Google Talk Guru

Google Talk Guru is a new Google bot that lets you ask simple questions. It's "an experimental service that allows people to get information like sports results, weather forecasts, definitions etc via chat. It works on many popular chat applications that support Google Talk."
Send an invitation to guru@googlelabs.com in Gmail Chat, Google Talk or any other Jabber client and find simple facts like "weather in London", "amplitude definition", "translate souris", "2^8", "web stanford" (which returns the top Google result for [stanford]).

The service is not as powerful as Google SMS, but it's still handy.

Analysis of TR/Spy.SpyEye

Avira TechBlog: SpyEye is a malware family which we are monitoring for some time. Today we are analyzing a sample which is detected as TR/Spy.SpyEye.flh by Avira products.

The Trojan is able to inject code in running processes and can perform the following functions:

• Capture network traffic
• Send and receive network packets in order to bypass application firewalls
• Hide and prevent access to the startup registry entry
• Hide and prevent access to the binary code
• Hide the own process on injected processes
• Steal information from Internet Explorer and Mozilla Firefox

A detailed analysis of this malware by Liviu Serban, Virus Researcher at Avira.

You can read this useful article here: http://techblog.avira.com/2011/03/30/analysis-of-trspy-spyeye/en/

This analysis is also available as download here (PDF).

Security Vulnerabilities in Chrome

Avira TechBlog: It looks like new Chrome releases aren’t due every six weeks as Google announced a few weeks ago, but once a week now – the company just released Chrome 10.0.648.204 and fixes 6 highly critical security vulnerabilities with it. Those security vulnerabilities allow attackers to smuggle in malware like Trojans without the user noticing.

That is why the automatic update mechanism is so important: When clicking on the tool symbol and choosing the “About Google Chrome” menu entry, the version check should show that Chrome is already on the current release – or offer to download and install the update in case that didn’t happen yet.

Chrome currently seems one of the best secured web browsers. Not only does it feature great mechanisms like sandboxing each browser tab from the others and putting PDFs and Flash into separate processes, but as soon as security holes get public, the bugfix release doesn’t take long. Great work, Google!

Google, Yahoo, Skype targeted in attack linked to Iran

Cnet: A malicious attacker that appears to be the Iranian government managed to obtain supposedly secure digital certificates that can be used to impersonate Google, Yahoo, Skype, and other major Web sites, the security company affected by the breach said today.

Comodo, a Jersey City, N.J.-based firm that issues digital certificates, said the nine certificates were fraudulently obtained, including one for Microsoft's Live.com, have already been revoked. A fraudulent certificate allows someone to impersonate the secure versions of those Web sites--the ones that are used when encrypted connections are enabled--in some circumstances.

The Internet Protocol addresses used in the attack are in Tehran, Iran, said Comodo, which believes that because of the focus and speed of the attack, it was "state-driven." Spoofing those Web sites would allow the Iranian government to use what's known as a man-in-the-middle attack to impersonate the legitimate sites and grab passwords, read e-mail messages, and monitor any other activities its citizens performed, even if the connections were protected with SSL (Secure Sockets Layer) encryption.

The attacker tested the certificate for "login.yahoo.com," but because it had been revoked, most browsers attempting to communicate with the site would see that it was not a trusted site, Comodo Chief Executive Melih Abdulhayoglu told CNET.

The spoofing would only work if the unknown perpetrators also operated the network, allowing them to use the Internet's domain name system to redirect innocent users to a fake Gmail.com site. That wouldn't be a problem for a national government like Iran, which controls the telecommunications infrastructure, but means that the impact of such a security breach is limited.

All the affected domain names "have to do with communications--they are not financially motivated at all," Abdulhayoglu said. "They must have done some surveillance and they knew exactly how to get in (to the Comodo partner system). This was a fairly well planned and executed attack." He refused to name the southern European partner whose systems were compromised, and said the Iranian server is now offline.

The Iranian IP address was linked to the compromise of the European registration authority affiliated with Comodo on March 15, according to another Comodo blog post written by Vice President Philip Hallam-Baker. Several IP addresses were used, but mainly IP addresses were from Iran, a separate incident report says.

If Comodo is right about the attack originating from Iran's government, it wouldn't be the first government to have done something like this. Late last year, the Tunisian government undertook an ambitious scheme to steal an entire country's worth of Gmail, Yahoo, and Facebook passwords. It used malicious JavaScript code to siphon off unencrypted log-in credentials, which allowed government to infiltrate or delete protest-related discussions.

"It does not escape notice that the domains targeted would be of greatest use to a government attempting surveillance of Internet use by dissident groups," Hallam-Baker wrote. "The attack comes at a time when many countries in North Africa and the Gulf region are facing popular protests and many commentators have identified the Internet and in particular social-networking sites as a major organizing tool for the protests."

Many major browser makers already have revoked the fraudulent SSL certificates. Mozilla said last night that "we have updated Firefox 4.0, 3.6, and 3.5 to recognize these certificates and block them automatically." Google Chrome has been updated, and Microsoft said in a security advisory that it was contacted by Comodo on March 16 and "an update is available for all supported versions of Windows to help address this issue."

"This issue affects any application or service utilizing SSL certificates that attempts to access one of the Web sites with fraudulent keys. We decided to take a holistic approach to protecting users," Bruce Cowper, group manager for Trustworthy Computing at Microsoft, said in an e-mail. "We built a mitigation into Microsoft Windows so that any application or version of Internet Explorer could leverage it for protection."

