Thursday, February 12, 2009

GOOGLE GOOGLE GOOGLE






GOOGLE GOOGLE GOOGLE GOOGLE GOOGLE GOOGLE GOOGLE




GOOGLE GOOD JOB GIVE http://tinyurl.com/6sqzv3











INTERNET MONEY MAKING JOB
Online Job 1 Earn Rs.2000 daily. No Investment. Wanted ,Job is only through Internet. Work part time. You can earn Rs.750-2000/- daily. These are genuine Internet jobs. No Investment required. Only serious enquires more detail contacthttp://education2007.kavitha.


.com




DETAILS OF GOOGLE’S LATEST SECURITY HOLE

I’ve now received confirmation from Google’s Security Team that the latest vulnerability Philipp posted about has been fixed. After carrying out some investigations of my own, I believe this is the case – so I’m going to share with you what the problem was and how I was able to exploit it. In doing so, I hope to educate other developers about the potential flaws that can occur in growingly complex web applications.
In summary, I was able to create a page that was hosted on a google.com domain, which is something that should never be allowed to happen. Because of this vulnerability, I was then able to use a simple bit of code to steal someone else’s Google cookie and access their Google services.

Background
Earlier this month, Google announced that Blogger Custom Domains would allow you to host your own blog on the Blogger platform using your own domain name rather than a blogspot.com address.
Here’s how it should work:
Buy your domain name – e.g. example.com
Create a CNAME record that points your domain or subdomain to ghs.google.com – e.g. blog.example.com (see these Blogger Help and Google Help entries for more information on DNS settings and creating CNAMEs)
Setup your blog using a blogspot.com address (if you’ve not already got one) – e.g. example.blogspot.com
Enter your domain name in Blogger’s Custom Domain publishing settings – e.g. blog.example.com
Any requests to example.blogspot.com would be redirected to blog.example.com where your blog is now being hosted by Blogger
Soon after this feature was announced, I realized that you could enter any domain name in Blogger’s Custom Domain publishing settings regardless of whether you owned the domain or had setup a CNAME to point to ghs.google.com. Since Blogger claims that “you don’t have to pay extra for hosting service” and Google promotes private registration (meaning your details are withheld from a WHOIS lookup) there’s no reliable way to verify whether the Blogger user actually owns the domain they’re entering.
Under normal circumstances, this isn’t a problem; entering a domain that doesn’t have its CNAME setup to point it to ghs.google.com would simply result in any requests to the blogspot.com address being redirected to the domain. And this is actually useful for anyone with a blogspot.com address who wants to move their blog away from Blogger’s servers by using either FTP-publishing or another blog service altogether. (For example, ruscoe.blogspot.com now redirects to ruscoe.net which is hosted on my own server.)
This could only cause problems if you were to enter a domain name that already had a CNAME pointing to ghs.google.com (or another address that’s pointing to the same place). But what are the chances of being able to find a domain that’s already setup like that? Well... it was easier than you might think.
Proof of Concept Implementation
In the Google Blogoscoped Forum, Art-One had reported that he’d seen a Japanese blog being hosted at ghs.google.com (which is the same domain used by Custom Domains in Google Apps for Your Domain).
Whether this was done intentionally or completely by accident, someone had entered ghs.google.com as their Blogger Custom Domain. Since no blog was setup at this address, Blogger had allowed them to host their blog there. And that’s when the alarm bells started to ring. This would allow me to host my own content on the google.com domain too...
Since I keep a close eye on Google subdomains, I knew that ghs.google.com wasn’t the only google.com domain that pointed to that location and I immediately claimed ghs.l.


.com as my custom domain. (Google quite often has *.


