Newsletter Archives

  • How to use Google Labs to experiment with AI

    AI

    Lance Whitney

    By Lance Whitney

    Want to see how AI can work with Google Search, Docs, Gmail, and other tools? Google Labs will give you a taste.

    Google has a lot of AI projects in the works, all designed to bring or expand AI to Search, Gmail, Google Docs, and other services. For now, several of these projects are experiments that you can try out only through the company’s Google Labs service. With Google Labs, you’re able to check out AI features in Google Search, Gmail, and Google Docs. You can also play with an AI-based notebook and a musical AI that will turn your words into music. Read on to see how to access and use these different projects.

    Read the full story in our Plus Newsletter (20.34.0, 2023-08-21).

  • Beware of Google’s .ZIP domain and password-embedded URLs

    newsletter banner

    ISSUE 20.22 • 2023-05-29

    PUBLIC DEFENDER

    Brian Livingston

    By Brian Livingston

    The security community is up in arms, because Google this month started selling domain names with deceptive endings such as .zip and .mov.

    Even worse, some browsers are allowing usernames and passwords to be embedded into URLs. This means following a link can expose users to viruses without any explicit action (such as clicking “OK”).

    Internet-standards bodies years ago prohibited usernames and passwords in URLs — but hackers still do it.

    Read the full story in our Plus Newsletter (20.22.0, 2023-05-29).
    This story also appears in our public Newsletter.

  • Will the last tech worker who is fired please turn off the server

    PUBLIC DEFENDER

    Brian Livingston

    By Brian Livingston

    A wave of layoffs by the world’s largest technology companies is causing widespread fears. People are afraid that the growth spurt in online commerce that occurred during the coronavirus pandemic may be over — and opportunities for tech employment may never be the same again.

    Firings and separations are certainly ripping through the Internet at a rapid pace. But the impact of all this downsizing may not be exactly what you might expect.

    Read the full story in our Plus Newsletter (19.51.0, 2022-12-19).

  • Why is Bing worse than Google for finding Windows info?

    PUBLIC DEFENDER

    Brian Livingston

    By Brian Livingston

    Microsoft’s Bing search engine has a small but growing market share — chipping away at Google’s 90% dominance worldwide — but the Redmond software giant’s Web crawler can be surprisingly weak in showing you helpful Windows information from technology websites other than Microsoft.com.

    There are thousands of blogs and newsletters that post every possible factoid about Windows, from the fluffiest corporate press releases to obscure technical features you’ve never dreamed of.

    So what might explain the inadequacy of Redmond’s favorite search engine to deliver the Windows info users need to know?

    Read the full story in our Plus Newsletter (19.45.0, 2022-11-07).

  • Tying up loose ends

    LANGALIST

    Fred Langa

    By Fred Langa

    The last few months have been unusually busy; this column has featured several deep-dive, multi-part installments covering Windows 11, Remote Desktop, and other major topics — along with some truly excellent reader mail spawned by those topics.

    But new information keeps pouring in, especially on Windows 11. So here’s a nonstandard, “catching-up” column that fleshes out and adds to some previous topics — tying up some of the loose ends and opening some new areas to explore!

    Read the full story in our Plus Newsletter (19.14.0, 2022-04-04).

  • The first Google search result often leads to a virus

    AskWoody Plus Newsletter Logo
    ISSUE 18.39 • 2021-10-11

    PUBLIC DEFENDER

    Brian Livingston

    By Brian Livingston

    The top search result in Google is all too often a link to a website that’s been hacked to infect visitors’ devices with a virus.

    The culprit behind these infections is called “Gootloader,” a descendant of years-old malware that just keeps getting worse on Google — the only search engine that’s being targeted.

    Read the full story in the AskWoody Plus Newsletter 18.39.0 (2021-10-11).
    This story also appears in the AskWoody Free Newsletter 18.39.F (2021-10-11).

  • Web presence: Business social networking

    SMALL-BUSINESS WEBSITES

    By Will Fastie

    The major-league social networks such as Facebook and Twitter can be a big help in establishing your company’s persona on the Web — but often at a cost.

    I have an instructive tale about Facebook. The story is a bit dated, and hopefully the world’s mightiest social network has improved somewhat, but it will give you a small perspective into the intricacies of social networking — and the sorts of trouble they can pose.

    Read the full story in AskWoody Plus Newsletter 17.38.0 (2020-09-28).

  • Google comes clean on that “emergency” security patch – and shows how it was used to trigger a Windows 7 0day

    Now I understand.

    Google releases patches for its Chrome browser all the time. As @b explained about 36 hours ago, Google sent out a special alert to get Chrome updated specifically to head off a 0day attack.

    I didn’t get too excited about it because Chrome automatically updates itself quite reliably, and because the threat didn’t seem to be all that great.

