msgbartop
All about Google Chrome & Google Chrome OS
msgbarbottom

29 Dec 12 Google Chrome Browser Cracking Down on Extensions


The Windows version of Google Chrome is one of the most widely used browsers. And Google is now tightening restrictions on browser extensions that install themselves without full notification to users.

This may be frustrating for companies that bundle browser extensions with their standard user download packages. But it will make the Chrome browser more secure and set a positive security example for browser extensions generally. And for the IT community at midsize firms, this is a welcome development.

Browser extensions have become an all too popular vector for malware exploits. This makes better protection of browsers good news for all users–not just individuals using a browser to surf the Internet, but companies that depend on the open Web to reach out to customers.

Google ChromeAsk Before Installing

As Seth Rosenblatt reports at CNET, Google Chrome for Windows will now require most browser extensions to get explicit user acknowledgment and permission before the extension can be installed. Two new features in Chrome 25 will enforce the new rules.

The only extensions exempt from the new requirement are those that come directly from the Chrome store, and are thus under the Google aegis.

According to Peter Ludwig, Chrome product manager, the previous policy of allowing silent installation of third-party extensions had been “widely abused” to install extensions “without proper acknowledgement from users.” Henceforth, third-party extensions will be disabled by default. A notification box will say that an extension has been installed and give the user the option of enabling it.

Another feature in Chrome 25 will make this protective functionality retroactive. Existing third-party extensions will be disabled, with a prompt allowing users to re-enable them.

In Line With Mozilla

The new protective functionality brings Chrome into line with Mozilla Firefox, which already requires notification by third-party add-ons. The move may be unwelcome by some companies and other organizations that have incorporated browser extensions in their uploads. But comments on the CNET piece were strongly supportive of the move.

IT professionals at midsize firms have a strong stake in measures that strengthen browser security. Browsers are users’ doors to the open Web, an environment that allows midsize firms to compete on an even playing field.

The mobility era is already posing a challenge to the open Web, as app-ification and walled gardens make the full Web harder to reach. The continued availability of safe, secure browsers is a key protection against the fragmentation of the Web and dominance by large vendors. This makes the latest Chrome for Windows protections a very good move for midsize firms.

This post was written as part of the IBM for Midsize Business program, which provides midsize businesses with the tools, expertise and solutions they need to become engines of a smarter planet. Like us on Facebook. Follow us on Twitter.

Article source: http://midsizeinsider.com/en-us/article/google-chrome-browser-cracking-down-on-e

Tags: , , , , ,

17 May 12 Google To Sell Android Phones Directly





Oct 20: Becoming a Security Detective – Gathering and Analyzing Security Intelligence in the Enterprise

In this all-day virtual event, experts will offer detailed insight in how to collect security intelligence in the enterprise, and how to analyze and study it in order to efficiently identify new threats as well as low-and-slow attacks such as advanced persistent threats. Register today!


Platinum Sponsors: ArcSight, NetIQ, Proofpoint, Thawte
Gold Sponsor: Q1 Labs




October 6: InformationWeek 500 Virtual Event: The Need for Speed

At the 2011 InformationWeek 500 Virtual Conference, C-level executives from leading global companies will gather to discuss how their organizations are turbo-charging business execution and growth.


Platinum Sponsor: ArcSight, Workday
Gold Sponsor: IBM




Aug 25: InformationWeek Dark Reading present: How Security Breaches Happen and What Your Organization Can Do About Them

Attendees will get insights on how to prevent breaches from happening, how to research and identify the source of a breach, and how to remediate a compromise as quickly and efficiently as possible.


Platinum Sponsor: ArcSight, NetIQ, Thawte
Gold Sponsors: Lumension, NetGear, GFI
Silver Sponsor: Motorola




July 28: InformationWeek Symantec present: Infrastructure at Risk — Taking Decisive Action to Secure Your Critical Data Assets

Join the editors of InformationWeek and leading security experts from Symantec for an in-depth look at the current threats faced by large and small organizations, and the implications for your business, your customers, and even your country. You’ll hear how today’s threat landscape is changing drastically, and learn the latest countermeasures and best practices to keep your company’s precious data assets out of the hands of determined cybercriminals.




