Google

Edelman-Google’s AdWords API Restrictions

by certifiedbug on January 8, 2013

in Internet Security

benedelman.org/news
January 7, 2013
The Right Remedies for Google’s AdWords API Restrictions

Last week the FTC closed its 21-month investigation of Google after Google made several small concessions, among them dropping certain restrictions on use of Google’s AdWords API — rules that previously limited how advertisers and tool-makers may copy advertisers’ own data from Google’s servers. Removing the restrictions is a step forward for advertisers and for competition. But the FTC could and should have demanded more from Google in order to address the harm resulting from seven years of these restrictions.

Article: http://www.benedelman.org/news/010713-1.html

{ 0 comments }

Microsoft Security Advisory (2719615)

by certifiedbug on June 15, 2012

in Microsoft

Vulnerability in Microsoft XML Core Services Could Allow Remote Code Execution

Published: Tuesday, June 12, 2012

Microsoft is aware of active attacks that leverage a vulnerability in Microsoft XML Core Services 3.0, 4.0, 5.0, and 6.0. The vulnerability could allow remote code execution if a user views a specially crafted webpage using Internet Explorer. An attacker would have no way to force users to visit such a website. Instead, an attacker would have to convince users to visit the website, typically by getting them to click a link in an email message or Instant Messenger message that takes them to the attacker’s website. The vulnerability affects all supported releases of Microsoft Windows, and all supported editions of Microsoft Office 2003 and Microsoft Office 2007.

The vulnerability exists when MSXML attempts to access an object in memory that has not been initialized, which may corrupt memory in such a way that an attacker could execute arbitrary code in the context of the logged-on user.

We are actively working with partners in our Microsoft Active Protections Program(MAPP) to provide information that they can use to provide broader protections to customers. For information about protections released by MAPP partners, see MAPP Partners with Updated Protections.

Upon completion of our investigation, Microsoft will take the appropriate action to help protect our customers. This may include providing a security update through our monthly release process or providing an out-of-cycle security update, depending on customer needs.

Please see the complete article:
http://technet.microsoft.com/en-us/security/advisory/2719615

A Microsoft Fix it solution is available that blocks the attack vector for this vulnerability. Microsoft encourages customers running an affected configuration to apply the Fix it solution as soon as possible.

http://support.microsoft.com/kb/2719615

https://www.zdnet.com/blog/security/state-sponsored-attackers-using-ie-zero-day-to-hijack-gmail-accounts/12462

{ 0 comments }

Google announces privacy changes, users can’t opt out

by certifiedbug on January 25, 2012

in News

Updating our privacy policies and terms of service
1/24/2012 01:30:00 PM
In just over a month we will make some changes to our privacy policies and Google Terms of Service. This stuff matters, so we wanted to explain what’s changing, why and what these changes mean for users.

First, our privacy policies. Despite trimming our policies in 2010, we still have more than 70 (yes, you read right … 70) privacy documents covering all of our different products. This approach is somewhat complicated. It’s also at odds with our efforts to integrate our different products more closely so that we can create a beautifully simple, intuitive user experience across Google.

So we’re rolling out a new main privacy policy that covers the majority of our products and explains what information we collect, and how we use it, in a much more readable way. While we’ve had to keep a handful of separate privacy notices for legal and other reasons, we’re consolidating more than 60 into our main Privacy Policy.

Regulators globally have been calling for shorter, simpler privacy policies—and having one policy covering many different products is now fairly standard across the web.

These changes will take effect on March 1, and we’re starting to notify users today, including via email and a notice on our homepage.

http://googleblog.blogspot.com/2012/01/updating-our-privacy-policies-and-terms.html
http://www.huffingtonpost.com/2012/01/24/google-privacy-policies_n_1229470.html

{ 0 comments }

Internet Explorer 6 Countdown

by certifiedbug on January 4, 2012

in Browser

ie6countdown

10 years ago a browser was born.

Its name was Internet Explorer 6. Now that we’re in 2012, in an era of modern web standards, it’s time to say goodbye.

http://www.ie6countdown.com/

BBC News

Meanwhile rival Google has been forced into an embarrassing climbdown on the promotion of its Chrome browser.

It has downgraded Chrome in its search listings after the discovery that a marketing campaign paid bloggers to promote a video about it.

The search giant has distanced itself from the campaign, blaming third-party marketing firm Essence Digital.

http://www.bbc.co.uk/news/technology-16408850

{ 0 comments }

Bogus Google Plus Page Trashes Bank of America

November 15, 2011

Posts contain swipes relating to the Occupy Wall Street movement and government bailouts. Now replaced with the “verified name” check mark. http://idealab.talkingpointsmemo.com/2011/11/bank-of-americas-google-plus-page-appears-brandjacked.php

Read the full article →

DigiNotar SSL Certificate Hack

September 1, 2011

Microsoft Security Advisory (2607712) Fraudulent Digital Certificates Could Allow Spoofing Published: August 29, 2011 | Updated: August 29, 2011 Microsoft is aware of at least one fraudulent digital certificate issued by DigiNotar, a certification authority present in the Trusted Root Certification Authorities Store, on all supported releases of Microsoft Windows. Although this is not a […]

Read the full article →

Google warns users of malware

July 20, 2011

Google Online Security Blog Posted by Damian Menscher, Security Engineer As we work to protect our users and their information, we sometimes discover unusual patterns of activity. Recently, we found some unusual search traffic while performing routine maintenance on one of our data centers. After collaborating with security engineers at several companies that were sending […]

Read the full article →

French Commission fines Google $142,000

March 21, 2011

Street View Privacy Violations. Google’s infractions included collecting passwords and e- mails transferred wirelessly, the National Commission for Computing and Civil Liberties said today in a statement. CNIL, as the regulator is known, levied its highest fine ever because of the gravity of breaches and “the economic advantages Google gained from these violations,” according to […]

Read the full article →

Google is your friend-or is it

October 25, 2010

cnet.co.uk The Information Commissioner’s Office is investigating Google Street View after the search giant admitted it had collected more personal data than previously thought. Google senior vice president Alan Eustace has owned up to having collected complete email addresses, URLs and passwords that could identify users. http://crave.cnet.co.uk/software/ico-vs-street-view-round-2-as-google-admits-to-collecting-passwords-50001271/ Creating stronger privacy controls inside Google: http://googleblog.blogspot.com/2010/10/creating-stronger-privacy-controls.html

Read the full article →

GAN preferred placements, format, and terms in sponsored search

September 29, 2010

Tying Google Affiliate Network September 28, 2010 In one of the few areas of Internet advertising where Google is not dominant – where just three years ago Google had no offering at all – Google now uses tying to climb towards a position of dominance. In particular, using its control over web search, Google offers […]

Read the full article →