Shortly after the initial news came out that NSA fakes google and yahoo servers with stolen or faked certificates:
the german computer magazine C’T issued a warning that it is a security risk, when microsoft automatically updates its list of certificates without any noticing of the users, so that dubious certificates could easily get into the windows certificate list, which is thrusted by webbrowsers like internet explorer or google chrome for windows:
After reading this, I filed a bug in chromium, which then was dismissed as a “won’t fix”, with the chromium developers saying that the certificate list is “signed by Microsoft” and there would not be any break in the “chain of thrust”.
And now I see this message from google:
“On Wednesday, July 2, we became aware of unauthorized digital certificates for several Google domains. The certificates were issued by the National Informatics Centre (NIC) of India, which holds several intermediate CA certificates trusted by the Indian Controller of Certifying Authorities (India CCA).
The India CCA certificates are included in the Microsoft Root Store and thus are trusted by the vast majority of programs running on Windows, including Internet Explorer and Chrome. Firefox is not affected because it uses its own root store that doesn’t include these certificates.
We are not aware of any other root stores that include the India CCA certificates, thus Chrome on other operating systems, Chrome OS, Android, iOS and OS X are not affected. Additionally, Chrome on Windows would not have accepted the certificates for Google sites because of public-key pinning, although misissued certificates for other sites may exist.”
Update Jul 9: India CCA informed us of the results of their investigation on July 8. They reported that NIC’s issuance process was compromised and that only four certificates were misissued; the first on June 25. The four certificates provided included three for Google domains (one of which we were previously aware of) and one for Yahoo domains. However, we are also aware of misissued certificates not included in that set of four and can only conclude that the scope of the breach is unknown.”
Now microsoft has removed the certificates in question and it turnes out that the issue affected 45 domains:
In view of this list, the advice from google looks especially funny:
“Chrome users do not need to take any action to be protected by the CRLSet updates. We have no indication of widespread abuse and we are not suggesting that people change passwords.”
The microsoft certificate list is used in the browser chrome. Faking of a google server is difficult, since chrome checks its certificate by different means and that was how the attack was revealed. But chrome does not have a similar check for yahoo. If that attack would not be working after all, the hackers would not have used it.
But still, google does explicitely not suggesting anyone that they should change passwords…
By the time its entire fleet of 24 satellites has launched in 2018, Skybox will be imaging the entire Earth at a resolution sufficient to capture, for example, real-time video of cars driving down the highway. And it will be doing it three times a day.
The ability to take such frequent imaging will certainly aid Google’s Maps product, but it also opens up a market for competitive intelligence. Skybox says they are already looking at Foxconn every week and are able to pinpoint the next iPhone release based on the density of trucks outside their manufacturing facilities.
So you can run the Google Docs store app in Chrome as a Chrome App which runs as an App on my android device, or, alternatively, run the Google Docs store app in Firefox as a web app which runs as an app on Firefox OS?
What does the word “app” even mean?
According to a December letter sent to the Securities and Exchange Commission, which became public on Tuesday, Google hopes to put ads “on refrigerators, car dashboards, thermostats, glasses, and watches, to name just a few possibilities.”
In the Vine above are 7 devices all running the same compass app (ironically named Steady Compass) on Android. Yet, all compasses indicate that North is somewhere else. Unfortunately, this has nothing to do with electromagnetic fields confusing the compass; it has everything to do with the diversity of hardware inside these devices.
We have been developing Bounden for Android alongside its development on iOS, and have tested the game on a number of devices. It was only a week ago that we started expanding our list of test devices, after we quickly discovered that:
a) some devices had ‘broken’ gyroscopes that didn’t work on all axis,
b) that some devices were faking gyroscopes by mixing and matching the accelerometer data with compass data, or
c) that some devices did not have a gyroscope at all.
“I suspect that over the past eight months, many companies have taken a real hard look at their existing policies about tipping off the U.S. government,” he said. “That’s the price you pay when you’re acting like an out-of-control offensive adversary.”
Microsoft is not unique in claiming the right to read users’ emails – Apple, Yahoo and Google all reserve that right as well, the Guardian has determined.
The broad rights email providers claim for themselves has come to light following Microsoft’s admission that it read a journalist’s Hotmail account in an attempt to track down the source of an internal leak. But most webmail services claim the right to read users’ email if they believe that such access is necessary to protect their property.
