Posts Tagged Google
Google to Encrypt Search Engine to protect Wi-Fi users
Posted by Mourad Ben Lakhoua in News, Web Security on May 17, 2010
Google intends to offer this week encryption to their search engine services; this is according to a new blog post.
“Earlier this year, we encrypted Gmail for all our users, and next week we will start offering an encrypted version of Google Search. For other services users can check that pages are encrypted by looking to see whether the URL begins with “https”, rather than just “http”; browsers will generally show a lock icon when the connection is secure.” A part from Google post, more details on this will be demonstrated at Google I / O Google’s Largest Developer Event.
It is noted that Google started to encrypt Gmail traffic by default via https in January 2010, before that user can choose to use http or https to check email. While the option of https was firstly introduced on mid-2008. This can make us think that maybe we will find the same case on search engine.
Using a secured http will help in protecting users search at the wireless networks like airports, cafes and other open networks. Up to now the search remains in the non-encrypted form. While I have read this on the news I have remembered a perfect post on Infosecisland by Christopher Hudel : Should SSL be enabled on every website?
And I think that we will find it in real soon.
make sure you subscribe to my RSS feed!
Closure – New Complete Kit for Web Developer by Google
Posted by Mourad Ben Lakhoua in News on November 6, 2009
Google has released a new free open source software package consist of several tools designed for developers.
The set of programs called “Closure” and created to accelerate Web applications growth. Tools are used to manage and produce applications using JavaScript.
You can find among the programs Closure Compiler which is intended to check, optimize and compile JavaScript code and Closure Inspector for Testing and debugging code.
The kit includes a collection of code fragments called Closure Library and a set of templates named Closure Templates to help implement the basic operations.
Google revealed that this kit is used by the Giant Company for many years to create major projects like Gmail, Google Maps and Google Docs. To download and have more information about the releases check out this link.
make sure you subscribe to my RSS feed!
Google search contain millions of compromised Webpages
Posted by Mourad Ben Lakhoua in News, Search Engine on October 3, 2009
Nowadays some fake companies forced Google and other search engines to list millions of compromised website in their web search results. These links lead to infected websites that can damage computer system and theft of sensitive information.
This kind of attack aims to redirect the victims to download fake copies of popular programs. For example if you search “cheap vista for student” you can find about 19 million pages and among them some URL for soft4pcs.com which is not a trusted source for windows operating system to download.
Another phishing attack that has been very popular and now is back is ASProx botnet. Many vulnerable IIS can allow hackers to inject malicious javascript link to Microsoft SQL server so on the search engine if you look for used corvette parts it brings you site ads-t.ru/ads.js which spreads a dangerous malicious file in the Adobe flash player.
This kind of attack can allow hackers to take control on millions of machine, to build zombies network that is instructed remotely or to get some sensitive information like bank credentials….
So be very careful with the links in your emails or on search engine and do not click unless you are sure from the source.
make sure you subscribe to my RSS feed!
Google Plug-in Boost IE speed 10 Times
Posted by Mourad Ben Lakhoua in Browser, Internet on September 26, 2009
A New test has been conducted by Computerworld researchers concluded that Chrome Frame plug-in improves JavaScript performance 9.6 times in Internet Explorer 8 (IE8). During the test it was used Sunspider Javascript for three times to show the speed improvement in Microsoft Internet browser.
This plug-in is already embedded in Google chrome while on last Tuesday they added the support of Internet explorer, This adds an extra speed and support to several standards like HTML 5.
Google has been focusing over the last years in providing a clear and highly effective solution for the online working application, so this plug-in can help IE users to work on online application such as Google Wave and others with the same performance like on Google chrome.
Chrome Frame is available now for IE6, 7 and IE8, running under Windows XP and Windows Vista operating system, So get your copy now It’s free and installs in a few seconds..
make sure you subscribe to my RSS feed!
Google fixes 3 security vulnerabilities in Chrome
Posted by Mourad Ben Lakhoua in News, Vulnerabilities, Web Security on August 27, 2009
Google has released a number of patches fixing vulnerabilities in Google chrome browser, the impact of these vulnerabilities can allow an attacker to remotely run arbitrary code over the victim’s computer.
Among the vulnerabilities that have been fixed in the version Chrome 2.0.172.43, there are two vulnerabilities with a high severity level and one with a moderate level, you can find more details on the Google manual.
The first bug (CVE-2009-2935) unauthorized memory read from Javascript. A flaw in the V8 Javascript engine might allow specially-crafted Javascript on a web page to read unauthorized memory, bypassing security checks. It is possible that this could lead to disclosing unauthorized data to an attacker or allow an attacker to run arbitrary code.
Another bug (CVE-2009-2416) multiple use-after-free vulnerabilities in libxml2 .Pages using XML can cause a Google Chrome tab process to crash. A malicious XML payload may be able to trigger a use-after-free condition. Other tabs are unaffected.
So check your Google Chrome version if you do not find it the 2.0.172.43 it can take you just a few seconds to update.
make sure you subscribe to my RSS feed!
What’s wrong with Twitter?
Posted by Mourad Ben Lakhoua in Cybercrime & Hacking, Internet, News, Social Networking, Web Security on August 9, 2009
On the 6th of August Twitter went down for a pretty long period. After a while a brief message was added on the Twitter status says they’re fighting off a DDOS attack right now. Well the most interesting that the distributed denial-of-service attack also affected Facebook, LiveJournal and Google’s Blogger.