July 27: Electronic Health Records — Moving from Concept to Reality

At this InformationWeek Healthcare Virtual Event, we will talk with healthcare practitioners, IT professionals and other industry experts about issues surrounding EHR selection, deployment and use.


Platinum Sponsor: HP, Intel, GBS, Geotrust, NextGen
Silver Sponsor: Proofpoint




On-Demand: InformationWeek Interop present: Business Mobility Unleashed

In this virtual event, the leaders behind InformationWeek Business Technology Network and Interop zero in on the top mobile technologies and techniques you’ll need to understand and master to ensure your organization thrives in the wireless world.


Platinum Sponsors: Alcatel-Lucent, APC
Gold Sponsor: HP
Silver Sponsor: Emerson Network Power
Bronze Sponsor: Skybot




On-Demand: Cybersecurity Best Practices

In this half-day virtual event, experts assess the state of cybersecurity in government and present the latest strategies for creating a more secure, attack-proof IT infrastructure. This event will help CISOs and other information assurance professionals in federal, state, and local government stay on top of the latest developments in the field.


Platinum Sponsor: GeoTrust
Gold Sponsor: Bit9




On-Demand: Data Center Transformation

Data centers are undergoing incredible transformations that create
both opportunities and challenges for IT professionals. Server virtualization enables rapid provisioning,
more efficient use of resources, and improved disaster recovery. That trend will continue with storage and network virtualization,
allowing IT pros to further abstract — and optimize — data center resources.In this virtual event, you will learn how prepare your organization for a data center transformation.


Platinum Sponsors: AMD, APC, Cisco, Eaton, SunGard
Gold Sponsor: Emerson Network Power




On-Demand: Cloud Computing Roadmap: Controlling the Cloud – Managing, Optimizing and Integrating Cloud Services with Your Existing IT Infrastructure

In this virtual event, you’ll learn how to craft your own strategy for successfully embracing and integrating new cloud computing capabilities without derailing or destroying your current IT roadmap.


Platinum Sponsors: ArcSight, GoToAssist, SunGard, thawte
Gold Sponsor: Symform
Silver Sponsor: Skybot




On-Demand: Plugging the Leaks — Finding and Fixing the IT Security Holes in your Enterprise

In this virtual event presented by Dark Reading and InformationWeek, you’ll find out how criminals target the flaws in your IT environment, and you’ll get some insight on the best methods for finding and fixing your vulnerabilities — before you’re hit by malware or unauthorized access.


Platinum Sponsors: NetIQ, Novell, thawte, Webroot
Gold Sponsors: ArcSight, Bit9, OpenText
Silver Sponsor: Application Security, Core Security, Lumension

 

Article source: http://www.informationweek.com/news/byte/personal-tech/smart-phones/240000509

Tags: , , , , ,

11 May 12 Did you know you can use Palm Desktop with your Android phone?


At various times during his adult life, David has voted for both Democrats and Republicans, and has been disappointed by both. He is deeply disturbed by how partisanship has come before patriotism in America, which gives him the freedom to pick on both sides.

David is a frequent guest on TV and radio stations across America and can usually be heard or seen on-the-air at least once a week. He writes weekly commentary and analysis for CNN’s Anderson Cooper 360 and has been interviewed by Fox News, CNN, various ABC and NBC affiliates, and Canada’s Global TV. He has been a featured guest on National Public Radio and has also been featured on Voice of America, Radio Free Europe, and Radio Liberty where his commentaries on technology, industry, and emerging nations have been broadcast into 46 countries (all in their own unique translations).

David is the executive director of U.S. Strategic Perspective Institute, a nonprofit research and policy organization. He is the Cyberterrorism Advisor for the International Association for Counterterrorism Security Professionals, a columnist for The Journal of Counterterrorism and Homeland Security and a special contributor to Frontline Security Magazine. He is a member of the FBI’s InfraGard program, the security partnership between the FBI and industry. David is also a member of the U.S. Naval Institute and the National Defense Industrial Association, the leading defense industry association promoting national security.