Apple did not immediately respond to a request for comment.

Opera does not need a specific patch for the problem, a spokesman said, adding that the company is considering blacklisting the nine fraudulent certificates, nevertheless. "Because the potential attacker would not be able to get a valid OCSP (Online Certificate Status Protocol) response with these certificates, Opera users will get immediate visual feedback," he said in an e-mail. "When we do not get a valid OCSP response, we will change the security level of the page. The security pad lock will disappear and the user will know that the site is no longer secure. We may be the only browser that handles invalid OCSP responses in this way."

Jacob Appelbaum, a Tor Project programmer, wrote in a blog post yesterday that this snafu shows that the Internet's trust mechanism, that was erected upon the idea of using signed digital certificates, is broken.

"This should serve as a wake-up call to the Internet," he said. "We need to research, build, and share new methods for ensuring trust, identity, authenticity, and confidentiality."

Read More here: Google News

Talking to your computer (with HTML5!)

Google Chrome Blog: Today, we’re updating the Chrome beta channel with a couple of new capabilities, especially for web developers. Fresh from the work that we’ve been doing with the HTML Speech Incubator Group, we’ve added support for theHTML5 speech input API. With this API, developers can give web apps the ability to transcribe your voice to text. When a web page uses this feature, you simply click on an icon and then speak into your computer’s microphone. The recorded audio is sent to speech servers for transcription, after which the text is typed out for you. Try it out yourself in this little demo. Today’s beta release also offers a sneak peek of GPU-accelerated 3D CSS, which allows developers to apply slick 3D effects to web page content using CSS.

Lastly, as mentioned in yesterday's blogpost, those of you on the beta channel will start seeing the brand new shiny Chrome icon on your desktops.

Stay tuned as we make all these updates widely available in the stable channel soon!

Switch to Gmail

Gmail Blog: Posted by Jason Toff, Product Marketing Manager

Switching email accounts can be painful. The idea of losing years of accumulated contacts and messages can sound daunting, to say the least. Luckily, switching to Gmail doesn’t mean you have to start totally fresh.

Back in 2009 we announced tools that let you import mail and contacts from other providers, such as AOL or Hotmail. Today we’re announcing the addition of fourteen more international domains to our list of supported email providers:

• aol.com.br
• hotmail.es
• hotmail.it
• hotmail.co.jp
• Kimo.com
• live.jp
• yahoo.es
• yahoo.cn
• yahoo.com.cn
• yahoo.com.hk
• yahoo.com.sg
• yahoo.com.tw
• yahoo.co.jp
• yahoo.it

We’ve also created a site, gmail.com/switch, with basic information and how and why you might want to switch to Gmail. If you’re reading this blog, chances are you’re already a Gmail user, but perhaps this link will be handy for friends and family.

We’re always looking for ways to make Gmail more useful -- both for existing users and new ones -- so, as always, we’d love to hear what you think!

Data loss at Play.com

Play.com, one of the largest online retailers of DVDs, CDs, MP3s, books and gadgets, emailed its customers yesterday admitting to a security breach in its marketing communications. Names and emails may have been compromised.

Play.com claims the breach happened outside its walls, so presumably they use a third party marketing consultancy to manage part or all of its marketing activities.

Here is one of the messages that was sent out to customers by Play.com:

Dear Customer,

Email Security Message

We are emailing all our customers to let you know that a company that handles part of our marketing communications has had a security breach. Unfortunately this has meant that some customer names and email addresses may have been compromised.

We take privacy and security very seriously and ensure all sensitive customer data is protected. Please be assured this issue has occurred outside of Play.com and no other personal customer information has been involved.

Please be assured we have taken every step to ensure this doesn’t happen again and accept our apologies for any inconvenience this may have caused some of you.

Customer Advice

Please do be vigilant with your email and personal information when using the internet. At Play.com we will never ask you for information such as passwords, bank account details or credit card numbers. If you receive anything suspicious in your email, please do not click on any links and forward the email on to privacy@play.com for us to investigate.

Thank you for continuing to shop at Play.com and we look forward to serving you in the future.

Play.com Customer Service Team

This is not the first time that Play.com suffered from this kind of incident. Back in November 2009, the BBC and others reported a similar ordering fiasco at the online retailer.

The Register reported at the time that one of its readers had received as many as 24 order confirmation emails destined for other customers. The confirmation email listed what items were ordered, email address, delivery address and payment method, but no other financial details.

While Play.com say that no credit card information has been stolen, but it is wise to keep your eye on your credit card transactions to ensure there is nothing amiss.

Advice for Play.com users:

* To be on the safe side, you should consider changing your Play.com password and the associated email account password.
* Be sure to always use different passwords for your different online accounts. If one gets compromised, you can rest assured that the bad guys might go searching other popular online spots to see if they can break into your account with the same password.
* If you receive any emails from Play.com that you were not expecting, do not open it - simply delete it.
* Companies need to make sure that any third parties they do business with have adequate security policies in place.

Firefox Extension Used in Facebook Scam

Symantec Connect: Not only Facebook is adding new and interesting features to its toolbox; spammers and scammers in Facebook are, too. Currently there is a scam making rounds using a classic “who is viewing your profile” themed bait.

