Category Archives: Google

Many Android Apps Are Targeting Children in Their Advertising Campaigns

Last Week, Attorney General Hector Balderas has filed a lawsuit against the company TinyLab who gave been exploiting kids through

Many Android Apps Are Targeting Children in Their Advertising Campaigns on Latest Hacking News.

Google’s Android OS To Power Dashboard Displays

schwit1 shares a report from The Wall Street Journal: Google is making a major push into the auto industry, partnering with the Renault-Nissan-Mitsubishi Alliance to use the tech company's Android OS to power media displays (Warning: source may be paywalled; alternative source) that will eventually be sold in millions of cars world-wide. The auto-making alliance, which together sells more vehicles than any other auto maker, is picking Google to provide the operating system for its next-generation infotainment system, marking a major victory for the Silicon Valley tech giant, which has spent more than a decade trying to replicate the success it has had with the smartphone in the car. The alliance, which last year sold a combined 10.6 million vehicles globally, will debut the new system in 2021, giving drivers better integration of Google's maps, app store and voice-activated assistant from the vehicle's dashboard, the companies said. The move comes as other auto makers have been reluctant to cede control of this space to tech rivals, in part because they see the technology as generating valuable consumer data that can be turned into new revenue streams. Slashdot reader schwit1 adds: "But can I get it unlocked and can it be turned off, like this traveling telescreen?

Read more of this story at Slashdot.

Google is Giving up Some Control of the AMP Format

Accelerated Mobile Pages, or AMP, has been a controversial project since its debut. Critics say AMP is a Google-specific project and it is creating a walled-garden, which would only serve Google's best interests. On its part, Google has insisted that AMP's mission is to benefit the open web, and that many who contribute to AMP are non-Googlers. On Tuesday, Google announced that it would be giving up some control of how the code behind AMP is managed. A report adds: It plans to move the AMP Project to a "new governance model," which is to say that decisions about the code will be made by a committee that includes non-Googlers. Until now, final decisions about AMP's code have been made by Malte Ubl, the tech lead for the AMP Project at Google. A model with a single person in charge is not actually all that rare in open source. That person is often cheekily referred to as the BDFL, or "benevolent dictator for life." Ubl's been that person for AMP, but, he writes, "we've found that it doesn't scale to the size of the AMP Project today. Instead, we want to move to a model that explicitly gives a voice to all constituents of the community, including those who cannot contribute code themselves, such as end-users." [...] Google has already signed up non-Google people for the Advisory Committee, which will include representatives from The Washington Post, AliExpress, eBay, Cloudflare, and Automattic (which makes WordPress). Ubl says that it will also include "advocates for an open web," including "Leonie Watson of The Paciello Group, Nicole Sullivan of Google / Chrome, and Terence Eden." Of course, as anybody who's taken part in a committee knows, it's neither a fun solution nor a guarantee that a single company or person won't dominate it. But it's a step in the right direction, and Google is encouraging people to comment on the plan at the AMP Contributor Summit on September 25th.

Read more of this story at Slashdot.

Naked Security – Sophos: Intel releases firmware update for ME flaw

It’s only September and yet 2018 is well on its way to being remembered as the year of fixing flaws we didn’t realise were possible in hardware we’d never heard of.



Naked Security - Sophos

Safari & Firefox browser to block user data tracking with new security add-ons

By Waqas

Apple has been trying hard to improve the security mechanisms of its hardware and software products.  The addition of new privacy features in Safari browser is yet another attempt to toughen security measures for preventing breaches and tracking by websites like Facebook. It is a well-known fact that companies use cookies to keep track of […]

This is a post from HackRead.com Read the original post: Safari & Firefox browser to block user data tracking with new security add-ons

Google launches ‘Dataset Search’ to help scientists and journalists

Google Dataset Search: This new search engine helps scientists hunt for public data

Google on Wednesday launched a new search engine targeted at the scientists, data journalists, data geeks or anyone else looking for precise datasets online.

