Showing posts sorted by date for query Google's Chrome. Sort by relevance Show all posts
Showing posts sorted by date for query Google's Chrome. Sort by relevance Show all posts

Pwnium 2: Teenage Hacker Pinkie Pie Exploited Google Chrome & Earned $60,000

Posted by Avik Sarkar On 10/11/2012 03:52:00 am

Pwnium 2: Teenage Hacker Pinkie Pie Exploited Google Chrome & Earned $60,000

One of world's most popular web-browser Google Chrome has fallen victim at Pwnium 2 security contest which took place earlier on 10th October, at the Hack In The Box conference in Kuala Lumpur, Malaysia. A teenage hacker who goes by the pseudonym "Pinkie Pie" was successfully able to "fully exploit" Chrome, escaping the sandbox using only bugs within Chrome. The hack was done on a fully patched 64-bit Windows 7 system running the latest stable branch of Chrome. For his work, Pinkie Pie will receive the top prize of $60,000 from Google
This isn't the first time that "Pinkie Pie", also the name of a "My Little Pony - Friendship is Magic" character, has won money for exploiting Chrome. In March of this year, he was rewarded for vulnerabilities he used at Google's Pwnium contest, which took place during the Pwn2Own competition at CanSecWest, to break out of the browser's sandbox and execute code. In order to get his code to execute on the test system at the time, he had to combine a total of six vulnerabilities; the holes were later closed with the release of Chrome 18. Along with security specialist Sergey Glazunov, Pinkie Pie also won this year's Pwnie Award for the Best Client-Side Bug. What ever the full results of the Pwnium 2 competition will be announced during a talk by Google Software Engineer Chris Evans today that means, 11th October.
We also like to give you reminder that earlier in this year Google had increased vulnerability bounties in Anniversary of Vulnerability Reward Programbe. Also PayPalFacebook & many other has already started this paid bug bounty program. These bug bounty programs & such security contest indeed enhancing the security. 


-Source (The-H & SC Magazine)






SHARE OUR NEWS DIRECTLY ON SOCIAL NETWORKS:-

Mozilla Put Older & Vulnerable Versions of Java Into Firefox Blocklist

Posted by Avik Sarkar On 4/05/2012 08:43:00 pm

Mozilla Put Older & Vulnerable Versions of Java Into Firefox Blocklist

In the official blog post Mozilla confirmed that they have blacklisted unpatched versions of the Java plug-in from Firefox on Windows in order to protect its users from attacks that exploit known vulnerabilities in those versions. "The February 2012 update to the Java Development Kit (JDK) and Java Runtime Environment (JRE) included a patch to correct a critical vulnerability that can permit the loading of arbitrary code on an end-user’s computer. This vulnerability—present in the older versions of the JDK and JRE—is actively being exploited, and is a potential risk to users. To mitigate this risk, we have added affected versions of the Java plugin for Windows (Version 6 Update 30 and below as well as Version 7 Update 2 and below) to Firefox’s blocklist. A blocklist entry for the Java plugin on OS X may be added at a future date. Mozilla strongly encourages anyone who requires the JDK and JRE to update to the current version as soon as possible on all platforms. Affected versions of the Java plugin will be disabled unless a user makes an explicit choice to keep it enabled at the time they are notified of the block being applied."- Said Mozilla
Unlike Google's Chrome browser, which has a feature specifically aimed at disabling outdated plug-ins, Firefox relies on Mozilla developers deciding which plug-ins pose a risk to users. However, users retain the choice of preventing those plug-ins from being disabled. The Firefox blocklist has rarely been used to disable plug-ins from big software vendors like Oracle, but precedents do exist. In October 2009, Mozilla decided to add Microsoft's Windows Presentation Foundation (WPF) plug-in to the Firefox blocklist after Microsoft revealed that it had a vulnerability.



SHARE OUR NEWS DIRECTLY ON SOCIAL NETWORKS:-

Internet Explorer & Firefox Also Became Victim To Hackers At Pwn2Own

Posted by Avik Sarkar On 3/12/2012 09:42:00 pm

Internet Explorer (IE 9) & Firefox 10.0.2 Also Became Victim To Hackers At Pwn2Own
At Pwn2Own contest the web-browsers are getting hacked in a series. First it was the turn of Google Chrome where Sergey Glazunov, a Russian security researcher has earned $60,000 by demonstrating how he could waltz past the security sandbox in Google's Chrome browser to run unauthorized code on fully-patched Windows 7 computers. Then the time came for Microsoft's Internet Explorer. A team from a French security firm managed to hack IE 9 on a fully patched Windows 7 SP1 machine. The group from Paris-based Vupen Security brought down IE9 running on Windows 7 by exploiting a pair of previously-unknown "zero-day" bugs that bypassed the operating system's defensive technologies to execute attack code, allowing that code to escape from IE's "Protected Mode," the browser's limited-rights anti-exploit system. They managed to bypass the browser's DEP and ASLR protection with a 0-day heap overflow vulnerability, and then used a separate memory corruption bug to break out of its Protected Mode, which is effectively a sandbox. According to VUPEN founder Chaouki Bekrar, these particular flows have existed in previous incarnations of the browser - all the way back to IE 6 - and will very likely work on the upcoming IE 10.
Then the turn of Firefox came. Mozilla’s Firefox is the latest browser to fall victim to hackers at this year’s Pwn2Own hacker contest. Two researchers working together – Willem Pinckaers and Vincenzo Iozzo — exploited a single zero-day vulnerability in the latest Firefox 10.0.2 on a fully patched Windows 7 SP1 PC to cart off a $30,000 cash prize.