So far - nothing new. After the user grants the application the requested privileges, which of course will send out the above mentioned spam posts to all his or her friends, the user gets redirected to a download instruction site. There he or she is asked to download the Firefox browser and then install a popular Firefox extension which allegedly gets downloaded over 27,000 times per week. This simple tweak should generate a new menu entry in Facebook which would then show user statistics.

Of course this “Facebook Connect” Firefox extension is not found on the official Mozilla domain but is hosted on a third-party site. This is not uncommon, so most users might ignore the generic warning displayed to them when installing the extension. Needless to say, the promised feature is not present in it. All the user has installed is a compiled Greasemonkey script which will open a remote site in a pop-up browser window each time the user visits www.facebook.com. Currently, the pop-up window promotes the same profile view feature scam mentioned beforehand, but this time the user has to fill in surveys in order to get through to it. Of course, this content could be changed at any time to something even more dangerous.

If you accidently installed the Firefox extension you can uninstall it from the browser menu: Tools-> Add-ons. There you can also see that the extension is honest enough and tells you exactly what it intends to do, which is: “automaticly (sic) open popup on facebook”.

Facebook’s security team already reacted and removed the offending applications and the corresponding posts from the user space. But as always keep an eye or two open, since where there is one scam, there are more to follow.

We also have seen the same extension being advertised in manual script scams. These are the ones where you get redirected to a Web site that asks to copy/paste some obfuscated javascript into the browser or even better, asks the user directly to post the message at least five times on Facebook.

An easy and good protection step against this variant is to enable the SSL login on Facebook, since the pop-up is only generated when the http version is loaded and not on the https site. In addition, this will help secure your session from sniffer shenanigans like those in the Firesheep extension.

Many Updates: Flash Player, Mac OS X, Firefox

Avira TechBlog: Today is a busy day for those who want to keep their computers secure: Many updates are available, from Adobes Flash Player over Apples Mac OS X operating system to the Firefox web browser.

There is a security vulnerability in Flash player which became public as a zero day vulnerability a week ago. It has been attacked in a limited fashion. Now Adobe released this security update which users can download from the website of the company. As this security vulnerability already gets actively exploited, users and administrators should apply the update immediately.

Apple also released new software: Mac OS 10.6.7, also known as Security Update 2011-001. It closes several security holes which allow attackers to remotely inject and execute malicious code – for example with specially drafted documents. But the update also solves some other issues. Mac users should start the update ASAP!

And then there are the Mozilla developers which just updated the last Release Candidate 2 of the Firefox 4 web browser before the weekend. It is meant to be released as the final version today, too. Next to more speed and a fresh, leaner and cleaner look (like a mix between Chrome and Safari), the software increases security quite a bit.

One of the most important changes in Firefox 4 is that like with Google Chrome, updates get delivered and installed automatically in the background. Unlike Google, new major version like 4.5 or 5.0 are not planned to be installed automatically, the Mozilla developers made clear though. Also, the automatic updater is currently only planned for the Windows version.

This is a great step forward to make computers more secure. Cyber criminals smuggle their malware like Trojans onto their victims PCs by abusing security vulnerabilities in outdated software most often. By installing the most recent version without security holes this gateway gets closed fast and automatically.

Thus Firefox users should download and install the new 4.0 version if possible. The update should be available through the update mechanism already – thus clicking on the “Help” menu and selecting “Check for updates” will make the update process start fast.

Firefox 4.0 final is released

Over the past week or two, we have been keeping track of the various releases of Firefox 4 including RC1 and RC2, counting down to the official release tomorrow, the 22nd of March. Though it is officially being released tomorrow, it has been made available for download today at the Mozilla FTP servers.

This is the third release of a browser version after Chrome 10 stable and Internet Explorer 9 RTM in recent weeks.

Firefox comes with many new features such App Tabs, hardware acceleration, Firefox Sync and much more.

For Firefox 4 Final Setup in your language, refer to official repository.

Due to heavy demand and traffic, the link may be slow or may even go down for sometime.

Download Firefox 4.0:

Firefox 4.0 for Windows: Mozilla – FileForum – Majorgeek

Firefox 4.0 for Linux (x86, x64): Mozilla

Firefox 4.0 for Mac: Mozilla

Installing an Application Using Internet Explorer 9

Google Operation System Blog: I tried to download the latest Chromium build using Internet Explorer 9 and it was one of the most painful downloading experiences. Microsoft tries to protect users from downloading malware and uses a feature called SmartScreen Filter that "checks software downloads against a dynamically updated list of reported malicious software sites". This feature was available in IE8, but the latest version of IE tried to improve it by analyzing application reputation.

"In analyzing software downloads actively in use on the internet today, we found that most have an established download footprint and no history of malware. This was the genesis of SmartScreen application reputation. By removing unnecessary warnings, the remaining warnings become relevant. With SmartScreen Application Reputation, IE9 warns you before you run or save a higher risk program that may be an attempt to infect your computer with socially engineered malware. IE9 also stays out of the way for downloads with an established reputation. Based on real-world data we estimate that this new warning will be seen only 2-3 times a year for most consumers compared to today where there is a warning for every software download."

Here's how difficult is to run mini_installer.exe, Chromium's installer:

Step 1: "Do you want to run or save this program"? Click "run".

Step 2: "This file is not commonly downloaded and could harm your computer." You have two options: "delete" and "actions". It's quite uncommon to label a button using a noun, but the only reasonable option is the generic "actions".

