You are here: Home / Archives for Google

Google: Digital Music Case Has Cloud Law Implications – Informationweek (Thomas Claburn)

February 5, 2012 By Leave a Comment

In an effort to defend the legal basis of cloud computing, Google on Wednesday asked a New York court for permission to file an amicus curiae, or friend-of-the-court brief, in a record industry lawsuit against ReDigi, an online market that facilitates the resale of digital music files.

A letter from the law firm representing Google, Fenwick & West, warns against granting the preliminary injunction requested by plaintiff Capitol Records. “A premature decision on incomplete facts could create unintended uncertainties for the cloud computing industry,” the letter states.

The court, however, denied Google’s request, on the basis that the parties in the lawsuit should be able to address the issues without assistance.

ReDigi describes itself as a used record store for digital music. It offers consumers a way to buy and sell pre-owned digital songs.

Record companies don’t like this idea because they assume people purporting to sell digital songs are actually just making copies, in violation of copyright law. Capitol Records sued ReDigi last month for copyright infringement, alleging just that.

via Google: Digital Music Case Has Cloud Law Implications – Cloud-computing – Platform as a Service – Informationweek.

Filed Under: From The News Tagged With: , , , , , , , , ,

Video: Google Privacy Policy Update

January 26, 2012 By Leave a Comment

 

A brief overview of recent changes to the Google Privacy Policy

Filed Under: From The News, Tech Bytes Tagged With: , , , , ,

BT sues Google over Android ‘patent infringements’ | BBC News

December 19, 2011 By Leave a Comment

UK-based telecoms group BT is suing Google in the US over claims that six of its patents have been infringed.

The British company’s complaints centre on technologies at the core of Google’s Android mobile system, search site, and a wide range of other services.

BT is seeking unspecified damages and an injunction against Google’s continued use of its innovations.

via BBC News – BT sues Google over Android ‘patent infringements’.

Filed Under: From The News Tagged With: , , , , , , , ,

Forensic security analysis of Google Wallet – viaForensics « viaForensics

December 15, 2011 By Leave a Comment

Summary of Google Wallet security findings

So, in summary, here are the items of note from my high level analysis.  Bear in mind this is nowhere near the level of testing an app like this deserves but since this is done on our own time, it’s all I could manage thus far.  Anyway, here goes:

A fair amount of data is stored in various SQLite databases including credit card balance, limits, expiration date, name on card, transaction dates and locations and more.

The name on the card, the expiration date, last 4 card digits and email account are all recoverable

[Fixed in Version 1.1-R41v8] When transactions are deleted or Google Wallet is reset, the data is still recoverable.

The Google Analytic tracking provides insights into the Google Wallet activity.  While I know Google tracks what I do, it’s a little frustrating to find it scattered everywhere and perhaps in a way that can be intercepted on the wire (non-SSL GET request) or on the phone (logs, databases, etc.)

[Fixed in Version 1.0-R33v6] The application created a recoverable image of my credit card which gave away a little more info than needed (name, expiration date and last 4 digits).  While this is not enough to use a card, it’s likely enough to launch a social engineering attack.

While Google Wallet does a decent job securing your full credit cards numbers (it is not insecurely stored and a PIN is needed to access the cards to authorize payments), the amount of data that Google Wallet stores unencrypted on the device is significant (pretty much everything except the first 12 digits of your credit card). Many consumers would not find it acceptable if people knew their credit card balance or limits. Further, the ability to use this data in a social engineering attack against the consumer directly or a provider is pretty high. For example, if I know your name, when you’ve used your card recently, last 4 digits and expiration date, I’m pretty confident I could use the information to my advantage. When you add data that is generally available online (such as someone’s address), an attacker is well armed for a successful social engineer attack.

And this testing was really only very high level. Far more sophisticated and comprehensive security analysis is needed to determine if other vulnerabilities are present.  In addition, privacy conscious consumers so understand that analyzing nearly everything you use Google Wallet for is basically the price you pay for the service. For a tech standpoint, it’s very exciting to see Google Wallet in production. However, it has consistently been viaForensics’ position that the largest security risk from apps using NFC do not stem from the core NFC technology but instead the apps that use the technology. In this case, the amount of unencrypted data store by Google Wallet surpasses what we believe most consumers find acceptable.

via Forensic security analysis of Google Wallet – viaForensics « viaForensics.

