Thanks to my friend, Pondus! Ars Technica: Hundreds of thousands of URLs have been compromised—at the time of writing, 694,000 (it’s over millions of site when you are reading this)—in an enormous and indiscriminate SQL injection attack. The attack has modified text stored in databases, with the result that pages served up by the attacked systems include within each page one or more references to a particular JavaScript file. ...
Google Operation System: Until recently, Google Bookmarks and Chrome Bookmarks were two separate features that didn’t speak the same language. Even if you could save your Chrome bookmarks to a Google account, they weren’t saved to Google Bookmarks. For some reason, your bookmarks are available in a special Google Docs folder. Chrome bookmarks have a web interface, but it’s likely that the obvious will happen: Chrome bookmarks could be saved to Google Bookmarks. Jérôme Flipo noticed that the Google Bookmarks OneBox already includes Chrome bookmarks. I’ve tried to find SmallNetBuilder.com and Google’s OneBox returned it even if it was starred in Chrome, not in Google Bookmarks. ...
Google Operation System: Google +1 is yet another attempt to make Google more social. It’s Google’s version of the Facebook “likes”, a simple feature that’s very powerful because it’s part of a social network. Google will show +1 buttons next to all search results and ads, while encouraging other sites to include the buttons. All +1’s are public and they’re tied to Google Profiles. The goal is to use this data to personalize search results and ads by recommending sites +1’d by your friends. Google Social Search already does this, but there’s no support for Facebook likes, so Google had to come up with a substitute. ...
Google Talk Guru is a new Google bot that lets you ask simple questions. It’s “an experimental service that allows people to get information like sports results, weather forecasts, definitions etc via chat. It works on many popular chat applications that support Google Talk.” Send an invitation to **guru**@googlelabs.com in Gmail Chat, Google Talk or any other Jabber client and find simple facts like “weather in London”, “amplitude definition”, “translate souris”, “2^8”, “web stanford” (which returns the top Google result for [stanford]). ...
Avira TechBlog: SpyEye is a malware family which we are monitoring for some time. Today we are analyzing a sample which is detected as TR/Spy.SpyEye.flh by Avira products. The Trojan is able to inject code in running processes and can perform the following functions: Capture network traffic Send and receive network packets in order to bypass application firewalls Hide and prevent access to the startup registry entry Hide and prevent access to the binary code Hide the own process on injected processes Steal information from Internet Explorer and Mozilla Firefox A detailed analysis of this malware by Liviu Serban, Virus Researcher at Avira. ...
Avira TechBlog: It looks like new Chrome releases aren’t due every six weeks as Google announced a few weeks ago, but once a week now – the company just released Chrome 10.0.648.204 and fixes 6 highly critical security vulnerabilities with it. Those security vulnerabilities allow attackers to smuggle in malware like Trojans without the user noticing. That is why the automatic update mechanism is so important: When clicking on the tool symbol and choosing the “About Google Chrome” menu entry, the version check should show that Chrome is already on the current release – or offer to download and install the update in case that didn’t happen yet. ...
Cnet: A malicious attacker that appears to be the Iranian government managed to obtain supposedly secure digital certificates that can be used to impersonate Google, Yahoo, Skype, and other major Web sites, the security company affected by the breach said today. Comodo, a Jersey City, N.J.-based firm that issues digital certificates, said the nine certificates were fraudulently obtained, including one for Microsoft’s Live.com, have already been revoked. A fraudulent certificate allows someone to impersonate the secure versions of those Web sites–the ones that are used when encrypted connections are enabled–in some circumstances. ...
Google Chrome Blog: Today, we’re updating the Chrome beta channel with a couple of new capabilities, especially for web developers. Fresh from the work that we’ve been doing with the HTML Speech Incubator Group, we’ve added support for theHTML5 speech input API. With this API, developers can give web apps the ability to transcribe your voice to text. When a web page uses this feature, you simply click on an icon and then speak into your computer’s microphone. The recorded audio is sent to speech servers for transcription, after which the text is typed out for you. Try it out yourself in this little demo. Today’s beta release also offers a sneak peek of GPU-accelerated 3D CSS, which allows developers to apply slick 3D effects to web page content using CSS. ...
Gmail Blog: Posted by Jason Toff, Product Marketing Manager Switching email accounts can be painful. The idea of losing years of accumulated contacts and messages can sound daunting, to say the least. Luckily, switching to Gmail doesn’t mean you have to start totally fresh. Back in 2009 we announced tools that let you import mail and contacts from other providers, such as AOL or Hotmail. Today we’re announcing the addition of fourteen more international domains to our list of supported email providers: ...
Play.com, one of the largest online retailers of DVDs, CDs, MP3s, books and gadgets, emailed its customers yesterday admitting to a security breach in its marketing communications. Names and emails may have been compromised. Play.com claims the breach happened outside its walls, so presumably they use a third party marketing consultancy to manage part or all of its marketing activities. Here is one of the messages that was sent out to customers by Play.com: ...