From The Blog

Displaying items by tag: Google

Monday, 03 October 2011 07:23

Chrome Accidentally Identified as Malware

MSEssentialsSometimes old news is funny news and this one falls into that category. On Friday the 30th of September a new malware definition database for Microsoft’s Security Essentials (that comes with almost every current version of Windows) began mistakenly (?) identifying Google’s Chrome Web Browser as a form of Malware known as Win32/Zbot.  As a result it either blocked or removed Chrome from the “infected” system.

Now Win32/Zbot is a nasty little piece of malware that is known to steal passwords and other personal information. According to information about Zbot in the internet it is capable of grabbing FTP passwords, E-Mail passwords, lowering security on IE, FireFox and other browsers other malicious activities. Microsoft quickly released an updated signature database that corrects the false positive, but it is also worth mentioning that Google released an updated version of Chrome as well.

My question is this, if Chrome was not exhibiting any “unwanted” behaviors then why change it? After all Microsoft released an updated engine to prevent it from being removed unintentionally. Perhaps it has something to do with the way that Chrome scavenges user data and stores browsing history (even if the user tells it not to). Since its release there have been concerns over the way Chrome caches browsing history, passwords and other sensitive user information. In fact in the early releases we tracked the software writing to the System Volume Information folder and then sending this data back to Google serves. We have heard that this behavior is no longer happening but have not tested the latest versions.

Unless I have completely missed the mark I have a feeling that there is a little bit of truth to the accidental identification of Chrome as a Malware and that Google had to respond to prevent other Malware prevention software from finding the same thing. Meanwhile many IT departments still prohibit the use of Chrome for security reasons… you be the judge on this one.

Discuss this in our Forum

Published in News
Wednesday, 14 September 2011 07:08

Windowd 8 Detailed at Microsoft's Build Conference

viewYesterday all of the news was about Microsoft’s Build Developer conference out in California (Anaheim to be exact). Now this conference is (as you could guess) all about developing applications and software for Windows operating systems and also about Windows in general. So it should come as no surprise that one of the highlights was the talk about Windows 8. Attendees at the conference were treated to a preview of Microsoft’s next OS even though the Developer’s blog on Windows 8 has been very handy in keeping the press and the rest of the world up to speed on things. We have reported on one or two new features highlighted on that site and are looking forward to hearing about more of them in the near future.

However, all that aside, back to the Build conference. The attendees were not only treated to a more in-depth preview of Windows 8 they also heard from some of the manufacturers that are going to support Win8. One of these was nVidia as they talked up their new developer program for Windows 8 on x86 and Tegra. nVidia has been talking about Windows 8 for some time (as have we) and they are looking forward to it launch so that they can begin rolling out the Windows 8 based tablets for their Tegra SoCs.

Windows 8, unlike previous versions of Windows, will be something of a game changer. Microsoft has worked pretty hard to make this OS more hardware friendly including showing that you can run this on an older Atom CPU with as little as 1GB of RAM. Other nice options (very tablet friendly options) are things like full NFC (Near Field Communication) support. This allows you to interact with items like Bluetooth headsets with a single tap, tap-to-share file access, and other items once reserved for smartphones.  We have to wonder if Google and Apple are getting a little concerned about the Windows 8 right about now.

For those of you looking to try things out, there is a developer preview available for download.

Discuss in our Forum

Published in News
Monday, 12 September 2011 21:55

HTC could be looking to buy WebOS

3d-11It has not even been a month since the announcement of HP’s decision to kill off the mobile operating system it bought from Palm WebOS. Now we hear that HTC could be considering buying this operating system from HP and starting its own mobile OS. If they do this it would put them in competition with a few companies that they have a long standing relationship with. I am also pretty sure that Google and Microsoft might think twice about stepping in to help (well ok help more) them in their ongoing (never ending) patent battle with Apple if they suddenly found themselves cut out  of some of the business they get from HTC.

We also hate to say this but WebOS was not that much of a hit on the market. It had an impact at a time when Android was in its infancy, iOS sill did not have copy and paste and Windows Mobile OS 6… well we all remember WinMobile 6.  We also think that now is not the time for HTC to be diving into this as they have quite a few fish in the pan already. The financial impact of buying WebOS, then developing it into something that is marketable and then pushing these products onto a market that is split into roughly two houses (Google and Apple) could end up being too much for the embattled company.

We really hope this is nothing more than a rumor and that HTC remains dedicated to making hardware and does not try to branch out and become its own channel.

Discuss in our Forum

Published in Leaks and Rumors
Wednesday, 07 September 2011 22:25

The Apple Legal Update 9-7-2011

73As there is so much news about who Apple is suing and who, in return, is suing Apple right back we are going to combine some news today. First up is an interesting piece where we find HTC has filed a new suit against Apple based on some patents that were formerly owned by one time bosom buddy Google. Remember that long ago time when Eric Schmidt sat on the Google board and things seemed so cozy between the two.  Now things are different and these two companies now sit on opposite sides of the market. However, where Apple wants it all (they really do want to control everything about their products) Google is willing to work with others (for now).