A help page explains that "when you download a program from the Internet, SmartScreen Filter will check the program against a list of programs that are downloaded by a significant number of other Internet Explorer users and a list of programs that are known to be unsafe. If the program you're downloading isn't on either list, SmartScreen Filter will display a warning that the file isn't 'commonly downloaded.' It doesn't necessarily mean the website is fraudulent or that the program is malware, but you probably shouldn't download or install the program unless you trust the website and the publisher."

Step 3: IE9 shows a modal dialog which informs you that "this program might harm your computer". Even though "SmartScreen Filter has little or no information" about the program, Microsoft's engineers thought it's a good idea to show two main options "don't run this program" and "delete program", followed by a cryptic "more options" drop-down. I clicked "more options" because I really wanted to install the program. (Update: this step was skipped the second time I tried to install the same file.)

Step 4: Microsoft finally shows the obvious option: "run anyway", but still recommends not to run the program.

There's a fine line between protecting users and annoying them, but IE9 managed to cross it.

WD Introduces 6TB External HDD for HD Content Creation

IRVINE, Calif., March 17, 2011 /PRNewswire/ -- Western Digital® (NYSE: WDC), the world's leader in external storage solutions, today introduced its My Book® Studio Edition™ II dual-drive storage system with a massive 6 terabytes (TB) of storage to meet the capacity needs of today's creative pros and Mac® enthusiasts who create, store, edit and archive large HD video and photo files. The new capacity provides users 33 percent more storage than the previous capacity, while maintaining the same footprint.

Combining its extended 6 TB storage capacity and compatibility with Apple® Time Machine®, the new My Book Studio Edition II drive becomes an instant storage solution for a variety of professions including art and design, photography, legal and medical, and a host of other small businesses.

The system offers a quad interface providing maximum performance and flexibility including eSATA and FireWire® 800 when maximum performance is essential, and FireWire 400 and USB 2.0 when system flexibility is most important.

"Thanks to advancements in HD video devices including digital SLR cameras and HD video cameras, the quality and quantity of video content being produced by professionals and enthusiasts alike has grown at an astounding pace," said Dale Pistilli, vice president of marketing for WD's branded products group. "The My Book Studio Edition II drive now available with 6 TB of storage provides creative individuals with the expanded storage and bandwidth they need to effectively shoot, edit, and safely store their video productions without the need to compress their videos or reduce the overall quality of them for the sake of available space."

Extra-fast Performance and RAID Supported Configurations

Fast eSATA or FireWire 800 interfaces, combined with RAID-supported configurations, will yield the speed and responsiveness users need for a variety of tasks including fast, smooth video editing; rendering complex 3D objects or special effects, and saving/transferring enormous blocks of data in a fraction of the time it once took.

Formatted for Mac computers(1), these new storage systems feature:

• Massive 6 TB capacity;
• Extra-fast performance with four interfaces (FireWire 800/400, eSATA, USB 2.0);
• Cool, eco-friendly operation with WD's drives with WD GreenPower Technology that consume approximately one-third less power than standard dual-drive external storage systems and efficient convection cooling architecture and power-saving mode and designed without a fan to run quietly;
• Automatic and continuous backup software;
• User serviceability, enabling the user to open the enclosure and replace the drive inside;
• Capacity gauge to see at a glance how much space is available on the system; and,
• 5-year limited warranty.

Pricing and Availability

My Book Studio Edition II dual-drive storage systems are available now at WD's online store

Porn Industry Could Get a “.xxx” Domain This Week

Mashable: The porn industry is rumored to win a major battle this week with the possible approval of the .xxx domain.

The Internet Corporation for Assigned Names and Numbers (ICANN), which doles out the .com, .net and .biz suffixes for website URLs, could approve the domain name on Friday, according to Politico. The report goes on to say that such domains would be available for purchase this summer.

Reps from ICANN could not be reached for comment. However, reports of the .xxx top-level domain (TLD) for adult websites have circulated before. Last June, ICANN was poised to approve the domain, according to multiple reports, but it didn’t happen.

The domain name, originally proposed by a company called ICM Registry in 2005, had been held up by the Bush Administration, which had bowed to pressure by religious groups that opposed .xxx. (Somewhat surprisingly, some pornographers have also taken issue with .xxx, declaring it a form of digital segregation.) Some proponents also point out that .xxx would result in fewer accidental landings on .com porn sites, though there’s no indication that the domain would be mandatory for all or any adult websites. The Obama Administration hasn’t taken a stand on the domain name.

If approved, .xxx would be the latest domain name approved by ICANN. It would follow .co, which ICANN approved for commercial use last July.

A Technical Analysis on the CVE-2011-0609 Adobe Flash Player Vulnerability

Microsoft Malware Protection Center: On March 14, Adobe released a security advisory (APSA11-01) warning of 0-day attacks affecting Adobe Flash Player (versions earlier than and including 10.2.152.33). These attacks were hidden inside Microsoft Excel documents that were used as a vehicle to deliver the exploit.

The Adobe Flash file embedded inside the Excel file is another carrier for the exploit. It loads shellcode inside memory, performs heap-spraying, and loads a Flash byte stream from memory to exploit the 0-day vulnerability, which is tracked as CVE-2011-0609.

