admin
Google tricks Internet Explorer into accepting tracking cookies, Microsoft claims
Published February 21, 2012 | 
Google was captured lastly week bypassing default privacy settings in the Safari browser in guild to serve up tracking cookies. The society claimed the billet was an accident and trameled exclusively to the Safari Web browser, simply today Microsoft claimed Google is doing much the same thing with Internet Explorer.
In a blog spot titled “Google bypassing user privacy settings” Microsoft’s IE Corporate Vice Chairwoman Dean Hachamovitch states that “When the IE team seen that Google had bypassed user privacy settings on Safari, we needed ourselves a simpleton question: is Google circumventing the privacy preferences of Internet Explorer users too? We’ve revealed the solution is yes: Google is using alike methods to make around the default privacy protections in IE and cover IE users with cookies.”
Hachamovitch explains that IE’s default configuration blocks third-party cookies unless presented with a “P3P (Platform for Privacy Preferences Project) Compact Policy Statement” indicating that the site will not utilisation the cookie to track the user. Microsoft accuses Google of sending a drawstring of text that tricks the browser into thinking the cookie won’t exist applied for tracking. “By sending this text, Google bypasses the cookie protection and enables its third-party cookies to exist allowed kinda than blocked,” Microsoft said.
The text allegedly sent by Google really reads “This is not a P3P policy” and includes a link to a Google page which says cookies employed to secure and authenticate Google users are involved to shop user preferences, and that the P3P protocol “was not designed with situations alike these in mind.”
Microsoft pronounced it has contacted Google to expect the fellowship to “commit to honoring P3P privacy settings for users of altogether browsers.” Microsoft too updated the Tracking Protection Lists in IE9 to keep the tracking described by Hachamovitch in the blog post. Ars has contacted Google to see if the company has any response to the Microsoft allegations, and we’ll update this post if we see back.
UPDATE: It turns out Facebook and many other sites are utilizing an near identical scheme to override Internet Explorer’s privacy setting, allotting to privacy researcher Lorrie Faith Cranor at Carnegie Mellon University. “Companies get broke that they could lie in their [P3P policies] and cypher bothers to do anything virtually it,” Cranor indited in a recent blog post.
UPDATE 2: Google has gotten back to us with a lengthy reply, arguing that Microsoft’s reliance on P3P forces outdated practices onto modernistic websites, and details to a analyse conducted in 2010 (the Carnegie Mellon enquiry from Cranor and her colleagues) that canvased 33,000 sites and felt near a tertiary of them were circumventing P3P in Internet Explorer.
“Microsoft uses a ‘self-declaration’ protocol (known equally ‘P3P’) dating from 2002 under which Microsoft asks websites to represent their privacy practices in machine-readable form,” Google Senior VP of Communications and Policy Rachel Whetstone says in a command e-mailed to Ars. “It is substantially known including by Microsoft that it is impractical to comply with Microsoft’s request while providing modern web functionality.”
Facebook’s “Like” button, the ability to sign into websites using your Google story “and hundreds more modern Web services” would exist broken by Microsoft’s P3P policy, Google says. “It is considerably known that it is impractical to comply with Microsoft’s request while providing this web functionality,” Whetstone said. “Today the Microsoft policy is widely non-operational.”
That 2010 enquiry eve calls out Microsoft’s own msn.com and live.com for providing invalid P3P policy statements. The research paper further states that “Microsoft’s abide website recommends the utilisation of invalid CPs equally a work-around for a problem in IE.”
York Facebook hacking Student Glenn Mangham jailed
Published February 18, 2012 | A software ontogeny student from York who hacked into Facebook has been jailed for eight months.
Glenn Mangham, 26, had earlier admitted infiltrating the social networking website between April and May 2011.
Mangham, of Cornlands Road, York, received shown search engine Yahoo how it could better security and said he wanted to do the same for Facebook.
Sentencing Mangham, Evaluator Alistair McCreath pronounced his actions could experience been “utterly disastrous” for Facebook.
