Sep 19
Sep 08
Bach Khoa Internetwork Security, a security-research firm in Vietnam, claims to be the first to discover a critical vulnerability in Google’s Chrome browser.
“This is the first critical Chrome vulnerability permitting [a] hacker to perform a remote code-execution attack and take complete control of the affected system,” the firm wrote in its Sept. 5 advisory. While four Chrome vulnerabilities were discovered, Bach Khoa said the “Save As” flaw is the only one that can allow an attacker to launch remote attacks from a victim’s PC. Other vulnerabilities just crash the browser.
The vulnerability is caused by a boundary error when handling the “Save As” function. When a user saves a malicious page with a title tag in the HTML code, the program causes a stack-based overflow, according to Bach Khoa. A hacker could construct a specially crafted Web page that contains malicious code, trick a user into visiting that Web site, and convince the user to save the page. That will execute the code and give the attacker privileges to remotely use the infected system.
Google reportedly has issued a patch for the browser, which can be found by telling Chrome to search for an update.
Zeroing in on Chrome
No one should really be surprised by the news of flaws in Chrome, according to Graham Cluley, a senior security consultant at Sophos. Any Google software release is likely to attract a lot of attention from security researchers, he said, all keen to discover if a problem can be found amid all the hoopla of a new product launch.
“The good news is that all the signs are that Google’s security team is aware of the importance of securing their applications — be they on Internet users’ hard disks or on the Web — and appears to work hard to respond rapidly to threats as they emerge. This is always harder, of course, if flaws are not disclosed responsibly,” Cluley said.
What’s important is for people to realize that Chrome is still a beta product, Cluley said. Indeed, Google Chrome isn’t even version 1.0. Although many will be curious as to what a Google browser might look like and how it might perform, he noted, it would be foolish to put full confidence in a brand-new browser without properly testing it.
“And as it’s a beta, it would be wrong of us to beat Google up too much for shipping a product which has vulnerabilities,” Cluley argued. “The problem is that the general public perhaps doesn’t understand the difference between a beta and a finished, shipping product.”
Expect More Vulnerabilities
As Cluley sees it, millions of people will be trying out Chrome either through curiosity or because they are genuinely looking for an alternative to market leaders Internet Explorer or Firefox.
“You can imagine how that could cause a headache for an IT department trying to do a good job of supporting users throughout the enterprise,” he said. “For that reason, we expect to see companies tightening policies as to which browsers are allowed to be used inside the company, and using technology to control applications.”
With Google now emerging as a player in the browser market, Cluley predicted more vulnerabilities and flaws will emerge in the future. As with other browsers, he noted, it will be important for Chrome users to keep their systems up to date with the latest security patches and updates.
Sep 08
The cost of taking fibre-based broadband to every UK home could top £28.8bn, says a report.
Compiled by the government’s broadband advisory group, the report details the cost of the different ways to wire the UK for next generation broadband.
Another option, to take the fibres to street-level boxes, would only cost £5.1bn, it said.
Big differences in the cost of updating urban and rural net access will pose difficult choices, says the report.
High costs
In a statement Antony Walker, chief executive of the Broadband Stakeholder Group which drew up the report, said: “The scale of the costs involved means that the transition to superfast broadband will be challenging.”
“We hope that this report will help to ensure an informed public debate on the key policy and regulatory decisions that lie ahead,” he said.
 |
 …and the faster the broadband we choose, the biger the gap between town and country is likely to be. 
|
he BSG report looks at the three most likely options for using fibre to boost the speed of the UK’s broadband networks.
The cheapest option, at £5.1bn, is to take fibre only to the familiar street-level cabinets that act as a connection point between homes and exchanges. Beyond the cabinet to the home existing copper cables would be used. The BSG estimates that this system would permit speeds of 30-100 Megabits per second (Mbps).
The other two options involve taking fibre to homes via a shared or dedicated cable.
The BSG puts a £25.5bn price tag on the shared option which would see a small number of homes sharing the 2.5 Gigabits per second capacity of each line.
Giving every home or business its own dedicated cable is the most expensive option, said the BSG, and could cost up to £28.8bn. But it would mean each home would get up to 1Gbps.
But, warned the report, even these relatively simple choices conceal stark differences in the cost of taking fibre to different parts of the country.
For instance, it said that the high price of the cheapest option for fibre is already far higher than the amount telecoms firms have already spent cabling up the UK.
Also, it noted, taking fibre to homes in rural areas costs disproportionate amounts of money - essentially the more isolated a home the more it costs to take fibre to it.
The BSG estimates that getting fibre to the cabinets near the first 58% of households could cost about £1.9bn. The next 26% would cost about £1.4bn and the final 16% would cost £1.8bn.
