New tool to detect Aurora malware behind Google hack
Security vendor HBGary has released a free software tool that can remove “Aurora” malware, linked to corporate espionage at more than 30 companies.
Called the Aurora Inoculation Shot, this utility will remotely scan Windows machines over the network for signs of Aurora and can remove the malicious software as well. It uses the Windows Management Instrumentation services to carry out the inoculation.
Although Aurora has been linked to attacks on just 34 companies, the software has captured the attention of corporate executives, because some believe that is connected to a widespread industrial espionage campaign originating from China.
Full Story: Tech World
Google acquires social search engine Aardvark
Google has acquired social-search provider Aardvark, right on the heels of the company’s Google Buzz announcement.
Google declined to share financial terms of the deal, but TechCrunch reported that Google paid US$50 million for the startup. “We have signed a definitive agreement to acquire Aardvark, but we don’t have any additional details to share right now,” a company representative said in a statement.
Aardvark’s search engine scans the profiles of people you’ve designated as friends in an attempt to match their expertise or interests with a query, such as, “What’s the best restaurant in Austin?” Friends from San Francisco might not know that, but friends in Texas could certainly answer that question. Aardvark lets you choose topics on which you’re willing to be questioned when you set up your own profile.
Full Story: ZDNet Asia
Google seeks DNS protocol extension
Google is amongst a group of DNS (Domain Name System) and content providers proposing an extension to the DNS protocol so that Internet requests are sent to servers in close proximity, thus boosting Internet performance.
The proposal, submitted to the Internet Engineering Task Force this week, was noted in the Google Code Blog. Some persons commenting on the proposal, however, feared it would infringe on privacy.
DNS, Google said, translates Web names such as www.google.com to numeric IP addresses used to communicate on the Internet. DNS can be used to load-balance traffic and send users to a nearby server, such as a user in New York looking up Google and the request being resolved to an IP address for a server in New York City. Authoritative nameservers, which have authority over DNS zones, look at the source IP address of the incoming request, which is the IP address of the DNS resolver. Sometimes, however, DNS resolvers serve many users over a wider area, and a lookup may return the IP address of a server several countries away.
Full Story: Info World
Google Encouraging More Chromium Security Research
In designing Chromium, we’ve been working hard to make the browser as secure as possible. We’ve made strong improvements with the integrated sandboxing and our up-to-date user base. We’re always looking to stay on top of the latest browser security features. We’ve also worked closely with the broader security community to get independent scrutiny and to quickly fix bugs that have been reported.
Some of the most interesting security bugs we’ve fixed have been reported by researchers external to the Chromium project. For example, this same origin policy bypass from Isaac Dawson or this v8 engine bug found by the Mozilla Security Team. Thanks to the collaborative efforts of these people and others, Chromium security is stronger and our users are safer.
Today, we are introducing an experimental new incentive for external researchers to participate. We will be rewarding select interesting and original vulnerabilities reported to us by the security research community. For existing contributors to Chromium security — who would likely continue to contribute regardless — this may be seen as a token of our appreciation. In addition, we are hoping that the introduction of this program will encourage new individuals to participate in Chromium security. The more people involved in scrutinizing Chromium’s code and behavior, the more secure our millions of users will be.
Full Story: Chromium Blog
Chrome Version 4.0 for Windows released
Google has announced version 4.0 of its browser Chrome. Available for Windows only, it fixes 13 bugs and improves synchronization of extensions.
Replacing the beta last December, the final version of Chrome 4.0 fixes a total of 13 security vulnerabilities and provides better synchronization tools. Among the vulnerabilities, six were classified among the “high threat system” and four of them had even been withdrawn from listing errors Chrome official, supposedly to prevent hackers from exploiting this information. This is explained Anthony Laforge, product manager for Chrome: “Some bugs are kept secret until a majority of our users to be confronted.”.
Another improvement of this final version lies in the synchronization of bookmarks and extensions, a useful improvement to the views of the 1500 add-ons available for Chrome. According to Ian Fette, production manager at Google, this version also benefits from Web 2.0 services, from technology HTML5 and JavaScript, such as facilitating online storage and therefore, collaboration. “We have also greatly improved the speed of the browser,” said Nick Baum, another product manager on the official blog of Chrome. “The performance has increased by 42% since last version, and 400% since the first version of Chrome released last year.
Full Story: News Trends Today
Google to Stop Censoring Search Results in China After Hack Attack
Google has decided to stop censoring search results in China, after discovering that someone based in that country had attempted to hack into the e-mail accounts of human rights activists. The company disclosed the move in a startling announcement posted to its blog late Tuesday.
Google said it was prepared to pull its business out of China, if issues around the surveillance and its decision to stop censoring results could not be resolved with the Chinese government.
Although the company did not accuse the Chinese government of being behind the hack attacks, Google said that the attacks, combined with attempts by China over the last year to “further limit free speech on the web” led it to conclude that it needed to “review the feasibility of our business operations in China.”