A total of 99.9% of new mobile threat detections target the Android platform.
The key role private companies play in National Security Agency surveillance programs is detailed in a top-secret document provided to the Guardian by whistleblower Edward Snowden and published for the first time on Friday.
One slide in the undated PowerPoint presentation, published as part of the Guardian’s NSA Files: Decoded project, illustrates the number of intelligence reports being generated from data collected from the companies.
In the five weeks from June 5 2010, the period covered by the document, data from Yahoo generated by far the most reports, followed by Microsoft and then Google.
Between them, the three companies accounted for more than 2,000 reports in that period – all but a tiny fraction of the total produced under one of the NSA’s main foreign intelligence authorities, the Fisa Amendents Act (FAA).
It is unclear how the information in the NSA slide relates to the companies’ own transparency reports, which document the number of requests for information received from authorities around the world.
Yahoo, Microsoft and Google deny they co-operate voluntarily with the intelligence agencies, and say they hand over data only after being forced to do so when served with warrants. The NSA told the Guardian that the companies’ co-operation was “legally compelled”.
Canada-based telecom Nortel went bankrupt in 2009 and sold its biggest asset—a portfolio of more than 6,000 patents covering 4G wireless innovations and a range of technologies—at an auction in 2011.
Google bid for the patents, but it didn’t get them. Instead, the patents went to a group of competitors—Microsoft, Apple, RIM, Ericsson, and Sony—operating under the name “Rockstar Bidco.” The companies together bid the shocking sum of $4.5 billion.
Patent insiders knew that the Nortel portfolio was the patent equivalent of a nuclear stockpile: dangerous in the wrong hands, and a bit scary even if held by a “responsible” party.
This afternoon, that stockpile was finally used for what pretty much everyone suspected it would be used for—launching an all-out patent attack on Google and Android. The smartphone patent wars have been underway for a few years now, and the eight lawsuits filed in federal court today by Rockstar Consortium mean that the conflict just hit DEFCON 1.
Google probably knew this was coming. When it lost out in the Nortel auction, the company’s top lawyer, David Drummond, complained that the Microsoft-Apple patent alliance was part of a “hostile, organized campaign against Android.” Google’s failure to get patents in the Nortel auction was seen as one of the driving factors in its $12.5 billion purchase of Motorola in 2011.
Rockstar, meanwhile, was pretty unapologetic about embracing the “patent troll” business model. Most trolls, of course, aren’t holding thousands of patents from a seminal technology company. When the company was profiled by Wired last year, about 25 of its 32 employees were former Nortel employees.
The suits filed today are against Google and seven companies that make Android smartphones: Asustek, HTC, Huawei, LG Electronics, Pantech, Samsung, and ZTE. The case was filed in the Eastern District of Texas, long considered a district friendly to patent plaintiffs.
One of those analyses showed that when a human was behind the wheel, Google’s cars accelerated and braked significantly more sharply than they did when piloting themselves. Another showed that the cars’ software was much better at maintaining a safe distance from the vehicle ahead than the human drivers were.
“We’re spending less time in near-collision states,” said Urmson. “Our car is driving more smoothly and more safely than our trained professional drivers.”
Who watches the watchers?
Google has a plan. Eventually it wants to get into your brain. “When you think about something and don’t really know much about it, you will automatically get information,” Google CEO Larry Page said in Steven Levy’s book, “In the Plex: How Google Thinks, Works and Shapes Our Lives.” “Eventually you’ll have an implant, where if you think about a fact, it will just tell you the answer.”
Don’t worry, we’re only scanning your brains to check for pedophiles. Protect the children.
The National Security Agency paid millions of dollars to cover the costs of major internet companies involved in the Prism surveillance program after a court ruled that some of the agency’s activities were unconstitutional, according to top-secret material passed to the Guardian.
The technology companies, which the NSA says includes Google, Yahoo, Microsoft and Facebook, incurred the costs to meet new certification demands in the wake of the ruling from the Foreign Intelligence Surveillance (Fisa) court.
