Tag Archives: Google

Edelman-Google’s AdWords API Restrictions

benedelman.org/news
January 7, 2013
The Right Remedies for Google’s AdWords API Restrictions

Last week the FTC closed its 21-month investigation of Google after Google made several small concessions, among them dropping certain restrictions on use of Google’s AdWords API — rules that previously limited how advertisers and tool-makers may copy advertisers’ own data from Google’s servers. Removing the restrictions is a step forward for advertisers and for competition. But the FTC could and should have demanded more from Google in order to address the harm resulting from seven years of these restrictions.

Article: http://www.benedelman.org/news/010713-1.html

Microsoft Security Advisory (2719615)

Vulnerability in Microsoft XML Core Services Could Allow Remote Code Execution

Published: Tuesday, June 12, 2012

Microsoft is aware of active attacks that leverage a vulnerability in Microsoft XML Core Services 3.0, 4.0, 5.0, and 6.0. The vulnerability could allow remote code execution if a user views a specially crafted webpage using Internet Explorer. An attacker would have no way to force users to visit such a website. Instead, an attacker would have to convince users to visit the website, typically by getting them to click a link in an email message or Instant Messenger message that takes them to the attacker’s website. The vulnerability affects all supported releases of Microsoft Windows, and all supported editions of Microsoft Office 2003 and Microsoft Office 2007.

The vulnerability exists when MSXML attempts to access an object in memory that has not been initialized, which may corrupt memory in such a way that an attacker could execute arbitrary code in the context of the logged-on user.

We are actively working with partners in our Microsoft Active Protections Program(MAPP) to provide information that they can use to provide broader protections to customers. For information about protections released by MAPP partners, see MAPP Partners with Updated Protections.

Upon completion of our investigation, Microsoft will take the appropriate action to help protect our customers. This may include providing a security update through our monthly release process or providing an out-of-cycle security update, depending on customer needs.

Please see the complete article:
http://technet.microsoft.com/en-us/security/advisory/2719615

A Microsoft Fix it solution is available that blocks the attack vector for this vulnerability. Microsoft encourages customers running an affected configuration to apply the Fix it solution as soon as possible.

http://support.microsoft.com/kb/2719615

https://www.zdnet.com/blog/security/state-sponsored-attackers-using-ie-zero-day-to-hijack-gmail-accounts/12462

Google announces privacy changes, users can’t opt out

Updating our privacy policies and terms of service
1/24/2012 01:30:00 PM
In just over a month we will make some changes to our privacy policies and Google Terms of Service. This stuff matters, so we wanted to explain what’s changing, why and what these changes mean for users.

First, our privacy policies. Despite trimming our policies in 2010, we still have more than 70 (yes, you read right … 70) privacy documents covering all of our different products. This approach is somewhat complicated. It’s also at odds with our efforts to integrate our different products more closely so that we can create a beautifully simple, intuitive user experience across Google.

So we’re rolling out a new main privacy policy that covers the majority of our products and explains what information we collect, and how we use it, in a much more readable way. While we’ve had to keep a handful of separate privacy notices for legal and other reasons, we’re consolidating more than 60 into our main Privacy Policy.

Regulators globally have been calling for shorter, simpler privacy policies—and having one policy covering many different products is now fairly standard across the web.

These changes will take effect on March 1, and we’re starting to notify users today, including via email and a notice on our homepage.

http://googleblog.blogspot.com/2012/01/updating-our-privacy-policies-and-terms.html
http://www.huffingtonpost.com/2012/01/24/google-privacy-policies_n_1229470.html

Internet Explorer 6 Countdown

ie6countdown

10 years ago a browser was born.

Its name was Internet Explorer 6. Now that we’re in 2012, in an era of modern web standards, it’s time to say goodbye.

http://www.ie6countdown.com/

BBC News

Meanwhile rival Google has been forced into an embarrassing climbdown on the promotion of its Chrome browser.

It has downgraded Chrome in its search listings after the discovery that a marketing campaign paid bloggers to promote a video about it.

The search giant has distanced itself from the campaign, blaming third-party marketing firm Essence Digital.

http://www.bbc.co.uk/news/technology-16408850

DigiNotar SSL Certificate Hack

Microsoft Security Advisory (2607712)
Fraudulent Digital Certificates Could Allow Spoofing
Published: August 29, 2011 | Updated: August 29, 2011

Microsoft is aware of at least one fraudulent digital certificate issued by DigiNotar, a certification authority present in the Trusted Root Certification Authorities Store, on all supported releases of Microsoft Windows. Although this is not a vulnerability in a Microsoft product, Microsoft is taking action to protect customers.