SHARE OUR NEWS DIRECTLY ON SOCIAL NETWORKS:-

After Google Chrome Hack Sergey Glazunov Earnd $60,000 At Pwnium Contest

Posted by Avik Sarkar On 3/10/2012 10:12:00 pm

Sergey Glazunov, A Security Researcher Earn $60,000 At Pwnium After Google Chrome Hack

Sergey Glazunov, a Russian security researcher has earned $60,000 by demonstrating how he could waltz past the security sandbox in Google's Chrome browser to run unauthorized code on fully-patched Windows 7 computers. Glazunov discovered a remote code execution vulnerability in Chrome, that could be used by malicious hackers and cyber criminals to install and run code on innocent users' computers, just by them visiting a website. Glazunov, who is no stranger to reporting bugs in Chrome, won his substantial reward as part of the Pwnium competition run by Google at the CanSecWest conference in downtown Vancouver.
Senior Vice President of Google Chrome and Apps, Sundar Pichai, confirmed the successful hack on his Google+ page. Now that the hack is known throughout the developer world, Pichai understandably said, “Congrats to long-time Chromium contributor Sergey Glazunov who just submitted our first Pwnium entry. Looks like it qualifies as a “Full Chrome” exploit, qualifying for a $60k reward. We’re working fast on a fix that we’ll push via auto-update. This is exciting; we launched Pwnium this year to encourage the security community to submit exploits for us to help make the web safer. We look forward to any additional submissions to make Chrome even stronger for our users.”



SHARE OUR NEWS DIRECTLY ON SOCIAL NETWORKS:-

Google Offers $1 Million For Hackers To Exploit Chrome (Pwnium: Rewards For Exploits)

Posted by Avik Sarkar On 2/29/2012 05:18:00 pm

Google Offers $1 Million For Hackers To Exploit Chrome (Pwnium: Rewards For Exploits)

The search giant Google is offering a huge amount (total $1 million) of reward for those who will successfully hack the Google Chrome browser at the Pwn2Own Hacker Contest taking place next week (7 March, 2012). Google will reward those successful contestants at Pwn2Own with prices of $60,000, $40,000 and $20,000 – depending on the severity of the exploits that are demonstrated on a Windows 7 machine running the browser. The Prizes will be awarded on a first-come-first-serve basis, until the entire $1 million has been claimed.
Chrome is currently the only web browser eligible for entry into Pwn2Own that has never been successfully hacked. Contestants often note the difficulty of bypassing Google’s security sandbox as a reason for this. “While we’re proud of Chrome’s leading track record in past competitions, the fact is that not receiving exploits means that it’s harder to learn and improve,” said Chris Evans and Justin Schuh, members of the Google Chrome security team. “To maximize our chances of receiving exploits this year, we’ve upped the ante. We will directly sponsor up to $1 million worth of rewards.”
Additional information can be found on the Chromium official blog.





SHARE OUR NEWS DIRECTLY ON SOCIAL NETWORKS:-

Zero-Day Vulnerability In Flash Patched By Adobe

Posted by Avik Sarkar On 2/19/2012 09:48:00 pm

Zero-Day Vulnerability In Flash Patched By Adobe 
Yet another Zero day vulnerability found in Adobe Flash Player. Earlier hackers found zero-day exploit in flash player which can allow an attacker to hack you web-cam remotely later Adobe patched that. Before releasing Flash Player 11 Adobe issued new privacy policy and security update but now it seems that those are of zero use. 11.1.102.55 and earlier versions for Windows, Macintosh, Linux and Solaris, Adobe Flash Player 11.1.112.61 and earlier versions for Android 4.x, and Adobe Flash Player 11.1.111.5 and earlier versions for Android 3.x and 2.x. These vulnerabilities could cause a crash and potentially allow an attacker to take control of the affected system.
Affected Version:- 
  • Adobe Flash Player 11.1.102.55 and earlier versions for Windows, Macintosh, Linux and Solaris operating systems
  • Adobe Flash Player 11.1.112.61 and earlier versions for Android 4.x, and Adobe Flash Player 11.1.111.5 and earlier versions for Android 3.x and 2.x

Later Adobe confirmed that and immediately released a patch to close the security hole. Through this security release Adobe also resolves a universal cross-site scripting vulnerability that could be used to take actions on a user's behalf on any website or webmail provider, if the user visits a malicious website. There are reports that this vulnerability (CVE-2012-0767) is being exploited in the wild in active targeted attacks designed to trick the user into clicking on a malicious link delivered in an email message (Internet Explorer on Windows only). Google's Chrome Web browser, which directly integrates Flash into its software (unlike competing browsers) also received an update to reflect Adobe's patch update. 
Recommendation From Adobe:-
Adobe recommends users of Adobe Flash Player 11.1.102.55 and earlier versions for Windows, Macintosh, Linux and Solaris update to Adobe Flash Player 11.1.102.62. Users of Adobe Flash Player 11.1.112.61 and earlier versions on Android 4.x devices should update to Adobe Flash Player 11.1.115.6. Users of Adobe Flash Player 11.1.111.5 and earlier versions for Android 3.x and earlier versions should update to Flash Player 11.1.111.6. For further details click here.
Earlier in 2011 another Flash Player bug found in Blackberry OS & later fixed by the developer and also last year adobe closes serious security hole in Acrobat 9X & Adobe Reader.



SHARE OUR NEWS DIRECTLY ON SOCIAL NETWORKS:-

Google TV Update For Android 3.1 (Honeycomb)

