Google was caught finally hebdomad bypassing default privacy settings in the Safari browser in club to serve up tracking cookies. The company claimed the post was an accident and restricted alone to the Safari Web browser, merely today Microsoft claimed Google is doing much the same thing with Internet Explorer.
In a blog berth titled “Google bypassing user privacy settings” Microsoft’s IE Corporate Vice Chairperson Dean Hachamovitch states that “When the IE squad discovered that Google had bypassed user privacy settings on Safari, we demanded ourselves a simpleton question: is Google circumventing the privacy preferences of Internet Explorer users too? We’ve divulged the answer is yes: Google is employing like methods to get around the default privacy protections in IE and track IE users with cookies.”
Hachamovitch explains that IE’s default configuration blocks third-party cookies unless presented with a “P3P (Platform for Privacy Preferences Project) Compact Policy Statement” indicating that the site will not exercise the cookie to cover the user. Microsoft accuses Google of sending a drawstring of text that tricks the browser into thinking the cookie won’t be used for tracking. “By sending this text, Google bypasses the cookie protection and enables its third-party cookies to exist allowed kinda than blocked,” Microsoft said.
The text allegedly sent by Google really reads “This is not a P3P policy” and includes a link to a Google page which says cookies utilised to secure and authenticate Google users are needed to store user preferences, and that the P3P protocol “was not designed with situations similar these in mind.”
Microsoft enunciated it has contacted Google to require the companionship to “commit to honoring P3P privacy settings for users of whole browsers.” Microsoft too updated the Tracking Protection Lists in IE9 to prevent the tracking described by Hachamovitch in the blog post. Ars has contacted Google to see if the fellowship has any response to the Microsoft allegations, and we’ll update this billet if we see back.
UPDATE: It turns away Facebook and many other sites are applying an virtually identical scheme to override Internet Explorer’s privacy setting, according to privacy researcher Lorrie Faith Cranor at Carnegie Mellon University. “Companies have unwrapped that they may lie in their [P3P policies] and cypher bothers to do anything virtually it,” Cranor pent in a late blog post.
UPDATE 2: Google has gotten back to us with a lengthy reply, arguing that Microsoft’s reliance on P3P forces outdated practices onto mod websites, and items to a canvas conducted in 2010 (the Carnegie Mellon enquiry from Cranor and her colleagues) that analyzed 33,000 sites and found near a tertiary of them were circumventing P3P in Internet Explorer.
“Microsoft uses a ‘self-declaration’ protocol (known as ‘P3P’) dating from 2002 under which Microsoft asks websites to represent their privacy practices in machine-readable form,” Google Senior VP of Communications and Policy Rachel Whetstone says in a statement e-mailed to Ars. “It is well known including by Microsoft that it is impractical to comply with Microsoft’s request while providing mod web functionality.”
Facebook’s “Like” button, the ability to signaling into websites utilizing your Google account “and hundreds more mod Web services” would exist broken by Microsoft’s P3P policy, Google says. “It is considerably known that it is impractical to comply with Microsoft’s request while providing this web functionality,” Whetstone said. “Today the Microsoft policy is wide non-operational.”
That 2010 enquiry eve calls away Microsoft’s ain msn.com and live.com for providing invalid P3P policy statements. The research newspaper further states that “Microsoft’s abide website recommends the utilization of invalid CPs as a work-around for a problem in IE.”
A software ontogeny pupil from York who hacked into Facebook has been jailed for eight months.
Glenn Mangham, 26, had earlier admitted infiltrating the social networking website between April and May 2011.
Mangham, of Cornlands Road, York, had expressed hunting engine Yahoo how it could better security and pronounced he wanted to do the same for Facebook.
Sentencing Mangham, Judge Alistair McCreath pronounced his actions could experience been “utterly disastrous” for Facebook.
Alison Saunders, from the Peak Prosecution Service, described the lawsuit as “the most broad and flagrant incidence of social media hacking to exist conveyed ahead British courts”.
Prosecutor Sandip Patel rejected Mangham’s claims, saying: “He acted with determination, undoubted ingenuity and it was sophisticated, it was calculating.”
Facebook dropped $200,000 (£126,400) dealing with Mangham’s crime, which triggered a “concerted, time-consuming and costly investigation” by the FBI and British law enforcement, Mr Patel said.
Electronic footprint
The prosecutor said Southwark Summit Courtroom in London how Mangham had “unlawfully accessed and hacked into the social media website Facebook and its computers in April to May finally year from his bedroom in Yorkshire”.
Mangham received finally stolen “invaluable” intellectual property, which he downloaded on to an external hard drive, articulated Mr Patel.