Microsoft has been able to confirm that one digital certificate affects all subdomains of google.com and may be used to spoof content, perform phishing attacks, or perform man-in-the-middle attacks against all Web browser users including users of Internet Explorer. Microsoft is continuing to investigate how many more certificates have been fraudulently issued. As a precautionary measure, Microsoft has removed the DigiNotar root certificate from the Microsoft Certificate Trust List.

All supported editions of Windows Vista, Windows 7, Windows Server 2008, and Windows Server 2008 R2 use the Microsoft Certificate Trust List to validate the trust of a certification authority. Users of these operating systems will be presented with an invalid certificate error when they browse to a Web site or try to install programs signed by the DigiNotar root certificate. In those cases users should follow the instructions in the message. Microsoft will release a future update to address this issue for all supported editions of Windows XP and Windows Server 2003.

Microsoft is continuing to investigate this issue and may release future updates to help protect customers.

http://www.microsoft.com/technet/security/advisory/2607712.mspx

Edit
V3.0 (September 6, 2011): Revised to announce the release of an update that addresses this issue.

Computerworld

Hackers may have obtained more than 200 digital certificates from a Dutch company after breaking into its network, including ones for Mozilla, Yahoo and the Tor project, a security researcher reported today.

The count is considerably higher than DigiNotar has acknowledged. Earlier this week, a company spokesman said that “several dozen” certificates had been acquired by the attackers.

http://www.computerworld.com/s/article/9219663/Hackers_may_have_stolen_over_200_SSL_certificates

Mac OS X can’t properly revoke dodgy digital certificates
http://www.computerworld.com/s/article/9219669/Mac_OS_X_can_t_properly_revoke_dodgy_digital_certificates

Firefox and Thunderbird 6.0.1 released after the Mozilla team removed DigiNotar from their root program to protect users.


Google warns users of malware

Google Online Security Blog
Posted by Damian Menscher, Security Engineer

As we work to protect our users and their information, we sometimes discover unusual patterns of activity. Recently, we found some unusual search traffic while performing routine maintenance on one of our data centers. After collaborating with security engineers at several companies that were sending this modified traffic, we determined that the computers exhibiting this behavior were infected with a particular strain of malicious software, or “malware.” As a result of this discovery, today some people will see a prominent notification at the top of their Google web search results:

http://googleonlinesecurity.blogspot.com/2011/07/using-data-to-protect-people-from.html

Google suggests users run a system scan on their computer by following the steps in their Help Center article

If you don’t have security software already installed now is not the time to use a search engine to start looking, unless you know exactly what you are looking for. Malware vendors have long had search engines loaded up linking in their direction. It’s a good way to pick up Scareware Rogues

Instead go to a reputable site such as those I have listed on the right side of this page under Security Forums and either ask for suggestions or read the stickied FAQS which give advice on how to protect your computer and surf safely. For a bigger list see the Alliance of Security Analysis Professionals ASAP

If the machine in question is in a business/institution/corporate environment don’t mess around, call either the in house IT person or a local technician.

French Commission fines Google $142,000

Street View Privacy Violations.

Google’s infractions included collecting passwords and e- mails transferred wirelessly, the National Commission for Computing and Civil Liberties said today in a statement. CNIL, as the regulator is known, levied its highest fine ever because of the gravity of breaches and “the economic advantages Google gained from these violations,” according to the statement.

Google has been targeted by data-protection authorities in the European Union for its Street View program, which lets users click on maps to see photographs of roadsides. The European Commission, the EU’s executive agency, plans more harmonized data protection rules across the 27-nation region. The U.S. Federal Trade Commission closed a probe in October after Google said it would improve its safeguards.

http://www.bloomberg.com/news/2011-03-21/google-fined-by-french-privacy-agency-for-street-view-violations.html

Google is your friend-or is it

cnet.co.uk

The Information Commissioner’s Office is investigating Google Street View after the search giant admitted it had collected more personal data than previously thought. Google senior vice president Alan Eustace has owned up to having collected complete email addresses, URLs and passwords that could identify users.

http://crave.cnet.co.uk/software/ico-vs-street-view-round-2-as-google-admits-to-collecting-passwords-50001271/

Creating stronger privacy controls inside Google: http://googleblog.blogspot.com/2010/10/creating-stronger-privacy-controls.html

GAN preferred placements, format, and terms in sponsored search

Tying Google Affiliate Network
September 28, 2010

In one of the few areas of Internet advertising where Google is not dominant – where just three years ago Google had no offering at all – Google now uses tying to climb towards a position of dominance. In particular, using its control over web search, Google offers preferred search ad placement and superior search ad terms to the advertisers who agree to use Google Affiliate Network. Competing affiliate networks cannot match these benefits, and Google’s bundling strategy threatens to grant Google a position of power in yet another online advertising market.

http://www.benedelman.org/news/092810-1.html