Posted by Avik Sarkar On 11/01/2011 06:10:00 pm

Google announced on its Google TV blog Friday that the platform will be upgraded to Android 3.1 (otherwise known as Honeycomb) for Sony devices Sunday, with the Logitech Revue set-top box getting its upgrade "soon thereafter." What will you get with this software upgrade to Android? Google says it's "much simpler." Its customization capabilities will go a long way toward alleviating the awkwardness of its first iteration, which Google admits was "not perfect."
And the addition of the Android Market will open up a variety of applications, with the promise of more -- perhaps thousands more -- on the way. One welcome improvement will be an easier ability to search across all the TV shows at your disposal. With this update, Google's trying to answer that age-old question, "What's on?" If Google can pull that off, it could be a powerful thing indeed. The company says it has learned from its mistakes with the first version of Google TV and is "committed to find the best way to discover and engage with the high-quality entertainment on your television." So does that mean Google TV will be able to find all the shows from whichever cable or satellite provider you're subscribing to, or from the web via all of the apps within Google TV, such as Netflix, Amazon Instant Video, and HBO Go? Maybe. Of course, Google plans to improve Google TV's search across YouTube, its own video streaming service.
In the blog post, Google also hinted at future software updates (Ice Cream Sandwich, anyone?) and new devices "on new chipsets from multiple hardware partners." Hey, this is getting interesting.
We'll have to reserve judgment until we can install this software update on our Logitech Revue box, but for now, clearly this update has great potential. It makes perfect sense for Google -- purveyor of Android, the Chrome browser, YouTube and by the way, the world's search expert -- to leverage these powerful capabilities in its TV set-top. The hurdle Google needs to navigate is not so much a technical or software one, but a matter of negotiating and arm-twisting of content providers. Will the company gain cooperation from TV networks and movie studios, allowing their content to be searchable on the Google TV platform? That's the key to Google TV's success.

  • To see the google TV blog post click Here


SHARE OUR NEWS DIRECTLY ON SOCIAL NETWORKS:-

Firefox with Bing By Microsoft & Mozilla

Posted by Avik Sarkar On 10/27/2011 11:04:00 pm



Mozilla has teamed with Microsoft to bring more Bing to Firefox. Mozilla and Bing are pleased to make available Firefox with Bing, a customized version of Firefox that sets Bing as the default search engine in the search box and AwesomeBar and makes Bing.com the default home page.  (Existing Firefox users can also make these changes by installing the Bing Search for Firefox Add-on)
Of course, any user of Firefox can go into the browser's settings and make those changes themselves if they want, and there is even a "Bing Search for Firefox" add-on that will do the same. But many users don't mess with their settings too much, which is why Google (the usual default for Firefox) is the most widely used search engine among Firefox users. Google competes with Bing on the search side and Google's Chrome browser competes with Firefox. Microsoft, of course, makes a Firefox rival in Internet Explorer. Mozilla, in a blog post, said that "nearly 20 customized versions of Firefox" are available from its partners, including Bing, Yahoo (which now uses Bing to power its search as well), Twitter and Yandex.

To Download firefox with Bing here


SHARE OUR NEWS DIRECTLY ON SOCIAL NETWORKS:-

Google Gets Another Chance To Operate In China For One Year

Posted by Avik Sarkar On 9/10/2011 10:41:00 am


Google’s relationship with the government of China has been a tad tense over the past couple of years. There have been accusations of state-sponsored hacking, interference with access to services, and, of course, Google’s flat-out refusal to censor search results. China also wasn’t pleased with the introduction of Google Plus in Gmail this summer, which shouldn’t have come as a surprise. The Chinese government is widely regarded as being afraid of social networks and some officials even believe that they are being used by the U.S. to destabilize China.
But despite those fears and tensions with Google, a government spokesperson has announced that the license Google requires to continue operations within Chinese borders has been renewed for another year. China’s Ministry of Industry and Information Technology stated that the Google license was one of more than a hundred that were renewed following “adjustments” to operations, though no details about those changes were given.

It’s worth noting that the Internet content license doesn’t actually belong to Google, and that could very well have something to do with the renewal. The license actually belongs to a Chinese partner who works with Google, since the Ministry doesn’t allow foreign companies to own such licenses. Since the spat began, Google’s presence in China has diminished greatly. Its search market share has been devoured by Baidu, who now has its sights set on Google Chrome and Android. Baidu recently announced the Baidu Yi mobile operating system, which will begin shipping on Dell tablets and smartphones in China in the near future.

-News Source (Geek.com)


SHARE OUR NEWS DIRECTLY ON SOCIAL NETWORKS:-

NSS Said : IE9 Blocks Virtually all Socially Engineered Malware, Rather Than Other Browsers

Posted by Avik Sarkar On 8/18/2011 04:28:00 pm


A study prepared by NSS Labs concludes that Microsoft's Internet Explorer 9 blocks virtually all socially engineered malware, far more than rival browsers.
The study was designed to examine one aspect of security: how a browser handled a malicious URL, such as one received in a posting on a social network or an email. The NSS goal was to find the browser which identified, warned, and/or blocked malicious URLs from being viewed by the user.
As it did in 2010, Microsoft's IE9 with Smart Screen URL detection and Application Reputation topped the field, blocking 99.2 percent of all malicious emails. Google's Chrome 12 finished far behind, blocking 13.2 percent of all malicious URLs. Apple's Safari 5 and Mozilla Firefox 4 tied at 7.4 percent, with Opera 11 finishing dead last at 6.1 percent.

 

The NSS Labs study showed that, globally, all of the browsers tested showed improvement over an NSS study performed last year, with two exceptions: Safari and Mozilla's Firefox. A year ago, Microsoft IE9 blocked 99 percent of the malicious URLs, followed by Chrome 6 (3%), Safari 5 (11%), Firefox 3.6.15 (19%), and Opera 10 (0%).
NSS attributed Microsoft's success to its Application Reputation technology, which has attempted to categorize applications across the Internet.
"The significance of Microsoft's new application reputation technology cannot be overstated," the NSS report found. "Application reputation is the first attempt by any vendor to create a definitive list of every application on the Internet. This new capability helps users discern malware, and potentially unsafe software from actual good software. The list is dynamically created and maintained, much the same way Google, (or Bing) is continuously building and maintaining a library of content for search purposes."
The NSS tests sliced the potential for malware along one specific axis, socially engineered malware, a distinction Google objected to during the 2010 tests. ""Google Chrome was built with security in mind from the beginning and emphasizes protection of users from drive-by downloads and plug-in vulnerabilities," a spokeswoman said then.
NSS also found that the combination of SmartScreen and Application Reputation means that IE9 blocked new malware in just over half and hour, while Safari 5 and Firefox 4 required 4.91 and 6.07 hours, on average, to detect a new malicious URL. Chrome 12 and Opera 11, by contrast, required 17.7 and 18.4 hours, respectively. Over time, as the malicious URLs changed in response to detection, the browsers maintained their level of protection fairly consistently, NSS found.
"Not only has the effectiveness of the technology improved, but so has the speed at which it is able to identify socially engineered malware," Roger Capriotta, director of Internet Explorer product marketing, wrote in a blog post Monday. "For our Windows customers, this means fewer infections and headaches for you."
In its report, NSS said its findings were independent, and that it had not received funding from any vendor. 

