Vulnerabilities in Chrome !
Researcher Le Duc Anh from the Security Vulnerability Research Team (SVRT) of the Vietnamese company Bach Khoa Internetwork Security (BKIS), has discovered a critical buffer-overflow vulnerability in Google Chrome. The vulnerability was patched in version 0.2.149.29.
Almost a week ago, Google launched the first public beta build of its new browser platform called Chrome and the security researchers didn’t miss the chance at poking around to find its flaws and vulnerabilities. First, security researcher Aviv Raff noticed that Google Chrome uses an older vulnerable version of the Apple WebKit and released a proof-of-concept exploit to demonstrate how a user could be tricked into downloading and running a JAR executable file without any warning. Not long after, another security guru, Rishi Narang posted a simple, yet efficient way to crash Chrome with all tabs by using the “evil” % sign in a URL address.
The vulnerability discovered by SVRT-BKIS might be the most critical yet. According to the information they provided, due to a boundary error when using the “SaveAs” function in Chrome, an attacker could remotely execute arbitrary code on the system. Upon encountering a page that has a very long HTML tag, a stack-based buffer overflow occurs in the program. In order to exploit this, an attacker can create such a page containing malicious code and then trick the user into downloading it for offline use.
The team has provided proof-of-concept exploits that will either run the calc.exe program found on Windows computers or crash the browser entirely. The vulnerability was discovered in version 0.2.149.27 and their report suggests that they have notified Google in advance – “We have submitted this Vulnerability to Google. They confirmed and assign a verifier for build 0.2.149.28.” Ryan Naraine, security evangelist at Kaspersky Labs, reported on his blog that Google confirmed this. “We became aware of this vulnerability last night and began working on a fix immediately. We expect to release the fix soon through an automated update to the browser, so users will not have to take any action to be protected. As always, Google asks researchers to practice responsible disclosure, so potential vulnerabilities can be evaluated and fixed before they become public and before users are subjected to unnecessary risk. Security bugs for Google Chrome can be filed at code.google.com/p/chromium,“ said the reply from Google’s PR team.
The vulnerability was patched in release 0.2.149.29 which can be obtained either from the Google Chrome website or through the browser’s auto-update function.
–Source: softpedia
Making money from Blogging [A look at Blogworld Expo]
The advertising slogan says that what happens in Vegas stays in Vegas. But at Blogworld Expo it was more likely to appear online, either written up on a website, as a photo on image sharing sites such as Flickr, or as a video clip uploaded to YouTube.
Blogging has continued to grow in the last few years, and organiser of the Expo, Rick Calvert, was delighted at the diversity of those attending.
“Look at the topics that people here are covering – sports, politics, religion, technology, finance and military bloggers to name just a few. We have had attendees flying in from around the world, but the one thing that links them all is their passion for this new media.”
It is the connections between these groups, and the spirit of sharing that was on show both at the conference and online every day, that drives the rich and diverse modern internet.
Both the individual blogger and the larger media companies are looking for ways to make the business of blogging profitable.
One of the rules of thumb that came up on the panel discussions at BlogWorld was that there is still the same amount of advertising money out there, but rather than be restricted to a few media conglomerates, it is being shared out a lot more.
Sharing culture
Larger companies are seeing advertising revenue drop, while bloggers are seeing their incomes rise.
What seems to be working well at the moment for the full-time bloggers at the Expo is affiliate marketing.
Rather than being paid to display an advert on their site, affiliate marketing only pays the blogger when their reader acts on the displayed advert.
This could be as simple a goal as clicking on the advert, through to receiving a percentage of any item the reader buys via an advert.
Amazon offers a large affiliate program, where people can receive up to 15% of the sale price of an item as commission by referring their readers to the site.
How well these techniques would translate to the larger sites of traditional media companies remains to be seen, but there are a number of profitable new media companies, such as b5media, that not only show that it can be done, but are actively sharing how they have achieved their success and are more than happy to help others to do the same.
This culture of sharing that runs through the blogging scene is one reason that this new medium is such a breath of fresh air to many.
Social experience
The idea of small connections building up to create something of value was illustrated by Laura Fitton, of Pistachio Consulting.
Explaining her first moments on Twitter (a micro-blogging service where people can post messages that are a maximum of 140 characters in length), she saw the initial view that presented the messages of everyone on the site – a rather overwhelming moment that caused her, and others, to come away with a poor first impression.
But once she started to tell Twitter who her friends were, and those people she wanted to follow that were in her field of expertise, then Twitter became a much more social experience with conversations between old and new friends, and it became much more useful to her.
In a short space of time, she started a new business helping companies make the best use of services like Twitter to build up their own online connections.
Making these connections is one of the hidden secrets of the internet.