The suit that HTC has filed is based on Patents that were transferred to them from Google just days ago (September 1st). These were originally from multiple companies such as Palm and Motorola. This is the strongest show of support from Google since the Apple legal team began its campaign against Android. It may also be an indication that Google is getting ready to wade into the party. After all, the advertising giant recently bought Motorola and now has its stable of patents to bring to bear on Apple. Things are certainly going to heat up soon and with the last few “less than expected” verdicts handed down to Apple competitors in the EU we might indeed be seeing a shifting in the never ending patent wars over smart phones and tablets.

Moving on to the next item that we found interesting; we come to another Judge using that rarest of abilities; common sense. Here we find that Federal Court Justice Annabelle Bennett has told Apple that they cannot show that Samsung’s products can potentially hurt sales unless Apple is willing to show their exact sales numbers. This is something that Apple has never liked to do. They will hint at things, make indirect claims but it is usually up to the press to try and ferret out the information based on other factors that can be tracked. However, because of this policy of secrecy Apple may lose out one way or the other. If they reveal the numbers and they show that Samsung is not hurting them in the US or EU these exact numbers can be leaked to the rest of the world and it would set a precedent that might have echoes around the globe. It would be really a pain if Apple had to actually prove things instead of just claiming them and having done with it.

Sources CNET and Fudzilla

Discuss in our Forum

Published in News

84So it appears that Google thinks people should use their Chrome Browser even if they work at a company that restricts things of this nature (often with very good reason).  Although you will not hear much about this it has been a well-documented fact that Chrome caches web pages (even in private mode) and also runs certain applications after Chrome is closed. These APIs read and write data to the System Volume Information folder and also do a few other things that are suspicious at best. This (amongst over things) has caused more than a few companies to ban the browser from use inside the corporate network.

However, Google still thinks that it has the right to let people by-pass these restrictions and install software that is not authorized. They have done this with a plug-in called Chrome-Frame. Chrome Frame is an API that allows a web page to be rendered using Chrome’s engine inside the currently running browser.  I guess this is for people that do not want to use multiple browsers, and is fine as long as it is something they want to install and (in the case of someone at their place of employment) it is authorized to be installed. This was not good enough for Google though, they have written a version of the plug-in that allows this to be installed with elevated privileges by-passing restrictions that are in place to prevent this from happening.

Now, I know there are some that will not understand why this is bad. They will say that people should be able to view the internet and that companies that are still on IE6 or 7 (which are no longer supported by GMAIL and other Google sites) are hindering their employees. However, most companies have fairly strict policies on browsing. This is mostly to prevent malware but also to help increase productivity. I know at more than one company I have worked for we provided internet systems in the break room and lunch room, but prevented all browsing on the users workstations. We also were never hit with a virus on any user desktop, but had them on the employee internet systems.  So it is not unusual to place these restrictions on browsing. It is entirely wrong (not to mention arrogant) of Google to create something that by-passes these restrictions. It also opens up a vector for attack as someone will find a way to usurp the plug-in and execute code through that elevated API, it is nothing short of Malware all on its own.

Discuss this in our Froum

Published in News

Not that long ago Microsoft was the victim of an incorrectly assigned certificate. This was issued to more than just Microsoft and caused some havoc with a few firewalls (like Microsoft’s ISA) that check for security certificate validity. Because of the malformed Cert people were not able to get to Hotmail and other secure Microsoft sites or they received an error saying the certificate could not be trusted. Microsoft quickly remedied the issue, but it had an impact.  

certNow we see something similar has happened to Google. A Dutch certificate service by the name of DigiNotar issued a certificate for to a company that is certainly not Google. The response has been immediate with companies stating that they are going to release patches that will revoke the DigiNotar trust (which is not found in many US systems but is big in Europe apparently.

Some are attributing this attack to the Iranian Government or others inside Iran. This is mostly due to the Comodo issue that happened a few months ago that was claimed by an Iranian Patriot. However, there is no evidence that this was the case this time this could be the work of others, but it does illustrate a fundamental flaw with Security Certificates.  You see as it stands right now a third party is responsible for verification and issuance of the certificate that proves that a website is how it claims it is. It is not all that hard to intercept the confirmation notices in reality. It is also possible that some companies (there are well over 600 Certificate Authorities now) are unscrupulous enough that they might sell off the master keys to a site so that someone could produce their own certificates.

In short there needs to be a serious overhaul of this system to protect against the increasingly sophisticated attacks that are happening on the web.

Discuss in our Forum

Published in News
Tuesday, 16 August 2011 22:20

Who Will Benefit more? Google or Motorola?

motorola_droid_x1Although the news of Google’s purchase of Motorola Mobility is days old we have to wonder about the slew of articles that have come out recently. We all know (whether we choose to admit it or not) that the purchase of Motorola was to bolster Google position in the market of the mobile OS. They, like others, have a lot to fear from Apple’s seemingly endless supply of accusations of copying, patent infringement and friendly venues. However, the deal is more than that in reality.