The service called Dataset Search is a targeted search that can help scientists and data journalists find the data required for their work and their stories, or simply to satisfy their intellectual curiosity.

The new search engine works similar to Google Scholar, the company’s popular search engine for academic studies and reports. Dataset Search enables users to find datasets stored across thousands of repositories on the Web, making these datasets universally accessible and useful.

“Dataset Search lets you find datasets wherever they’re hosted, whether it’s a publisher’s site, a digital library, or an author’s personal web page,” Natasha Noy, Research Scientist, Google AI, said in a blog post.

ALSO READ: Google launches new job search feature

To create Dataset Search, Google developed guidelines for dataset providers to describe their data in a way that the company (and other search engines) can better understand the content of their pages.

The approach is based on an open-source standard laid out by the collaborative data community Schema.

“These guidelines include salient information about datasets: who created the dataset, when it was published, how the data was collected, what the terms are for using the data, etc. We then collect and link this information, analyze where different versions of the same dataset might be, and find publications that may be describing or discussing the dataset,” Noy said.

“We encourage dataset providers, large and small, to adopt this common standard so that all datasets are part of this robust ecosystem,” added Noy.

Dataset Search contains contents from organizations like NOAA and NASA, as well as from academic repositories such as Harvard’s Dataverse and Inter-university Consortium for Political and Social Research (ICPSR), along with government data and data provided by news organizations, such as ProPublica.

Dataset Search works in multiple languages with support for additional languages expected to come soon. You can find more information on Google’s official blog post here.

Also, check out the new search engine in action (see video below).

Source: Google

The post Google launches ‘Dataset Search’ to help scientists and journalists appeared first on TechWorm.

Smashing Security #094: Rogue browser extensions, Twitter presence, and how to cheat in exams

Smashing Security #094: Rogue browser extensions, Twitter presence, and how to cheat in exams

What’s the danger when browser extensions go bad? Is Twitter sharing your online status a boon for stalkers? And which of the show’s hosts is going to admit to cheating in their exams?

All this and much much more is discussed in the latest edition of the award-winning “Smashing Security” podcast hosted by computer security veterans Graham Cluley and Carole Theriault, joined this week by technology journalist David McClelland.

A week in security (August 20 – August 26)

Last week on Labs, we took a look at insider threats, doubled back on the privacy of search browser extensions, profiled green card scams, revisited Defcon badgelife, and talked about what happens to a user’s accounts when they die.

Other cybersecurity news

  • There was an archiving error in Twitch HQ. Unfortunately, that left some private user messages (even those with sensitive info in them) exposed to the public for a time. (Source: Sophos’ Naked Security Blog)
  • Researchers from Catholic University found that apps offering ad blocking and privacy can be bypassed. (Source: Sophos’ Naked Security Blog)
  • Researchers associated with Project Insecurity found a flaw in disability services in Canadian telcos. (Source: Kaspersky’s Threatpost)
  • Facebook continued to clean house, removing more pages of campaigns that originated from Iran and Russia to curb “coordinated inauthentic behavior.” (Source: Facebook Newsroom)
  • A computer science professor at Vanderbilt University published a 55-page study on how Google continues to collect data on users, even when the device is idle. (Source: The Washington Post)
  • Philips revealed that their cardiovascular imaging devices have a flaw that could provide a low-level hacker “improper privilege management.” (Source: ZDNet)
  • Videomaker service provider Animoto was breached. (Source: TechCrunch)
  • Ryuk, a new ransomware, trained their crosshairs at large organizations capable of paying high-valued ransom in Bitcoin. (Source: ZDNet)
  • North Korea’s The Lazarus Group pushed out its first Mac malware and successfully infiltrated IT systems of a cryptocurrency exchange platform based in Asia. (Source: Bleeping Computer)
  • Superdrug, the popular health and beauty retailer based in the UK, was breached. (Source: InfoSecurity Magazine)
  • Cobalt Dickens, a campaign that originated in Iran, targeted universities in 14 countries to steal credentials. (Source: SecureWorks)
  • Hackers make millions by selling unpublished press releases. (Source: The Verge)

Stay safe, everyone!