Relevant media
With more sites out there providing rich media on pretty much any topic, building this web of connections can take time.
Europe-based start-up Zemanta had one of the more impressive software demonstrations at the expo.
Their code, which can be plugged into the popular blogging system WordPress, will automatically seek out relevant media to any post that you are writing on sites such as Twitter, Facebook, and many others.
These links are then posted on your site alongside each story, making your posts part of the ongoing and continuing conversations.
Blogging is still a nascent industry but on the strength of the BlogWorld Expo, the pioneers have put down not only a strong groundwork for those that are following them, but have also put in place a rich ecosystem that rewards openness and sharing.
There may be a wide choice of tools, all being used by disparate groups with distinct aims, but the result is the same.
Blogs help people around the world to communicate their interests and passion with others and allows people to find this information with ease.
The early years of blogging are coming to a close, and while they have been very successful, the feeling from the BlogWorld Expo is that blogging is going to continue to grow and mature into a powerful communications channel for everyone.
–Source BBC News
Android !
Android is the creation of Andy Rubin, Google’s director of mobile platforms.
Android developer Andy Rubin
“What Android enables for third party developers is the kind of programming we see on the internet,” he says.
“What it enables is agility and rapid innovation and the same kind of innovation that happens on the internet.”
Mr Rubin says that by opening up the phones – from the operating system, released under open source, to the drivers and the application framework – developers will have more freedom to innovate, and more scope also.
But if you talk to Symbian and Microsoft, two companies that also build mobile operating systems, both claim to be open also.
Mr Rubin says: “There’s a distinction we have to make – and it’s an important one – between open source and open APIs (Application Programming Interfaces).
“APIs are essentially documentation, they’re the way that somebody like Symbian or Microsoft will allow third party developers to develop for their platform.
“Open source is a mechanism by which the source code of the operating system is actually for free and that way the carriers and OEMs are not really locked into a single vendor, nobody really owns this.
“It means they are free to take it into the direction that’s important to them; they can fix bugs, add enhancements so in the end the consumer has a better experience.”
Mr Rubin believes this will lead to greater variety of mobile experiences – driven not by the rules and regulations of an operating system but by the ideas of developers.
In essence, it could lead to greater variety of phones and of what those phones are capable.
Google has formed the Open Handset Alliance, with manufacturing partners like HTC and chip designers like ARM.
This is not Mr Rubin’s first foray into overturning the “natural order” of things.
A former roboticist and Apple engineer, he created Web TV, and the device which led to the pioneering Sidekick handset.
“One of my passions throughout my whole career is consumer products; making things my mom would use.
“That need wasn’t satisfied doing robotics. that was behind the scenes factory stuff.”
So what does he make of Apple’s first phone to the market?
“It’s a great 1.0 product; I use one.
“Apple has that great balance of being both a hardware and software firms so they have a lot of flexibility.
“One of the things that is a challenge for them is having an incredible footprint worldwide – there are different types of communications standards, regulatory issues, and different language issues.
“I’m hoping that doesn’t limit them.”
With about three billion people using mobile phones worldwide and the number of devices that can access the net climbing rapidly, the future of the web is definitely mobile. And with no one company dominating the mobile arena as yet, the race is very much on.
New prime number having 13 million digits found !
Mathematicians in California could be in line for a $100,000 prize (£54,000) for finding a new prime number which has 13 million digits.
Prime numbers can be divided only by themselves and one.
The prize was set up by the Electronic Frontier Foundation to promote co-operative computing on the Internet.
The team from the University of California at Los Angeles (UCLA) found the new number by linking 75 computers and harnessing their unused power.
This enabled them to perform the enormous number of calculations needed to find and verify a new prime.
Thousands of people around the world linked the powers of their personal computers in the search for a higher “Mersenne” prime number – named after 17th-Century French mathematician Marin Mersenne.
Mersenne primes are expressed as two to the power of P, minus one – with P being itself a prime number.
Edson Smith, the leader of the winning UCLA team, told the Associated Press news agency: “We’re delighted. Now we’re looking for the next one, despite the odds.”
–Source : BBC News
“Third” Google Founder ?
Just as Google is celebrating its 10th anniversary, a man claiming to be the “third” founder of Google has come out to stake his claim to history. The man calling himself Hubert Chang claims that as an NYU Ph.D student in 1997 he was introduced to Google founders Larry Page and Sergey Brin by Stanford professor Rajeev Motwani. He then helped the two come up with PageRank (the underlying algorithm that powers Google’s search engine), the name Google, and even the business plan.
So why wasn’t his name on the original PageRank paper? Because, he says, he decided to pursue his Ph.D instead. Then when he did finish his Ph.D n 2002 and contacted Google, he got the big brush off from Larry and Sergey’s handlers.
