Although Google says that the malware can download device specific information only but experts doubt that the malware has the ability to download literally any code from the device. This makes the malware highly dangerous. All infected users will be sent emails regarding the same. Google comments that the security flaw has been fixed on higher versions of Android and the vulnerability exists on Android 2.2.1 and lower. As of now many Android based devices use older versions itself resulting into the huge number of devices getting affected.

Below is the email sent to Android users:

You are receiving this message to inform you of a critical issue affecting your Android Market account.

Hello,

We recently discovered applications on Android Market that were designed to harm devices. These malicious applications (“malware”) have been removed from Android Market, and the corresponding developer accounts have been closed.

According to our records, you have downloaded one or more of these applications. This malware was designed to allow an unauthorized third-party to access your device without your knowledge. As far as we can determine, the only information obtained was device-specific (IMEI/IMSI, unique codes which are used to identify mobile devices, and the version of Android running on your device).

However, this malware could leave your device and personal information at risk, so we are pushing an Android Market security update to your device to remove this malware. Over the next few hours, you will receive a notification on your device that says “Android Market Security Tool March 2011” has been installed. You are not required to take any action from there, the update will automatically run. You may also receive notification(s) on your device that an application has been removed. Within 24 hours of receiving the update, you will receive a second email confirming its success.

To ensure this update is run quickly, please make sure that your device is turned on and has a strong network connection.

For more details, please visit the Android Market Help Center.

Regards,
The Android Market Team

© CompuWorld - because The Genius Inside You Is Still Sleeping.

The warning page said:

You attempted to reach google.co.in but instead you actually reached a server identifying itself as www.google.com. This may be caused by a misconfiguration on the server or by something more serious. An attacker on your network could be trying to get you to visit (and potentially harmful) version of google.co.in. You should not proceed.

Well, it is weird to see that Google Chrome considers www.google.com as harmful. Really weird!

© CompuWorld - because The Genius Inside You Is Still Sleeping.

Is the above image quiet familiar for you? Are you amongst those users who regularly use Google Chrome due to the multiple features that it carries yet are frustrated due to its irresponsible behavior with some websites? And, does the below line seems familiar?

Oops! This link appears to be broken in Google Chrome

One way out is referring to the Support Page created by Google. It will ask you to refresh your cache, scan your system for silly malwares, and delete unwanted cookies. But, I am pretty sure that all this just won’t solve your problem. Once you are done experimenting with different Google suggested methods then I will request you to try playing with the internal Google Chrome settings.

See the checkbox inside the bright red oval in the image above? Well, that is the key to unlock your lock. Go to (see image below) Tools > Options (which is Preferences on Mac) > Under The Hood Tab and uncheck the checkbox next to “Use DNS pre-fetching to improve page load performance.” This will help Google Chrome load some of the websites that usually aren’t loaded and will also increase the website load time by very few microseconds (which you won’t notice).

Happy Chroming!!

© CompuWorld - because The Genius Inside You Is Still Sleeping.

Lets see if this comes back up tomorrow.

© CompuWorld - because The Genius Inside You Is Still Sleeping.

Later on again the problem came up when many bloggers complained that their Google Reader stats were not being counted and this resulted in their feed stats falling down but luckily I was on the safer side in that second glitch.

Now it looks like Google had remembered that they had spared me the last time and so this time my feed burner stats have gone down by over a 100 just because my email subscribers aren’t being counted. Irritating and true!

Any of you face the same problem or is it just me?

© CompuWorld - because The Genius Inside You Is Still Sleeping.

I have personally also registered to my feeds just to keep a check daily if the feeds are working and the feed seemed to work currently too. But I do not know what on earth Google has done that killed all my readers? Give me my readers back…please!

My current readers are ZERO and readers for comments are also ZERO. Yesterday they were 81 and 1 respectively!

It has been few days when I shifted to wordpress from blogger and I had the fear that I might loose my feedburner readers but thanks to labnol feedburner faq I did not loose even one of my readers!

But poof Google wont let me sleep tonight I guess! I hope they work on this very soon.

Did you also loose your readers? Do reply in comments.

UPDATE: 3 hours have passed since I wrote this article and Google seemed to have fixed the bug. I have my readers back. Living secondlife

© CompuWorld - because The Genius Inside You Is Still Sleeping.

[Click Image To Enlarge]

Tired searching for your search queries in Google.com? No I wont ask you to start using another search engine, just use another domain “XXXDISC.NET“. SearchEngineJournal has a mention of this website xxxdisc.net which takes you to the Google homepage and you can easily do the normal searches as you perform in Google.