The post A week in security (August 20 – August 26) appeared first on Malwarebytes Labs.

Safer Internet Day: 4 Things You Might Not Realise Your Webfilter Can Do

Since it's Safer Internet Day today, I thought i'd use it as an excuse to write a blog post. Regular readers will know I don't usually need an excuse, but I always feel better if I do.

Yesterday, I was talking to our Content Filter team about a post on the popular Edugeek forum, where someone asked "is it possible to block adult content in BBC iPlayer?". Well, with the right web filter, the answer is "yes", but how many people think to even ask the question? Certainly we hadn't thought much about formalising the answer. So I'm going to put together a list of things your web filter should be capable of, but you might not have realised...


1. Blocking adult content on "TV catch up" services like iPlayer. With use of the service soaring, it's important that any use in education is complemented with the right safeguards. We don't need students in class seeing things their parents wouldn't want them watching at home. There's a new section of the Smoothwall blocklist now which will deal with anything on iPlayer that the BBC deem unsuitable for minors.

2. Making Facebook and Twitter "Read Only". These social networks are great fun, and it can be useful to relax the rules a bit to prevent students swarming for 4G. A read-only approach can help reduce the incidence of cyber-bullying and keep users more focused.

3. Stripping the comments out of YouTube. YouTube is a wonderful resource, and the majority of video is pretty safe (use Youtube for Schools if you want to tie that down further — your filter can help you there too). The comments on videos, however, are often at best puerile and at worst downright offensive. Strip out the junk, and leave the learning tool - win win!

4. Busting Google searches back down to HTTP and forcing SafeSearch. Everybody appreciates a secure service, but when Google moved their search engine to HTTPS secure traffic by default, they alienated the education community. With SSL traffic it is much harder to vet search terms, log accesses in detain, and importantly force SafeSearch. Google give you DNS trickery to force the site back into plain HTTP - but that's a pain to implement, especially on a Windows DNS server. Use your web filter to rewrite the requests, and have the best of both.

Analyzing [Buy Cialis] Search Results

A few days ago I was updating the spammy word highlighting functionality in Unmask Parasites results and needed to test the changes on real websites. To find hacked websites with spammy content I would normally google for [viagra] or [cialis], which are arguably the most targeted keywords used in black hat SEO hacks. However after the Google’s June update in how they rank web pages for spammy queries, I didn’t have much expectation of seeing hacked sites on the first page of search results for my usual [buy cialis] query and was ready to check a few more pages.

Indeed, for queries like [payday loans] I can see quite relevant results on the first three pages. All sites are specialized and don’t look like doorways on hacked sites. That’s really good. For [viagra] I found only one result on the first page pointing to a doorway on a hacked site. Still good.

However, when I entered a really spammy combination [buy viagra], the search results were less than optimal — 5 out of 10 led to hacked sites. And at least 2 out of the rest 5 specialized sites were promoted using hidden links on hacked sites. Not good. And the worst results (although ideal for testing my update) were for the [buy cialis] query — 100% of results on the first page (10 out of 10) led to doorways on hacked sites or simply spammy web pages. Not a single result from websites that really have anything to do with cialis.

buy cialis results

Results analysis

Here is the breakdown of the first 10 results (links go to real time Unmask Parasites reports for these pages and at the moment of writing they all reveal spammy content. However this may change over time):

  1. www.epmonthly .com/advertise/ — doorway on a hacked site
  2. werenotsorry .com/ — strange spammy site with a rubbish content like this “The car buy cialis in your car is the ultimate well source of electrical amazing power in your car.
  3. incose .org/dom/ — doorway on a hacked site.
  4. www.deercrash .org/buy/cialis/online/ — doorway on a hacked site
  5. jon-odell .com/?p=54 — doorway on a hacked site
  6. www.goodgrief .org .au/Cialis/ — doorway on a hacked site
  7. www.asm .wisc .edu/buy-cialis — doorway on a hacked site
  8. www.mhfa .com .au/cms/finance-home/ — doorway on a hacked site
  9. www .plowtoplate .org/library/51.html — doorway on a hacked site
  10. john-leung .com/?p=16 — doorway on a hacked site

Over the course of the past week the results slightly fluctuated and sometimes I saw the following links on the first SERP.