And in the article, you can find Google basically admitting as much:
Google did not answer any of the specific questions put to it, and provided only a general statement denying it had joined Prism or any other surveillance program. It added: “We await the US government’s response to our petition to publish more national security request data, which will show that our compliance with American national security laws falls far short of the wild claims still being made in the press today.”
Falling short of “wild claims” is very easy…
Google patents ‘pay-per-gaze’ eye-tracking that could measure emotional response to real-world ads
Advertisers spend heaps of cash on branding, bannering, and product-placing. But does anyone really look at those ads? Google could be betting that advertisers will pay to know whether consumers are actually looking at their billboards, magazine spreads, and online ads. The company was just granted a patent for “pay-per-gaze” advertising, which would employ a Google Glass-like eye sensor in order to identify when consumers are looking at advertisements in the real world and online.
Jim O’Donnell was at a library conference in Singapore when his Ipad’s Google Play app asked him to update it. This was the app through which he had bought 30 to 40 ebooks, and after the app had updated, it started to re-download them. However, Singapore is not one of the countries where the Google Play bookstore is active, so it stopped downloading and told him he was no longer entitled to his books.
It’s an odd confluence of travel, updates, and location-checking, but it points out just how totally, irretrievably broken the idea of DRM and region-controls for ebooks is.
You can all relax now. The near-unprecedented outage that seemingly affected all of Google’s services for a brief time on Friday is over.
The event began at approximately 4:37pm Pacific Time and lasted between one and five minutes, according to the Google Apps Dashboard. All of the Google Apps services reported being back online by 4:48pm.
The incident apparently blacked out every service Mountain View has to offer simultaneously, from Google Search to Gmail, YouTube, Google Drive, and beyond.
Big deal, right? Everyone has technical difficulties every once in a while. It goes with the territory.
But then, not everyone is Google. According to web analytics firm GoSquared, worldwide internet traffic dipped by a stunning 40 per cent during the brief minutes that the Chocolate Factory’s services were offline.
When was the last time you emailed yourself something from work? Or had a private moment over chat, the kind you’d like to keep just to yourself? If you’re like most of us the answer is “relatively recently.” According to Google, however, that’s just too bad. All of that information, from your confidential memos to your love letters, is now fair game.
You see, in a recent filing in federal court, the Internet giant announced that no one should expect privacy when sending messages to or from a Gmail account.
“Just as a sender of a letter to a business colleague cannot be surprised that the recipient’s assistant opens the letter,” Google wrote in a brief to the court, “people who use web-based email today cannot be surprised if their communications are processed by the recipient’s ECS provider in the course of delivery. Indeed, ‘a person has no legitimate expectation of privacy in information he voluntarily turns over to third parties.’”
A U.S. trade panel on Friday ruled that South Korea’s Samsung Electronics Co Ltd infringes on portions of two Apple Inc patents on digital mobile devices, a decision likely to inflame passions in the long-running dispute.
The U.S. International Trade Commission issued a limited exclusion order and a cease-and-desist order prohibiting Samsung from importing, selling and distributing devices in the United States that infringe certain claims on the patents.
And now we wait for Obama to veto this one as well…
Snowden, who told me today that he found Lavabit’s stand “inspiring”, added:
“Ladar Levison and his team suspended the operations of their 10 year old business rather than violate the Constitutional rights of their roughly 400,000 users. The President, Congress, and the Courts have forgotten that the costs of bad policy are always borne by ordinary citizens, and it is our job to remind them that there are limits to what we will pay.
“America cannot succeed as a country where individuals like Mr. Levison have to relocate their businesses abroad to be successful. Employees and leaders at Google, Facebook, Microsoft, Yahoo, Apple, and the rest of our internet titans must ask themselves why they aren’t fighting for our interests the same way small businesses are. The defense they have offered to this point is that they were compelled by laws they do not agree with, but one day of downtime for the coalition of their services could achieve what a hundred Lavabits could not.
“When Congress returns to session in September, let us take note of whether the internet industry’s statements and lobbyists – which were invisible in the lead-up to the Conyers-Amash vote – emerge on the side of the Free Internet or the NSA and its Intelligence Committees in Congress.”
U.S. President Barack Obama met with the CEOs of Apple Inc, AT&T Inc as well as other technology and privacy representatives on Thursday to discuss government surveillance in the wake of revelations about the programs, the White House confirmed on Friday.