David is an advisory board member for the Technical Communications and Management Certificate program at the University of California, Berkeley extension. He is also a member of the instructional faculty at the University of California, Berkeley extension.

David’s “day job” is as publisher and editor-in-chief of ZATZ publishing, an online publisher of technical magazines. Other than than his ownership stake in Component Enterprises, Inc. (the parent company of ZATZ), David has no additional industry investments.

ZATZ has many advertisers who do, in part, provide for David’s lush income and extravagant lifestyle. Most of them are IBM and Lotus aftermarket suppliers, some of them make goodies for Microsoft Outlook, and a few make all sorts of strange mobile devices and add-on products. David has been a regular judge of the IBM Awards, but has no formal financial interest in or with IBM.

Because the ZATZ online magazines often review products, David and ZATZ are sent an overwhelming stream of unsolicited, silly, and often useless products to review. Because they’re such a pain to track and ship back, these products often wind up in a dumpster or fill up the corner of a large closet. Although David has no plans to review products in connection to his ZDNet blog, if he does do a product review, he will disclose any relationship completely in that posting.

Both through ZATZ and independently, David derives a small income through various advertising and sales relationships with Amazon.com and Google. These are minor relationships and they will not impede his willingness or ability to chastise either company should they deserve it.

David has many other business relationships, but none of them relate to anything he covers in his ZDNet blog. David does have a bit of the sales-guy bug and if he’s not doing a sales deal with someone at least once a month, he goes through withdrawal. He has a number of consulting clients, but none of them relate to anything he covers for ZDNet (and if they ever do, he will either disclose that fact, or decline to write about them).

Back in the 1980s, David held the unusual title of “Godfather” at Apple. He has written and published 40 incredibly simplistic applications for Apple’s iPhone.

Although David is forbidden to disclose the terms of his iPhone developer agreement, he isn’t drinking the Apple Kool Aid, will never be confused with a metrosexual, and feels free to mock Apple, and Apple users, any time the occasion permits, on alternate Tuesdays, or if he’s bored.

Article source: http://www.zdnet.com/blog/diy-it/did-you-know-you-can-use-palm-desktop-with-your-android-phone/562

Tags: , , , , ,

04 May 12 Google Drive For Chrome OS: Mobility and the Cloud


Google Drive is now being integrated with Google’s lighweight, essentially mobile-oriented Chrome operating system. This could be crucial to the future of both products. But more important, it underlines the symbiotic relationship between mobility and the cloud.

Talk about “thin clients” and remote storage has been around for years. But it is no coincidence that it finally began to catch on at the same time as mobile use takes off. And while the mobile trend has been largely consumer-driven, it has broad implications for IT at midsize firms. Most business computer use is by “consumers” of IT services. Mobility has impacted them in much the same way that it has impacted the general consumer public.

Overcast DayA Local Disk in the Cloud

As reported by Stephen Shankland at CNET, Google Drive is being incorporated into the lastest release of the Chrome operating system (version 20.0.1116.0). The integration was announced in a Chrome blog post.

For the Chrome OS, it is a critical step. The browser-based operating system achieves compactness at the price of a limited file-management system. And until now, the only way to make files saved on Chrome available elsewhere was by taking a fairly clunky user action, such as emailing a document to yourself.

Now, anything done through the Chrome OS will be integrated automatically and seamlessly into Drive’s cloud. Said Chrome OS product manager Scott Johnston, “It’s as if you have a local disk, but it happens to be stored in the cloud.”

Multiple Devices and the Cloud

The Chrome OS is not “mobile” in the same sense that Android is, designed specifically for smartphones and other very small mobile devices. But it is tailored for compact “Chromebooks,” which are certainly mobile in the sense of being carried along by their owners and used in various places.

More broadly, mobility goes along with having and using multiple devices. And therein lies a tale about data storage. So long as computer users typically worked on just one machine, storing data locally was simple, practical, and convenient. Having a work computer and a home computer didn’t really change this, since little data was shared between them.