Out of 18 links that I encountered on the first page for [buy cialis] 15 point to doorways on hacked sites, 1 to a site with unreadable machine-generated text (still not sure whether it’s some SEO experiment or a backdoor with a tricky search traffic processing procedure) and 2 specialized sites relevant to the query but with quite bad backlink profiles. Overall 0% of results that follow Google’s quality guidelines.

So the Google’s update for spammy queries doesn’t seem to work as it should at least for some über spammy queries. It’s sad. And the reason why I’m sad is not that I worry about people who use such queries on Google to buy some counterfeit drugs. My major concern is this situation justifies the huge number of sites (many thousands) that cyber-criminals hack in order to put a few of their doorways to the top for relevant queries on Google.

Behind the scenes

The above 15 hacked sites that I found on the first Google’s SERP are actually only a tip of the iceberg. Each of them is being linked to from many thousands (if not millions) pages from similarly hacked sites. Here you can see a sample list of sites that link to the above 15 (you might need a specialized tool like Unmask Parasites to see hidden and cloaked links there).

Many of the hacked web pages link to more than one doorway page, which maximizes changes that one of them will be finally chosen by Google to be displayed on the first page for one of the many targeted keywords. And at the same time this helps to have a pool of alternative doorways in case some of them will be removed by webmasters or penalized by Google. As a result, the networks of doorways, landing pages and link pages can be very massive. Here you can see a list with just a small part of spammy links (338 unique domains) that can be found on hacked web pages.

.gov, .edu and .org

Among those hacked sites you can find sites of many reputable organizations, which most likely greatly help to rank well on Google. There are many compromised sites of professional associations, universities and even governmental sites, for example (as of August 19th, 2013):

Volume of spammy backlinks

If you take some of the top results and check their backlink profiles (I used Majestic SEO Site Explorer), you’ll see how many domains can be compromised (or spammed) just in one black hat SEO campaign. And we know that there are many ongoing competing campaigns just for “cialis” search traffic, so you can imaging the overall impact.

backlink profile

On the above screenshot you can see that thousands of domains linking to “www .epmonthly .com/advertise/” using various “cialis” keywords.

The situation with “www. epmonthly .com/advertise/” is quite interesting. If you google for [“www.epmonthly .com/advertise/”] you’ll see more than a million results pointing to web pages where spammers used automated tools to post spammy links (including this one) in comments, profiles , etc. but failed to verify whether those sites accept the HTML code they were posting (still many sites, while escaping the HTML code, automatically make all URLs clickable, so those spammers finally achive their goal) .

Typical black hat SEO tricks

In addition to annoying but pretty harmless comment spamming, forum spamming and creating fake user profiles, black hats massively hack websites with established reputation and turn them into their SEO assets.

The most common use for a hacked site is injecting links pointing to promoted resources (it can be a final landing page, or a doorway, or an intermediary site with links). Here is what such web pages may look like in Unmask Parasites reports:

spammy keyword highlighting

To hide such links from site owners, hackers make them hidden. For example, they can place them in an off-screen <div>

<div style="position:absolute; left:-8745px;">...spammy links here...</div>

Or put them in a normal <div> and add a JavaScript to make this <div> invisible when a browser loads the page

<div id='hideMe'> ... spammy links here.... </div>
<script type='text/javascript'>if(document.getElementById('hideMe') != null){document.getElementById('hideMe').style.visibility = 'hidden';document.getElementById('hideMe').style.display = 'none';}</script>