.com subdomains setup as CNAMEs for their *.l.google.com equivalents.)
As any web developer will know, a page hosted at an address like ghs.l.google.com is perfectly capable of reading and writing google.com cookies, which meant that when Philipp visited my “proof of concept” page hosted on the ghs.l.google.com domain, I was able to “borrow” his google.com cookie data. This can be easily achieved using some simple JavaScript that would read the cookie and place the data into a hidden form field element. The form could then be automatically submitted to another server which would be hosting a server-side script capable of logging the form data to a database, text file or send it in an email.
Once the cookie data had been received, there are a number of methods which could be used to write data to a google.com cookie – meaning the hacker would be able to have the same google.com cookie data as you, giving them access to your


Account and services.*
Problem Fixed
The Google Security Team was informed of the issue before I’d even written my proof of concept script to test on Philipp. Around three and a half hours later, Google had deleted my test page and were redirecting both ghs.


.com and ghs.l.google.com to Blogger’s standard “blog not found” page. (They’re now redirecting both addresses to the Google.com home page.)
Later that evening, I received this response:
Thank you for reporting this issue to us. We take the security of our users and their information very seriously. We wanted to let you know that we addressed this problem with expediency and have taken steps to ensure it cannot occur again.
It seems that Google followed my advice and fixed the problem by disallowing any Google domains to be entered as a Blogger Custom Domain. Trying to enter a Google domain in this field will return an error stating, “Another blog is already hosted at this address.” (Theoretically, this is overkill because the domain would also need to be pointing at ghs.google.com – but it’s always better to be safe than sorry!)
Avoiding Vulnerabilities
There are a number of ways to make sure you – as a user – don’t get caught by a security loophole like this. Some people would say you should only visit pages you trust – but who doesn’t trust a page on the Google.com domain? Others might say the answer is to disable JavaScript in your browser – but then you wouldn’t be able to use websites and applications that rely on JavaScript being enabled. You could also turn off or clear your cookies – but that could prevent many services that require a login from working. In this case, my proof of concept script would have failed if the user had either signed out of their Google Account, cleared their cookies or disabled JavaScript before visiting my page. But would you be prepared to do that before visiting any website you didn’t know was 100% safe? Of course, I could have just put up an official-looking page that was hosted on a Google domain showing a Google Account login box asking for a username and password – and who wouldn’t enter their Google Account details if they thought they were going to be one of the first to get a peek at a new Google service?
How can companies like Google prevent this from happening when developing new applications or features? I guess the most important rule is to make sure nobody can host or inject content (and particularly scripts) on your primary domain or a subdomain of your primary domain. This isn’t the first time that Google allowed this to happen. Just a few months ago, a user realized the Google Public Service Search could be exploited in a similar way, demonstrated with his Gmail Plus phishing page. This time it was a very special case though. Who would have thought that someone would find a google.com domain pointing to the right place and enter it as their custom domain? Some simple input validation would have allowed them to reject any requests for google.com domains to be used. But perhaps a more secure approach would have been to use a completely different domain in the first place – something like googleservicehosting.com, hostedbygoogle.com or googleafyd.com – all of which Google already own. It’s too late to change that now though, as thousands of users will already have pointed their domain to the ghs.google.com address.



INTERNET MONEY MAKING JOB
Online Job 1 Earn Rs.2000 daily. No Investment. Wanted ,Job is only through Internet. Work part time. You can earn Rs.750-2000/- daily. These are genuine Internet jobs. No Investment required. Only serious enquires more detail contact
http://education2007.kavitha.googlepages.com/formfillingjobs

HOME BASED JOB

Earn Rs.10,000+ Per Month working just 1-2 hrs/day. We Offer Simple Typing Jobs best suited for students, Part time workers, house wives, retired persons. Your earning Potential is absolutely unlimited. Payment guaranteed. For morehttp://internetmoneymakingjobs.blogspot.com/
Another way to prevent this from ever happening again would be to change how the same cookie is used to identify a user and give them access to many services. It seems odd that I could access Philipp’s Google Account at the same time as him from a completely different location, via a different IP address, using a different web browser with exactly the same cookie data. Admittedly, Google’s cookie is probably more secure than most – and I could no longer access his account when Philipp changed his password.