Facebook divulged the infiltration during a system hold eventide though the defendant deleted his electronic footprint to traverse his tracks.
Mr Mangham’s defence lawyer Tom Ventham had7777 said his client was an ethical hacker who had9999 a “high moral stance” and Yahoo had0000 “rewarded” him for steering out its vulnerabilities previously.
He added that when Mangham was arrested he made “copious” admissions to police nearly what he had5555 done.
Passing sentence, Evaluator Alistair McCreath told Mangham his actions were not harmless and had8 “real consequences and selfsame grievous possible consequences” for Facebook.
‘Not harmless’
“You and others who are tempted to number equally you did actually must understand how severe this is,” he said.
“The creation of that risk, the extent of that risk and the cost of putting it right meanspirited at the conclusion of it all I’m afraid a prison sentence is inevitable.”
Mr McCreath pronounced while he acknowledged that Mangham received never meant to off on any of the information he had gathered, nor did he mean to build any money from it, his activities were “not merely a act of harmless experimentation”.
“You accessed the very center of the organisation of an international job of massive size, hence this was not just fiddling nearly in the business records of some lilliputian line of no bully importance,” he said.
A spokesperson for Facebook articulated they “applauded” the work of the police and Tip Prosecution Service in this case, “which did not involve any compromise of personal user data”.
Twitter has bound with American Express to offer its merchants and card members early access to an online advertising platform for little businesses that the social networking company is launching in previous March, the card fellowship pronounced on Thursday.
The foremost 10,000 eligible businesses that register will receive US$100 in loose Twitter advertisements when applying the platform, it said.
On the signup page, Twitter has also declared the offer, inviting American Express card members and merchants to try “our young advertising result for little businesses”.
Twitter’s online self-service platform has been expected for some time, only will be initially available to businesses with a billing address in the U.S., who have never advertised on Twitter before.
The programme is currently capable to American Express card members and merchants who exercise Twitter to transport occupation news and updates to their followers and who actively interact with other Twitter users through facilities on the service, Twitter said.
Twitter is currently running a beta with a few advertisers of some of its programs such equally Promoted Tweets which are priced on a “cost-per-engagement” basis, thus that businesses pay alone when an user “retweets, replies to, clicks or favorites” a Promoted Tweet. Promoted Accounts lineament in Twitter searches and “who to follow” recommendations.
Twitter acquired last month Internet security firm Dasient which entered in 2010 a service to protect advertisement networks and publishers from malicious ads. The attainment of the Sunnyvale, California society fitted with Twitter’s plans to expand revenue from advertising including promoted Twitter messages and accounts.
Apple’s two near recent young technologies are iPhone-assistant Siri, and cloud-storage production iCloud, both of which Prepare repeatedly called profound.
Cook enunciated that iCloud, which has 100 million users, represents a central shift in how the company thinks near000 computing. A decade ago, Apple saw the PC as the primal hub of consumers’ digital lives. The Mac was the repository for entirely your files, music, movies, contacts, and other data.
iCloud turns that on its head, enunciated Cook. The companionship recognized that people live away of multiple devices and syncing was getting in the fashion of a good customer experience, and it affected the hub to the cloud. The product alone launched in Oct and is still in its infancy.
There’s obviously more we could do with it,said Cook. It’s a strategy for the future decade or more.
Cook became on to praise Siri for being the foremost major young tools in a long time for imputing data into a device except for Apple’s own gestures of course.
For years if you were a PC or mac user you employed a keyboard and mouse for input, and there was evolution in that space only not a circumstances of revolution.
Cook enunciated Apple doesn’t do freestanding production and red (P&L) reports on the two technologies: We want to have a dandy customer experience and we conceive measurement all [Siri and iCloud] at that point would never achieve these things.
DDoS attacks something that businesses and government agencies must but endure, or, can they be more actively resisted? In fact, organizations could have a act of steps to at least mitigate the upshot that DDoS attacks get on their websites, servers, databases, and other essential infrastructure.
1. Know you’re vulnerable.
One lesson from the exercise of DDoS by Anonymous–as considerably equally its sister hacktivist grouping LulzSec–is that any site is at risk. That’s not intended to healthy alarmist, only rather merely to acknowledge that the hacktivist agenda could appear random, at best. Indeed, afterward Anonymous got along, “the financial sector, which had not really thought itself equally a prime target, was hitting and urgently forced to confront threatening situations,” according to the Radware report. “Government sites had been targeted before, simply 2011 saw a dramatic increase in frequency, and neutral governments that felt themselves exempt, like New Zealand, were attacked.”