-News Source (PC Mag)

SHARE OUR NEWS DIRECTLY ON SOCIAL NETWORKS:-

Apple’s Based Networks are More Vulnerable to Attack than Windows (BH 2011)

Posted by Avik Sarkar On 8/05/2011 10:01:00 pm


For many years, Apple enjoyed security through obscurity. The market share for Mac computers was so small that malware creators bypassed it to go after the much bigger target, Microsoft Windows. Not anymore.
Apple’s market share has been slowly rising and the popularity of the iPhone has put Apple’s products into the spotlight. Hackers are taking notice and they’re figuring out that Apple’s computers have security vulnerabilities, some of them more severe than Windows machines, according to a talk by the iSEC Partners security consulting team at the Black Hat security conference today.
Alex Stamos (pictured), Paul Youn, and B.J. Orvis of iSEC Partners said in their talk that it is possible for hackers to penetrate a network of Apple Mac computers and lurk undetected while gathering data. They concluded that there were so many vulnerabilities on the networking level that Mac machines could be considered more vulnerable than Windows machines.
Apple has not yet responded to a request for comment. At Black Hat, there will also be talks about the vulnerabilities of other operating systems, including Windows. In years past, security researchers have blamed Microsoft for producing vulnerable Windows code. And immediately following the Apple talk, security researchers had another talk about hacking Google’s Chrome operating system.
“This is all changing,” Stamos said. “If [recent hacking events] tell us anything, it’s that any computer is vulnerable to attack.”
The iSEC team said they looked at attacks on the Mac and its latest operating system, code-named Lion, or OS X version 10.7, from the perspective of Advanced Persistent Threats, or long-term security break-ins on networks of computers. They showed examples of the vulnerabilities and detailed proof that they had hacked into the operating system.
The category of Advanced Persistent Threats is a hot one because Google discovered that, under Operation Aurora, dozens of companies were compromised over a long period of time. And McAfee reported today that a similar attacked, dubbed Operation Shady RAT, compromised a total of 72 governments and corporations over a five-year period.
A network of Mac computers can be compromised in the usual way, iSEC’s Stamos said. A single user can be tricked out of giving up a username and password through social engineering or targeted “phishing attacks,” or attacks that use a believable ruse to get you to enter your username and password, which is then captured and compromised by the hackers.
Once inside the network, Stamos said that it is easy for the attacker to escalate the privileges he or she has on the network. That is where Apple’s operating system falls down in comparison to Windows. ”Once you have access, you can compromise the networking,” Orvis said. “Network privilege escalation is where it really gets bad on the Mac.”
The security researchers said that Apple has made improvements to security in version 10.7 of OS X, such as putting applications in a “sandbox,” or isolating them so that they can run (or crash) without taking down the rest of the operating system. Still, the researchers said they had figured out a couple of different ways to compromise the security of Macs through a test program dubbed Bonjoof. They said that it’s possible to lurk on a network and cover your tracks so that intelligence can be gathered on a network over time.
“All of Apple’s major authentication protocols suffer” from some kind of weakness, Orvis said.
There are ways to deal with the vulnerabilities, but company security professionals have to know how to use security forensics technology, which can take a long time. In the meantime, attackers can detect the forensics tools and react to their usage in an attempt to hide. The security researchers said they did talk with Apple about the vulnerabilities they found and communicated a number of ideas about how to improve the security of Apple’s computers.

SHARE OUR NEWS DIRECTLY ON SOCIAL NETWORKS:-

Chrome 13 Stable Released With Print Preview & Instant Pages Support

Posted by Avik Sarkar On 8/05/2011 03:38:00 am


As browser version numbers go, Chrome 13.0.782.107 sounds like it’s going to be less than exciting, the kind of build that delivers eight bug fixes and support for some minor HTML5 feature you’ve never heard of.
The reality is very different, though, with Google’s latest stable release providing a couple of important new features and a lengthy list of useful extras.
The headline addition has to be the long-awaited Print Preview. Unlike Firefox and IE, there’s no separate Print Preview menu option; you just click Print as normal, and the current page appears in a new tab, where you can choose your layout (portrait or landscape), the pages you need, your printer and so on, before printing your selection with a click.
While this generally works well, we do have one issue. If you want to see the standard Windows printer properties dialog then you need to click Advanced, which would be fine if it wasn’t for the fact that the Print Preview tab then immediately closes – not what we’d expect. Still, for the moment we’re just happy that Chrome has Print Preview in any form, the fine tuning can come later.
The other major new feature this time is support for Google’s “Instant Pages”, which means that when you run a Google search, Chrome will prefetch the top search result for you (if it’s very sure you’re going to click it). In our tests this worked only occasionally, but when it does the results are impressive, with the selected page popping onto the screen in a flash.
Of course, as with any prefetching, there’s a risk that you may be downloading content which you never access, a particular problem if you’re on a slow or expensive 3G connection. If you’d like to keep your bandwidth use to a minimum, you might prefer to turn this feature off by going to Options > Under the Bonnet and clearing “Predict network actions to improve page load performance”.

