Hey there! If you're new here, you may want to subscribe to my RSS feed to keep updated. Thanks for visiting!

This is not a joke. If you are using Google Chrome then it is very easy for a malicious attacker to get the Remote Access of your Computer.

Less than a week after the release of Google (NSDQ:GOOG)’s new Web browser Chrome, security researchers detected a buffer overflow vulnerability that could enable remote attackers to completely take control of a user’s computer.

The detected buffer overflow vulnerability, deemed critical by security experts, is the result of a boundary error in the handling of the “Save As” function. If a user saves a Web page serving malicious content, the program could cause a stack-based overflow error, which could open the door for remote hackers to unleash malicious code on a user’s machine.

Remote attackers could then exploit the flaw by constructing a specially crafted Web page infused with malicious code. The attacker could then entice a victim to open and then Read the rest of this entry &raquo

Update: 10.09.08: As from today on, due to an update from Chrome the :% issue is no more valid.

Rishi Narang has been the first. A Denial Of Service simple as pie:

Just browse this page and place your mouse over this link (make sure you bookmark this page if you want to read on though):

CRASH ME

Just “evil:%” in the anchor text is capable of crashing all the Chrome tabs (despite all the tabs are separated processes).

Someone has also reported that by entering a very long bookmark may kill the browser. Length has not been given but it’s worth a try.

If your Chrome is still alive you may want to try entering

about@:

in the location bar.

Good thing is that the browser doesn’t need Read the rest of this entry &raquo

Like most other browsers, Google Chrome has some special pages that show information about memory usage, cached files, plug-ins and more. Here’s a list of the most interesting about: pages available in Google Chrome (you can open them by dragging about:name to the address bar).

1. about:version - Google Chrome shows the version number the browser, WebKit and V8 (JavaScript engine). You can also find the user-agent used by Google Chrome:

Mozilla/5.0 (Windows; U; Windows NT 6.0; en-US) AppleWebKit/525.19 (KHTML, like Gecko) Version/3.1 Safari/525.19

2. about:plugins - the list of plug-ins that are available in Google Chrome: Shockwave Flash, RealPlayer etc.

3. about:cache - a list of all the web pages cached by Google Chrome. The browser doesn’t have an option to limit the cache’s size, so it’s recommended to regularly empty the cache.

4. about:memory - this pages compares the memory used by all the active browsers and by Google Chrome’s tabs.

Read the rest of this entry &raquo

Shared by natadd

Actually, I would have more liked to give the win to Firefox and develop that to the may, instead of bringing in another rivale.

Google Blogoscoped has published a lengthly cartoon sent to them by Google and drawn by Scott McCloud that provides the first public details about Google Chrome, an open source browser based on WebKit and powered by Google Gears that has been rumored but never before confirmed.

According to the cartoon (which can be seen in its entirely here - thanks Marshall), the Google Chrome project has already undergone a substantial period of development with engineers working to create a product that’s secure, user friendly, fast, stable, safe, and easily testable.

This is a straight shot over the bow of Microsoft, which has tightly integrated its Live Search offering into its dominant Internet Explorer browser (and which, surprise, is also tightly integrated into Read the rest of this entry &raquo

Image via CrunchBase, source unknown

Shared by natadd

Very important!! You should always use SSL (https://) for Gmail!

A tool that automatically steals IDs of non-encrypted sessions and breaks into Google Mail accounts has been presented at the Defcon hackers’ conference in Las Vegas.

Last week Google introduced a new feature in Gmail that allows users to permanently switch on SSL and use it for every action involving Gmail, and not only, authentication. Users who did not turn it on now have a serious reason to do so as Mike Perry, the reverse engineer from San Francisco who developed the tool is planning to release it in two weeks.

When you log in to Gmail the website sends a cookie (a text file) containing your session ID to the browser. This file makes it possible for the website to know that you are authenticated and keep you logged in for two weeks, unless you manually hit the sign out button. When you hit sign out this cookie is cleared.

Even though when you log in, Gmail forces the authentication over SSL (Secure Socket Layer), you are not secure because it reverts back to a regular unencrypted connection after the authentication is done. According to Google this behavior was chosen because of Read the rest of this entry &raquo

The WSJ is reporting that Google is set to launch a venture fund to give it the option of investing in startups instead of just flat out buying them. The fund will be led by Google’s SVP Corporate Development David Drummond and Bill Maris, a long time business friend of Anne Wojcicki, Sergey Brin’s wife. Maris is a tech entrepreneur with a degree in neuroscience and worked with Wojcicki at a San Francisco-based for-profit company called Catalytic Health. This hasn’t been confirmed by Google, and it’s clear they’ve been thinking about a fund off and on for years. From the article:

The move would make Google the latest technology giant to take on a more-formal role in seeding start-ups. Intel Corp. has had a large venture-capital arm for years, as have Motorola Inc., Comcast Corp. and many others. In the consumer-Internet area, Walt Disney Co.’s Steamboat Ventures has invested in a number of Web start-ups. So has Amazon.com Inc., which has funded a number of young companies without

Read the rest of this entry &raquo

July 29, 2008 — Microsoft is incubating a componentized non-Windows operating system known as Midori, which is being architected from the ground up to tackle challenges that Redmond has determined cannot be met by simply evolving its existing technology.

SD Times has viewed internal Microsoft documents that outline Midori’s proposed design, which is Internet-centric and predicated on the prevalence of connected systems.