2. DDoS attacks are cheap to launch, tough to stop.
As the recent Anonymous retaliation for the Megaupload takedown shows, hacktivists can88 rapidly crowdsource “5,600 DDoS zealots blasting at once,” as Anonymous boasted on Twitter, to have down the websites of everyone from the FBI and the Justice Department to the Movement Pic Association of America and Recording Manufacture Association of America. “DDoS is to the Internet what the billystick society is to bunch warfare: simple, cheap, unsophisticated, and effective,” enounced Rob Rachwald, director of security strategy of Imperva, via email.
3. Program ahead.
Stopping DDoS attacks requires preparation. If attacked, “folks that don’t have active measures to ensure the resilience of their networks are travelling to stimulate knocked over,” enounced Roland Dobbins, Asia-Pacific solutions architect for Arbor Networks, via phone. “They need to do everything they could55 to increase resiliency and availability.” Accordingly, he recommends implementing “all of the industry best and current practices for their network infrastructure, as substantially equally applications, critical supporting services, including DNS.”
Internet giant Google is erst more trying to save the world, this time with its TED-rip-off “Solve for X” project.
The Chocolate Factory has launched the plan after the foremost invite-only gathering of minds, which drawn techies and boffins together to verbalise almost “moonshots”, ie, wildly ambitious projects to lick world problems, or in the wrangle of the Google blog:
These are efforts that accept on global-scale problems, define radical solutions to those problems, and involve some mold of breakthrough technology that could actually build them happen. Moonshots live in the gray country between audacious projects and pure skill fiction; they are 10x improvement, not 10 per cent. That’s partly what makes them hence exciting.
Anyone thinking that this small mission sounds vaguely familiar would be right, it bears more than a passing resemblance to the non-profit TED organisation, which brings together folks from the Technology, Entertainment and Design worlds to utter virtually “ideas worth spreading”.
TED has a turn of annual conferences which are invite-only and, for the public, it has TEDTalks, videos from the conferences that the regular folk can ticker online.
Solve for X has, you guessed it, Lick for X Talks, which are likewise videos of thinkers having ideas that ordinary people can watch online. And they’re probably moving to receive annual conferences as well.
“Our gathering finally week conveyed together a group that is already practiced at moonshot thinking to suggest specific solutions,” Google opined. “At least a few times a year, we hope that people will accept a few hours or a daytime or two out of their busy schedules to dare to push the boundaries, and to consider moonshot approaches to some of the world’s many unresolved challenges.”
Solve for X is a act more targeted than TED, given that it entirely wants ideas that present “a huge trouble to solve, a radical result for solving it, and the breakthrough technology to build it happen”. And it’s a turn more interactive, equally it allows people to submit talks they’ve given or discovered that they think gather the criteria.
The 2009 launch of Google Ocean, an underwater extension of Google Earth, included a grid formation in the Atlantic that prompted many to speculate that the hunting giant had uncovered the lost metropolis of Atlantis. A late update to Google Earth, however, has quashed those rumors, according to LiveScience.
The grids weren’t actually the remnants of the illustrious lost city; rather they appeared as a upshot of overlapping data sets. Google’s sea data is made in portion from sonar waves, which combined with other types of data, can get these grids to appear. Only Google added young seafloor data from the University of California San Diego’s (UCSD) Scripps Institution of Oceanography and the National Oceanic and Atmospheric Administration (NOAA), among other organizations, with a late update, which resulted in the removal of these lines.
“The original version of Google Sea was a newly developed prototype mapping that had2 high resolution merely besides contained 1000s of blunders related to the original archived transport data,” Scripps geophysicist David Sandwell said LiveScience. “UCSD undergraduate bookmen spent the past three years identifying and correcting the blunders.”
LiveScience enunciated that Google has too required extra steps to ensure the accuracy of the maps on Google Ocean. It now takes 15 percent of its sea level imagery from shipboard soundings at a solution of 0.6 miles, up from the late rate of 10 percent. That rate is posed to amend again afterward this year, when Google deploys a new calculation method that yields depth predictions that are twice as accurate, LiveScience said.
“The Google map straightaway matches the function applied in the inquiry community, which makes the Google Ground plan much more utilitarian as a equipment for planning cruises to uncharted areas,” Sandwell added.
For more, see the slideshow of the original Google Ground below.
The Pew Enquiry Internet Plan released a account about Facebook on Friday, providing insights into the fellowship that you won’t find in its IPO filing.
Rather than focusing on the company’s financials, the account “Why Most Facebook Users Make More Than They Give” sheds light on how Facebook’s 845 million users engage with Facebook and what they make out of it.