The JavaScript can be encrypted.

e v a l(function(p,a,c,k,e,d){e=function(c){return(c<a?"":e(parseInt(c/a)))+((c=c%a)>35?String.fromCharCode(c+29):c.toString(36))};if(!''.replace(/^/,String)){while(c--)d[e(c)]=k[c]||e(c);k=[function(e){return d[e]}];e=function(){return'\\w+'};c=1;};while(c--)if(k[c])p=p.replace(new RegExp('\\b'+e(c)+'\\b','g'),k[c]);return p;}('2.1(\'0\').5.4="3";',6,6,'bestlinks|getElementById|document|none|display|style'.split('|'),0,{}))

which translates to

document.getElementById('bestlinks').style.display="none";

where “bestlinks” is the id of the <div> with spammy links.

Sometimes, encrypted JavaScript can be coupled with dynamic HTML generation of the link container. After decryption it looks like this:

document.w ri t e('<style><!-- .read {display:none} --></style><address class="read">');
...spammy links here...
document.wri te('</address>');

Of course, it’s only a client-side representation of the problem. On the server side, it’s rarely this straightforward. Most times it involves obfuscated (usually PHP) code in sneaky places (e.g. themes, plugins, DB, etc.)

Doorways

Sites that rely on black hat SEO techniques get penalized by Google soon enough so the can’t expect much search traffic directly from search engines. Instead they try to promote many disposable doorways on other reputable sites that would redirect search traffic to them.

The typical approach is to hack a website and use cloaking tricks (generating a specialized version with spammy keywords specifically for search engines while leaving the original content for normal visitors) to make search engines think that its pages are relevant for those spammy queries. E.g. check the title of the “www.epmonthly .com/advertise/” when you visit it in a browser (“Advertise“) and when you check it in Unmask Parasites or in Google’s Cache (“Buy Cialis (Tadalafil) Online – OVERNIGHT Shipping“). Then they add some functionality to distinguish visitors coming from search engines and redirect them to third party sites that pay hackers for such traffic.

The redirects may be implemented as .htaccess rules, client-side JavaScript code, or server-side PHP code.

Sometimes, instead of using cloaking, hackers simply create a whole spammy section in a subdirectory of a legitimate site, or a standalone doorway page. Example from our cialis search results: www .asm .wisc .edu/buy-cialis .

To Webmasters

It might be tricky to determine whether your site fell victim to a black hat SEO hack since hackers do their best to hide evidence from site owners and regular visitors. At the same time antivirus tools won’t help you here since links and redirects (in case they can actually see them) are not considered harmful. Nonetheless, a thoughtful webmaster is always equipped with proper tools and tricks (click here for details) to determine such issues. They range from specialized Google search queries and and reports in Webmaster Tools to log analysis and server-side integrity control.

In addition to the tricks that I described here, you can try to simply load your site with JavaScript turned off. Sometimes this is all it takes to find hidden links whose visibility is controlled by a script.

Fighting black hat SEO hacks

Of course, site owners are responsible for what happens with their sites, should protect them and clean them up in case of hacks. Doorways on hacked sites would never appear in search results if all webmasters would quickly mitigate such issues.

But let’s take a look at this from a different perspective. The main goal of all black hat SEO hacks is to put their doorways to the top on Google for relevant keywords and get a targeted search traffic. And 80% (or even more) massive campaigns target a very narrow set of keywords and their modification. If Google actively monitor the first pages of search results for such keywords and penalize doorways, this could significantly reduce efficacy of such campaigns leaving very few incentive to hack website to put spammy links there. And you don’t have to monitor every possible keyword combination. In my experience, most of them will finally point to the same doorways.

I can see Google moving in this direction. The description of the above mentioned ranking algorithm update is very promising. However, as the [buy cialis] query with 0% of relevant search results on the first page shows — a lot should be improved.