adposting job http://education2007.kavitha.googlepages.com/
Finally, I think it’s worth pointing out that only a small number of people would have been able to exploit this security vulnerability because there are only a limited number of google.com domains which would have met the requirements – and once a domain is “claimed” it is unavailable for others use. work at home job http://education2007.kavitha.googlepages.com/Also, the Japanese blog didn’t contain any malicious script and my proof of concept page was only online for a few hours at an obscure address that was only visited by myself and Philipp. But if you have reason to believe that your account has been accessed without your permission,google adsense http://education2007.kavitha.googlepages.com/ the best advice is probably to change all your passwords as soon as possible.
* Services that were accessible using this technique included: Google Alerts, Google Analytics, Google Base, Google Bookmarks, Google Code, online dataentry http://education2007.kavitha.googlepages.com/Google Co-op, Google Docs and Spreadsheets, Google Finance, Froogle Shopping List, Google Image Labeler, Google in Your Language, Google Groups, Local Business Center, Google Maps (Saved Locations), Google Notebook, Personalized Homepage, Personalized Search (Search Historysurvey job http://education2007.kavitha.googlepages.com/), Google Reader, 3D Warehouse (SketchUp), Google Video and Google Webmaster Tools.





INTERNET MONEY MAKING JOB

Online Job 1 Earn Rs.2000 daily. No Investment. Wanted ,Job is only through Internet. Work part time. You can earn Rs.750-2000/- daily. These are genuine Internet jobs. No Investment required. Only serious enquires more detail contacthttp://education2007.kavitha.googlepages.com/onlinetypingjobs


Google Details Health Records System
February 29, 2008 by Geoff Duncan
Google CEO Eric Schmidt has offered a first glance at Google Health, the Internet giant's initiative to make health records portable...and in patients' control.
At a closing keynote at the Healthcare Information and Management Systems Society http://education2007.kavitha.googlepages.com/onlinetypingjobs HIMMS) conference in Orlando, Florida, Google CEO Eric Schmidt gave the first public preview of Google Healthhttp://education2007.kavitha.googlepages.com/offlinetypingjobs , and outlined how Google envisions the system making patients' medical records and health information easily portable between doctors, hospitals, pharmacies, andother health care providers, http://education2007.kavitha.googlepages.com/formfillingjobswhile at the same time preserving patients' privacy and enabling them to have complete control over their medical information. He also said Google Health won't offer up ads; instead, http://education2007.kavitha.googlepages.com/internetjobsGoogle wants to make money on the service by using it to drive traffic to its existing search offerings.
Google Health is not yet available publicly, and likely won't be widely available for a few monthshttp://education2007.kavitha.googlepages.com/adpostingjobs. Google announced last week it is conducting a trial with the Cleveland Clinic to test the system. Schmidt also announced Google has signed deals with a number of hospitals and health care companies to support the service, including Quest Diagnostics, health insurance provider Aetna, Walgreens, and (significantly) Wal-Mart pharmacies.
Schmidt emphasized that the system will not share data without a user's consent, and users would access the system with a username and password from any Internet-enabled computer. Google has also summarized the main features of Google Health in its official blog.
Google faces competition in the health records arena from Microsoft's HealthVault initiative, announced last October, along with Revolution Health, a similar service backed by AOL founder Steve Case. http://education2007.kavitha.googlepages.com/affiliateprogram
Industry watchers have flagged all these online health records systems as having serious privacy concerns: in addition to potentially serious ramifications if the system were to be breached or grant unauthorized access to health information, information stored in such systems would not be protected by the 1996 HIPAA act, http://education2007.kavitha.googlepages.com/runningwebsiteswhich requires patents receive notification if their records are subpoenaed, along with other protections. Exclusion from provisions of the HIPAA act means, potentially, information stored in online health records systems could legally be used for marketing and other purposes without users' knowledge or consent.


Get all your news and blogs in one place with Google Reader
http://education2007.kavitha.googlepages.com/auctiononline
With Google Reader, keeping up with your favorite websites is as easy as checking your email.
utmx_section("Image")

utmx_section("Bullet Text")

· Stay up to date Google Reader constantly checks your favorite news sites and blogs for new content.
· Share with your friends Use Google Reader's built-in public page to easily share interesting items with your friends and family.
· Use it anywhere, for free Google Reader is totally free and works in most modern browsers, without any software to install.


