Black Hat presenters [Robert “RSnake” Hansen], CEO of SecTheory, and [Tom Stracener], security analyst at Cenzic, criticized Google in their presentation “Xploiting Google Gadgets”. [Hansen] and [Stracener] say that there’s currently no way for Google to confirm whether Google Gadget creations contain malicious content or not; this leaves the application vulnerable to a wide range of hacking ugliness such as data poisoning, worms, and theft of data. [Hansen] himself isn’t exactly on the friendliest terms with Google. He’s got a bit of a contentious history and he claims that Google has threatened legal action against him. Nevertheless, if what was presented is true and accurate, then Google has a huge security issue that needs to be addressed sooner rather than later. Google has not yet commented on the situation.
google173 Articles
Exposing Poorly Redacted PDFs
Privacy watchdog group, National Legal and Policy Center has released a PDF detailing Google founder Larry Page’s home (dowload PDF here). They used Google’s Maps and Street View to assemble all of the information. Google is currently involved in a lawsuit resulting from a Street View vehicle traveling and documenting a private road. This PDF was released in response to Google stating that “complete privacy does not exist”.
For some reason the PDF is redacted with black boxes. We threw together a simple screencast (click through for HiDef) to show how to easily bypass the boxes using free tools. You can simply cut and paste the hidden text and images can be copied as well-no need to break out Illustrator. This sort of redaction may seem trivial, but the US military has fallen victim to it in the past.
Lively, Google’s Stab At Second Life
Google has just released their own avatar based social arena a la Second Life, which is called Lively. It will require a client download and install like the popular MUD, but after that it can be accessed via IE and Firefox.
Lively allows user to create their own online spaces that can include natural or human-built settings and customize their avatars (which are relatively cartoonish in comparison to SL avatars). Google’s engineering manager for Lively [Niniane Wang] explains that they wanted to create a more socially rich environment than was possible with emotes and other chatroom features.
Lively’s core functions are not particularly novel, but it does innovate with various web integration features. Videos and images from the internet are viewable from within Lively, and users can embed their own personal Lively areas into their blogs or websites (hello VRML).
Lively is not nearly as expansive as Second Life yet, with no form of currency included and only stock items, clothes, avatars, and geometry to choose from. What’s more, it is only available for Windows XP and Vista, with no other OS support announced. We can see this getting better in the future, but those of you who’s lives are so great that you need a second one (or a third) will probably want to jump on this now.
Detecting ISP Throttling
ISPs have recently become very aggressive towards their customers. They’ve been blocking or altering traffic to prevent you from using specific programs or protocols. Google’s Senior Policy Director recently stated that they’re developing tools to allow people to detect ISP interference. A couple other groups have been building tools as well: The Network Neutrality Squad just released the second beta of their Network Measurement Agent. The tool currently detects spoofed packets by monitoring the round trip time of the connection; early reset packets will have lower than average RTT. If you want to go more in depth, the EFF has published a guide for using Wireshark to do the detection. We’ve even heard rumors of people building tools to tunnel a session inside of one that looks completely different.
[photo: nrkbeta]
Google Android Application Challenge Winners
The Google Android team recently launched a challenge to encourage development for their new cellphone based platform. Part of the first phase was to narrow down the 1,788 submissions to the best 50 application ideas. They’ve posted the complete list of winners on their website and put together a little slide show(PDF) as well. As part of the challenge some $10,000,000 is up for grabs from Google.
We browsed through the list and found a lot of social this and family that; nothing overly exciting honestly. There were a few interesting application ideas in there though:
- BioWallet – Biometric authentication system that uses iris identification.
- Talkplay – Video and voice message system, see and talk to your friends while on the go.
- Writing Pad – A unique way to enter text into your phone where common words are replaced by simple strokes.
The Android platform will probably cause the largest adoption of Linux based cellphones yet. We can’t wait to see what the homebrew community does with the platform and so much development for an unlaunched phone is amazing. Apple seems to go out of their way to lock us out, where this platform couldn’t be more open. With 3G support, WiFi, SQlite, Virtual Machines, GPS and much more what’s not to like.
Have any of you experimented with the Android SDK?
[via LinuxDevices]