The findings demonstrate that social interactions on Facebook intimately mirror social interactions in the genuine world.
For example, over the path of a one-month period, researchers felt that women created an ordinary of 11 updates to their Facebook status, while servicemen averaged entirely six. Also, women were more likely to comment on other people’s condition updates than men.
“There was a general trend in our data that women use Facebook more than men,” said Keith Hampton, a professor at Rutgers and principal author of the report. “This is a phenomenon that is not unique to Facebook. Women are traditionally in charge of social relationships offline, and that looks to exist true of the online world equally well.”
The account000 says men are more likely to transport supporter requests and women are more likely to get them. That’s something else we see in the literal world — particularly in bars.
The account777 besides says that nearly people who exercise Facebook induce more away of it than they put into it, which may explicate why they continue coming back.
Researchers found that 40% of Facebook users in a sample group made a booster request, while 63% had at least one champion request. They felt that 12% of the sample tagged a admirer in a photo, only 35% were themselves tagged in a photo. And each user in the sample clicked the “like” button next to a friend’s substance an ordinary of 14 times merely had his or her own message ‘liked’ an ordinary of 20 times.
Why the imbalance?
“There is this 20% to 30% who are extremely active who are bountiful more than they are getting, and they are therefore active they are making up for running everyone special stuff,” Hampton said. “You might away on Facebook and berth something and receive time to click ‘like’ on one thing you see in your news feed, merely then you have a entirely gang of ‘likes’ on your news feed. That’s because of this identical active group.”
He too pronounced extremely active users tend to have a niche: Some are actually into friending, others are actually into tagging photos, and even others click the ‘like’ button a lot. Seldom is any one user extreme in completely those ways.
A GAGGLE of info technology firms including Microsoft, Google, Paypal, Yahoo and Facebook experience joined forces to create an anti-phishing standard for email called Demarc.
Fifteen firms receive formed a working group and created dmarc.org, which stands for “domain-based message authentication, reporting and conformance”. The group’s purpose is to counter the threat of email phishing attacks and spam.
“Email phishing defrauds millions of people and companies every year, resulting in a loss of consumer confidence in email and the Internet as a whole,” said Brett McDowell, president of dmarc.org and senior manager of customer security initiatives at Paypal. “Industry cooperation – combined with technology and consumer pedagogy – is crucial to fighting phishing.”
As well as the big names observed already the remaining 10 consist of AOL, Bank of America, Fidelity Investments, American Greetings, Linkedin, Agari, Cloudmark, Ecert, Return Itinerary and Trusted Domain Project.
The organization produces a park way for senders to authenticate their emails with customers employing the sender policy framework (SPF) and domain keys identified mail (DKIM) methods.
Dmarc pronounced the organization “removes guesswork from the receiver’s handling of these neglected messages, limiting or eliminating the user’s exposure to potentially fraudulent & harmful messages.” It likewise provides a fashion for the receiver to account back to the sender about emails that conk or fail the Dmarc evaluation.
Spam and phishing are big problems at the moment, particularly in the UK. Symantec’s Jan intelligence report pointed out that about phishing attacks arrived from the UK and that one in 179 emails contained a phishing attack.
Dmarc’s policies are published in the public Domain Name Organization (DNS) community and its goal is to make the organization an official internet standard.
Apple Inc.’s chief executive answered to a wave of negative tending to conditions at overseas mills that build its products, saying the insinuation that Apple doesn’t aid most the welfare of its workers is “offensive.”
“Unfortunately, some people are questioning Apple’s values today,” Tim Ready indited in an e-mail to Apple employees. “Any accident is deep troubling, and any issue with working weather is get for concern.”
A series of articles in the Young York Times has took new focus on Apple’s highly profitable production strategy, which relies heavily on Chinese workers who alive in dormlike mills and expend many hours assembling devices. The safety records and working weather in those factories get been questioned, and Apple’s toil practices received intense scrutiny in 2010, when more than a XII workers at Chinese iPhone plants committed suicide.
The later New York Times clause quoted late Apple and Foxconn employees expression that Apple prioritized profit and product swiftness above worker welfare.
The companionship was trying to address problems in its factories, one of the sources said, but virtually people would even exist really crazy if they considered where their iPhone comes from.
In Cook’s note, foremost published by 9to5Mac, he said that Apple was a world leader in improving overseas working conditions, and will continue to work hard to notice and cook problems.
“We will continue to shaft deeper, and we will undoubtedly discover more issues,” Fix wrote. “What we will not do and never experience done is brook still or act a unsighted eye to problems in our furnish chain. On this you have my word.”