Filed Under: Tech Bytes Tagged With: , , , , , , , ,

Microsoft Boosts Office 365 Security To Meet European Data Protection Requirements | crn.com

December 15, 2011 By Leave a Comment

Microsoft (NSDQ:MSFT) has improved the security and privacy capabilities of its Office 365 cloud applications, the company said Wednesday, in a move that will help customers comply with stringent European Union data protection regulations and the U.S. Health Insurance Portability and Accountability Act (HIPAA).

Microsoft, like rivals Google, Amazon and others, is racing to bring its cloud software into compliance with government security regulations. Earlier this year Microsoft and Google became embroiled in a dispute over whose cloud software complied with Federal Information Security Management Act (FISMA) requirements.

Meeting such requirements can be critical for winning government contracts, such as the $60 million deal to provide the U.S. Department of the Interior with e-mail and collaboration cloud software that Google (NSDQ:GOOG) and Microsoft spent much of the year fighting over in court.

Microsoft also said it has overhauled its Office 365 Trust Center, a Web site that provides detailed information about Office 365 privacy and security practices, to make it easier to use.

Microsoft said it would sign the European Union’s contractual clauses, which the vendor said would help customers comply with the EU’s stringent Data Protection Directive regulations. The contractual or “model clauses” legitimize the transfer of personal data through international networks to locations outside the European Economic Area (EEA).

via Microsoft Boosts Office 365 Security To Meet European Data Protection Requirements.

Filed Under: Tech Bytes Tagged With: , , , , , , ,

Microsoft Uses Android Malware Hysteria to Offer Free Windows Phones | PCWorld

December 15, 2011 By Leave a Comment

Microsoft is capitalizing on a recent Android malware scam by giving away free Windows Phones to five Android users with the worst malware horror stories. Ben Rudolph, Microsoft’s Windows Phone evangelist, announced the contest on Twitter using the hashtag #droidrage. Microsoft followed Rudolph’s lead and publicized the contest on its official Twitter feed.

This isn’t the first time Microsoft has used free phones to win people over to its mobile platform. In August, the software giant offered free Windows Phones to webOS developers after Hewlett-Packard announced it was discontinuing its webOS device lineup. HP recently announced it would make webOS an open source project and may release a new webOS tablet in 2013.

RuFraud

Google recently removed 22 malicious apps purporting to be legitimate versions of popular programs such as Cut The Rope and Angry Birds. The apps were packaged with malware that would send fake text messages to premium-rate SMS numbers, costing the user around $5 per SMS.

The so-called RuFraud scam targeted European users and did not affect Android phones in North America. Lookout Security, the firm that first brought the scam to Google’s attention, says it has since discovered another five RuFraud apps in the Android Market, bringing the total app count to 27.

via Microsoft Uses Android Malware Hysteria to Offer Free Windows Phones | PCWorld.

Filed Under: Tech Bytes Tagged With: , , ,

Native Client turns Chrome into high-end gaming platform | The Download Blog – Download.com

December 10, 2011 By Leave a Comment

Google’s new technology to secure the Web and make browsers significantly more powerful got its first public demo tonight at the company’s headquarters south of San Francisco after three years under wraps.

Calling it Native Client, Google says that integrating technology into Chrome is essential for the future of Web browsers.

To show that Native Client is road-ready, the company used its event to announce several new Chrome-only versions of games known for their rich and processor-intensive graphics, available immediately. It also revealed that the browser currently has more than 200 million users worldwide.

The first public demonstration of Native Client started off with Ian Ellison-Taylor, director of product management for the open Web at Google, giving an overview of the questions that led to Native Client’s creation.

(Credit: Seth Rosenblatt/CNET)

The games include those made by Square Enix, maker of Mini Ninja; Wolf Toss, built with Moai; Supergiant Games’ Bastion (Chrome browser only), which has won industry awards; and the Unity 3D game-building engine. Game designer Amir Rao showed off Bastion running in Chrome via Native Client to the crowd of about 100 developers, Google employees, and journalists, and it was apparent that the gameplay was smooth and that the graphics were highly detailed. It looked as if it could’ve been running on a console, except it was being played in a Chrome tab.

Ian Ellison-Taylor, Google’s director of product management for the open Web platform, said that Native Client, also called NaCl, can currently improve browser performance by 2 to 10 times. “What would it be like if we could run native code inside the browser,” he asked the crowd, and he enumerated two goals for the Native Client project. He said Google wants to bring native applications to the Web for performance and security reasons, and it wants to enrich the Web ecosystem by bringing popular, long-in-use programming languages to the Web.

via Native Client turns Chrome into high-end gaming platform | The Download Blog – Download.com.