To Download Chrome 13 stable click Here

SHARE OUR NEWS DIRECTLY ON SOCIAL NETWORKS:-

Web Browser Grand Prix 5

Posted by Avik Sarkar On 7/07/2011 06:20:00 pm

 
Three major released have landed since our last impromptu Web Browser Grand Prix (WBGP4): Chrome 12, Firefox 5, and Opera 11.50. Can Chrome or Opera regain the WBGP championship? Will Mozilla Firefox ever overtake Microsoft's IE9 in the rankings?
If it seems like it was only weeks ago when we were compelled to test the then-new Mozilla Firefox 4 against the reigning Web Browser Grand Prix champion Microsoft Internet Explorer 9 in Web Browser Grand Prix 4: Firefox 4 Goes Final, that's because it was only a few weeks ago.
In an attempt to curb the siphoning of its user base to Google, Mozilla decided to keep pace with the frenetic development cycle of Chrome. Firefox 5 is now a reality. But will Mozilla also keep up with innovation like Google? Furthermore, will a higher integer finally allow Mozilla to overtake arch-rival Microsoft in our performance metrics? Can former speed-kings Chrome and Opera reclaim the dual domination of our WBGP crown, as they did in 2010?
We've tightened up our suite of benchmarks for this article, cutting the fat that was Google's V8 JavaScript Benchmark and the redundant two-pixel variant of the GUIMark2 HTML5 Vector Charting test. We also fleshed it out by adding Facebook's JSGameBench, as well as battery life and reliability testing. But before we get to the benchmarks, let's get caught up on the latest developments in the continuing browser wars.
Opinions:-

The release of Firefox 5 was met with harsh criticism for its apparent lack of anything new. It has been said that Firefox 5 should have been called Firefox 4.1 or 4.2. Or even 4.02.
There is also a growing concern over whether the new rapid release schedule jives with IT departments. Firefox became a viable choice for many companies during the version 2 and 3 days. Mozilla also offers the preferred development platform for most Web designers. Basically, Firefox gained the reputation of being the most stable choice. By mimicking Chrome's development cycle, Mozilla may have shot itself in the foot.
Smack Talk:-

Microsoft took a shot right across the bow of Google and Mozilla by announcing that WebGL is “harmful,” and that IE10 would not be utilizing the specification. Several experts came out in support of Microsoft's assertion, though it should be noted that Redmond may have a dog in this fight with DirectX.

Attacking Mozilla even further, the Internet Explorer development team sent the Firefox development team a cupcake to celebrate the release of Firefox 5. Mozilla also received cakes from Microsoft for the release of Firefox 3 and 4. Full cakes. Obviously, this is in response to the criticism that Firefox 5 is nothing more than a minor update to Firefox 4. The included note read: "Congratulations on shipping! Love, The IE Team". "Congratulations on shipping" might have been in reference to the frequent delays that plagued Firefox 4, which was eventually made available more than six months late. Now that's a classy way to rag on somebody. Not missing a single opportunity to slam its competition, Microsoft also capitalized on the other major criticism of Firefox 5 when an IE developer boasted Microsoft's commitment to IT.
Mozilla shot back with a blog post addressing the IT issue, although in a very non-concrete way:

"We are exploring solutions that balance these needs..."

Not to be outdone, an Opera employee also had this to say in regard to rapid release schedule:

“Despite the version number (11.50), we've packed a lot of new features into it. While other browsers rush to release whole new version numbers with small tweaks, I think we've kept traditional versioning, while simply releasing a little faster.”Obviously, this comes at an unfortunate time for Mozilla, but one cannot help but wonder if this comment was meant for Google. Opera and Google have gotten into it pretty heavily in the past, and, for a time (before IE9), Chrome and Opera swapped places on a semi-monthly basis in the performance charts.

SHARE OUR NEWS DIRECTLY ON SOCIAL NETWORKS:-

Spammers are Exploiting Google+

Posted by Avik Sarkar On 7/06/2011 02:57:00 pm


Scammers have begun exploiting the launch of Google’s new Google+ social network, with a growing raft of spam emails that imitate Google+ invitations. Google+ is currently still in the testing phase following its launch last week, and users need to be invited by another Google+ member before they can sign up.

Fake invitations:-

However, some of those Google+ invitations are fake, and their links direct traffic to an online business called Canadian Family Pharmacy, which sells Viagra, according to Sophos. Sophos said the emails, distributed by a Canadian hacking group called Partnerka, look authentic.
“The spammers are no doubt hoping that the email will be hard to resist, as many people are eager to see what is being billed as Google’s answer to Facebook,” said Graham Cluley, senior technology consultant at Sophos, in a statement. “Research shows that last year alone, 36 million Americans bought drugs from online pharmacies, so this is a technique that is clearly continuing to work for spammers.”
Overall the scam is “amateur” in that it makes no attempt to use a site that looks like Google+ to harvest users’ personal information, Sophos said. While Facebook doesn’t allow friends lists to be exported to Google+, an extension is now available for Google’s Chrome browser that allows users to export friends data in a format that can be imported into Google+. Facebook has, however, begun modifying accounts to prevent the tool from working, according to Mohamed Mansour, who developed the Facebook Friend Exporter tool.

Google’s answer to Facebook:-

Google unveiled Google+ last week as its answer to Facebook, which has racked up some 700 million users in six-plus years. Seizing on the market leader’s seemingly cavalier attitude toward user privacy, Google envisions Google+ as a more nuanced approach to social networking that tries to give users complete control over what content they share online and with whom they share it. Available to users by invitation only for now, Google+ comprises four major components: Circles, Sparks, Hangouts and mobile, which includes instant photo and video uploads and group messaging.
Social Circles has been rumoured since March, and was at the centre of a clumsy smear campaign by Facebook which attempted to brand Google’s privacy as poor. Circles is a sharing service that lets users add circles, or groups of users united by common interests by dragging and dropping their profiles into a circle. Circles could include family, friends and colleagues.

SHARE OUR NEWS DIRECTLY ON SOCIAL NETWORKS:-

Chrome OS Has Serious Flaws, Said Researchers

Posted by Avik Sarkar On 6/30/2011 05:32:00 pm


Flaws could undermine Google's focus on security of Chrome-powered devices. Since Google's Chrome operating system is built to be used connected to the web, users' files and work will mostly be saved in the cloud. Using Google Docs applications for example, automatically stores the work on Google's servers so you can access it from anywhere across a variety of devices.

