the Nobel Peace Prize and the subsequent debate about its merits have also triggered a spam campaign that asks users to visit a website to download a phony report on the issue which contains malware, McAfee reported on its security blog.
Cybercriminals have recently used similar tactics to spread viruses and malware with websites and spam related to news stories such as celebrity deaths like Michael Jackson and Patrick Swayze and earthquakes and tsunamis in Asia.
Posted by peter on October 14, 2009 – 10:06 pm
Google announced Monday that it has added malware details to its Webmaster Tools to help website administrators locate and remove malicious code.
Google's search engine and web browsers including Firefox, Chrome and Safari automatically scan websites for malware, which provides web users with a warning that the page may be infected before directing them to the site.
The company said on its security blog that the Webmaster Tools malware details feature will help site administrators get their websites cleaned up of malware in malicious HTML tags, Javascript and Flash files that may have been injected into the site by attackers.
"While it is important to protect users, we also know that most of these sites are not intentionally distributing malware," Google's Lucas Ballard explained on the blog. "We understand the frustration of webmasters whose sites have been compromised without their knowledge and who discover that their site has been flagged."
Webmasters will see a list of their pages flagged for malware distribution and samples of the malicious content that Google's scanners encountered.
Cybercriminals frequently target legitimate websites for distribution of malware through attacks known as cross-site scripting (XSS) and SQL injection.
The Firefox web browser will soon feature a technology called Content Security Policy which the company said would block XSS hacker attacks from websites injected with malicious code.
Posted by peter on September 17, 2009 – 8:08 pm
Google announced a new stable version of its Google Chrome web browser, boasting a 150 increase in Javascript performance, a redesigned new tab page, themes capability and HTML5 features.
Compared to the other major web browsers - Microsoft Internet Explorer, Mozilla Firefox, Apple Safari and Opera - Chrome is creeping up in marketshare at almost 3 percent, according to PC World.
New Tab allows users to see screenshots of the other websites visited in the browsing session. Mouse and keyboard shortcuts and drop-down menus allow users to open news tabs from links and reopen closed tabs. The address bar can be used as a search bar for easier, faster web search.
The newest version of Internet Explorer, IE 8, has more options and add-ons, including added web filtering that allow users to scan websites for malware threats.
Firefox 3.5.3 automatically detects out-of-date versions of Adobe Flash that are vulnerable to active security vulnerabilities and remain unpatched on many PCs.
Google released Chrome one year ago and the newest beta version features additional browser extensions - but users should only download extensions from trusted sources, Google said on the Chromium blog.