Tuesday, 27 October 2009

Google stalks your social circle

Google took its beach towel down to the social networking pool yesterday with the release of its latest Facebook-apeing Web 2.0-stylie search tool.
Mountain View announced a new Google Labs experiment - dubbed “Social Search” - that creepily helps users probe more “relevant public content” from their “broader social circle”. The company has already been improving search results to make them more personally tailored to an individual surfer’s stalker needs.“With Social Search, Google finds relevant public content from your friends and contacts and highlights it for you at the bottom of your search results,” said Google in a blog post.
The tool allows users to see search results for a simple query, such as New York, that includes any friends that might have referenced the city in their blog. Social Search can also be filtered so that only results of content from a person’s “social circle” are shown.


In a move to silence privacy critics of Social Search, Google pointed out that all the information it pools together via the tool was already “published publicly on the web”.
“What we've done is surface that content together in one single place to make your results more relevant,” it said.
Google has stitched a user’s friends and contacts list into a public Google profile, which grabs info from the likes of Twitter. Anyone interested in using the tool needs to first sign up to a Google account - if they don’t have one already, that is.
“If you use Gmail, we'll also include your chat buddies and contacts in your friends, family, and coworkers groups. And if you use Google Reader, we'll include some websites from your subscriptions as part of your social search results,” said the firm. ®

Mass web infections spike to 6 million pages

An estimated 5.8 million pages belonging to 640,000 websites were infected with code designed to launch malware attacks on visitors, according to a report released Tuesday.
The numbers, compiled over the third quarter by security firm Dasient, represent a significant jump in number of legitimate websites that have been compromised. According to numbers Microsoft released on April, some 3 million pages were infected. The number of sites blocked by Google more than doubled between December and August, to almost 350,000.
"The bad guys are significantly taking advantage of attacking servers so they can distribute their malware to a very, very large number of clients," said Dasient co-founder Ameet Ranadive. "A lot of these infections are complex and often pretty obfuscated, so it's difficult for experienced webmasters to figure out what parts of their site have been infected and then to remediate it."
To understand just how hard it is for webmasters to clean up the mess, consider this: In the third quarter, 39.6 percent of compromised sites had been reinfected after trying earlier to clean up the malware. Criminals are often able to attack a site repeatedly because webmasters fail to change passwords or patch vulnerable web applications that led to the initial exploit.
Eleven days ago, ScanSafe, a separate security firm that announced Tuesday it is being acquired by Cisco, reported that more than 2,000 websites were compromised by a mass web infection known as Gumblar. Many of those sites were likely hit in earlier waves and simply reinfected, a ScanSafe researcher said at the time.
An estimated 54.8 percent of the attacks observed by Dasient involved malicious javascript that was injected into compromised sites. iFrames that silently redirected users to malicious sites came in second at 37.1. Dasient has cataloged more than 72,000 unique malware infections involving websites.
The attacks are growing in popularity because they allow criminals to reach large numbers of victims with a minimum amount of effort. For end users who fail to install the latest versions of Adobe Reader, Adobe Flash and other software on their machines, the attacks often result in a "browse and get compromised" scenario, in which their systems are surreptitiously infected simply by visiting the site.
"Hackers are starting to see some success from these attacks and whenever they see success, they continue to invest more," Ranadive said. ®

emails

a

The Register - Security

IQ test

The Register - Security: Anti-Virus

HackWire - Hacker News