Motorola has an 82 year legacy of working with wireless (not the wireless we think of today but radios as well).  Because of this they not only have a nice stable of patents but also the technology and the innovation to survive in the cut throat world of mobile devices. The problem has been their “IBM” attitude in the past. Anyone that knows (or would like to Google) the IBM culture will know that the uniform was black slacks, white button down and tie. This is what you wore no matter where you worked. Motorola was the same way until very recently. That kind of rigidity in your culture does stifle innovation to a great degree. After all if you always wear the same thing, you can find yourself always thinking the same things. People that are locked down by their environment can become stagnant and, in extreme cases, ineffective.

So adding the fresh and open culture of Google to this can help out the struggling Motorola quite a bit; while the structure of Motorola may also help Google. It also gives Google something they want and need; a direct market for their OS. Google has been slowly closing the “Open Source” of Android with each successive release and we are looking at a completely closed source Kernel and OS in the very near future. Although Google invites other phone makers to use and customize Android’s UI they still want to have phones of their very own and with Motorola’s $86 Million dollar loss on top of their still popular “Droid” line of smart phones I am sure this looked like a ready-made situation for Google.

Motorola does get to keep operating as its own entity (for now) but you can rest assured that Google is also banking on those nice new Patents to keep Apple’s lawyers at bay.

Discuss in our Forum

Published in Editorials

Google-LogoThere are things that I find ironic but that seem to go unnoticed by many (mostly the press). Today I read an article that the FTC is looking into claims that Google might have put restrictions in place for manufacturers that make Android based smart phones. Now, I have no lover for Google. I think they do not care about people’s privacy, ignore laws and worse. However, to see the FTC starting to investigate them for antitrust issues is laughable when this same commission said there was no credible evidence that Apple was doing this. It is funny that the investigation appears to be looking into if Google is preventing the use of services such as mapping, navigation etc. other than their own on Android based phones. After all wasn’t it Apple that put a stipulation to app developers that they could not develop an app that reproduced core functions of the phone? 

Then there was Steve Job’s rather public rant about never allowing flash on the iPhone, their arbitrary app approval process and many other items are even more conclusive.  To me this illustrates that our federal regulators have no clue what is going on and only do what they are told by the person throwing the most cash around The Hill. Interestingly enough that used to be Michael Schmidt and Google, but now we see Google’s charm wearing off.

Still I am glad to see that the FTC is looking into some of the advertising and search practices that Google is participating in. For years it has pretty much been common knowledge that Google stacks some of the search results and their ad placement is something of a joke.  Maybe some good will come of this, but they really need to stop turning a blind eye to companies like Apple and begin to actually do their jobs and protect the public from ALL companies that participate in this type of activity.

Source Cnet

Discuss in our Forum

Published in News
Wednesday, 03 August 2011 12:34

Wii Fit Balance Board finds new and fun use

WiiFitBalanceBoardOk I thought this was pretty cool. While cruising around I stumbled across this hack for the Balance Board that comes with the Nintendo Wii Fit game. It seems some people with a lot more time on their hands than the rest of us (but with some serious brain power) came up with a way to use the Wii Balance board to literally “walk” through Google street view. This inspiration came after a seven hour marathon of modding.

They did have to use OSX and some extra Java applications to communicate back and forth but the end result look very promising. I am willing to bet the Executives at Nintendo are drafting letters and offers as I am typing.


Source Engadget

Dicuss on our Forum

Published in News
Tuesday, 02 August 2011 21:42

You really can find everything on Google

84As the BlackHat conference kicks off in Vegas we hear rumors that some of the global Supervisory Control and Data Acquisition (SCADA) hardware is vulnerable over the internet. Although this is really nothing new what is new is that you can often find this hardware just by running the right searches on Google. According to Tom Parker, CTO at FusionX if you know the right strings and the devices you are looking for either have an embedded webserver or are connected to a system that is connected to the internet then you can send it control commands that can not only operate the equipment but could also cause permanent damage to it. Think of the scene in Die Hard 4 when the “bad guys” sent the commands to open up valves along the natural gas lines. This may sound far-fetched but it is not really.

The problem is that these devices are not sophisticated in the way we think about them. For example one that was used in the presentation is a PLC (Programmable Logic Controller) that they purchased with an embedded webserver (usually for easier operation) with this Parker’s team was able to find certain hardware strings and use Google to identify other PLCs on the internet. One even had a password attached to it. These controllers should never be on the internet as once they are compromised a malicious person (or persons) can wreak havoc on the systems they control.

If you ever wanted a clearer indication that the global infrastructure is vulnerable or that the old school corporate society is ignorant of how the world operates; here it is.  We said earlier to imagine Die Hard 4’s “Fire Sale” well in that scenario the hackers had to break into the system; in real life most of the control devices that can be located on the internet are not password protected, use no form of encryption (or simply cannot) and will not work with authentication… Scary when you get right down to it.

Source CNET

Discuss this on our forum

Published in News
Page 34 of 34