We spent some time analyzing this new 0-day vulnerability. As with previous Flash Player vulnerabilities, this one abuses the bytecode verifier inside Adobe Flash Player. Adobe Flash files can contain ActionScript bytecode for AVM (ActionScript Virtual Machine). For this vulnerability, we're talking specifically about ActionScript3 and AVM version 2. Ideally, the bytecode should be verified on a per-method basis, before and during the method's execution inside the just-in-time virtual machine. But in some cases, the verification logic fails.

In the case of this vulnerability, the verifier failed to recognize a stack inconsistency after a series of operations and control flows. AVM security seems to be mainly dependent on the bytecode verifier and if it fails, the bytecode execution can be abused by the attackers.

We suspect this vulnerability was found using fuzzing technology from clean Flash files, because we found a file on the Internet that looks like it might have been used for the fuzzing. Through differential analysis between the original clean file and the exploit file, we could confirm the vulnerability.

We found that some of the old Flash Player versions were immune to these specific attack files, but, as the Adobe security advisory implies, it doesn't necessarily mean that old players don't have the vulnerability.

Details of the exploitation process.

To reliably exploit the vulnerability, heap-spraying is performed through AVM2. NOP-sleds are sprayed onto memory (image below) along with a Win32 shellcode.

Figure 1: Heap-spraying technique is used.

After the heap-spraying process, the actual attack code is loaded inside the Flash Player. The SWF file that triggers the vulnerability is converted from a hex-encoded embedded string object and executed as shown in the screen dump below:

Figure 2: A second flash file is loaded into memory.

The loaded SWF file contains a specially-crafted method that will cause the access of theoretically uninitialized memory. We say theoretically because in practice the said memory was initialized by the heap spray code, which enables the attacker to gain control of the execution.

We advise you that, for the time being, you don't click any suspicious Excel files or hyperlinks. We've only seen this attack delivered through Excel files, but there is no reason why this attack cannot also be achieved through bare Flash files.

Twitter goes secure - say goodbye to Firesheep with "Always use HTTPS" option

Sophos Labs: Good news on the social networking security front is that Twitter has finally got its act together to offer an Always use HTTPS option.

If you turn on this option, all of your personalized interaction with Twitter will be encrypted - not only while you are logging in, but also while you are posting tweets.

A lot of people fail to recognize the value of using HTTPS on Twitter. As long as your username and password are sent over HTTPS, so no-one can sniff them out of the ether, who cares if your tweets go over plain HTTP? After all, a tweet is meant to be public.

The problem is that once you have logged in, Twitter sends your browser a session cookie. This is a one-time secret. It is unique to your account and the current session.

Because your browser retransmits this session cookie in all future requests to the Twitter site, Twitter can see that it's you coming back for more. So you don't need to put in your username and password for every single tweet you send. You login once, and the session cookie identifies you for the rest of the current session.

Unfortunately, if you login to Twitter over unencrypted Wi-Fi - e.g. at a coffee shop or an airport lounge - then anyone who can sniff your session cookie can pretend to be you. That means they can post tweets as you. And you don't want that. (It happened to Mr. Demi Moore, a.k.a. Ashton Kutcher, recently, no doubt to his considerable embarrassment.)

Turning on full-time Twitter HTTPS keeps your session cookie encrypted throughout your login session. This is definitely what you want.

Don't forget that it's not just experienced hackers who can sniff Twitter cookies and use them to impersonate you.

The infamous Firesheep plugin to Firefox automates this cookie-stealing process - known as "sidejacking" - so that anyone who can use a browser can do it.

To enable this new Twitter option, go to your Settings page.

At the bottom is the new Always use HTTPS option. Turn it on and click[Save], and then [Save changes].

Do it today.

(Note: as a commentator below points out, it's not clear if, or how, non-web-browser Twitter clients will support this new option. If in doubt, please ask the vendor of your Twitter client, or follow the Simplicity Principle and stick to using your browser when tweeting.)

New Chrome Logo

The latest Chrome Dev Channel release comes with a new Chrome logo that's more plain and boring, but looks better as a desktop icon. Even if not many people will switch to a different browser just because they don't like the new logo, Chrome lost some of its magic by switching to a visual identity that's no longer vibrant and picturesque. Here's the new Chrome icon:

... and the old Chrome icon:

There's also a new logo for Chromium, the open source browser that powers Google Chrome:

Google Docs Gets a Real-Time Upgrade

In a bid to make Google Docs more appealing to workers and consumers, Google is rolling out a new feature that lets users of its productivity service discuss shared documents in real-time. The upgrade is aimed at helping users resolve issues faster.

The new discussion feature is also part of Google’s ongoing effort to dethrone Microsoft Office as the leader in productivity apps. By enabling more real-time discussions, Google is building off the strength of its cloud-based approach to apps and recognizes the way users increasingly are accustomed to communicating online.

Here’s how it works: Users can hold ongoing threaded conversations within a document using time stamps and profile pictures and @mentions, similar to Facebook. They can easily add people to the conversation and ultimately remove the conversation from view on the document by resolving the issue.

Google will also notify users of new messages via e-mail when they are mentioned in a discussion. A user can reply through e-mail or jump into the document. The promise of discussions is really to get people to collaborate quickly inside the document. Oftentimes, people are working on a document but their discussion is transferred to e-mail. With the new discussion feature, there’s a better chance of getting a group to move quickly.

