07 May

Google’s Buildings Hackable

We reported this issue to the Google Vulnerability Rewards Program (VRP). After much heckling from my former colleagues at Google, they quickly pulled this system offline. We also applaud Google for creating a program like the VRP and giving us the chance to share our story with a wider audience. At the time of this blog post, this exact issue affects tens of thousands of devices on the Internet and thousands of different organizations. Thank you Google for helping us raise awareness on this issue! I asked that any proceeds from the VRP be donated to the Wounded Warrior Project, but apparently this issue doesn’t qualify for VRP rewards.

If you have a corporate campus or a modern building of any sort… you’re likely running similar systems someplace on your network. We’ve already discovered over twenty five thousand of these systems facing the Internet… one down, twenty four thousand, nine hundred, ninety nine to go 🙂

If Google can fall victim to an ICS attack, anyone can.

Hacking systems that control a building infrastructure.

24 Nov

Ars Technica – Google drops the axe on its internal renewable energy work

So although RE < C wasn’t misguided, its cancellation isn’t going to have a discernible impact on the renewable energy field, since companies that specialize in this field were outperforming it. And, unlike many of the companies that are also suffering in this fast-moving and competitive market, Google at least has a profitable side-business to turn to.

via Ars Technica – Google drops the axe on its internal renewable energy work. Ars answers my earlier question.

24 Nov

BBC News – Google kills off seven more products including Wave

Google has announced that it is dropping seven more products in an effort to simplify its range of services.

The out-of-season "spring clean" brings an end to services including Google Wave, Knol and Google Gears.

It is the third time that the US firm has announced a cull of several of its products at the same time after they had failed to take off.

via BBC News – Google kills off seven more products including Wave. So most of the products make sense to kill off they either never generated much traction or were already supposed to be cut. However the big thing that got cut that I want to know more about is the “Renewable Energy Cheaper than Coal”. Why was it cut, the goal was unachievable, just pure business decisions or money better spent in other renewable energy projects?

27 Sep

binary/organic – Fight Google or Use their Services: Pick One, not Both

Almost all of the companies that make up the fair search alliance, I should note, are incredibly well indexed in Google itself. I’m Googling as I type, and you should get similar results, but obviously your mileage may vary. Googling flight search displays kayak.com (a fairsearch company) as #1. Google.com/flights is #2. Googling hotel search reveals Travelocity, Expedia and Kayak in 4 of the top 5 slots (all of them are fairsearch companies). And finally, Googling the word search shows Bing as #1 (again, a fairsearch company).

I think it’s fairly obvious that the folks that built the fairsearch.org site are relying on Google’s webmaster resources because they’re good. And I’d be willing to place a sizeable bet that Kayak or Travelocity or any of the other sales-based fair search companies (sorry, Bing) get the vast majority of their non-paid search traffic from Google’s organic search results. Maybe somebody at one of those companies can share me on their Google Analytics to prove me wrong.

via binary/organic – Fight Google or Use their Services: Pick One, not Both. Google is so awesome the people complaining about Google are using Google to do their complaining.

26 Sep

Electronista – Microsoft CEO sees open dissent after general meeting

Microsoft may have shown signs of significant problems with company morale after reports from the company’s annual general meeting began surfacing in the past few days. The event, held as usual at Safeco Field in Seattle, saw "droves" of people leaving, according to well-known company insider Mini-Microsoft, even while CEO Steve Ballmer was speaking. Others pointed to unexciting demos and an obsession with Windows 8 tablets that didn’t reflect core businesses.

via Electronista – Microsoft CEO sees open dissent after general meeting. Microsoft is looking worse and worse every day.

26 Sep

PCMag – Google Patches Flash Zero Day Bug, Jumps the Gun on Adobe Again

Google has developed a bad habit with respect to patching vulnerabilities in the integrated version of Adobe Flash in their Chrome for Windows browser: They release and announce the updates before Adobe does. They have done it several times in the last year or so and today they did it again. "The Beta and Stable channels have been updated to 14.0.835.186 for Windows, Mac, Linux, and Chrome Frame."