But once the typical user has several devices, and wants to share data, whether personal music or work contacts, freely among them, the local-storage paradigm goes out the window. A local drive on one device is effectively “in the cloud” for all the other devices. So storage may as well really be in the cloud.

This mobile cloud paradigm does not just apply to consumers. For better or worse, it applies to IT as well. Mobile devices have come to work, and workplace computing access has gone on the road. Both trends mean that a midsize firm’s data can no longer be assumed to reside on local disks or even a local network.

For IT managers at these firms, it means some additional data management and data security headaches. But for the firms, it means greater flexibility. In any case, the symbiosis of mobility and the cloud is a fact of contemporary IT life.

This post was written as part of the IBM for Midsize Business program, which provides midsize businesses with the tools, expertise and solutions they need to become engines of a smarter planet. Become a fan of the program on Facebook. Follow us on Twitter.

Article source: http://midsizeinsider.com/en-us/article/google-drive-for-chrome-os-mobility-and

Tags: , , , , ,

27 Apr 12 Chrome for Android Soon to Exit Beta


Google’s Chrome for Android browser could soon complete beta testing and go into general release. This move could mean an end to the “app era” for mobile devices. A capable browser tailored to Android devices could give mobile computing (at least Android mobile computing) the flexibility we associate with the wired Internet.

This would be a blow to the re-emerging walled garden model of captive consumers, along with the firms building those walled gardens. And a mobile environment more like the wired Internet could mean new freedom for midsize firms. Freedom for consumers also means freedom for firms seeking to reach those consumers.

big sky countrySwatting Bugs

As reported by Stephen Shankland at CNET, Google’s Sundar Pichai, senior vice president for Chrome and Apps, outlined expectations for Chrome for Android in a recent interview. The interview coincided with the release of the second beta version. According to Pichai, Chrome developers are still working on bugs and stability. But the mobile version of Google’s browser is expected to be ready for general release in “a matter of weeks.”

The initial beta version was released in February, and drew positive reviews. Chrome will be available only for Android 4.0, better known as Ice Cream Sandwich (ICS). At this point few ICS phones have entered the marketplace, but Google obviously expects that to change.

Leapfrogging Apple and Facebook?

Browsers are such a familiar and established technology that we can forget their central importance in providing full access to the Internet. But the limitations of mobile-device browsers have caused the mobile environment to develop thus far in a quite different way.

The mobile world is dominated by apps. These are typically small programs that support only one activity and only on one site. This is great news for the app’s provider–the user is much less likely to click away to some other site.

Thus, apps support a walled-garden model of online experience. Apple has built its entire iGadget experience around a walled-garden model, while Facebook is promoting a walled-garden model even for the wired Internet.

With Chrome for Android, Google is challenging this walled garden and seeking to encourage full access to the open Internet, even for mobile devices.

If consumers accept this invitation, midsize firms stand to be major winners. The walled-garden model, promoted by giants like Apple and Facebook, shuts midsize firms out. At best, they can reach consumers only on terms dictated by the walled garden’s owner.

For midsize firms, an open Internet for mobile devices will open new channels that IT managers at those firms can offer to marketing and other departments seeking to interact directly with consumers, not limited by the narrow confines of apps and walled gardens.

This post was written as part of the IBM for Midsize Business program, which provides midsize businesses with the tools, expertise and solutions they need to become engines of a smarter planet. Like us on Facebook. Follow us on Twitter.

Article source: http://midsizeinsider.com/en-us/article/chrome-for-android-soon-to-exit-beta

Tags: , , , , ,

21 Apr 12 Proof-of-concept Android Trojan App Analyzes Motion Sensor Data to Determine …


A team of researchers from Pennsylvania State University (PSU) and IBM have designed a proof-of-concept Android Trojan app that can steal passwords and other sensitive information by using the smartphone’s motion sensors to determine what keys victims tap on their touchscreens when unlocking their phones or inputting credit card numbers during phone banking operations.

The Trojan horse is dubbed TapLogger by its creators and was designed to demonstrate how data from a smartphone’s accelerometer and orientation sensors can be abused by applications with no special security permissions to compromise privacy.