Google believes this is the future of computing, and its Chrome OS is designed specifically for Cloud-based use. It also allows Google to talk up security, as your documents are stored and well protected in the Cloud, whereas if somebody were to steal your Chromebook, they won't find all of your files on your HDD like they will if they steal your notebook PC.
However, researchers at an independent security firm say that Chrome's reliance on web computing also makes it vulnerable in other ways. WhiteHat Security researcher Matt Johansen was paid $1,000 by Google for reporting a flaw in the Chrome OS note-taking application that he successfully exploited to hijack a Google Mail account.
Since then, Johansen has said he found the same basic flaw with many other applications (or extensions). "This is just the tip of the iceberg," he told Reuters. "This is just evolving around us. We can see this becoming a whole new field of malware."

Johansen says the key to for Chrome OS hacking is to somehow capture data that is being sent and received by the Chrome browser, to and from the Cloud. "I can get at your online banking or your FaceBook profile or your email as it is being loaded in the browser," he said.
"If I can exploit some kind of Web application to access that data, then I couldn't care less what is on the hard drive." Such snooping could be done by exploiting a vulnerability found in a Chrome extension, for example. Google has recently revealed plans to improve the screening of Chrome extensions to avoid security problems. "Chrome is trusting these extensions more than it would be trusting just another website," Johansen said, referring to how the operating system gives extensions sweeping rights to access data stored on the cloud.

SHARE OUR NEWS DIRECTLY ON SOCIAL NETWORKS:-

Stable Version of Chrome 12 released

Posted by Avik Sarkar On 6/08/2011 06:52:00 pm


Google Chrome 12 is now the stable release of Google’s web browser, bringing several improvements in security, privacy and graphics capabilities. Chrome now checks downloaded files for malware, and Google claims it has designed the feature in such a way that it doesn’t have to know which URLs you visited or which files you downloaded to be able to detect malicious files. You can now also fine tune the data that websites store on your computer, including Flash Player’s Local Shared Objects (also known as Flash cookies), directly from Chrome.
On the graphics front, Chrome 12 includes support for hardware-accelerated 3D CSS, which enables some nifty effects such as rotating and scaling videos. Try this Chrome Experiment to see some of the new features in action. Finally, Chrome 12 brings several minor improvements such as an improved interface for setting a homepage and searching for Chrome Apps directly from the address bar.

SHARE OUR NEWS DIRECTLY ON SOCIAL NETWORKS:-

Linux Kernel 3.0

Posted by Avik Sarkar On 6/02/2011 03:57:00 pm



Last week began with speculation about a new kernel version number that ultimately resulted in the first big number change for Linux in more than a decade. Along the way, we also saw new Linux distribution releases, including Fedora 15 and the first beta of Red Hat Enterprise Linux 5.7.

1. Linux 3.0

Make no mistake about it, after two decades of being the leader of the Linux community, Linus Torvalds still makes the big decisions.
This week, Torvalds made the huge decision of starting a new numbered version of Linux, advancing the kernel to Linux 3.0, with a first release candidate debuting early Sunday. The Linux 3.0 kernel came after a week of discussion, which began with Torvalds first mentioning that he was considering advancing the number to Linux 2.8, instead of having a Linux 2.6.40 kernel release. "The voices in my head also tell me that the numbers are getting too big," Torvalds wrote in a mailing list posting. By the end of the week, Torvalds was advocating for a 3.0 release, as Linux is now entering its third decade. While big number version changes can often represent binary compatibility or big feature change issue with a software project, that's not the case with Linux 3.0. The 3.0 nameplate is a time-based thing, and it isn't about new features. Considering Linux 2.0 came out in 1996 and the more recent 2.6 branch began in 2003, the big number change is a long time coming for Linux. While some software projects, like Google's Chrome, change major version numbers every three months, Linux has iterated on the 2.6.x branch for more than seven years. The change to 3.0 may seem a bit arbitrary, but it makes sense on many levels. The time has come for a number change as Linux enters its third decade.

2. Fedora 15

This past week also marked the debut of Fedora 15, codenamed 'Lovelock.' While Linux 3.0 isn't about new features, Fedora 15 is about features, most notably the GNOME 3.0 desktop. Fedora 15 is the first of the big Linux distributions to integrate GNOME 3 and its associated GNOME Shell user interface. Fedora 15's GNOME 3 desktop stands in contrast to the Unity desktop that rival distribution Ubuntu debuted in April. While Fedora is a big backer of GNOME Shell, the project also realizes it's not for everyone and includes fallback mechanisms for older hardware as well as other desktop options, including KDE, Xfce and LXDE. Time will tell whether users prefer GNOME Shell to Unity or if they end up rejecting both desktops in favor of something else.

3. Linux Mint 11

For Ubuntu users that don't want Unity and don't want to move to Fedora (or something else), there is Linux Mint. Over the past couple of years, Mint has emerged as a community favorite alternative to Ubuntu. Based on Ubuntu, Mint takes the best of Ubuntu and aims to make it even easier to use. For GNOME users, Mint has elected not to use either GNOME shell or Unity, providing users with a more traditional user interface. Given the backlash in some corners against Unity on Ubuntu, it's likely that Linux Mint 11 will attract more than its fair share of Ubuntu 11.04 refugees. Will those former Ubuntu users stick with Mint over time? Considering Mint is based on Ubuntu, that's a bet that doesn't carry too much risk.

4. Red Hat Enterprise Linux 5.7

No, it's not a major new version number of Red Hat's Enterprise Linux (RHEL), but RHEL 5.7 is still an important release. This past week, Red Hat released the first beta of RHEL 5.7 with new driver and stability updates. RHEL 5.0 first came out in 2007 and has since been superseded by RHEL 6, which came out at the end of 2010. There is a class of users that don't magically switch overnight to major new releases (if ever) and that's why RHEL 5.7 is important. Looking beyond the usual set of driver updates, Red Hat (NYSE: RHT) also packed in at least one new feature too. RHEL 5.7 supports OpenSCAP, which is an open source implementation of the Security Content Automation Protocol (SCAP) framework for creating a standardized approach for maintaining secure systems. While RHEL 5.7 isn't a major new release, for Red Hat's RHEL 5 customer base, it's a solid update that will refresh their installed servers.

