Google Chrome in Ubuntu keeps detecting network change

Recently I had problem with my Ubuntu, Whenever I tried to open a website my Chromium told me that a Network Change has been detected and after 1-2 reload that sites would load and sometimes failed to load fully.

After looking up for that problem, I found out many other people had same problem and it has something to do with “avahi-daemon”.

Solution

According to the links I found in Ubuntu forums, this problem comes from IPv6 in Ubuntu and disabling that service will fix it, I tried it and it worked:

# create the long-life config file
echo "net.ipv6.conf.all.disable_ipv6 = 1
net.ipv6.conf.default.disable_ipv6 = 1
net.ipv6.conf.lo.disable_ipv6 = 1" | sudo tee /etc/sysctl.d/99-my-disable-ipv6.conf

# ask the system to use it
sudo service procps reload

# check the result
cat /proc/sys/net/ipv6/conf/all/disable_ipv6

What you need to know about BERserk and Mozilla

The Intel Security Advanced Threat Research Team has discovered a critical signature forgery vulnerability in the Mozilla Network Security Services (NSS) crypto library that could allow malicious parties to set up fraudulent sites masquerading as legitimate businesses and other organizations.

The Mozilla NSS library, commonly utilized in the Firefox web browser, can also be found in Thunderbird, Seamonkey, and other Mozilla products.  Dubbed “BERserk”, this vulnerability allows for attackers to forge RSA signatures, thereby allowing for the bypass of authentication to websites utilizing SSL/TLS.  Given that certificates can be forged for any domain, this issue raises serious concerns around integrity and confidentiality as we traverse what we perceive to be secure websites.

nss-1024x686

What users can do immediately

Individual Firefox browser users can take immediate action by updating their browsers with the latest patches from Mozilla.

Google has also released updates for Google Chrome and ChromeOS, as these products also utilize the vulnerable library.

Ensuring that privacy and integrity be maintained is core to what we do at Intel Security.  As this issue unfolds we will continue to provide updates on effective countermeasures and proper mitigation strategies.

Read the whole story at McAfee Blog

iPhone Notifications to Google Glass

Google has already released a MyGlass Companion app for Android via the Play Store, and although a corresponding iOS version has yet to manifest itself  in the App Store, the company has already noted that iPhone users will not be neglected when it comes to the early 2014 public launch of Google Glass.

In the meantime, the PostOffice tweak will work just fine for those with a jail-broken iPhone, and although there’s not much to it aside from one or two settings, it does what it purports to do in pushing notifications through Glass.  The free tweak is available via the BigBoss repository in Cydia, To configure the way your notifications are re-routed to Glass you navigate to your native Settings and configure the way your notifications are re-routed.  Google Glass currently may only be in the hands of creative individuals, some competition winners and a handful of developers, but that has not prevented the tech world from getting itself excited about the internet giant’s technological headgear. Last month, one such creative individual, Adam Bell, had managed to route iOS notifications through to Google Glass using some kit he has thrown together, and now a tweak has emerged offering a simpler way for such a process to be achieved.

Google Glass

Since Google Glass is based on Android, its hacking potential is huge, and although we are likely to be treated to some interesting and potentially groundbreaking apps, the things that could be achieved when developers work inside Glass’ framework cannot be underestimated.  With support for iOS likely to be a step behind Android and thanks to the jailbreak community, iPhone users with that developer mentality will be able to have large amounts  of fun with Google Glass once it eventually does become available to the general public.  Google has indicated that it’s product will become available early next year, although this could naturally be subject to delays. But as this amazing new technology is so fresh, it is likely going to cost a month’s salary (depending where you work!)

Google cuts grace period for vendors of vulnerable software

new-google-favicon2[4]Google is shortening the amount of time it gives to makers of vulnerable software and web services if there is imminent danger. The Google security team say that if they encounter a zero-day issue that is already being actively used for cyber attacks, it will grant the affected manufacturer just seven days grace to fix the vulnerabilities or publish an advisory with mitigation strategies for users.

After seven days, Google wants to publish details of the vulnerability in such a way that users of the vulnerable software can protect themselves from attacks. Previously, the company had given vendors sixty days before it went public with details of vulnerabilities. Google says, though, that it has found zero-day vulnerabilities being used to target a limited subset of people and this targeting makes the attack more serious than a widespread attack and more important to resolve quickly, especially where political activists are being compromised and the attacks can have “real safety implications” in some parts of the world.