    A few hours ago, Clement Lecigne of the Google Threat Analysis Group added some key details:

    On Wednesday, February 27th, we reported two 0-day vulnerabilities — previously publicly-unknown vulnerabilities — one affecting Google Chrome and another in Microsoft Windows that were being exploited together.

    To remediate the Chrome vulnerability (CVE-2019-5786), Google released an update for all Chrome platforms on March 1; this update was pushed through Chrome auto-update. We encourage users to verify that Chrome auto-update has already updated Chrome to 72.0.3626.121 or later.

    The second vulnerability was in Microsoft Windows. It is a local privilege escalation in the Windows win32k.sys kernel driver that can be used as a security sandbox escape. The vulnerability is a NULL pointer dereference in win32k!MNGetpItemFromIndexwhen NtUserMNDragOver() system call is called under specific circumstances.

    We strongly believe this vulnerability may only be exploitable on Windows 7 due to recent exploit mitigations added in newer versions of Windows. To date, we have only observed active exploitation against Windows 7 32-bit systems.

    Pursuant to Google’s vulnerability disclosure policy, when we discovered the vulnerability we reported it to Microsoft. Today, also in compliance with our policy, we are publicly disclosing its existence, because it is a serious vulnerability in Windows that we know was being actively exploited in targeted attacks. The unpatched Windows vulnerability can still be used to elevate privileges or combined with another browser vulnerability to evade security sandboxes. Microsoft have told us they are working on a fix.

    As mitigation advice for this vulnerability users should consider upgrading to Windows 10 if they are still running an older version of Windows, and to apply Windows patches from Microsoft when they become available. We will update this post when they are available.

    Google’s vulnerability disclosure policy says, to a first approximation, that it gives software manufacturers 90 days to fix a security hole, and if no fix appears, they disclose the details.

    It’ll be interesting to see how Microsoft reacts.

    UPDATE: Catalin Cimpanu has a thorough timeline on ZDNet.

  • Google shuts down Google+ network

    Google’s just now confirming that an API bug might’ve exposed private profile data for 500,000 Google+ users. Their response is to shut down Google+.

    I didn’t realize Google+ has 500,000 users.

    Catalin Cimpanu has the details on ZDNet.

    UPDATE: Big revelations coming from the Wall Street Journal. Is it possible that Sundar Pichai didn’t testify in front of the US Congressional Committee because he was afraid of being tripped up by the then-secret breach?

  • Microsoft security’s unseemly jab at Google

    In yesterday’s Windows Security blog post Browser security beyond sandboxing, Microsoft’s Jordan Rabet (part of the “Microsoft Offensive Security Research team” – no, I didn’t make that up) took aim at Google. There’s a whole lot of technical discussion about the superiority of Edge in that article. There’s also a deep dig at Google.

    Catalin Cimpanu at Bleepingcomputer boils it down:

    The problem that Rabet pointed out was that the fix for the bug they reported was pushed to the V8 GitHub repository, allowing attackers to potentially reverse engineer the patch and discover the source of the vulnerability.

    It didn’t help that it took Google three more days to push the fix to the Chromium project and the Chrome browser, time in which an attacker could have exploited the flaw.

    Taking into account that this happened in mid-September, Microsoft had no reason to detail a bug in a Chrome version that’s not even current. Chrome 62 is the latest Chrome version.

    Paul Thurrott has a great article, turning Microsoft’s old words against itself.

    What Microsoft should have done is take the high ground. Do the right thing for your shared customers and just shut up about it. But it didn’t.

    It’s time for both sides to grow up and work together. Take potshots at each other, sure. But not over security.

    If you’re interested in browser security, I suggest you read it.

  • The scale of tech winners

    Fascinating piece from Ben Evans:

    Microsoft was working on smartphones and mobile devices 20 years ago, and now it’s killed Windows Mobile, acknowledged that the PC is going the way of the mainframe and, like IBM, has to make its way in a market shaped by other companies. There probably won’t be a technology that has 10x greater scale than smartphones, as mobile was 10x bigger than PCs and PCs were bigger than mainframes, simply because 5bn people will have smartphones and that’s all the (adult) people.

    Check it out.

     

  • EU Anti-Trust investigation hits Google with biggest fine yet

    Google has been fined $2.7 Billion US, in its European Union anti-trust ruling, after a 7 year probe.

    From Financial Times:

    “Google’s strategy for its comparison shopping service wasn’t just about attracting customers by making its product better than those of its rivals. Instead, Google abused its market dominance as a search engine by promoting its own comparison shopping service in its search results and demoting those of competitors. What Google has done is illegal under EU antitrust rules”, said EU’s competition commissioner, Margrethe Vestager.

    Google is understood to be considering appealing the ruling. Other reports say that even if the fine is paid, it is unlikely to cripple Google/Alphabet financially, but Alphabet’s share price has dropped since the ruling was announced.

    You can read the European Commission press release here