The upgraded discussion feature builds off the overhaul of Docs last April, which introduced real-time collaboration editing features and moved comments to the sidebar. And it continues the string of improvements for Google Docs, which got a new updated interface in January and earlier enabled mobile document editing.

The new discussion feature be available over the next few days to Google users and as well as Google Apps customers on the Rapid Release track. The update will only apply to new documents so the old commenting system will remain for existing docs.

Google Toolbar 8, Powered by Google Chrome

Google Operation System: After Google released Chrome, Google Toolbar's development slowed down. That's because Google Toolbar is no longer the primary vehicle for adding browser features and Google mostly focused on improving Chrome.

Google Toolbar 8 is a completely new version of Google's add-on that was available as part of Google Labs. "Google Toolbar 8 is actually built and runs on top of the Google Chrome Frame platform. This means that Toolbar 8 will run more like a web app in that it can be customized and updated much more frequently and easily. It also means that Google Chrome Frame is installed at the time of Toolbar 8 installation," explains Google.

The new version of Google's toolbar only works in Internet Explorer right now and it doesn't include all the features that are currently available in the latest public version. Google included some new features: buttons for the most visited sites, Google Dictionary integration and Google Instant. "Google Toolbar displays up to seven of your most visited sites as buttons. Click on a button to go directly to its site. When you download the new Google Toolbar your toolbar will display buttons for Gmail, Google Calendar, Google Docs, Youtube, Google News, Google Reader and Google Tasks by default."

WebM Plugin for Internet Explorer 9

Google Operation System: Internet Explorer 9 will be released later today and one of the many new features is the native support for videos. Unfortunately for Google, Microsoft decided to only support H.264 videos by default, so you can't watch WebM videos without installing additional software.

To solve this problem, Google developed a WebM plugin for IE9. "They said elephants couldn't ride flying dolphins. They said that one of the world's most popular browsers couldn't play WebM video in HTML5. They were wrong," mentions Google half-jokingly.

The plugin only works on Windows 7 and Windows Vista, the two operating systems supported by IE9. Google suggests to search for WebM videos on YouTube, but I'm not sure if the plugin was really necessary since YouTube's HTML5 player also works with H.264 videos.

Last month, Microsoft released a plugin for watching H.264 videos in Google Chrome that will be useful when Google drops support for the popular codec.

Internet Explorer 9 is out, includes new security features

isc.sans.edu: Microsoft released version 9 of its Internet Explorer web browser. You can download IE 9 from windows.microsoft.com.

Microsoft also set up a domain dedicated to the new browser: www.beautyoftheweb.com. Unfortunately, that site isn't hosted under the microsoft.com domain, nor does it have an SSL certificate to confirm that it belongs to Microsoft. Using this site to distribute the browser goes against the advice of downloading software only from known vendor websites. Copycat malicious sites claiming to distribute IE 9 will probably appear shortly, if they aren't around yet.

Internet Explorer 9 includes a number of security improvements that make the upgrade worth your consideration. These include application reputation capabilities that are part of the SmartScreen feature that helps protect the user against socially-engineered malware. The browser also supports the notion of Pinned Sites, which implements "secure launch" capabilities to safeguard users' sessions with important websites. Internet Explorer 9 also improves its resistance to exploits by embracing support for DEP/NX, ASLR and SafeSEH memory protection capabilities. The new browser also improves the messages its users see when they download files and programs; the messages are designed to make it easier for the users to assess the risk of opening such files.

Have you had a chance to experiment with Internet Explorer 9? Let us know what you think of its security capabilities.

Twitter using Gamification to increase followers

I just read an interesting post in ThinkVitamin.com and wanted to share with you:

I just signed up for a new Twitter account and as I was going through the on-boarding process, I noticed Twitter has introduced a bit of Gamification to encourage you to follow more people.

They use a simple progress-bar metaphor to encourage you to follow 10 people. I like it.

Pinguy OS 11.04 Pre-Alpha Released

Pinguy OS an out-of-the-box working operating system for everyone, not just geeks.This OS is for people that have never used Linux before or for people that just want an out-of-the-box working OS without doing all the tweaks and enhancements that everyone seems to do when installing a fresh copy of Ubuntu or other Linux based Distro's.

Read Full Story here: http://www.ubuntugeek.com/pinguy-os-11-04-pre-alpha.html

Gmailers: Skinnier and smartier than Yahoo! users?

A new study shows that Gmail users are more likely to be young, thin, career-minded men, while Yahoo! is more typically home to overweight, older women

Web curator Hunch.com asked its 700,000 users which email service they use, as well as a series of questions about their lifestyles. With 75 million answers to work with, the site was able to discover some striking differences between users of Gmail, and those who have stuck with older web clients like Yahoo!, Hotmail, and AOL. For instance, Gmail users are more likely to be young, Yahoo! users are often extroverted, and AOL users have typically been in a relationship for more than ten years. Here are four other takeaways from the study:

1. Gmail users are techies
When users were asked to "describe your relationship with techno-gadgets and gizmos," 66 percent of Gmail users said they "love them," as compared to 47 percent for Yahoo! and Hotmail, and 42 percent for AOL. Gmail users are also more likely to buy new gadgets when they're first released, whereas "non-Gmail users subscribe to the belief that 'if it ain’t broke, don’t fix it,' especially if the new fix is cost-prohibitive."