Filed Under: Tech Bytes Tagged With: , , , , , , , , ,

Google’s Opt-in Facial Recognition Avoids Facebook’s Missteps – Security – News & Reviews – eWeek.com

December 10, 2011 By Leave a Comment

Google+ Find My Face is an opt-in service that uses facial recognition for photo tagging. Facebook launched its service as opt-out, which is why Google is trying to score points with privacy aficionados.

Google’s (NASDAQ:GOOG) quiet introduction of facial recognition for its photos application on Google+ is drawing praise from analysts and security researchers alike because it stands in stark contrast to the way Facebook employed similar technology earlier this year.

That is, it’s opt-in. Google’s Find My Face feature lets its Google+ social network users opt-in to photo tagging. When users opt-in to Find My Face, the next time one of their Google+ contacts adds a photo they’re in, they’ll see their name as a suggested tag. Users will receive a tag prompt can accept or reject any instance where someone wants to tag them.

“Despite the fact that I am not comfortable with my information being gathered in this manner, providing people with a choice is never a bad thing,” wrote Chester Wisniewski, a senior security advisor at security software provider Sophos Canada. “It is up to every individual to make an *informed* choice about how their personal information is shared and asking their permission is the right approach.”

via Google’s Opt-in Facial Recognition Avoids Facebook’s Missteps – Security – News & Reviews – eWeek.com.

Filed Under: Tech Bytes Tagged With: , , , , , , , ,

Google chief Eric Schmidt condemns Carrier IQ – Telegraph

December 9, 2011 By Leave a Comment

Speaking at a Google-hosted conference on internet freedom in the Hague, Mr Schmidt criticised the software, which was installed by American operators on Android handsets.

He said that because Android, Google’s smartphone operating system, which runs on the majority of smartphones sold today, is an “open” platform, there was nothing his firm could do to restrict Carrier IQ’s software.

“Android is an open platform which means people can makes software for it that’s not very good for you,” Mr Schmidt said.

“This [Carrier IQ] appears to be one [such case], he added.

But he made it clear that Google does not approve of Carrier IQ’s methods. Its software is pre-installed and collects data in the background to report back to operators. Users are unable to disable it without completely wiping their smartphone.

“We certainly don’t work with them,” said Mr Schmidt, describing the software as a “keylogger”.

“And we certainly don’t support it,” he told an audience of journalists, government officials and democracy activists.

via Google chief Eric Schmidt condemns Carrier IQ – Telegraph.

Filed Under: Tech Bytes Tagged With: , , , , , , , , ,

Google Wraps Internet Explorer in Chrome Clothing | Wired.com

December 7, 2011 By Leave a Comment

Morgan Stanley is testing software that could turn its Microsoft browsers into Google browsers.

At the big-name financial house, employees have no choice but to use Internet Explorer 7, a Microsoft web browser that made its debut in October of 2006. Like so many large corporations, Morgan Stanley limits employee machines to certain approved software — working to maintain security while ensuring that applications work as they should — but such well-intentioned policies can also keep newer software at bay.

“We’re a bank, you know, so it’s not so simple to make the switch to a newer browser,” says Aurelije Zovko, a Morgan Stanley executive director who handles IT duties for the New York-based company.

IE7 is significantly slower than the newest versions of IE, Chrome, Firefox, and other browsers, and it can’t handle the latest technologies used by today’s online applications, including then fledgling HTML5 standards. But there’s a way for Zovko to work around the limitations of the aging IE7 without actually switching to a new browser. Zovko is kicking the tires on Google Chrome Frame — an Internet Explorer plug-in that adds Google’s latest browser engine to older versions of Microsoft’s browser, which are still used across vast swaths of the corporate world.

Zovko and company use custom browser applications specifically designed for IE7, but at the same time, they’re adopting newer applications that require newer browser technology. With Chrome Frame running inside IE7, they can accommodate both the old and the new apps inside the same browser. Yes, on the face of it, Morgan Stanley could handle all these applications simply by installing the full-fledged Chrome browser alongside Internet Explorer, but things aren’t always so simple inside the corporate IT department.

via Google Wraps Internet Explorer in Chrome Clothing | Wired Enterprise | Wired.com.

Filed Under: Tech Bytes Tagged With: , , , , , , , ,
« Older Posts