Alison Saunders, from the Top Prosecution Service, described the causa as “the nearly broad and flagrant incidence of social media hacking to exist took ahead British courts”.
Prosecutor Sandip Patel rejected Mangham’s claims, saying: “He acted with determination, undoubted ingenuity and it was sophisticated, it was calculating.”
Facebook dropped $200,000 (£126,400) dealing with Mangham’s crime, which triggered a “concerted, time-consuming and costly investigation” by the FBI and British law enforcement, Mr Patel said.
Electronic footprint
The prosecutor told Southwark Peak Courtroom in London how Mangham had “unlawfully accessed and hacked into the social media website Facebook and its computers in April to May last year from his bedroom in Yorkshire”.
Mangham had ultimately stolen “invaluable” intellectual property, which he downloaded on to an external hard drive, said Mr Patel.
Facebook discovered the infiltration during a organization moderate eventide though the defendant deleted his electronic footprint to track his tracks.
Mr Mangham’s defence lawyer Tom Ventham had7777 pronounced his client was an ethical hacker who had9999 a “high moral stance” and Yahoo received0000 “rewarded” him for channelising away its vulnerabilities previously.
He added that when Mangham was arrested he created “copious” admissions to police near what he received5555 done.
Passing sentence, Judge Alistair McCreath said Mangham his actions were not harmless and received8 “real consequences and identical severe possible consequences” for Facebook.
‘Not harmless’
“You and others who are tempted to routine equally you did actually must understand how grave this is,” he said.
“The creation of that risk, the extent of that risk and the cost of posing it decently mean at the closing of it completely I’m afraid a prison sentence is inevitable.”
Mr McCreath pronounced while he acknowledged that Mangham received never intended to go on any of the information he received gathered, nor did he intend to construct any money from it, his activities were “not but a number of harmless experimentation”.
“You accessed the identical middle of the system of an international business of massive size, thus this was not but fiddling most in the job records of some bantam business of no neat importance,” he said.
A spokesperson for Facebook enounced they “applauded” the form of the police and Summit Prosecution Service in this case, “which did not involve any compromise of personal user data”.
Twitter Teams With American Express to Launch Self-service Advertising Platform
Published February 17, 2012 | Twitter has tied with American Express to offering its merchants and card members early access to an online advertising platform for little businesses that the social networking society is launching in former March, the card company enunciated on Thursday.
The first 10,000 eligible businesses that register will experience US$100 in liberal Twitter advertisements when utilising the platform, it said.
On the signup page, Twitter has also announced the offer, inviting American Express card members and merchants to endeavor “our new advertising resolution for little businesses”.
Twitter’s online self-service platform has been expected for some time, only will be initially available to businesses with a billing address in the U.S., who get never advertised on Twitter before.
The programme is currently subject to American Express card members and merchants who usage Twitter to transport line news and updates to their followers and who actively interact with other Twitter users through facilities on the service, Twitter said.
Twitter is currently flowing a beta with a few advertisers of some of its programs such equally Promoted Tweets which are priced on a “cost-per-engagement” basis, hence that businesses wage entirely when an user “retweets, replies to, clicks or favorites” a Promoted Tweet. Promoted Accounts lineament in Twitter searches and “who to follow” recommendations.
Twitter acquired finally month Internet security firm Dasient which introduced in 2010 a service to protect advertisement networks and publishers from malicious ads. The acquirement of the Sunnyvale, California company fitted with Twitter’s plans to expand revenue from advertising including promoted Twitter messages and accounts.
The Siri and iCloud innovations
Published February 15, 2012 | Apple’s two nearly late new technologies are iPhone-assistant Siri, and cloud-storage production iCloud, both of which Ready repeatedly predicted profound.
Cook enunciated that iCloud, which has 100 million users, represents a primal shift in how the companionship thinks nearly000 computing. A decade ago, Apple saw the PC as the fundamental hub of consumers’ digital lives. The Mac was the repository for whole your files, music, movies, contacts, and other data.
iCloud turns that on its head, enunciated Cook. The company recognized that people live die of multiple devices and syncing was getting in the fashion of a good customer experience, and it impressed the hub to the cloud. The production solely launched in October and is still in its infancy.
