Miles Associates LLC

Google’s Encrypted Search Seems to Stop SEO Poisoning

When you make a search on Google or another major search engine, you probably feel pretty confident that the first page or so of results will be relevant, valid and safe.   Not so! If you’re searching on a popular topic, there’s every chance that malicious links will turn up near the top due to a nasty technique called SEO poisoning…

When you go to https://www.google.com rather than just http://www.google.com, your search requests go through an encrypted SSL connection. When you click links from the results, the linked-to site does not receive the usual referrer information. A malicious site relying on SEO poisoning to attract visitors won’t be able to tell that you actually came from a search site and hence won’t serve up its evil code. Or at least that’s the thought.

via Google’s Encrypted Search Seems to Stop SEO Poisoning

Google Moves Encrypted Search to a New Site

Googles encrypted search engine, launched in May, has moved to a new Web address that isnt as convenient as its original one but that gives organizations the option to block the site for their users without locking them out of other Google services.

Originally offered at google.com, the encrypted search engine has been relocated to encrypted.google.com, a move prompted primarily by the requirement of schools and universities to block encrypted search engines for their students.

via Google Moves Encrypted Search to a New Site 

PS: This is my first post using 3G, from a car cruising down the highway.

According to Google’s Web Search Help blog, the search giant has decided it’s important to keep search inquiries from the prying eyes:

“With Google search over SSL, you can have an end-to-end encrypted search solution between your computer and Google. This secured channel helps protect your search terms and your search results pages from being intercepted by a third party. This provides you with a more secure and private search experience.”

TechRepublic’s Chad Perrin recently penned an article about the benefits of SSL-encrypted Web searches. He also advises caution as some searches are not protected by SSL encryption and under certain circumstances SSL is vulnerable.

via Google Search over SSL has an oops | IT Security | TechRepublic.com.

Google has been “accidentally” collecting wi-fi data, but not if it was encrypted.

Google is facing scrutiny and investigation around the world following revelations that it has been capturing and archiving wi-fi data collected by its Google Street View vehicles that drive around capturing the image data used by the Street View service. It is questionable whether Google should have done that, but what is not questionable is whether or not Google should have any data from your wi-fi network.

…

While it may seem like an invasion of privacy–and in some countries or jurisdictions it may very well be–it is not necessarily against the law here in the United States. Frankly, there is no reasonable expectation of privacy for data that you willingly broadcast unencrypted into public airwaves.

via http://www.networkworld.com/news/2010/052110-does-google-have-wi-fi-data.html.

Palo Alto Networks surveyed Web application usage at 347 organizations and found Facebook, Twitter and other programs for communications and collaboration are all being used in enterprises to a great degree. Some 22 Google applications, including Gmail, Google Calendar, Google Docs and Google Wave, showed particularly strong usage, according to research from the network security firm. Of course, the widespread use of social network and other Web apps used in enterprises can wreak havoc on network security and regulations for financial services and health care industries.

Palo Alto Networks surveyed use of 750 applications across 347 organizations for its fifth Application Usage and Risk Report, released March 30. The company’s firewall appliances and software monitored the use of Web apps for the volunteering companies from September 2009 through March 2010.

…

Some of the stats are eye-popping. The bandwidth consumed per organization by social networking applications doubled from 18 months ago to 9GB in this new report, with Facebook consuming an amazing 5GB of these companies’ bandwidth counts.

via eWeek.  (Emphasis added by me — jm)

Google has patched 11 vulnerabilities in the Windows version of Chrome, including one that earned its finder the first $1,337 check from the company’s new bug bounty program.

Like Apple , which updated Safari last week , Google beefed up the security of its browser just days before the Pwn2Own browser hacking contest was to kick off in Canada.

The update to Chrome 4.1.249.1036 fixes six flaws rated “high,” the second-most-severe ranking in Google’s four-step threat system; plugs three “medium” holes; and quashes two “low” bugs.

Danish vulnerability tracker Secunia rated the update as “highly critical.”

via http://www.networkworld.com/news/2010/031910-google-patches-chrome-days-before.html.

“The public release of the exploit code increases the possibility of widespread attacks using the Internet Explorer vulnerability.  This attack is especially deadly on older systems that are running XP and Internet Explorer 6.”

via FOXNews.com – Google Hack Leaked to Internet; Security Experts Urge Vigilance.

When you’re traveling this holiday season, you can enjoy free WiFi at 47 participating airports and on every Virgin America flight. Just bring a WiFi-enabled laptop or mobile device and stay connected to family and friends for free while you travel now through January 15, 2010.

via Free WiFi – A 2009-2010 Holiday Gift from Google.