Midori is an offshoot of Microsoft Research’s Singularity operating system, the tools and libraries of which are completely managed code. Midori is designed to run directly on native hardware (x86, x64 and ARM), be hosted on the Windows Hyper-V hypervisor, or even be hosted by a Windows process.

According to published reports, Eric Rudder, senior vice president for technical strategy at Microsoft and an alumnus of Bill Gates’ technical staff, is heading up the effort. Rudder served as senior vice president of Microsoft’s Servers and Tools group until 2005. A Microsoft spokesperson refused comment.

“That sounds possible—I’ve heard rumors to the effect that he [Rudder] had an OS project in place,” said Rob Helm, director of research at Directions on Microsoft. He noted that it is quite possible that the project is just exploratory, but conceivably a step above what Microsoft Research does.

One of Microsoft’s goals is to provide options for Midori applications to co-exist with and interoperate with existing Windows applications, as well as to provide a migration path.

Building Midori from the ground up to be connected underscores how much computing has changed since Microsoft’s engineers first designed Windows; there was no Internet as we understand it today, the PC was the user’s sole device and concurrency was a research topic.

Today, users move across multiple devices, consume and share resources remotely, and the applications that they use are a composite of local and remote components and services. To that end, Midori will focus on concurrency, both for distributed applications and local ones.

According to the documentation, Midori will be built with an Read the rest of this entry &raquo

This morning a 5.8 5.4 magnitude earthquake struck Southern California near Los Angeles. Well before the information was anywhere on the major news outlets, tweets (Twitter messages) were flowing in at a rapid clip. I say again, events such as this showcase the power of the micro-messaging service Twitter.

When natural disasters strike, people want news ASAP. Twitter is simply very fast at disseminating information. We saw this when a large 7.8 earthquake struck China back in May and we’re seeing it again today. Today, it was especially true when used in conjunction with the social conversation and aggregation site FriendFeed. Minutes after the quake, I had various accounts of it and maps of its epicenter.

Twitter’s new search site (formerly Summize) is also an incredible tool for getting information. It used to take a little while for information on these events to trickle down depending on who you were following on Twitter. Now you can simply open Twitter Search and do a query for “earthquake” and get thousands of results. Within minutes of me opening the site up, I was alerted that there were already hundreds of updates on the earthquake — the information was coming in fast.

It takes reporters time to set up and get the story, but Twitter turns thousands of regular people into citizen journalists — all of whom are on the scene. Of course one has to worry about Read the rest of this entry &raquo

Though a distant third place to Google, Microsoft thinks it can teach its rival a thing or two about searching the Internet.

A big part of Google’s rise to search engine leadership was an algorithm called PageRank that assesses a specific page’s importance by how many other Web pages link to it and by the importance of those linking pages. Microsoft researchers and academic collaborators, though, detailed an idea this week it calls BrowseRank that seeks to bring more of a human touch to that assessment.

Microsoft likes the results BrowseRank, which assigning Web page priority based on how people actually use the site.

(Credit: Microsoft ResearchA Asia)

Essentially, the researchers tested out a system that replaces PageRanks’ link graph–a mathematical model of the hyperlinked connections of the Internet–with what they call a user browsing graph that ranks Web pages by people’s behavior.

“The more visits of the page made by the users and the longer time periods spent by the users on the page, the more likely the page is important. We can leverage hundreds of millions of users’ implicit voting on page importance,” the researchers said in BrowseRank: Letting Web Users Vote for Page Importance, a paper from the SIGIR (Special Interest Group on Information Retrieval) conference this week in Singapore. Authors are Bin Gao, Tie-Yan Liu, and Hang Li from Microsoft Research Asia and Ying Zhang of Nankai University, Zhiming Ma of the Chinese Academy of Sciences, and Shuyuan He of Peking University.

Search is of tremendous importance to the Internet for Read the rest of this entry &raquo

BoomTown is flatly fascinated by the rather incredible memo Microsoft CEO Steve Ballmer penned to his troops yesterday, with news of the reorganization of its massive Platforms and Services Division and the departure of its president, Kevin Johnson.

In the memo, in a very rare public airing of its less-clean laundry, Ballmer actually casts Microsoft’s two major rivals, Apple and Google, in a somewhat positive light, while still vowing to best them.

It is not often that Ballmer or even Microsoft Founder Bill Gates mentions either company in public. More to the point, what neither typically does is acknowledge that they do anything right.

But Ballmer did so yesterday in the memo, perhaps a sign that Microsoft (MSFT) realizes it has trouble on its hands and needs to publicly declare tough enemies to pump itself up to fight.

The memo should be Topic A for financial analysts, who are gathering at Microsoft’s Redmond, Wash., headquarters today for their annual meeting with company leaders.

“It’s going to be a rocky day,” said one Microsoft source.

And how! Especially given the need to explain the memo in more detail, including plans for beating back incursions by more nimble companies like Apple (AAPL) and Google (GOOG).

Ballmer took a baby step in that direction in the strategy email to employees.

About Apple, for example, Ballmer wrote:

In the competition between PCs and Macs, we outsell Apple 30-to-1. But there is no doubt that Apple is thriving. Why? Because they are good at providing an experience that is narrow but complete, while our commitment to choice often comes with some compromises to the Read the rest of this entry &raquo