There’s obviously more we could do with it,said Cook. It’s a strategy for the succeeding decade or more.
Cook went on to praise Siri for being the first major new equipment in a long time for imputing data into a device except for Apple’s ain gestures of course.
For years if you were a PC or mac user you used a keyboard and mouse for input, and there was evolution in that space but not a destiny of revolution.
Cook pronounced Apple doesn’t do freestanding product and loss (P&L) reports on the two technologies: We want to experience a great customer experience and we consider mensuration totally [Siri and iCloud] at that level would never achieve these things.
Google says its Young privacy policy complies with FTC Colony
Published February 11, 2012 | Google is rebutting charges that its new privacy policy violates a settlement it moved with federal regulators finally year.
The Internet hunt giant said the U.S. Federal Trade Commission that its policy complies with the settlement, allotting to a self-assessment report the company handed over in January.
The report, obtained by Politico Friday, says Google has got to particular lengths to tell its users what data it harvests and what it does with it.
Google fell charges lastly yr that it violated privacy laws by exposing Gmail users’ personal information when rolling away its now-defunct Google Buzz social networking service. The breach prompted an angry backlash from consumers and privacy advocates who say the Plenty View, Calif., society discovered personal information without their noesis or consent.
The Electronic Privacy Information Center, a consumer watchdog group, filed a federal lawsuit Wednesday against the FTC in a bid to occlusion Google from rolling out a new privacy policy that it says violates the FTC settlement. A federal evaluator has gibed to expedite the case.
Last month, Google commenced alerting users around the ball that start March 1 it will portion data it collects from users across its dozens of services. Google says that solely users who are logged into Google will exist affected. Google already shared what it knew virtually its users across virtually of its services just directly it will too include YouTube and Google search history.
A Google spokesman declined to comment on the self-assessment report.
“The FTC takes compliance with our consent orders selfsame severely and ever seems cautiously at any evidence or allegations that they are being violated,” FTC spokeswoman Claudia Bourne Farrell enunciated in an emailed statement. “Allegations experience been made that Google’s latterly declared changes to its privacy policies and practices violate a Commission order. All orders are discipline to a detailed and vigorous compliance brushup process, merely such investigations are non-public, and we therefore cannot comment further.”
iPhone Owners Protesting at Apple HQ Over Foxconn
Published February 9, 2012 | customers program to waltz into Apple’s headquarters and stores situated in Washington D.C., Young York, San Francisco, London, Sydney and Bangalore. Their mission: to deliver petitions signed by 250,000 people asking the fellowship to develop a worker protection strategy for those constructing iPhones in its Chinese supplier factories. The signatures were collected by Change.org and SumOfUs.org.
By swarming into Apple’s HQ and stores, protestors think they interpret the voice of every Apple customer. Equally of this writing, 56,464 have signed the SumOfUs petition, more than 35,000 of which purchase Apple products. Away of this latter group, 20,00 own an iPhone. On the Change.org front, 194,999 away of 200,000 people get signed D.C.-based Label Shields’ petition.
“I usage an iPhone myself. I love it, only I don’t love having to abide sweatshops, and neither do millions of other Apple consumers,” said Taren Stinebrickner-Kauffman, executive director of SumOfUs. “The hip, educated market that Apple aspires to corner is largely written of responsible consumers who don’t desire to exist complicit in sweatshop labor. Apple’s care to point is famous, and the entirely mode they could fail to exist aware of dozens of worker deaths, of child labor, of exposure to neurotoxins is through willful ignorance.”
While news of Foxconn’s suicides have been topics for some time, a heated stake in Apple’s worker policies ignited afterwards an episode of Public Radio International’s “This American Life.” The account verbalized near the working weather in Apple’s manufacturing facilities, and eve broke adolescents working 16 hours a day and making 70 pennies an hour. After that, the Young York Times and other well-established news outlets published their ain reports.