Google Inc computer scientist Vint Cerf and civil liberties leaders also participated in the meeting, along with Apple’s Tim Cook and AT&T’s Randall Stephenson, the White House said in confirming a report by Politico, which broke the news of the meeting.
“The meeting was part of the ongoing dialogue the president has called for on how to respect privacy while protecting national security in a digital era,” a White House official said.
The session was not included on Obama’s daily public schedule for Thursday.
The FBI develops some hacking tools internally and purchases others from the private sector. With such technology, the bureau can remotely activate the microphones in phones running Google Inc.’s Android software to record conversations, one former U.S. official said. It can do the same to microphones in laptops without the user knowing, the person said. Google declined to comment.
In a dramatic about-face on a key internet issue yesterday, Google told the FCC that the network neutrality rules Google once championed don’t give citizens the right to run servers on their home broadband connections, and that the Google Fiber network is perfectly within its rights to prohibit customers from attaching the legal devices of their choice to its network.
At issue is Google Fiber’s Terms of Service, which contains a broad prohibition against customers attaching “servers” to its ultrafast 1 Gbps network in Kansas City.
Google wants to ban the use of servers because it plans to offer a business class offering in the future. A potential customer, Douglas McClendon, filed a complaint against the policy in 2012 with the FCC, which eventually ordered Google to explain its reasoning by July 29.
In its response, Google defended its sweeping ban by citing the very ISPs it opposed through the years-long fight for rules that require broadband providers to treat all packets equally.
“Google Fiber’s server policy is consistent with policies of many major providers in the industry,” Google Fiber lawyer Darah Smith Franklin wrote, going on to quote AT&T, Comcast and Verizon’s anti-server policies.
Google, which prides itself on building a “better web that is better for the environment”, is hosting a fundraiser for the most notorious climate change denier in Congress, it has emerged.
The lunch, at the company’s Washington office, will benefit the Oklahoma Republican Jim Inhofe, who has made a career of dismissing climate change as a “hoax” on the Senate floor.
Proceeds of the 11 July lunch, priced at $250 to $2,500, will also go to the national Republican Senatorial Committee.
It’s the second show of support from Google for the anti-climate cause in recent weeks.
Copycats just can’t help themselves. It’s an addiction to want to be so much like their competitor that they’ll do anything to blur the lines between their competing products. They’ll resort to ripping off their competitors whenever possible and/or just repeat the lie loud enough that they’re the inventor of something – just to give the public the distinct impression that it’s actually theirs. Recently Google has tried to mimic the MacBook Pro with Retina to blur the lines and now they’re thinking of adding presence technology to their Chromebook Pixel. The problem is that they just ripped off one of Apple’s granted patent figures to an embarrassing point that you have to see for yourself. I appreciate Google for their efforts on Google Glass and other projects – but let’s get real here. Sometimes copying is like getting a pie in your face. You just look stupid. Even Google could do better than that.
When you buy an iPhone, it works exactly as Apple intended; it’s never adulterated by “features” that the company didn’t approve. But when you buy an Android phone, even a really great one, you’re not getting the device that Google’s designers had in mind when they created the OS. You’re not even getting the device that the phone manufacturer—Samsung and HTC, in this case—had in mind. Instead you’re getting a bastardized version, a phone replete with software that has been altered by many players along the way, usually in a clumsy, money-grubbing fashion.
I noticed this immediately when I first turned on the Sprint-powered HTC One and Galaxy S4. When you run an iPhone for the first time, you’ve go through just a handful of steps to get up and running: choose a language, add a Wi-Fi network, and log in to your Apple account. The same is true of the Google editions of the One and S4—just a few prompts and you’re good to go. But not the carrier versions. I had to sit through more than half a dozen screens. I was pushed to sign in to several social-networking accounts. I had to create accounts with HTC or Samsung’s own services. Then, when I thought I was at last ready to start using my phone, another prompt came on the screen to let me know that Sprint was installing some software of its own. After another five minutes, my phone was finally ready to use—but when I browsed through the menus, there was a whole bunch of software that I didn’t need, including apps for Yahoo, Amazon, the NBA, a Sprint app for watching TV, and a White Pages app. Why these apps specifically? Not because Sprint believes that you’ll find them really helpful, but instead because it received a promotional fee. Congratulations on your new phone—now look at all the ads.