2. Gmail is for men; other services are for women
Of the four main email services, only Gmail users were more likely to be male than female. To get more specific, Gmail attracts liberal, college-educated males aged 18 to 34. The most common AOL user, meanwhile, was a 35- to 64-year-old woman. Hotmail attracts younger women who often live with their parents in the suburbs, while Yahoo! appeals to family-focused mothers who are younger than their AOL counterparts.

3. AOL and Yahoo! users are overweight
The aforementioned 35- to 64-year-old female AOL user is likely to be family-focused — and overweight. Yahoo! users, too, skew heavier than Hotmail and Gmail devotees.

4. Employers frown on AOL
This study makes clear that "unless you have a custom domain connected to an elite alma mater or a professional website that hiring managers will find irresistible," it's best to use Gmail to apply for jobs, says Samantha Murphy at TechNewsDaily. Not only does AOL signify a bygone email age, it also has a bad reputation for sending out spam.

Critical Adobe Flaw without Patch

Avira TechBlog: A vulnerability within the current versions of Adobe Flash Player on all supported platforms has been found, warns the company. Affected are not only the Flash Player installations, but also Adobe Reader and Acrobat via the “authplay.dll” Flash Player integration. Currently there is no mitigation which will help against the exploitation – so only opening expected documents from trusted sources for the time being is a good advice.

Adobe explains that they found an Excel sheet with malicious SWF content exploiting the vulnerability as an email attachment in a very limited, targeted attack. The reason for this is simple – one wouldn’t expect such malicious content in an Excel sheet; not opening unrequested documents thus is a way to mitigate the risk. Adobe plans to ready an update until next week aorund the 21st of March and will ship it immediately then. For Adobe Reader X the patch will take a little longer as the integrated sandbox prevents a successful exploit.

Chat with your Facebook friends on Yahoo! Mail Beta

Yahoo Mail Blog wrote:

Greetings, Yahoo! Mail Beta users!

Some exciting updates to Yahoo! Mail Beta that we’re in the middle of rolling out:

“Hello, my name is Stephanie and I’m a Facebook addict.”
To all you fellow Facebook addicts out there, you might already know that we provide Facebook integration in our downloadable Messenger client. Now you can chat with your Facebook friends in Yahoo! Mail too! On the left, you’ll see “Facebook Friends” under “Online Contacts”. If you click on the thunderbolt, you will be prompted to authenticate on Facebook Connect (if you haven’t already). Once you’ve authenticated, your online Facebook friends will appear below “Online Contacts” and you can chat freely. As if Facebook was not addictive enough on its own, right? ;)

Giving you more message space
We’ve been hearing a lot of feedback from you about how much space the purple header takes up and how it limits how much of the actual message content you can see at once. We still want to provide some room to showcase our existing and future themes at the top of the page, but now you can scroll the entire Yahoo! Mail page so you can see as much message content as possible. Just go to Options>Mail Options and select “Scroll content of the entire page”.

Along with the ability to scroll the entire page comes another way to view your inbox. For those of you who are coming to the Beta from our Yahoo! Mail Classic product, we now have a paginated Inbox list view that might look familiar to you. You can view 50 messages in your list and click to go to the next, previous, first or last pages. When you click on a message subject line, we’ll load that message in a full tab. You can change the number of messages per page by clicking on Options>Mail Options and then selecting from 50, 100 or 200 messages at a time. If you still prefer the preview pane mode, you can also change this setting by going to Options>Mail Options and selecting “Scroll each panel on the page individually”. Try it out and let us know what you think!

Access to your past IM conversations
I don’t know about you, but my friends are always, always sending me important links, dates, addresses and other tidbits of information via IM. If you’re anything like me, you’re always, always forgetting exactly what was said/shared. What restaurant were we supposed to meet at? Where is that hilarious link Mike sent me about iPhone autocorrect fails? I rely heavily on my archived messages on the Messenger client and am so excited that we now give you access to your past IMs in Yahoo! Mail Beta. Just click on “Conversations” on the left side just below “Inbox” and see all your past IM conversations from Yahoo! Mail Beta (and the latest downloadable Messenger client).

Known issues with Yahoo! Mail Beta
We’re still working hard to iron out all the kinks in Yahoo! Mail Beta and there are a couple of hairy bugs that you’ve been telling us about on our suggestion board, blog, etc.:

• Randomly getting logged out of Yahoo! Mail Beta – we just fixed this issue, so please let us know if you are still seeing it.
• Attachment upload/download slowness and failure issues – we are aware of these issues and we will release fixes as soon as we possibly can. We’ll keep you up to date on this blog and our suggestions board. Thanks for your patience!

Spammers Exploit Japan’s Catastrophic State

Symantec: Only a few days ago, Japan experienced one of the worst earthquakes in its history. The earthquake registered 8.9 on the Richter scale and triggered an enormous tsunami. The heart-wrenching images on television have left the world shaken. It was the worst earthquake and tsunami in the past century and at least 50 countries have since received related tsunami warnings.

As the death and injury tolls continue to rise, one must not forget those who awake to exploit such delicate situations—spammers continue to maintain the guise of charitable institutions and governmental organizations! Don’t be surprised to  suddenly see an email message in your inbox marked as URGENT and pleading with you for "monitory help" [sic] or a phishing mail urging you to donate to the rehabilitation of those affected by the quake and tsunami. Use prudence in finding out the genuine intent of email senders before you reach out or respond.

