Primate Brow Flash

http://www.coderanch.com/t/467031/Meaningless-Drivel/gmail-account-virus-spam-attacked

Blackgold is a small google code application that apparently ran amock.

Google blogoscoped links to a browser guide from Google that provides a great deal of insight into the inner workings of browsers and browser security. Google ought to know all about browser peculiarities. If you haven’t seen it before, Google Blogoscoped keeps track of all things Google. and there is a lot!

The guide could be titled “how to speak browser inconsistencies”. It dives into such topics as

• Security-relevant differences between HTML parsing modes
• differences in HTML entity encoding
• The “multiple inexplicable oddities and quirks that plague DOM data structures in every browser”.
• differences in browser implementations of javascript.
• differences in cross-domain origin rules
• clickjacking
• Gaps in DOM access control

Required reading for web developers and security researchers.

something strange is happening in this town. Like the fabric of reality is melting away. Move one square up the street and it gets even worse!

You can see that Google street view uses the ground behind the van from the previous image to paste over the spot where the van should be in each picture.

studies show that access to home energy information results in savings between 5-15% on monthly electricity bills. It may not sound like much, but if half of America’s households cut their energy demand by 10 percent, it would be the equivalent of taking eight million cars off the road.

Google has rolled out a web service that lets you track home energy use. It isn’t available to the public yet, but it looks like what I’ve always wanted… a way to track and display home energy use, so I can think about it more clearly and so I can show it to the kids so they can think about it more clearly and remember to turn their F$ocking lights off.

It looks cool as hell.

Hey! They implemented a security dashboard in gmail, just like I wished for in this previous post.
Watch Over Your Gmail Account Activity

GMAILrolled out a new feature which you’ll find at the bottom of the application (if you have it already): account activity information. You’ll see an info text like “Last account activity: 0 minutes ago on this computer” with a Details link. This information is supposed to help you find out when fishy things go on with your Gmails… like when your password has been discovered by someone else, who now browses through your private messages.

here it is on the official gmail blog.

This serves as another warning about giving your username and password to third party applications:

creator of G-archiver was secretly collecting usernames and passwords.

A programmer wrote a neat application that backs up your gmail archives. In the code was a little piece that delivered every password to the creator’s gmail account.

This is a great approach: If you are an internet criminal, devote your time to creating a useful application that contains some sort of back door that lets you collect their personal information. I wonder how many other third party apps are doing this and what is the term for this type of attack?

via Google Blogoscoped

Taking control of an email account serves as fulcrum for further attacks. If I have access to someone’s email account, I can request password reminders from their other web accounts, impersonate them and read their “private” correspondence. Most email accounts can be accessed from some kind of webmail client from anywhere in the world and there are a dozen broad attack types I can think of right away that are used to steal webmail login credentials.
So…. how about a program that logs and reports on webmail activity? The program would track where and when a webmail account has been accessed. It would provide a dashboard where the user could see if their webmail account:

• has been accessed from any strange IP addresses,
• has been accessed from any strange browser/OS/ CPUspeed/ screensize combinations,
• has been accessed from a different city or country,
• has been accessed at a different time of day than is usual for them,
• has had any “sent” items deleted,
• has been emptied of “trash” outside of routine maintenance,
• has received responses to any “lost password” requests
• or has had any failed login attempts

If I needed this for Exchange Server, I can at least dig through the server logs here. For Gmail, Yahoo and Hotmail, I can’t. There is nothing that could tell me if someone in Florida accessed my email in the middle of the night and sent or received email and then deleted the record of it.

Is there a way to hack this together? A browser script wouldn’t do because it would only record my visits. A proxy that sat between me and Gmail and tallied actions wouldn’t prevent someone else from accessing the account directly.
I’ve been trying to imagine some complicated email forwarding scheme that would let me do this, but the real solution is to grab the logs from the source. If they can read my email closely enough to customize ads, surely they can provide some recent activity info. At a minimum, I would want last visit and last failed login attempt.

I found Steve’s posts about migrating to a new computer useful, and I thought I’d copy him in detailing all the work. It is turning out to be a lot of work! Starting with just the browsers, I’ll list the extensions and settings I’ve come to depend on for safe and efficient browsing