You might not consider these preloaded apps such a big deal. We’re all used to getting crapware on new PCs; this is the same story, just on phones, and it’s not such a big hassle to delete everything you don’t need. But you shouldn’t have to delete stuff just to get your phone looking like you want it. Plus, I suspect that many users probably don’t even know how to delete these apps, so they just sit there, clogging up the home screen.
The worst thing about Android phones isn’t the crapware, though. It’s the “skins”—the modifications that phone companies make to Android’s most basic features, including the dialing app, contacts, email, the calendar, the notification system, and the layout of the home screen. If you get the Play edition of these phones, you’ll see Google’s version of each of these apps, and you’ll come away impressed by Google’s tasteful, restrained, utilitarian design sense. But if, like most people, you get your phone for $199 from a carrier, you’ll find everything in it is a frightful mess.
Today, Yahoo’s General Counsel posted a carefully worded denial regarding the company’s alleged participation in the NSA PRISM program. To the casual observer, it might seem like a categorical denial. I do not believe that Yahoo’s denial is as straightforward as it seems.
If it had, even if I couldn’t talk about it, in all likelihood I would no longer be working at Google: the fact that we do stand up for individual users’ privacy and protection, for their right to have a personal life which is not ever shared with other people without their consent, even when governments come knocking at our door with guns, is one of the two most important reasons that I am at this company: the other being a chance to build systems which fundamentally change and improve the lives of billions of people by turning the abstract power of computing into something which amplifies and expands their individual, mental life.
Strong statement. And here’s Google’s chief legal officer, David Drummond:
We cannot say this more clearly — the government does not have access to Google servers—not directly, or via a back door, or a so-called drop box. Nor have we received blanket orders of the kind being discussed in the media.
The early reviews of Google Fiber are in from Kansas City and one of the most attractive features of the service seems to be how it makes Netflix irresistible. The buffering annoyances that consumers take for granted vanish as Google Fiber feeds movies and shows instantly to eager Silicon Prairie dwellers. What’s more, the recently launched Google Fiber TV app offers video on demand for iPad. This direction is fascinating because of the hottest trend in US consumer behavior: broadcast television audience collapse.
TV show audiences have been falling for a long time, but recently the decline has turned into a plunge. According to Goldman Sachs, ratings in the 18-49 year demo dropped by a hideous 17% last winter, the steepest drop ever. “American Idol” is losing nearly 25% of its audience in a year. Most of the big new shows have been disasters and old staples like “Survivor” and “Dancing with Stars” are in free fall.
Everyone has long known that the broadcast dinosaurs are in trouble but it is only now becoming clear just how rapidly they are losing their grip on consumers in the United States. This coincides with rapid growth of time spent on mobile apps: American iPhone owners now waste two hours per day on apps and annualized growth of daily engagement still tops 30%. But it also opens up completely new vistas for Netflix, Amazon, Google and Apple when it comes to video distribution.
The evidence has been clear for a while that Apple (AAPL) is no longer the singular dominant force in mobile. But the alarm bells have grown shriller. Supplier results suggest “lackluster iPhone demand.” Anonymous supply chain sources say that iPad mini unit sales could drop 20 percent to 30 percent this quarter, compared with the same period last year.
Those last words are telling. The Mini was not for sale the same period last year. So 20 to 30 percent less that last year is simply impossible.
What is it about Apple that make reporters insist on creating bad news? Fucking idiots.
Twitter made their new music service official this morning with an announcement and then release on…iOS. As you can tell, and should be no surprise if you look at Vine, Twitter still doesn’t realize that Android is just as, if not more important than iOS in the mobile game these days.
No, actually it isn’t. Let me tell you again what app developers see: on iOS you see about 10 times the sales/download numbers compared to Android. Twitter knows exactly what it is doing. Unit sales are irrelevant.
Google, which relies on advertising for some 95 percent of its revenue, doesn’t want ads on its hotly anticipated Google Glass eyewear.
The blanket prohibition came in the fine print of a policy made public this evening, which says “Glassware” developers may not “serve or include any advertisements” and they “may not charge” users to download apps for the device.
So there’s no money either way for developers. Tell me again why I should bother ever developing for Glass?