Following the reports, Apple CEO Tim Fix claimed that Apple cared about every worker in the furnish chain, and vowed to gibe deeper into the allegations. He enounced the fellowship also has the Fairly Labour Association monitoring its suppliers. Protestors retaliated, locution it’s a measure in the decent direction, but desire the names of the suppliers felt to have violations and what those violations are “so that there is transparency about the monitoring effort.”
“If Tim Prepare is actually offended by these allegations, why isn’t he doing anything to cook the problems? This is the render chain he positioned up as COO he needs to beginning taking responsibility, not blaming the messenger,” Stinebrickner-Kauffman added. “Every time a Foxconn worker is killed or disabled making an Apple product, Mr. Prepare bears personal moral responsibility. Apple’s enforcement of razor-thin profit margins at suppliers invites and may eve force them to slash workers’ rights. But Apple is going to get much bigger longer-term problems than paying a few special dollars for its productions if it loses its luster with ethical consumers.”
It’s unidentified how many people will actually visit Apple’s HQ and stores on Thursday, just they’ll walkway in wearing iPhone costumes. If that’s not obvious enough, they’ll too be the ones waving about iPhone posters and delivering petitions in Mac boxes. Unfortunately, iPad and iPod Touch owners aren’t invited to the costume party.
Google unleashes ‘Solve for X’ confabs to save the world
Published February 7, 2012 | Internet giant Google is formerly more trying to save the world, this time with its TED-rip-off “Solve for X” project.
The Chocolate Manufactory has launched the design afterward the foremost invite-only gathering of minds, which pulled techies and boffins together to verbalize most “moonshots”, ie, wildly ambitious projects to work world problems, or in the wrangle of the Google blog:
These are efforts that take on global-scale problems, define radical solutions to those problems, and involve some mould of breakthrough technology that could actually build them happen. Moonshots alive in the grey expanse between audacious projects and pure science fiction; they are 10x improvement, not 10 per cent. That’s partly what makes them so exciting.
Anyone thinking that this short mission sounds vaguely familiar would exist right, it bears more than a passing resemblance to the non-profit TED organisation, which brings together folks from the Technology, Entertainment and Intention worlds to utter about “ideas worth spreading”.
TED has a act of annual conferences which are invite-only and, for the public, it has TEDTalks, videos from the conferences that the regular folk may watch online.
Solve for X has, you guessed it, Lick for X Talks, which are also videos of thinkers having ideas that average people may ticker online. And they’re believably travelling to experience annual conferences as well.
“Our gathering finally hebdomad took together a grouping that is already practiced at moonshot thinking to suggest specific solutions,” Google opined. “At least a few times a year, we hope that people will take a few hours or a day or two away of their busy schedules to dare to push the boundaries, and to regard moonshot approaches to some of the world’s many unresolved challenges.”
Solve for X is a turn more targeted than TED, given that it entirely wants ideas that present “a brobdingnagian trouble to solve, a radical solution for solving it, and the breakthrough technology to build it happen”. And it’s a number more interactive, equally it allows people to submit talks they’ve given or heard that they think assemble the criteria.
Google Land Update Quashes Atlantis Rumors
Published February 6, 2012 | The 2009 launch of Google Ocean, an underwater extension of Google Earth, included a grid formation in the Atlantic that prompted many to speculate that the hunting giant had uncovered the lost metropolis of Atlantis. A late update to Google Earth, however, has quashed those rumors, allotting to LiveScience.
The grids weren’t really the remnants of the famed lost city; kinda they appeared equally a issue of overlapping data sets. Google’s sea data is created in percentage from sonar waves, which combined with other types of data, can make these grids to appear. Just Google added young seafloor data from the University of California San Diego’s (UCSD) Scripps Institution of Oceanography and the National Oceanic and Atmospheric Administration (NOAA), among other organizations, with a late update, which resulted in the removal of these lines.