TapLogger was created by Zhi Xu, a PhD candidate in the Department of Computer Science and Engineering at PSU, Kun Bai, a researcher at IBM T.J. Watson Research Center and Sencun Zhu, an associate professor of Computer Science and Engineering at PSU’s College of Engineering.

Accelerometer and orientation sensor data are not protected under Android’s security model, and this means that they are exposed to any application, regardless of its permissions on the system, the research team said in a paper that was presented during the ACM Conference on Security and Privacy in Wireless and Mobile Networks on Tuesday.

The TapLogger application functions as an icon-matching game, but has several background components that capture and use data from the motion sensors to infer touchscreen-based user input.

When certain regions of the touchscreen are tapped during the normal phone operation, the device experiences subtle moves. For example, tapping somewhere on the right side of the touchscreen, will cause the phone to tilt slightly to the right.

These phone movements are picked up by the motion sensors and can then be analyzed to build patterns corresponding to specific tap events when performing certain actions, like when typing the screen unlock PIN or entering the credit card number during a phone call.

After installation, TapLogger runs in training mode and collects motion sensor data while the user plays the icon-matching game. This is necessary because tap-generated movements can be different for every phone and user.

After it has collected enough data, the Trojan app builds tap event patterns and starts using them to infer user input during targeted operations.

“While the applications relying on mobile sensing are booming, the security and privacy issues related to such applications are not well understood yet,” the researchers said in their paper, noting that other motion sensor-based attacks have been demonstrated in the past.

In August 2011, a pair of researchers from University of California proposed a similar attack and designed a concept application called TouchLogger to demonstrate it.

However, compared to TouchLogger, TapLogger uses additional orientation sensor readings and introduces the training mode for device-specific data. It also features stealth options and supports two practical attacks — inferring screen unlock passwords and credit card PIN numbers, the new Trojan’s creators said.

Another motion-sensor-based attack was presented in October 2011 by a research team from the Georgia Institute of Technology, who used data from an iPhone 4′s accelerometer and gyroscope to infer what was being typed on a computer keyboard positioned near the device.

Article source: http://www.pcworld.com/businesscenter/article/254170/proofofconcept_android_trojan_app_analyzes_motion_sensor_data_to_determine_tapped_keys.html

Tags: , , , , ,

20 Apr 12 Proof-of-concept Android Trojan uses motion sensor to determine tapped keys


IDG News Service - A team of researchers from Pennsylvania State University (PSU) and IBM have designed a proof-of-concept Android Trojan app that can steal passwords and other sensitive information by using the smartphone’s motion sensors to determine what keys victims tap on their touchscreens when unlocking their phones or inputting credit card numbers during phone banking operations.

The Trojan horse is dubbed TapLogger by its creators and was designed to demonstrate how data from a smartphone’s accelerometer and orientation sensors can be abused by applications with no special security permissions to compromise privacy.

TapLogger was created by Zhi Xu, a PhD candidate in the Department of Computer Science and Engineering at PSU, Kun Bai, a researcher at IBM T.J. Watson Research Center and Sencun Zhu, an associate professor of Computer Science and Engineering at PSU’s College of Engineering.

Accelerometer and orientation sensor data are not protected under Android’s security model, and this means that they are exposed to any application, regardless of its permissions on the system, the research team said in a paper that was presented during the ACM Conference on Security and Privacy in Wireless and Mobile Networks on Tuesday.

The TapLogger application functions as an icon-matching game, but has several background components that capture and use data from the motion sensors to infer touchscreen-based user input.

When certain regions of the touchscreen are tapped during the normal phone operation, the device experiences subtle moves. For example, tapping somewhere on the right side of the touchscreen, will cause the phone to tilt slightly to the right.

These phone movements are picked up by the motion sensors and can then be analyzed to build patterns corresponding to specific tap events when performing certain actions, like when typing the screen unlock PIN or entering the credit card number during a phone call.

After installation, TapLogger runs in training mode and collects motion sensor data while the user plays the icon-matching game. This is necessary because tap-generated movements can be different for every phone and user.

After it has collected enough data, the Trojan app builds tap event patterns and starts using them to infer user input during targeted operations.

