When you search on Google, we collect information about your search, such as the query itself, IP addresses and cookie details. Previously, we kept this data for as long as it was useful. Today we’re pleased to report a change in our privacy policy: Unless we’re legally required to retain log data for longer, we will anonymize our server logs after a limited period of time. When we implement this policy change in the coming months, we will contin
Watchfire published a document outlining the anatomy of an attack malicious users could have used to search documents or even take complete control of a remote machine with. According to the AP, this attack cannot be prevented with firewalls or detected with antivirus software.
"a hacker would have had free reign to use Google Desktop to [...]
Googlezon has long been the benchmark video for spreading fear about the power of Google. Now comes a new entrant, “Master Plan - about the power of Google“.
It’s a sobering video, suggesting that Google is collecting far too much information about you and perhaps sharing it with the CIA.
Hat-tip Brian
Pilgrim Partners: Grow Your SEM Agency - let Andy Beal show you how to increase revenues and customer retention.
Philipp is on the ball covering a problem with the new Google Webmaster Tools feature that lets users see a true picture of both incoming and outgoing links. For a short time, users were easily able to see the link structure for any website they wanted.
This isn't a huge security problem — the "link:" [...]
In what seems to be an exploit searching frenzy, Haochi uncovered another XSS vulnerability that easily and without the victims consent can steal cookies and hijack your Google account. Like the last two found (within in the last 16 days), the bad guy only has to host a website and get someone to visit.
I will [...]
Tony Ruscoe, the person who found Google's latest vulnerability, goes into detail about how he found the problem, what it would have meant for victims, and exactly how it worked. He explains how a new feature in Blogger was easily exploited to give him access to Philipp's Google account.
"As any web developer will know, a [...]
Philipp Lenssen writes about a new vulnerability that gives a malicious attacker the ability to basically hijack a users Google account by stealing cookies. That means any "bad guy" who knows how this works could theoretically do all of the following by impersonating you:
Read and modify any document in your Google Docs & Spreadsheets account
Read [...]
It seems the bug I referred to in my last post is only partially fixed — but I am confident it will be closed up soon. In the mean time, I recommend you log out of Gmail when you are not using it until the problems are solved.
Even though this XSS vulnerability takes the cake [...]
After posting my last article about the contacts "JSON API", Haochi Chen discovered that by simply appending a "callback" variable in the URL, the creators of a malicious site could gain access to a visitors entire Gmail contact list without warning.
<script language="javascript"> function getContacts(response){ var output = ""; for(x=0;x<response.Body.Contacts.length;x++){
TechCrunch has details of a developing story involving the Gmail accounts of 60 users who found all emails deleted due to a suspected breach in FireFox.
Now here’s the catch-22 for Google. Supposedly, once an email is deleted in Gmail, it is gone forever. That keeps the privacy conspiracy theorists happy
Doing my daily scour through Google's robots.txt file, I noticed a brand new entry that led me to a new not-quite-ready-to-be-launched service — or at least a new way of representing information they know about you.
Disallow: /reviews/search?
This file hosted on Google's web server told me that visiting "http://www.google.com/reviews/search?" would lead me to something — [...]
