Miles Associates LLC

Google’s Encrypted Search Seems to Stop SEO Poisoning

When you make a search on Google or another major search engine, you probably feel pretty confident that the first page or so of results will be relevant, valid and safe.   Not so! If you’re searching on a popular topic, there’s every chance that malicious links will turn up near the top due to a nasty technique called SEO poisoning…

When you go to https://www.google.com rather than just http://www.google.com, your search requests go through an encrypted SSL connection. When you click links from the results, the linked-to site does not receive the usual referrer information. A malicious site relying on SEO poisoning to attract visitors won’t be able to tell that you actually came from a search site and hence won’t serve up its evil code. Or at least that’s the thought.

via Google’s Encrypted Search Seems to Stop SEO Poisoning

Google Moves Encrypted Search to a New Site

Googles encrypted search engine, launched in May, has moved to a new Web address that isnt as convenient as its original one but that gives organizations the option to block the site for their users without locking them out of other Google services.

Originally offered at google.com, the encrypted search engine has been relocated to encrypted.google.com, a move prompted primarily by the requirement of schools and universities to block encrypted search engines for their students.

via Google Moves Encrypted Search to a New Site 

PS: This is my first post using 3G, from a car cruising down the highway.

Adobe has issued a security advisory about a “critical” vulnerability in its Flash Player and Adobe Reader and Acrobat products that it says could let attackers take control of people’s computers.

The company said late Friday that there had been reports of the hole actually being exploited and that an official patch was not yet available.

Affected software includes:

• Adobe Flash Player 10.0.45.2, 9.0.262, and earlier 10.0.x and 9.0.x versions for Windows, Macintosh, Linux, and Solaris
• Adobe Reader and Acrobat 9.3.2 and earlier 9.x versions for Windows, Macintosh, and Unix

via Adobe reports ‘critical’ flaw in Flash, Acrobat | Security – CNET News.

According to Google’s Web Search Help blog, the search giant has decided it’s important to keep search inquiries from the prying eyes:

“With Google search over SSL, you can have an end-to-end encrypted search solution between your computer and Google. This secured channel helps protect your search terms and your search results pages from being intercepted by a third party. This provides you with a more secure and private search experience.”

TechRepublic’s Chad Perrin recently penned an article about the benefits of SSL-encrypted Web searches. He also advises caution as some searches are not protected by SSL encryption and under certain circumstances SSL is vulnerable.

via Google Search over SSL has an oops | IT Security | TechRepublic.com.

 Slates record-tying 34 patches for Windows, IE, Office and SharePoint

The patches will also quash two bugs that Microsoft acknowledged in February and April.

“I’d actually call this a moderate month,” said Andrew Storms, director of security operations at nCircle Security. “Looking at the criticality of the bulletins, and the fact that the number [of bulletins] is low, it doesn’t look like a huge month to me.”

By the numbers, however, next week’s updates will be huge. Although the 10 updates fall short of the record of 13 — first set in October 2009, then repeated in February 2010 — Microsoft will fix a total of 34 vulnerabilities, the same number as the current record, also set last October.

via networkworld.com.

Google has been “accidentally” collecting wi-fi data, but not if it was encrypted.

Google is facing scrutiny and investigation around the world following revelations that it has been capturing and archiving wi-fi data collected by its Google Street View vehicles that drive around capturing the image data used by the Street View service. It is questionable whether Google should have done that, but what is not questionable is whether or not Google should have any data from your wi-fi network.

…

While it may seem like an invasion of privacy–and in some countries or jurisdictions it may very well be–it is not necessarily against the law here in the United States. Frankly, there is no reasonable expectation of privacy for data that you willingly broadcast unencrypted into public airwaves.

via http://www.networkworld.com/news/2010/052110-does-google-have-wi-fi-data.html.

Will femtocells ever get their moment?  Airvana exec argues mobile architecture challenges make them inevitable.

Although femtocells have yet to live up to the hype in terms of sales, femtocell vendor Airvana is still confident that they have a future in the mobile marketplace.During last week’s FutureNet conference, Woojune Kim, Airvana vice president of technology, outlined why his company is still bullish on femtocell prospects. The company believes carriers will come to see them as essential to offloading traffic on their mobile data networks as demand continues to grow.

via http://www.networkworld.com/news/2010/051810-femtocells-inevitable.html.

I have a femtocell in my home from Sprint (Airave).  It is pretty cool, although it releases calls (to the outdoor Sprint network) much earlier than you’d expect.  I think I need to move it to the top floor of my house for better wireless performance.  FYI, the Sprint Airave does NOT assist with data, only voice.

No surprise that there are a lot of updates (11) and that there is something critical for just about everybody!

Microsoft Security Bulletin Advance Notification issued: April 8, 2010

Microsoft Security Bulletins to be issued: April 13, 2010

This is an advance notification of security bulletins that Microsoft is intending to release on April 13, 2010.

via Microsoft Security Bulletin Advance Notification for April 2010.