5. Puppy Linux

Linux users come in all shapes and sizes. While big vendors like Red Hat target mission-critical enterprise systems, other distros, like Puppy Linux, serve a different audience. Wary Puppy Linux is a minimal Linux distributions that requires less hardware resources than other distros. This makes it ideal for older hardware that other distros (and any other OS) would deem to be obsolete. This past week Wary Puppy Linux 5.1.2 was released with the promise of even better support for older hardware.


SHARE OUR NEWS DIRECTLY ON SOCIAL NETWORKS:-

critical Chrome bugs has been patched

Posted by Avik Sarkar On 5/26/2011 12:25:00 pm


Google on Tuesday patched several vulnerabilities in Chrome, including two a French security company said could be used to bypass the browser's anti-exploit technology.
But Chrome 11.0.696.71, which Google rolled out yesterday to users via its automatic update mechanism, does not patch the flaw that Vupen researchers said earlier this month could be exploited on Windows 7. Tuesday's security update was the second for the Chrome "stable" build -- the most polished version of the browser -- this month. Google fixed four vulnerabilities in the update, including two rated "critical," the category typically reserved for bugs that may let an attacker escape Chrome's "sandbox." Google has patched five critical bugs so far this year. One of the remaining pair of flaws was ranked "high" -- and got the researcher who reported it a $1,000 bug bounty -- while the other was labeled "low" on Google's four-step threat scoring system. The two critical vulnerabilities were credited to Google's own security engineers. Although Google declined to confirm that the two most serious bugs could be used by attackers to break out of the Chrome sandbox, and thus plant malicious code on the computer, French security firm Vupen said that that was likely. "The vulnerabilities fixed today and related to GPU and blob handling are a typical example of critical vulnerabilities that can affect Chrome and can be exploited to execute arbitrary code outside the sandbox," said Chaouki Bekar, Vupen's CEO and head of research, in an email reply to questions. Still unpatched, said Bekar, is the bug or bugs that Vupen said its researchers found, then figured out how to exploit, earlier this month. "The recent flaws we discovered in Chrome, including the sandbox bypass, remain unpatched and our exploit code works with version 11.0.696.71, too," said Bekar. Those vulnerabilities made news earlier this month when Vupen announced it had hacked Chrome by sidestepping not only the browser's built-in sandbox but also by evading Windows 7's integrated anti-exploit technologies. Within days, several Google engineers denied that the bugs Vupen exploited were in Chrome itself, claiming instead that the French firm leveraged a flaw in Adobe's Flash, which Google bundles with Chrome. Chrome has been resistant to attack, primarily because of its sandbox technology, which is designed to isolate the browser from the rest of the machine, making it very difficult for a hacker to execute code on the computer. For example, Chrome has escaped unscathed in each of the last three Pwn2Own hacking contests, an annual challenge hosted by the CanSecWest conference in Vancouver, British Columbia, and sponsored by HP TippingPoint's bug bounty program. No other browser included in Pwn2Own has matched Chrome's record at the contest. On Tuesday, Google spokesman Jay Nancarrow declined to comment further about the Vupen exploit claims, and referred to previous statements that Google was unable to investigate the bugs because Vupen would not share details of the flaws. Last year, Vupen announced a change in its vulnerability disclosure policies, saying it would no longer report bugs to vendors -- as do many researchers -- but would reveal its work only to paying customers. According to Web measurement company Net Applications, Chrome accounted for 11.9% of all browsers used last month, putting Google's program in third place behind Microsoft's Internet Explorer, with 55.1%, and Mozilla's Firefox, with 21.6%. Chrome 11 can be downloaded for Windows, Mac OS X and Linux from Google's Web site. Users already running the browser will be updated automatically.

SHARE OUR NEWS DIRECTLY ON SOCIAL NETWORKS:-

Google begins war against Windows

Posted by Avik Sarkar On 5/13/2011 11:02:00 pm



Google does battle with Microsoft in most of its business areas, but it's gearing up to tackle the big daddy of them all: Windows.

With Windows -- and Macs and other PC operating systems -- Google sees an inefficient, costly, and decidedly 20th century mode of computing. Data is stored on each PC's hard drive, so if a laptop is lost or damaged, all the data stored on it could be gone forever too. And when PCs break, they're expensive and time-consuming to fix.
 
That's especially true in the corporate world. Gartner estimates that each desktop in a corporation costs between $3,000 and $5,000 per year to manage. Laptops can cost even more.

Ironically, all that spending means offices end up with old, rickety computers that the users would never buy for themselves. The high cost of tech support makes it prohibitively expensive for many companies to keep their hardware and software up to date. Services firm NetApplications says that more than 50% of computers are still using Windows XP -- a 10-year-old operating system.

Google's (GOOG, Fortune 500) solution: Chrome OS, a Web-based operating system that is set for release on June 15.

On computers running Chrome OS, all of a user's information is stored in the cloud, in remote servers controlled by Google or other companies. Instead of a desktop software model, which relies on installed apps like Microsoft (MSFT, Fortune 500) Outlook and Word, customers will use on Gmail or another Web mail program, and Google Docs or Office 365, which exist online only. (Yes, you can run Microsoft's cloud Office software on a Google Chrome device.)

That goes for IT departments too. Intricate administrative software is replaced by a Web page that allows tech staff to manage all Chrome OS PCs. And Chrome OS automatically updates with the newest version, saving businesses from spending a fortune deploying new software versions.

"We're venturing into a really new model of computing," Sergey Brin, Google's co-founder, said at a press conference this week. "This head-to-toe software model eliminates a lot of complexity. Complexity is torturing everyone, and that's a flawed model."
0:00 / 2:51 Google's 'me too!' music cloud

Google believes it can save businesses at least 50% on their desktop support expenses if they switch to Chrome OS.

But Google has a long, long uphill battle to fight against the entrenched corporate behemoth that is Microsoft Windows. More than 90% of the world's computers run Windows.