The idea of distributed denial-of-service (DDoS) attack on the sites is that computers have been compromised by a viruses or other malware and instructed by the Hacker to visit the specific Web sites all at the same time and repeatedly. The barrage of connection requests overwhelms the target sites, making it so that legitimate Web traffic can’t get through.
So this attack requires tens of thousands of machines in which all forms a botnet and in a few seconds can turn any website dawn, as the case of (Finjan report “Your PC might be traded online– without you knowing about it!”).
To secure yourself from being a part of a botnet network is to install an antivirus with the latest signature and in some time check the netstat command on windows to see if there is any unusual connection with your pc.
make sure you subscribe to my RSS feed!
Visitors from Bing.com
Posted by Mourad Ben Lakhoua in News on May 31, 2009
Yesterday while I was looking at the Blog state I have noticed that some visitors were coming from a certain site called Bing.com. I started to search about it, after some search using Google I found some adds on the net talking about the new Microsoft search engine Bing.
The name seemed to me nice comparing to Microsoft search engine Live. according to Microsoft Bing offers several new features intended to help people perform faster, better searches with less poking around:
* A set of navigation and search tools called an Explore Pane which includes a feature called Web Groups. …
* Related Searches and Quick Tabs features that provide a sort of table of contents. …
Bing will become available in the next few days and fully be launched by the 3rd of June. Microsoft illustrates that Bing is not a search engine but it is a decision maker by providing a fast preview of search results during a mouseover .people can decide if they want to leave the search page and click on a link, therefore is not intended to be a Google challenger.
So let’s get ready for binging!
make sure you subscribe to my RSS feed!
Google networking error caused outage
Posted by Mourad Ben Lakhoua in Internet on May 15, 2009
Widespread outages involving several Google services–including search, Google Docs, and Gmail–were caused by an upgrade gone awry inside of Google, according to engineers.
Dmitri Alperovitch, vice president of threat research for McAfee, said that Google this morning attempted to make changes to key Internet routing numbers–known as autonomous system numbers–as part of its ongoing transition from an older networking standard to a newer one called IPv6. An unknown “bug” inside Google’s network involving some sort of hardware failure or glitch prevented Internet service providers from finding Google’s new ASNs on the Internet–effectively sealing it off from many customers, he said
Not all Internet users were affected, but some that use larger providers–such as AT&T or Verizon–appeared to be disproportionately hurt because large ISPs “peer” with Google, or interconnect their networks with Google’s networks in order to improve speed and reduce bandwith costs, Alperovitch said. Not all customers at those providers were affected, and smaller ISPs that didn’t interconnect their networks were able to route around the problem. But just like when a bad car accident shuts down a key highway, the ripple effects were felt elsewhere.
This failure shows the critical difference between the cloud and locally-hosted services, but in reality SaaS system have proved a high level of security and redundancy but in some cases they are still not effective.
[Source: CNET]
make sure you subscribe to my RSS feed!
DNS hole leads to hack Google.co.ma!
Posted by Mourad Ben Lakhoua in Cybercrime & Hacking, Vulnerabilities on May 11, 2009
The Google Morocco domain (Google.co.ma) was briefly hacked on Saturday May 10 by hackers referring to themselves as ‘PAKbugs’.
Google.co.ma is functioning again, but for several hours on Saturday the site was down and this gave enough opportunity for people visiting the site to generate screenshots of the hacked domain. When users visited the site, they briefly saw a message that said “HackeD By PAKbugs. We are ZombiE_KsA Cyber Criminal spo0fer x00mx00m”.
The domain was pointed to a different server, and the message mentioned above was shown when people tried to access the search engine. Google at one point reportedly relayed visitors from Morocco to Google.com instead of Google.co.ma, but it took a while before Google Morocco was functioning correctly again.
PAKbugs.com is a forum of Pakistani hackers, and the forum boasts of the successful hack here.
Popular blog TechCrunch suggests that the hackers hacked the site by possibly finding a way through NIC.ma, which controls the DNS (Domain Name Service) for Morocco.
At Sectech we have published the DNS cache-poisoning flaw this vulnerability allow a hackers to redirect Web traffic and e-mails to systems under their control this hole affects several products from multiple vendors so the only solution to mitigate the risks currently is to patch the Domain Name Server and apply the latest update.
You can find mirror of the attack here
[Source: ITP]
make sure you subscribe to my RSS feed!
Omaha or Google Update
Posted by Mourad Ben Lakhoua in Software Security on April 15, 2009
Google have released new software that is designed to update automatically the installed software product within a computer. This program is called Omaha and currently it supports many Google products for Windows, including Google Chrome and Google Earth. In last Friday Jordan Miles a member of the Google Software Engineering Team wrote on the corporate blog that some users can be surprised to find this program running so they are working hard to address these concerns, and releasing the source code for Omaha to make the purpose of Google Update absolutely transparent.
At Google security experts are thinking that automatic updates is the best way to patch the discovered vulnerabilities, as it provides patches instantly in silent mode, so if you are looking of developing your own auto-updater go to Omaha and download it , by the way Omaha project is distributed under Apache License Version 2.0 which is preferred by Google.
SUBSCRIBE
Latest Comments