The disparity in costs meant the UK faced some tough choices, said Mr Walker.
However, he added, enthusiasm for the take-up of broadband could make taking it to rural areas more palatable for telecoms firms.
“If operators could achieve a higher level of take-up in rural areas than we have predicted in our study, then the business case for deployment in those areas could improve significantly”, said Mr Walker.
Sep 02
Google Chrome Screenshots
Google announced their browser Google Chrome to be available on Tuesday, but their download page and tour was already partly available at gears.google.com/chrome/ just now, as Uval in the forum noticed. While the download itself didn’t work when I tried, I was able to extract some screenshots, from the frontpage but also the YouTube videos. And while the product tour videos themselves seemed to require a special group membership at YouTube, the video still previews are public and you can paste the video identifier into a URL like this one to see more high quality stills.
The service’s logo.
Screenshots of Google Chrome from the service’s frontpage.
The auto-completion of the so-called “omnibox” address bar.
The homepage showing 9 thumbnailed pages to access, along with more pointers in the side-bar, to appear “[e]very time you open a new tab”, as Google says.
This screenshot shows Google Calendar and a dialog reading “Create shortcuts in the following locations”, listing Desktop, Start Menu and Quick Launch Bar.
Zooming in on the browser tabs.
The Google Chrome task manager, e.g. to monitor if certain sites cause memory problems.
A screen showing the “Google incognito” mode for allegedly more private browsing.
Another auto-completion example.
A star near the address input bar lets you bookmark a page, apparently.
A look into the settings menu.
Google in their tour says with Chrome “you see your download’s status at the bottom of your current window.”
On a related note, I asked Scott McCloud – creator of the comic book introducing Google Chrome – some questions. Scott now put up a mini-FAQ on his site. He says he’d been working on the comic off and on “from March through August.” On the question of who came up with the visualizations, he says there was some “rough whiteboard sketching during the interviews” but that most were his though. Asked about how many of these comics were printed, Scott says it was just a limited run, and that he didn’t sign any yet. He adds this project was “a big challenge” considering he had “never done such a thing before.”
Sep 02
- Google Chrome is Google’s open source browser project. As rumored before under the name of “Google Browser”, this will be based on the existing rendering engine Webkit. Furthermore, it will include Google’s Gears project.
- The browser will include a JavaScript Virtual Machine called V8, built from scratch by a team in Denmark, and open-sourced as well so other browsers could include it. One aim of V8 was to speed up JavaScript performance in the browser, as it’s such an important component on the web today. Google also say they’re using a “multi-process design” which they say means “a bit more memory up front” but over time also “less memory bloat.” When web pages or plug-ins do use a lot of memory, you can spot them in Chrome’s task manager, “placing blame where blame belongs.”
- Google Chrome will use special tabs. Instead of traditional tabs like those seen in Firefox, Chrome puts the tab buttons on the upper side of the window, not below the address bar.
- The browser has an address bar with auto-completion features. Called ’omnibox’, Google says it offers search suggestions, top pages you’ve visited, pages you didn’t visit but which are popular amd more. The omnibox (“omni” is a prefix meaning “all”, as in “omniscient” – “all-knowing”) also lets you enter e.g. “digital camera” if the title of the page you visited was “Canon Digital Camera”. Additionally, the omnibox lets you search a website of which it captured the search box; you need to type the site’s name into the address bar, like “amazon”, and then hit the tab key and enter your search keywords.
- As a default homepage Chrome presents you with a kind of “speed dial” feature, similar to the one of Opera. On that page you will see your most visited webpages as 9 screenshot thumbnails. To the side, you will also see a couple of your recent searches and your recently bookmarked pages, as well as recently closed tabs.
- Chrome has a privacy mode; Google says you can create an “incognito” window “and nothing that occurs in that window is ever logged on your computer.” The latest version of Internet Explorer calls this InPrivate. Google’s use-case for when you might want to use the “incognito” feature is e.g. to keep a surprise gift a secret. As far as Microsoft’s InPrivate mode is concerned, people also speculated it was a “porn mode.”
- Web apps can be launched in their own browser window without address bar and toolbar. Mozilla has a project called Prism that aims to do similar (though doing so may train users into accepting non-URL windows as safe or into ignoring the URL, which could increase the effectiveness of phishing attacks).
- To fight malware and phishing attempts, Chrome is constantly downloading lists of harmful sites. Google also promises that whatever runs in a tab is sandboxed so that it won’t affect your machine and can be safely closed. Plugins the user installed may escape this security model, Google admits.