“The original version of Google Ocean was a newly grown prototype mapping that had2 high answer just too contained gs of blunders related to the original archived transport data,” Scripps geophysicist David Sandwell said LiveScience. “UCSD undergraduate bookmen expended the past three years identifying and correcting the blunders.”
LiveScience enounced that Google has likewise required extra steps to ensure the truth of the maps on Google Ocean. It now takes 15 percent of its sea story imagery from shipboard soundings at a solvent of 0.6 miles, up from the late rate of 10 percent. That rate is set to meliorate again afterward this year, when Google deploys a young calculation method that yields depth predictions that are doubly as accurate, LiveScience said.
“The Google function instantly matches the function employed in the inquiry community, which makes the Google Land plan much more utilitarian as a aid for planning cruises to uncharted areas,” Sandwell added.
For more, see the slideshow of the original Google Ground below.
EU reviews Young Google policy
Published February 4, 2012 | Google Inc. publicized its young privacy rules which regulate how it uses the enormous amounts of personal data its collects through its hunting engine, email and other services with much fanfare lastly week.
Since then, it has launched a vast publicity campaign telling users around the ball of the new policy, posed to commence March 1. Just that launch date may exist under threat. Jacob Kohnstamm, chairwoman of the group of 27 national privacy regulators in the EU, enunciated the Gallic data protection authority has started investigating the young8 rules and how they will impact Google users in the EU.
We call for a pause (in the rollout of the new rules) in the interests of ensuring that there may be no misapprehension near Google’s commitments to information rights of their users and EU citizens, until we get completed our analysis,Kohnstamm indited in a lett to Google’s head executive, Larry Page. It was sent on Thursday and published on Friday.
Google’s search locomotive has a market share of more than 90 pct in the EU, with rival services alike Microsoft’s Bing gaining small traction. The EU’s competition authorities are already studying whether Google uses this dominance to stoppage other hunting engines from entering the market.
The young policy makes it easier for Google to commingle the data of one mortal applying different services such equally the hunt engine, YouTube or Gmail. That lets Google produce a broader profile of that user and target advertising based on that person’s interests and hunt history. Advertising is the main manner Google makes its money.
The society says compounding the data also makes hunting results more relevant and lets a cross-navigate among different services more easily.
Leading names in technology announce the Dmarc email standard
Published January 30, 2012 | A GAGGLE of info technology firms including Microsoft, Google, Paypal, Yahoo and Facebook receive joined forces to produce an anti-phishing standard for email prognosticated Demarc.
Fifteen firms get formed a working group and made dmarc.org, which stands for “domain-based substance authentication, reporting and conformance”. The group’s intent is to counter the threat of email phishing attacks and spam.
“Email phishing defrauds millions of people and companies every year, resulting in a loss of consumer confidence in email and the Internet as a whole,” articulated Brett McDowell, chair of dmarc.org and senior manager of customer security initiatives at Paypal. “Industry cooperation – combined with technology and consumer teaching – is crucial to fight phishing.”
As well equally the big names noted already the remaining 10 consist of AOL, Bank of America, Fidelity Investments, American Greetings, Linkedin, Agari, Cloudmark, Ecert, Return Itinerary and Trusted Domain Project.
The system produces a commons manner for senders to authenticate their emails with customers employing the sender policy model (SPF) and domain keys identified mail (DKIM) methods.
Dmarc enounced the system “removes guesswork from the receiver’s handling of these neglected messages, limiting or eliminating the user’s pic to potentially fraudulent & harmful messages.” It likewise provides a way for the receiver to account back to the sender almost emails that die or fail the Dmarc evaluation.
Spam and phishing are big problems at the moment, specially in the UK. Symantec’s January intelligence account maneuvered out that nigh phishing attacks come from the UK and that one in 179 emails contained a phishing attack.
Dmarc’s policies are published in the public Domain Refer Organisation (DNS) community and its goal is to build the arrangement an official internet standard.