Not every business is ready to simplify its hardware, since many rely on high-end software that does not yet exist as a Web application. And Google has had a shaky relationship with the enterprise in the past, gaining only tepid support for its cloud-based business applications suite.

Also, this has been tried before with practically zero success.

Nearly 20 years ago, Oracle CEO Larry Ellison predicted that "thin client," hard-drive-less desktops connected to and managed by a server would be the future of business computing. Sun Microsystems -- now owned by Oracle (ORCL, Fortune 500) -- also tried and failed to get businesses to adopt thin clients.

Google acknowledged past failures but says that this time, it's different. The company surveyed 400 businesses of all sizes and found that 75% said they could migrate to Chrome OS.

People are now more accustomed to running applications out of a browser, Google executives say. The company partnered with virtualization giant Citrix to allow Chrome OS computers to run Windows applications hosted in the cloud, letting businesses run Adobe (ADBE) Photoshop, for instance, on Chrome OS.

Also, unlike pervious attempts, Google is providing both the operating system and the computer as one package: For $28 per user per month ($20 for government offices and schools), companies can rent "Chromebook" netbooks from Google and get support included.

"For the first time, hardware and software are being packaged together as a service," said Sundar Pichai, Google's senior vice president of Chrome. "We think this can fundamentally change the way people use computing in companies."

As evidence that companies of any size can deploy Chrome OS, Google itself is in the process of switching over to the new operating system.

"We will be deploying them increasingly internally," Brin said. "I hope to report next year that we have a very small percentage of anything other than Chromebooks at Google."

Google thinks it can change the face of computing. The only obstacles: The world's largest software maker, notoriously stubborn IT departments and decades of history going against it.

SHARE OUR NEWS DIRECTLY ON SOCIAL NETWORKS:-

Google engineers deny Chrome hack exploited browser's code

Posted by Avik Sarkar On 5/13/2011 10:29:00 pm


Several Google security engineers have countered claims that a French security company found a vulnerability in Chrome that could let attackers hijack Windows PCs running the company's browser.

Several Google security engineers have countered claims that a French security company found a vulnerability in Chrome that could let attackers hijack Windows PCs running the company's browser.
Instead, those engineers said the bug Vupen exploited to hack Chrome was in Adobe's Flash, which Google has bundled with the browser for over a year.
Google's official position, however, has not changed since Monday, when Vupen announced it had successfully hacked Chrome by sidestepping not only the browser's built-in "sandbox" but also by evading Windows 7's integrated anti-exploit technologies.
"The investigation is ongoing because Vupen is not sharing any details with us," a Google spokesman said today via email.
But others who work for Google were certain that at least one of the flaws Vupen exploited was in Flash's code, not Chrome's.
"As usual, security journalists don't bother to fact check," said Tavis Ormandy, a Google security engineer, in atweet earlier today . "Vupen misunderstood how sandboxing worked in Chrome, and only had a Flash bug."
"It's a legit pwn, but if it requires Flash, it's not a Chrome pwn," tweeted Chris Evans, a Google security engineer and Chrome team lead, using the security-speak term for compromising an application or computer.
Justin Schuh, whose LinkedIn account also identifies him as a Google security engineer, chimed in with , "No one is saying it's not a legit exploit. The point is that it's not the exploit [Vupen] claimed."
When asked to confirm the source of the vulnerabilities it exploited, Vupen was blunt in its refusal to share any information.
"We will not help Google in finding the vulnerabilities," said Chaouki Bekrar, Vupen's CEO and head of research, in an email reply to questions. "Nobody knows how we bypassed Google Chrome's sandbox except us and our customers, and any claim is a pure speculation."
Last year, Vupen changed its vulnerability disclosure policies when it announced it would no longer report bugs to vendors -- as do many researchers -- but instead would reveal its work only to paying customers.
Today's Twitter back-and-forth between Google's engineers and Bekrar grew heated at times.
"When it comes to critical vulnerabilities, all software vendors/devs (including Google) always try to downplay the findings," Bekrar said on Twitter .
"I was thinking something similar about researchers who inflate their accomplishments," Schuh replied , also on Twitter, to Bekrar.
The point made by Ormandy, Evans and Schuh was that Vupen didn't exploit a bug in Chrome's own code, but in Flash, which has been partially sandboxed in the stable version of the browser since early March 2011 .
While the Google engineers seemed to acknowledge that a bug in Flash was involved in Vupen's exploit, they also defended the sandbox technology -- meant to isolate Flash from the rest of the computer -- even as it apparently failed to prevent an attack.
"The Flash sandbox blog post went to pains to call it an initial step," said Evans. "It protects some stuff, more to come. Flash sandbox [does not equal] Chrome sandbox."
The blog Evans referred to was published in December 2010 , where Schuh and another Google developer, Carlos Pizano said, "While we've laid a tremendous amount of groundwork in this initial sandbox, there's still more work to be done."
Chrome's Flash sandbox is currently available only in the Windows version of the browser; Google has promised to implement it in the Mac and Linux editions, but has not yet done so.
While Bekrar later hinted that Vupen's exploit did leverage a Flash vulnerability, he said the attack code also took advantage of at least one other bug. "[Chrome's] built-in plug-ins such as Flash are launched inside the sandbox which was created by Google, so finding and exploiting a Flash or a WebKit vulnerability will fall inside the sandboxes and will not circumvent it," he wrote. "A sandbox bypass exploit is still required."
Chrome has a reputation as a secure browser, in large part because of its sandbox technology. Chrome is the only browser to have escaped unscathed at the last three Pwn2Own hacking contests, the annual challenge hosted by the CanSecWest conference in Vancouver, British Columbia, and sponsored by HP TippingPoint's bug bounty program.
In March 2011, no one took on Chrome at Pwn2Own, even though Google had offered a $20,000 prize to the first researcher who hacked the browser and its sandbox.

SHARE OUR NEWS DIRECTLY ON SOCIAL NETWORKS:-

Related Posts Plugin for WordPress, Blogger...

Site search