The search results are same and the page also looks to be almost same. The author doest not seems to run any malicious script with this page. It just seems that he used some tricky programming to get data out of Google pages and let users do Google search from his website until he actually comes up with real content for the site. And you can understand what the real content will be with that name xxxdisc.net! Even the same Google Ads are being displayed in this website as displayed in Google.com.

The only thing which makes me curious is how come Google left a hole that anyone can easily create mirrors of there search engine in any domain. I would love to hear the explanations.

Looks like Google needs to buy more laptop memory.

© CompuWorld - because The Genius Inside You Is Still Sleeping.

“Thank you for your email. I’m sorry to hear that you’ve had trouble with your AdWords account. We’ve identified a known technical issue affecting a limited number of accounts. Our engineers are currently working to solve the problem and hope to reach a resolution shortly. Also know that I have reactivated your account,” it was mentioned in the email notification according to Search Engine Roundtable.

A few AdWords members said they were not even notified about the problems and, after several days of unavailability, the advertising platform returned to the past settings. “My account is live again. i never received any notice of what happened or even that it happened. Just logged in and the red box was gone,” Powdork, a senior member of WebmasterWorld, wrote.

This is not the first time when the search giant encounters serious glitches with the users’ accounts and accidentally removes some of them. In the past, it was reported that a lot of Gmail accounts became inaccessible as the Mountain View company disabled them due to some problems with the technology.

However, AdWords is a little bit more important for most of the customers because it works with money and some of them might be really affected by the unavailability period caused by the service’s issues.

© CompuWorld - because The Genius Inside You Is Still Sleeping.

When a friend sent me a link to this rather boring video http://video.google.co.uk/videoplay?…85184878490822 I immediately noticed the ‘Email – Blog – Post to Myspace’ link on the right side. As any curious person would do I decided to check it out to see how Google has integrated with MySpace.

So after clicking I was greeted with the following popup http://video.google.co.uk/blogpost?d…22&siteindex=3 and immediately noticed that the url of it was http, and not https. An insecure form… So I figured it must be posting the login details to a https url, so I pulled out live headers and this is what I got:

http://video.google.co.uk/blogpost

POST /blogpost HTTP/1.1
Host: video.google.co.uk
User-Agent: Mozilla/5.0 (Windows; U;
Windows NT 5.1; en-US; rv:1.8.1.3) Gecko/20070309 Firefox/2.0.0.3
Accept: text/xml,application/xml,application/xhtml+
xml,text/html;q=0.9,text/plain;q=0.8,
image/png,*/*;q=0.5
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip,deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 300
Connection: keep-alive
Content-Type: application/x-www-form-urlencoded
Referer: http://video.google.co.uk/blogpost?d…22&siteindex=3
Content-Length: 42
Cookie: PREF=ID=26c938172fc51030:TM=1178041215:
LM=1138046118:S=Bw_pBCzx-opEyR3s; sloc=en_GB
Pragma: no-cache
Cache-Control: no-cache
req=login&name=myusername
&pass=mypassword&site=MySpace

In short this users find says that Google is passing private information which includes MySpace, LiveJournal, Blogger, and TypePad login details over insecure channels. And since Blogger accounts sometimes use Google Accounts for login, such a flaw could expose a user’s GMail, Google AdWords, Google AdSense, and maybe even Google Checkout information (unless this information is encrypted).

The private and sensitive information is being passed without SSL, which is a basic and common step in the Internet security process.

Related:
Warning: YouTube Could Be Used To Hack Your Computer
Google Desktop Vulnerable To Attack
Search Google Without Google Ads
Awesome Hidden Google Pages

© CompuWorld - because The Genius Inside You Is Still Sleeping.

The attack scenario plays out like this: a user of Google Desktop makes a search query that is intercepted by an attacker. The attacker then injects Javascript that creates an invisible IFrame on the target URL page as well as makes the IFrame follow the user’s mouse; the user is unaware. The attacker then injects more code to position a second query inside the user mouse IFrame. As the second query executes, the attacker then forces a meta-refresh to reload the page, and that forces Google Desktop to load as well as any program indexed by Google Desktop the attacker may desire. When user clicks the evil Google Desktop query, the malicious program executes.

Hansen writes: “This should drive home the point that deep integration between the desktop and the Web is not a good idea” since Google’s site is unencrypted and therefore can be subverted by an attacker. But Hansen notes there are two caveats here: one, you need to have Google Desktop installed, and two, the attacker must be sophisticated enough to launch a man-in-the-middle attack upon you.

To illustrate the attack, Hansen provided an online video demonstration.

© CompuWorld - because The Genius Inside You Is Still Sleeping.