This looks like a very interesting project, and I think it can’t hurt to have more competition in the browser area. Google is playing this as nicely as possible by open-sourcing things, with perhaps part of the reason to try to defend against monopoly accusations – after all, Google already owns a lot of what’s happening inside the browser, and some may feel owning a browser too could be a little too much power for a single company (Google could, for instance, release browser features that benefit their sites more than most other sites… as can Microsoft with Internet Explorer). For now, until Chrome is released in a testable version, how much of the speed, stability and user interface promises will be fullfilled – and how much of the interface you’ll be able to configure in case you don’t like it – remains to be seen.
Aug 25
Are you on Orkut? It’s a simple question. And one that’s asked a zillion times a day across India.
Yet only five years ago, being confronted with such hip lingo would have left you puzzled. Skip to 2008.
Not knowing what Orkut is would lead your peers today to think you’ve landed from Mars. Social networking sites are an essential part of our lives.
A glance at the subject line of my inbox reveals “Manoj Kumar has sent you a Hi5 friend request” and “Orkut invitation to join from Nitin Yadav”. Every day we receive invites and requests from the latest cool-sounding site wanting our membership: Facebook, MySpace, Friendster, Bebo (does Kareena Kapoor have a side line?).
What exactly is social networking anyway? The phrase is suitably ambiguous. Has anyone figured out the purpose of networking socially? Is it to keep in touch with our current friend circle? Find old friends? Find new friends? Or something else? Orkut, seemingly the most popular social networking site in India, seems to be populated by 18-30somethings.
Many of its members seem to be male and - no big surprise here - lots of them seem to be looking for sex. We seem to have discovered, if not the purpose of such sites, then the reason for their popularity.
Orkut offers over a 1,000 results if you’re seeking sex in the city. ANY FEMALE LUKIN FR SEX IN DELHI. How can you resist that capital lettered plea? Or send a message to PLAYBOY. My **** is hungry wanna sex.
The Hindi/English mix works for me in a Bollywood film title Jab We Met kind of way. But marks lost for the poor grammar.
Naughty boy. If you’re more serious about your social networking, why not become part of a community of like-minded individuals? Bored Delhiites looking for timepass, why not join the other 9,371 members on ‘Delhi Sex Booms’.
This is a community for those who love to have sex, but for some reason they never did, or those people who want more sex with different people. If that doesn’t rock your boat, how about ‘Classy Sex in Delhi’? Or my personal fave, ‘South Delhi Aunty Sex Club’.
Well, this club is for aunties who can have fun. The users intentions are quite clear, even if their spelling and grammar isn’t.
There are a multitude of sex-seekers out there. Although bizarrely, lots of them seem to look uncannily like Brad Pitt, or Hrithik Roshan.
At least that’s what their picture would suggest. So, are you on Orkut?.
Aug 25
Microsoft is planning a “privacy mode” for the next release of its Internet Explorer (IE) web browser.
By clicking a button, users of IE8 will be able to limit how much information is recorded about where they go online and what they do.
Microsoft watchers have spotted two applications covering trademarks on ways to manage the amount of information a browser logs.
When introduced the privacy mode will match features found on other browsers.
Medical test
Australian blogger Long Zheng has found two trademark applications made by Microsoft on 30 July for ideas it calls “Cleartracks” and “Inprivate”.
The applications deal with methods of erasing data that browsing programs log, turning off features that record sites visited or notifying users of what sites are doing to log a visit.
While many browsers already have menu options that let people alter security settings and clear history files it typically has to be done on a use-by-use basis.
Users may wish to turn on the privacy mode if they are planning a surprise party, buying presents or researching a medical condition and do not want others users of the same computer to find out.
Internet Explorer 8 is due to go on general release late in 2008 though early trial versions are already available.
By comparison Apple’s Safari browser already has a privacy mode and developers working for Mozilla, creators of Firefox, are reportedly working on a similar feature for future versions.
Other browsers, such as Xerobank, take a more thorough approach to privacy and try to anonymise all web use.
Aug 19
The Japanese government is investigating a possible battery defect in the iPod Nano music player.
There have been two reports of Nanos overheating in Tokyo, scorching nearby paper.
Economy, Trade and Industry ministry official Hiroyuki Yoshitsune was quoted by the Associated Press as saying the government is in touch with Apple to investigate the defect.
A problem with the lithium-ion battery was suspected, the AP wire agency said.
The report echoes an incident in March, in which the Japanese government stepped in to investigate an iPod Nano that overheated, shooting sparks.
In 2006, Apple was forced to recall some 1.8 million lithium-ion Sony-made laptop batteries that were prone to overheating.
Recent Comments