Within the first few hours of the earthquake and tsunami, Symantec researchers observed more than 50 domains with the names of either "Japan tsunami" or "Japan earthquake." These domains are either parked, available for sale, or are linked to earthquake sites. Don’t be surprised if you see these domains been used in phishing and spam attacks. Below are a few of the samples:

3-11-2011-[removed].com
3-11[removed].com
earthquake-[removed].com
earthquaketsunami[removed].com
earthquakerelief[removed].com

Symantec has observed a classic 419 message targeting the Japanese disaster. The message is a bogus "next of kin" story that purports to settle millions of dollars owing to an earthquake and tsunami victim:

Previously, when such disasters occurred, Symantec observed a sudden surge in virus attacks in the form of nasty attachments and .zip files embedded in spam sent from such predatory attackers. Do not open them, especially if you don’t know the source! Use caution when opening forwarded messages related to the Japan earthquake and tsunami, and any other tragedy or event that stirs international news coverage, legitimate and otherwise. Nefarious attackers may be sending malicious Java scripts and other threats that could compromise both your personal data and your computer.

While our hearts go out to those grappling with this unprecedented catastrophe, we at Symantec want to urge users to be cautious about unscrupulous elements. Symantec recommends that our readers reach out to the affected through legitimate and secure channels so that the help sent by you reaches the intended recipients.

PWN2OWN - Apple v. Google v. Microsoft v. Mozilla v. BlackBerry!

Sophos Labs Blog: If you're interested in computer security, you've probably heard of PWN2OWN. It's a competition which has become an annual fixture at the annual CanSecWest conference in Vancouver, British Columbia.

The competition gets its name because, as the CanSecWest organizers explain, "If you can execute arbitrary code (PWN) on these [laptops or mobile phones] through a previously undisclosed browser (Firefox, IE, Safari) exploit, you can go home with one (OWN)."

The browsers under fire this year were: Microsoft Internet Explorer, Apple Safari, Mozilla Firefox and Google Chrome.

The mobile phones up for bombardment were: Dell Venue Pro running Windows 7, iPhone 4 running iOS, Blackberry Torch 9800 running Blackberry 6 OS and Nexus S running Android.

Whether you think the buying of vulnerabilities and exploits (through cash payments or prizes) is morally acceptable or not, it's a mainstream practice in the security industry these days.

Indeed, the pwn2own competition is run by none other than HP, owners of the TippingPoint Zero Day Initiative (ZDI) brand. ZDI is a programme which pays for vulnerabilities, thus rewarding bug-hunters for results which are fed back into the security community rather than sold to cybercrooks. Pwn2own adds some overt competitiveness into the business of bug-finding!

HP promised to publish the names of the winners "as they (presumably) succeed", but though the contest ended on Friday last week, no official announcement has yet been made.

But that doesn't matter - thanks to social networks, the results hit the internet in near-real time, so we already know that the following were pwned:

* Safari
* Internet Explorer
* iPhone 4
* BlackBerry Torch 9800

Firefox, Chrome, Android and Windows Mobile 7 all remained unpwned.

Apparently, even the most recent version of Safari, 5.0.4, released just a day before the competition, is still vulnerable to the attack.

On the other hand, the most recent iOS upgrade for the iPhone, iOS 4.3, heads off the exploit used at pwn2own. That's good news for iPhone 4 and 3GS users, who can upgrade, but bad news for earlier Apple devices, which can't be upgraded.

Technically speaking, Google Chrome didn't actually survive an attack - the contestant who was due to take it on didn't turn up. Nevertheless, the rules are the rules, so Chrome wasn't pwned.

However, the software flaw used in successfully attacking the BlackBerry was present in Google's Chrome browser, which is based around the same Webkit codebase. In a laudably quick response, Google almost immediately patched the offending code in Chrome.

By the way, we often hear that software is getting worse, because ever more vulnerabilities are being found. But that's not surprising, now that companies like HP openly pay researchers for finding vulnerabilities and revealing them under controlled conditions.

There's much more motivation for security researchers to spend several weeks working through from a theoretical vulnerability to a practicable exploit when there is potential revenue at the end of it. That alone is a reasonable explanation for the increase in reported vulnerabilities over the past few years - and since known holes can be fixed, that's not a bad thing.

So I'd like to think that the outcome of this year's pwn2own is a Curate's Egg - good in parts. Half of the browsers and half of the mobile devices went unpwned.

There's also a potential silver lining in the pwn2own failures: with Apple's software falling to attackers on both laptop and smartphone devices, perhaps those Apple users who are still in denial about the possibility of malware infections on their beloved MacBooks and iHardware will think again!

More Browser Updates

Avira TechBlog: Well, actually we expect some more updates as some security vulnerabilities have been revealed at the Pwn2Own contest during the CanSecWest security conference. Google is the first and pushes out version 10.0.648.133 – which fixes one security vulnerability within WebKit (the base of the Blackberry, Chrome and Safari webbrowsers). As usual, the update is spread via the built-in automatic update mechanism. Users can make sure to use the latest version by clicking on the tool symbol and choosing the “About Chrome” menu entry.

Microsoft advises users to switch to Internet Explorer 9 which is soon to be released as final version according to the media. The company says that the flaw which has been abused for hacking the laptop during the Pwn2Own contest isn’t present in the new version.

Hopefully RIM, Google and Apple will deliver updates for the browsers for example on the smartphones based upon their operating systems soon, too.