“While the applications relying on mobile sensing are booming, the security and privacy issues related to such applications are not well understood yet,” the researchers said in their paper, noting that other motion sensor-based attacks have been demonstrated in the past.

In August 2011, a pair of researchers from University of California proposed a similar attack and designed a concept application called TouchLogger to demonstrate it.

However, compared to TouchLogger, TapLogger uses additional orientation sensor readings and introduces the training mode for device-specific data. It also features stealth options and supports two practical attacks — inferring screen unlock passwords and credit card PIN numbers, the new Trojan’s creators said.

Another motion-sensor-based attack was presented in October 2011 by a research team from the Georgia Institute of Technology, who used data from an iPhone 4′s accelerometer and gyroscope to infer what was being typed on a computer keyboard positioned near the device.

Article source: http://www.computerworld.com/s/article/9226421/Proof_of_concept_Android_Trojan_uses_motion_sensor_to_determine_tapped_keys?taxonomyId=144

Tags: , , , , ,

24 Feb 12 Chrome Password Generator: Google’s Way of Gently Reminding Users to Use …


It seems Google doesn’t think you should trust users with their passwords. Google has started developing a new feature, the Chrome password generator. And it is a good point to consider. While the IT crowd is smart with their passwords, end users have proved over and over that they’ll choose convenience over security, regardless of the obvious consequences. So, perhaps they’re on to something here, and it might help you manage the end-users in your midsize business.

The Good and the Bad

Google’s long-term plan is to couple a “browser sign-in” feature, meaning you would sign in upon opening Chrome, with OpenID for Web pages. However, they’re aware that it will take time to get hosts to sign on, so they have another plan in the meantime. Google’s current project is to use heuristics to detect when you are on a page that allows you to register an account. When you begin the registering process, there will be an icon in the password field that you can click on, which will generate a random, strong password managed by the Password Manager, according to ZDNet.

The feature only works with Chrome, obviously, and only works with new passwords when you sign up for an account on a Web page. Google notes that they may, in the future, ask users to change their passwords with this feature, but fear it might only annoy some users. But wait, what if you need to use your password outside of Chrome? Google thought of that, apparently, and will establish a site to retrieve and “potentially export” your passwords.

Chromium LogoGoogle isn’t discounting the flaws of this plan. As noted in their Chromium blog, the feature won’t work for sites that have auto-complete turned off. Because of that, Google notes that users won’t be protected against 40 to 70 percent of phishing pages. Google’s tentative idea to combat this is to have users log in to the browser again upon visiting a Web site like this. Google also notes that their storing users’ passwords to every applicable site will make them a higher-value target, but argue “that won’t change much” and therefore apparently believe they can handle it.

Benefits to Business

You can’t really deny that end-users are, in general, quite lazy with their passwords. They either choose ones that are ridiculously easy to remember, reuse passwords for different sites, or both. Indeed, a SplashData report confirmed that many users are still using painfully weak passwords, as discussed in a previous infoboom article. This, in turn puts your company’s network at risk. Any business-related information your end-users handle could be compromised if their passwords are stolen or cracked. Since it generally seems users will use easy-to-remember passwords no matter what you tell them, a feature like this has the potential to be well received. However, this is only a benefit if your midsize business uses Chrome or plans to switch. Although unlikely, if there isn’t much keeping you with your current browser other than maintaining consistency, this might be an argument to switch. That is debatable, as one major browser always seems to set the trend for others, depending on who comes out with said feature first.

That said, if other browsers do follow suit, you might reap the benefits of Google’s idea anyway. While it will require some polishing, and some users might rebel, something like the Chrome password generator might be the only way to handle end-user password safety, since there is little you can do short of assigning passwords yourselves. On the scale that Google will be doing it, this would likely take more time than it is worth for you when you could be focusing on more strategic IT issues.

This post was written as part of the IBM for Midsize Business program, which provides midsize businesses with the tools, expertise and solutions they need to become engines of a smarter planet.

Article source: http://www.theinfoboom.com/articles/chrome-password-generator-googles-way-of-gently-reminding-users-to-use-strong-pa/

Tags: , , ,