The company decided it will no longer censor search results on Google.cn, which it had been doing as a concession to the Chinese government since 2006 in order to be able to operate in China. The company didn’t say when it would stop censoring material but stated that it would be discussing with Chinese authorities how it might continue to operate legally in China, if at all, with an unfiltered search engine.
“We recognize that this may well mean having to shut down Google.cn, and potentially our offices in China,” wrote David Drummond, Google’s chief legal officer and senior vice president for corporate development.
Full Story: Wired
Google is awarded the mightiest of titles: it’s Word of the Decade!
I know there is a fondness for games among many readers, so here is today’s. What is your No. 1 word of the last decade? Might it be “divorce” or “Warcraft” or perhaps even “pants,” “Rush,” or “Miley”?
This question is especially timely today because the American Dialect Society, which studies the stumbling attempts of English to take hold in America, has declared that the one most important, significant, rousingly symbolic word of the last decade is “Google.”
According to CBSNews.com, “Google” beat out such words of our bygone times as “blog.” It even beat out “war on terror,” which hardly seems like a word, but who am I to question the keepers of the spoken flame? (Press release containing the full list (PDF))
“It’s hard to imagine life before we were Googling,” American Dialect Society executive councilmember Ben Zimmer told CBSNews.com.
Might I take a moment to quibble with Zimmer’s lexicon? I am sure you can most definitely imagine life before you dedicated your waking hours and, indeed, your name, to the Church of Searchboxology.
Full Story: CNET News
Google gets into the URL-shrinking biz with Goo.glGoogle gets into the URL-shrinking biz with Goo.gl
Google ventured into new territory on Monday with the launch of a new URL-shortening service it’s calling Goo.gl.
Unlike some existing and high-profile shorteners such as TinyURL and Bit.ly, Goo.gl is not a general-purpose link shrinker that users can access by going to a standalone site. Instead, it’s been built into Google products, beginning with Google’s browser toolbar and its Feedburner RSS service. Both of those services can now create shortened Goo.gl URLs that link to the source content while using fewer characters. This is especially important for sharing on places like Twitter, where there are size limits.
The feature goes hand in hand with the launch of a share button for the Google toolbar that lets users share whatever page they’re on with a number of social services. As for its integration with FeedBurner, Google now provides feed owners with a way to automatically publish certain posts directly to Twitter, which will again help keep the number of characters to a minimum.
Full Story: CNet News
Mozilla Endorses Bing Over Google Privacy Issues
A Mozilla official last week pointed Firefox users to the extension that adds Microsoft’s Bing search engine
to the list of the browser’s search engines after Google’s CEO downplayed consumers’ privacy concerns.
Citing a clip from a CNBC broadcast last Friday, during which Google chief executive Eric Schmidt discussed online privacy, Asa Dotzler, Mozilla’s director of community development, provided a link to the Firefox extension that adds Bing to Firefox’s search engine list. “Here’s how you can easily switch Firefox’s search from Google to Bing,” said Dotzler in an entry on his personal blog today. The link he included leads to the Bing search add-on .
During the interview, Schmidt was asked: “People are treating Google like their most trusted friend…should they be?” It was Schmidt’s answer that motivated Dotzler to show users how to drop Google, Firefox’s default search engine, for rival Bing.
Full Story: PC World
Introducing Google Public DNS: A new DNS resolver from Google
Today, as part of our efforts to make the web faster, we are announcing Google Public DNS, a new experimental public DNS resolver.
The DNS protocol is an important part of the web’s infrastructure, serving as the Internet’s “phone book”. Every time you visit a website, your computer performs a DNS lookup. Complex pages often require multiple DNS lookups before they complete loading. As a result, the average Internet user performs hundreds of DNS lookups each day, that collectively can slow down his or her browsing experience.
We believe that a faster DNS infrastructure could significantly improve the browsing experience for all web users. To enhance DNS speed but to also improve security and validity of results, Google Public DNS is trying a few different approaches that we are sharing with the broader web community through our documentation:
- Speed: Resolver-side cache misses are one of the primary contributors to sluggish DNS responses. Clever caching techniques can help increase the speed of these responses. Google Public DNS implements prefetching: before the TTL on a record expires, we refresh the record continuously, asychronously and independently of user requests for a large number of popular domains. This allows Google Public DNS to serve many DNS requests in the round trip time it takes a packet to travel to our servers and back.
- Security: DNS is vulnerable to spoofing attacks that can poison the cache of a nameserver and can route all its users to a malicious website. Until new protocols like DNSSEC get widely adopted, resolvers need to take additional measures to keep their caches secure. Google Public DNS makes it more difficult for attackers to spoof valid responses by randomizing the case of query names and including additional data in its DNS messages.
- Validity: Google Public DNS complies with the DNS standards and gives the user the exact response his or her computer expects without performing any blocking, filtering, or redirection that may hamper a user’s browsing experience.
Full Story: Google Code Blog