GOOGLE MAPS
Find local businesses, view maps and get driving directions in Google Maps.maps.google.com/




GOOGLE NEWS

Aggregated headlines and a search engine of many of the world's news sources.




GOOGLE.ORG

The philanthropic arm of the company. Lists its activities

GOOGLE GROUPS

Searchable archive of more than 700 million Usenet postings from a period of more than 20 years


GOOGLE IMAGE SEARCH

Want to help improve Google Image Search? Try Google Image Labeler. Advertising Programs - Business Solutions - About Google. ©2009 Google.

Images.google.com

http://video.google.com/


google analytics
google uk
google desktop
google docs
google adsense
google suggest
google adwords
google apps


Google
Google.ca offered in: Fran├žais · Advertising Programs - Business Solutions - About Google - Go to Google.com. ©2009 - Privacy.www.google.ca/ - 8k - Cached - Similar pages
Google - Wikipedia, the free encyclopedia
Google Inc. is an American public corporation, earning revenue from advertising related to its Internet search, e-mail, online mapping, office productivity, ...en.wikipedia.org/wiki/Google - 255k - Cached - Similar pages
Official Google Blog
6 Feb 2009 ... Official weblog, with news of new products, events and glimpses of life inside Google.googleblog.blogspot.com/ - 105k - Cached - Similar pages
Google Earth education2007.kavitha - AD POSTING JOBS
Offers maps and satellite images for complex or pinpointed regional searches.earth.google.com/ - 8k - Cached - Similar pages
Google
Offers the choice of searching the whole web or web pages from education2007.kavitha - FORM FILLING JOBSAustralia. Also advanced search, image and groups search, news and directory from the Open ...www.google.com.au/ - 8k - Cached - Similar pages
Google Language Toolsadposting job http://education2007.kavitha.googlepages.com/
Translation of text and web pages between English and several European languages.www.google.com.au/language_tools?hl=en - 60k - Cached - work at home job http://education2007.kavitha.googlepages.com/Similar pagesMore results from www.google.com.au »
Google Toolbar google adsense http://education2007.kavitha.googlepages.com/
Internet Explorer and Firefox Toolbar with Google search. Additional options include a pop-up blocker and form-filler.toolbar.google.com/ - 10k - Cached - Similar pages
Google Code
Early registration is officially open for Google's largest developer event of the year, Google I/O, being held on May 27th and 28th, 2009 at Moscone Center ...code.google.com/ - 8k - Cached - Similar pages
Google Adwords
PPC program where webmasters can create their own ads and choose keywords.adwords.google.com/ - 31k - Cached - Similar pages





















INTERNET MONEY MAKING JOB
Online Job 1 Earn Rs.2000 daily. No Investment. Wanted ,Job is only through Internet. Work part time. You can earn Rs.750-2000/- daily. These are genuine Internet jobs. No Investment required. Only serious enquires more detail contacthttp://education2007.kavitha.googlepages.com/










5 comments:

SCORPIO said...

Indian Free Classifieds :






I like to visit your blog and it is have interesting writings about business opportunity and you can also visit website for indian free classifieds to get more ideas about online business from home and you can find more home based business opportunity to work at home in your part time at jobs online.




Indian Free Classifieds


Shipping Directory


Part Time Jobs

bhim said...

Interesting… I might try some of this on my blog, too. It’s quite interesting how you sometimes stop being innovative and just go for an accepted solution without actually trying to improve it… you make a couple of good points.
internet work parttime

Ridwan said...

There's a movement to radically change California government, by getting rid of career politicians and chopping their salaries in half. A group known as Citizens for California Reform wants to make the California legislature a part time time job, just like it was until 1966.
www.onlineuniversalwork.com

jessie said...
This comment has been removed by the author.
jessie said...
This comment has been removed by the author.