P.S Just before posting this article, I checked results for [buy cialis] once more and … surprise!.. found a link to a Wikipedia article about Tadalafil at the 4th position. Wow! Now we have 1 result that doesn’t seem to have anything to do with hacked sites.

Related posts

Are we all RoboCops in the future?

7457645618_1c7dcd0523_oInternet together with small and inexpensive digital cameras have made us aware of the potential privacy concerns of sharing digital photos. The mobile phone cameras have escalated this development even further. Many people are today carrying a camera with ability to publish photos and videos on the net almost in real-time. Some people can handle that and act in a responsible way, some can’t. Defamatory pictures are constantly posted on the net, either by mistake or intentionally. But that’s not enough. Now it looks like the next revolution that will rock the privacy scene is around the corner, Google Glass.

Having a camera in your phone has lowered the threshold to take photos tremendously. It’s always with you and ready to snap. But you still have to take it out of the pocket and aim it at your object. The “victim” has a fair chance to notice that you are taking photos, especially if you are working at close distance.

Google Glass is a smartphone-like device that is integrated in a piece of headgear. You wear it all the time just like ordinary glasses. The screen is a transparent piece in your field of view that show output as an overlay layer on top of what’s in front of you. No keyboard, mouse or touchscreen. You control it by voice commands. Cool, but here comes the privacy concern. Two of the voice commands are “ok, glass, take a picture” and “ok, glass, record a video”. Yes, that’s right. It has a camera too.

Imagine a world where Google Glasses are as common as mobile phones today. You know that every time you talk to someone, you have a camera and microphone pointed at you. You have no way of knowing if it is recording or not. You have to take this into account when deciding what you say, or run the risk of having an embarrassing video on YouTube in minutes. A little bit like in the old movie RoboCop, where the metallic law enforcement officer was recording constantly and the material was good to use as evidence in court. Do we want a world like that? A world where we all are RoboCops?

We have a fairly clear and good legislation about the rules for taking photos. It is in most countries OK to take photos in public places, and people who show up there must accept to be photographed. Private places have more strict rules and there are also separate rules about publishing and commercial use of a photo. This is all fine and it applies to any device, also the Google Glass. The other side of the coin is peoples’ awareness of these laws, or actually lack thereof. In practice we have a law that very few care about, and a varying degree of common sense. People’s common sense do indeed prevent many problems, but not all. It may work fairly OK today, but will it be enough if the glasses become common?

I think that if Google Glass become a hit, then it will force us to rethink our relationship to photo privacy. Both as individuals and as a society. There will certainly be problems if 90% of the population have glasses and still walk around with only a rudimentary understanding about how the law restricts photography. Some would suffer because they broke the law unintentionally, and many would suffer because of the published content.

I hope that our final way to deal with the glasses isn’t the solution that 5 Point Cafe in Seattle came up with. They became the first to ban the Google Glass. It is just the same old primitive reaction that has followed so many new technologies. Needless to say, much fine technology would be unavailable if that was our only way to deal with new things.

But what will happen? That is no doubt an interesting question. My guess is that there will be a compromise. Camera users will gradually become more aware of what boundaries the law sets. Many people also need to redefine their privacy expectation, as we have to adopt to a world with more cameras. That might be a good thing if the fear of being recorded makes us more thoughtful and polite against others. It’s very bad if it makes it harder to mingle in a relaxed way. Many questions remain to be answered, but one thing is clear. Google Glass will definitively be a hot topic when discussing privacy.

Micke

PS. I have an app idea for the Glass. You remember the meteorite in Russia in February 2013? It was captured by numerous car cameras, as drivers in Russia commonly use constantly recording cameras as measure against fraudulent accusations. What if you had the same functionality on your head all the time? There would always be a video with the last hour of your life. Automatically on all the time and ready to get you out of tricky situations. Or to make sure you don’t miss any juicy moments…

Photo by zugaldia @ Flickr