Sep 30
美国的一家提供国际汇款业务的服务商 Xoom 最近获收一笔投资,领衔这一轮投资的是 DAB Ventures,其他投资者还包括 Fidelity Ventures、New Enterprise Associates 和 Sequoia Capital,这是他们迄今为止的第五轮融资了。Xoom 成立于 2001 年,总部位于美国旧金山,到目前为止 Xoom 公司以获得超过 5000 万美元的融资。…
继续.
Sep 30
Zoho Projects 今天又有了更新,首先可以看见的是语言设置(如上图),现已经支持法语、德语、日语、西班牙文、荷兰语、丹麦语、捷克语、意大利语、葡萄牙语(包括欧洲和巴西) 、瑞典语及俄语。另一个重要更新是支持一级项目的 RSS 输出,格式很标准,适用于大部分 RSS 阅读工具。此外,还有一个细节上的改进,就是每个项目上都已经可以标注失效时间,设定项目的期限了。…
继续.
Sep 30
在线音乐工作室 Kompoz 本月刚刚推出了 iPhone 适用版本,近日他们又推出了一款新的上传工具。该款工具支持同时上传多个音频文件,以及拖曳操作,大大方便了上传操作,以及使用的体验。如果你在使用 Kompoz,这款工具绝对不能错过。…
继续.
Sep 29
Now there’s another Google brand rip-off, apparently from China:
Google Eau de Toilette for Men. [Thanks Zoran!]
[By Philipp Lenssen | Original post | Comments]
[Advertisement] Google books at eBay: background info on Google, AdWords, AdSense, Blogger and more… [Advertise here] 
Sep 29
Google say they acquired “certain assets and technology of Zingku,” the Google Operating System blog reports. Here’s what Zingku does, according to their About page:
<<Our service is designed from the mobile phone, outward, allowing you to create and exchange things of interest ranging from invitations to “mobile flyers” with friends in a trusted manner. On the mobile phone, Zingku uses standard text messaging and picture messaging features that come with every phone. On the web, our service uses your standard web browser and instant messenger. There is nothing to install.>>
It’s a bit like a mobile social network and communication platform, supporting polls, RSS to SMS converters, mobile photo sharing and more.
At this time, sign-ups for new users are frozen while Zingku integrates with Google; existing users get the chance to opt out of the move until October 4th.
[By Philipp Lenssen | Original post | Comments]
[Advertisement] Google books at eBay: background info on Google, AdWords, AdSense, Blogger and more… [Advertise here]
Sep 29
In the recent days, an unusually high amount of Google-related security issues have been reported on the web. For instance, one developer was reportedly able to insert a backdoor into Gmail by luring people onto a specially prepared webpage, exposing private data. In not all, but many of these exploits, the problem is that your Google Account cookie can be stolen via so-called cross-site scripting (XSS) attacks; “cross-site”, because the cookie info wanders from Google.com (where it’s supposed to be read) to SomeRandomAbuserDomain.com (where it’s not supposed to be read). Basically, such an attack can be executed when someone finds a way to publish their own, free-style HTML/ JavaScript onto any *.google.com domain (like Google Calendar, Google Docs, Google Reader, Google News and so on).
Now, co-editor Tony Ruscoe stumbled upon another XSS vulnerability. By posting his specially prepared file of the Google Docs family which exploits a non-standard, incorrect Internet Explorer behavior, and then pushing me as experimental “victim” onto this file by sending me a link I clicked, Tony was able to get a Google Account cookie of mine, as I was previously logged-in to Google. (Tony did not need to point me to a domain of his, I was only accessing Google-hosted content; I did have to use Internet Explorer though, as it didn’t work with Firefox.) Google security has been informed about this vulnerabiliy and we won’t disclose how to reproduce this for now to give Google time to fix it.
Now, here’s what Tony was able to do with the cookie (as opposed to how a real attacker would act, he only did this after I gave him permission, of course):
- Read my Gmail email subject lines and the first words of my mails. This was possible by including a Gmail gadget onto iGoogle, using the extra-wide tab layout.
- Access my Google Analytics statistics, including stats of external sites that had been shared with my account.
- View many of my iGoogle gadgets, e.g. a Todo list.
- Access the full contents of my non-public Google Notebook notes/ non-public notes that had been shared with me by others.
- Check my Google Reader.
- See the names of my Docs, Spreadsheets and Presentations files.
Here’s what Tony was specifically not able to do:
- He didn’t see my full emails.
- He didn’t see any of the content of my Google Docs, Spreadsheets or Presentations.
- He didn’t see all of my iGoogle gadgets, e.g. a Google Talk gadget required another log-in.
- He wasn’t able to compromise my account login/ password, e.g. change it to then fully access my Google services.
Below are some of the screenshots Tony took while exploring my Google account:
In other words, this stealing from the cookie jar can be risky for the victim, but it must not be completely dramatic in all cases. Even so, it’s another reminder how the growingly powerful Google Account framework not only offers more power to lazy people (you don’t need to sign-in to Google services over and over), but also more power to abusers. All that’s needed to start most of these attacks is a bug or oversight in one of the many Google services, and a victim who visits a prepared webpage. If you want to be save from this, you can always log-out of your Google account when not using Gmail and other services, and try to not view pages you don’t trust (and try not to follow to pages you may think you trust, but which have been sent to you by non-trusted people).
[By Philipp Lenssen | Original post | Comments]
[Advertisement] 55 Ways to Have Fun with Google (Book) [Advertise here]
Sep 29
已经有两款笔记本电脑搭载 SSD (固态硬盘)了,其中包括 Alienware 的 Area 51 m9750。现在 Sony 的 VAIO 系列笔记本电脑也开始搭载 SSD 了,首推的是 Sony Vaio G2 系列,这是第一批 Sony 使用扣肉二处理器与 SSD 的笔记本电脑,型号分别为 U7600 与 U7500。SSD 容量是可以选择的,包括 32GB、48GB、64GB 三种,同时,用户也可以选择传统的 HDD 硬盘。根据已经”摸过”实机的朋友说,G2 相当的轻薄,并且有着很强的抗震功能,售价目前尚未公布。…
继续.
Sep 29
网络广告服务商 Turn 近日获收一笔投资,投资方为 Norwest Venture Partners、 Trident Capital 和 Shasta Ventures,金额为 800 万美元。Turn 的创办人是 Altavista 的前 CEO Jim Barnett,提供一个智能化自动的广告平台,利用自主开发的特殊算法技术,替广告主与出版商商法来选择最佳的解决方案。…
继续.
Sep 29
摄影作品收藏及在线存储服务 PhotoShelter 对于一些 Mac OS X 用户来说,应该是不陌生的。这个与 iStockphoto 一样为专业摄影师提供在线存档和销售图像的服务,并且支持直接从 Aperture 添加图像到你 PhotoShelter 上的收藏中。最近,他们作出了改版,调整了一些服务方方面的细节。其中主要在于收益分摊方面的调整,可以给予专业摄影师更多的利益回报,也能增加这些作品的展示机会。此外,根据统计,目前在该平台上,已经拥有了大约 1000 名专业摄影师的加盟,以及超过 9000 份的高素质摄影作品可供挑选。…
继续.
Sep 29
Gruvr 可帮助用户在整合的电子地图上检索临近的音乐信息,比如即将举行的演唱会、音乐会等等。通过一个聚合输出的列表,用户可以在一定地区范围内跟踪这些信息。同时,他们还使用基于 Grazr 的服务提供用户可以外部输出的 Widget,该 Widget 上的信息将会实时更新,让你把毫不遗漏的任何有关音乐会信息提供给更多人。…
继续.
Recent Comments