• Find as you type for IE 7. In FireFox, if I type “/” or CTRL-F and begin typing, the browser finds words as I type. This saves a few keystrokes for me and often finds variations in spelling of the word I’m looking for. This extension makes that happen in IE as well.
• Google Keyboard Search for IE7 and FireFox: This is a change to the default search engine. Your Google results can then be browsed with the j and k keys and opened with the Enter key. It automatically jumps to the next page when you scroll off the end.
• GMail Notifier. I like having a reminder in my browser when I get mail
• Delicious toolbar links. I use these all the time. I usually just drag the delicious buttons to my bookmarks toolbar, but now I’m trying the delicious FireFox extension and I like it. It captures selected text as notes.
• Instant Library Lookup browser button. If I’m at Amazon and I see a book I’m interested in. I click the browser button and it instantly finds it at my local library. I’ve saved hundreds of dollars this way, even when I calculate in overdue fines.
• Set Firefox master password. This requires a password to access any private info in FireFox. (Tools –> Options –> Security –> Set Master Password)
• Google Dorks: This extension puts a lot of the special Google search syntax at your fingertips.
• Noscript: It is important to install this as it cuts down on possible attacks through Cross Site Scripting. I initially thought that it would be a pain in the ass to “allow” all the friendly sites to run javascript, but it is surprisingly easy. You can import allowed sites from previous installations of Firefox.
• IE7 guards against sites that “use a scripted window to ask for information” by default. This tells how to permanently ad a trusted site that won’t get blocked by this feature.
• Spelling: Firefox 2.0 has a built-in spellcheck. It is wonderful except that in my old browser I built up a big list of words that it didn’t know that I had to ask. Going into my old browser, I took the C:\Documents and Settings\\Application Data\Mozilla\Profiles\ persdict.dat and dropped into the same place on my new computer.
• IE7 has no spellcheck built in. I’ve long been using the Google toolbar for this and it is great. To import my old wordlist from old machines, I found the file “..\Google\User Dictionary.txt” and copied the word list out of there and sent it to myself thru email. No sense in teaching my spellchecker to recognize “Pr0n” “Pwnzored” “assclown” “idiotarian” “MSM”, “Suxxor”, “roxxor” and “STFU” again.
• One thing I’m trying to find is a Internet Explorer setting or extension that mimics the Firefox behavior: I click on a page of text and I can then select text with the shift key and left and right arrow keys. Any help, lazyweb?

The fascination with some sort of hardline takeover of the US government has subsided big-time, at least here in the twin cities. No ad impressions all day for that category. There must have been a news story that I missed that had people searching for it over the weekend. It isn’t dark yet and people might brood about this kind of thing better at night. I might switch my geography back to the entire country. that was more interesting. Interest in government rescinding our rights might be still going strong elsewhere for all I know.

Today, the top slot is held by a climate change related search term and that is closely followed by one related to bacterial resistance. I added a few real estate crashing terms and one of those is getting some impressions.

I’m trying to pick terms that might be used by someone wanting to know broadly about how and when the world is going to end, rather than searching for the answer to some specific problem they have.

I got this notice when trying to add specific medicines to my keywords:

Online Pharmacy ID Required
Your keyword list appears to contain pharmacy-related content. Google policy requires online pharmacies and online pharmacy affiliates in the U.S. and Canada with ads or keywords targeting the U.S., U.S. territories (American Samoa, Guam, Puerto Rico, U.S. Virgin Islands), or Canada to provide a valid PharmacyChecker ID.

The AdWords program only accepts advertising for pharmacies based in the U.S. or Canada. Google policy does not allow AdWords ads for prescription drugs to be displayed in other countries.

You can submit your PharmacyChecker ID within your AdWords account. You will have to log in to your account in order to access the page.

Keyword(s): Resistance to Levofloxacin

zeitgeist: A German word for the “moral, intellectual, and cultural climate of an era” as seen on Google Zeitgeist, where they show the world’s top search phrases for the given week.

Wouldn’t it be great if you could see the most popular search phrases entered by the kind of nuts that sit around and worry about food scarcity, peak oil, bird flu, global warming and terrorists all night?

I signed up for Google AdWords to see if I could capture any trends in people’s searches.
Google AdWords allowed me to create my own ad and register as many keywords as I could think of. When someone types one of my keywords or phrases into a google search, my ad now gets shown over on the right side of the search results. The service provides a report of how many times the ad gets rendered for each keyword I write down. There is no charge unless someone clicks on the ad. There is, however, a small activation fee.

I registered about 100 keywords that fit into 6 CGS categories: Global warming, Peak Oil, Flu Epidemic, Antibiotic resistance, terrorism, government takeover, plus a few extra broad terms like “gun grab” “Survival gear” “SHTF supplies” “Race War” “Food riots” Etc.
I had to craft an advert that no one would ever want to click so that I would never be charged. “Cheap Bunker Certification.” was the first one I tried, but a surprising number of people clicked on it. I have a new one now related to “cheap trigger lock inspections” that people seem to avoid.

The service allows you to set your monthly maximum bill to any amount. I set mine so low that Google even warned me that my ad campaign would not possibly succeed with such a low cap. But it already has succeeded, my friends, it already has.

At first, I had the ads turned on for the entire country. To my surprise, the chief worry out of all these scary threats to our civilization is the institution of a police state (125 searches nationwide in 7 hours). There is also widespread interest in bacterial resistance (67) and sudden climate change(63). Worries about epidemics(27), sea levels(25) and gasoline supply(12) are close behind.

A few things skew the results. For example, certain keywords almost always show my ads while others, such as “crowd control rifle” force my ad to compete with others that are often bidding much higher than I am for their position on the page. This results in fewer viewings. I’m looking for a way to factor this in when I tabulate the results.

Yesterday, I changed my geographic settings to serve ads just in the Twin Cities area. The percentages seem about the same: Way out in front: government taking our rights away. I’ll give the service the rest of the month to collect data and then report on it.

Obviously, there might be some keywords that I’m missing that get used more often than the ones I’ve selected. I read far too many survivalist forums in order to get search phrase ideas and they left me worried, both about the mentality of the people and about my glaring lack of a BOV.

One challenge is to come up with a keyword to beat the other leading ones. Suggestions welcome.