This creates a situation in which Adobe has a zero day bug with increased severity. It’s likely that they aren’t ready to release their own patches, yet 3rd parties could look at the Chrome update and potentially examine it in order to determine what it is patching. From that they could construct an exploit.

via PCMag – Google Patches Flash Zero Day Bug, Jumps the Gun on Adobe Again. The bad habit isn’t Google patching security holes it’s Adobe not patching them first.

19 Sep

Ars Technica – Google Wallet now available for a select group of users

As of today, Google’s Wallet service is officially available, according to a post on the official Google blog. Now that the program is live, owners of Sprint’s Nexus S 4G and a Citi Mastercard will be able to process payments through Google with a tap of plastic on plastic. It’s a small audience, but one Google plans to quickly expand.

Google Wallet works through near-field communications (NFC), a system that uses RFID tags to communicate between two capable devices. Once logged into the system, users who have connected their Citi Mastercard to their Nexus S 4G phone will be able to pay for items by tapping their phone to a card reader at participating stores.

The launch is not only limited to certain customers, but also to specific retail partners. The primary base of retail stores includes pharmacy chains like Rite Aid, CVS, and Duane Reade, with some representation in stores like New York and Company, Footlocker, Best Buy, and Home Depot.

The release of Google Wallet is more a signal of intent than a real step into a payment processing arena that contains a number of competitors that haven’t yet tangled themselves with NFC, including Square and PayPal. What Google’s NFC and Google account integration will bring to the fight is not only convenience, but also the opportunity to track customers even more closely.

With a program like Google Wallet, Google can track the offline spending and shopping habits of its users as closely as those online. While outlets often try to target customers by doing things like collecting e-mail addresses to send coupons and ads, Google could offer even more seamless ad integration by connecting the offline retail outlets consumers favor with their Google profiles, even affording competing outlets positional advantages. This has been referred to as the “closed loop,” where no consumer purchase escapes the eye of the banner ad, to the delight of retailers, market researchers, and everyone in between.

While the launch is extremely limited, Google states that Wallet will eventually “hold many if not all of the cards you keep in your leather wallet today.” The page goes on to say that Google Wallet will also replace loyalty cards, gift cards, receipts, boarding passes, tickets, and “even your keys.” Hopefully you don’t keep your own address in your phone, or if you do, you at least keep the screen locked.

via Ars Technica – Google Wallet now available for a select group of users. I’m a fan of anything that possibly limit the amount of stuff I need to carry especially in my wallet. That all being said there are definite privacy implications as Google stretches itself more from the digital world into the physical world.

10 Sep

SiliconFilter – Bing: What’s More Evil Than Satan Himself? 10^100

Besides the new definition for “hiybbprqag,” Arnt also found that Bing now defines the search for “more evil than satan himself” as 10^100 – a Googol, the word the Google founders used as the basis of their company’s name.

via SiliconFilter – Bing: What’s More Evil Than Satan Himself? 10^100. Stay classy Microsoft.

02 Sep

Official Google Blog – A fall spring-clean

Technology improves, people’s needs change, some bets pay off and others don’t. So, as Larry previewed on our last earnings call, today we’re having a fall spring-clean at Google.

Over the next few months we’ll be shutting down a number of products and merging others into existing products as features. The list is below. This will make things much simpler for our users, improving the overall Google experience. It will also mean we can devote more resources to high impact products—the ones that improve the lives of billions of people. All the Googlers working on these projects will be moved over to higher-impact products. As for our users, we’ll communicate directly with them as we make these changes, giving sufficient time to make the transition and enabling them to take their data with them.

via Official Google Blog – A fall spring-clean. One of the highlights of the Larry Page Google is a much more focused Google, both in products and direction.

20 Aug

The Atlantic – Crazy: 90 Percent of People Don’t Know How to Use CTRL+F

This week, I talked with Dan Russell, a search anthropologist at Google, about the time he spends with random people studying how they search for stuff. One statistic blew my mind. 90 percent of people in their studies don’t know how to use CTRL/Command + F to find a word in a document or web page! I probably use that trick 20 times per day and yet the vast majority of people don’t use it at all.

via The Atlantic – Crazy: 90 Percent of People Don’t Know How to Use CTRL+F. It always astonishes how many people who use the computer every day for a large part of their daily lives know almost zero shortcuts.