Google admits the seven day period is an “aggressive time frame” but that it offers sufficient time for a vendor to either publish advice on how to, for example, temporarily disable a service, restrict access or offer contact information to provide more direct assistance. “Each day an actively exploited vulnerability remains undisclosed to the public and unpatched, more computers will be compromised” says Google saying it also plans to hold itself to the same standard and hopefully improve the coordination of both web security and vulnerability management.

via http://h-online.com/-1873878

Doc blocker : Oxford University blocked Google Docs

ox_small_cmyk_posFor about two and a half hours on Monday, students at Oxford University couldn’t access Google Docs after the University’s Computing Services team decided to take “extreme action” to halt phishing attacks and also to put pressure on Google.

Robin Stevens of OxCert explained in a blog post that, in the past, Google has been slow to respond to requests to help the university. The university’s problem is that phishers are frequently using Google Docs to present phishing forms to its users, with a legitimate domain shown to the user and not detectable by firewalls as Google traffic is over SSL. If phishing mail directing users to pages like this gets past the defenses, it is hard to detect and respond to.

Google’s security team have pointed the university at the “Report Abuse” button at the bottom of the Docs pages, but this takes time, at least a day or two and sometimes weeks, before Google respond. By that time the phishing attack is long gone; any users who would have been fooled will have most likely clicked a link within hours of the dubious mail arriving.

On Monday afternoon, the security team at Oxford were seeing multiple phishing incidents taking place and that tipped things over the edge; after considering the impact on legitimate business, it blocked Google Docs to prevent the phishing attacks deploying their information extracting forms. Stevens says the impact was actually greater on legitimate business than expected due to Google’s tight integration of Docs with other services, so, after two and a half hours, the restrictions were lifted.

He hopes that the temporary block will at least draw attention within the university to the dangers of phishing. He also hopes that Google will, with the resources at its disposal, find some way to automate responses to abuse reports. He closes saying “Google may not themselves be being evil, but their inaction is making it easier for others to conduct evil activities using Google-provided services.”

Source: http://h-online.com/-1806280

Opera Switches to WebKit and Chromium

After many years of dealing with site compatibility issues, Opera found the solution: it will switch from its proprietary rendering engine (Presto) to WebKit and will be powered by Chrome’s open source version, Chromium.

“Presto is a great little engine. It’s small, fast, flexible and standards compliant while at the same time handling real-world web sites. It has allowed us to port Opera to just about any platform you can imagine. (…) It was always a goal to be compatible with the real web while also supporting and promoting open standards. That turns out to be a bit of a challenge when you are faced with a web that is not as open as one might have wanted. Add to that the fact that it is constantly changing and that you don’t get site compatibility for free (which some browsers are fortunate enough to do), and it ends up taking up a lot of resources – resources that could have been spent on innovation and polish instead,” explains an Opera employee.

“For all new products Opera will use WebKit as its rendering engine and V8 as its JavaScript engine. It’s built using the open-source Chromium browser as one of its components. Of course, a browser is much more than just a renderer and a JS engine, so this is primarily an ‘under the hood’ change. Consumers will initially notice better site compatibility, especially with mobile-facing sites – many of which have only been tested in WebKit browsers. The first product will be for Smartphones, which we’ll demonstrate at Mobile World Congress in Barcelona at the end of the month. Opera Desktop and other products will transition later,” mentions Bruce Lawson.

The problem with Opera is that it has a low market share on the desktop (about 1-2%) and not many web developers bother to test their sites in Opera. Google’s sites have always had issues in Opera and most Google web apps don’t officially support Opera (check the system requirements for Google Drive). Gmail’s help center actually mentions that “We don’t test Opera, but believe it works with all of Gmail’s features.” Probably Google doesn’t want to allocate resources for testing sites in a desktop browser that’s not popular, but it has a completely different rendering engine.

google-docs-in-opera

In a perfect world, browsers and sites would just follow the standards and everything would work well, but it takes time to create the standards and browsers implement their own version in the meanwhile. Not to mention that browsers have all kinds of quirks.

Google launched Chrome in 2008 and one of the reasons why it chose WebKit was that “we knew we didn’t want to create yet another rendering engine. After all, web developers already have enough to worry about when it comes to making sure that all users can access their web pages and web applications.”

WebKit started in 2001 as an Apple fork of KDE’s KHTML engine, it was used to build Safari, a few years later it was open sourced and Nokia ported WebKit to Symbian. WebKit is now the most popular mobile rendering engine, since it powers Safari Mobile and all iOS browsers (other than thin clients like Opera Mini), Android’s stock browser, Chrome for Android and many other mobile browsers. WebKit’s combined market share is now more than 40%, according to StatCounter and Wikimedia’s stats.

Credit: Google Operation System blog

Google updates all Chrome editions

new-chrome-logoh-online: Google has updated the Stable, Beta and Developer Channels of the desktop version of its Chrome browser with a number of bug fixes and improvements. The Stable Channel update closes seven security vulnerabilities, three of them rated High, and includes bug fixes. New stable Chrome versions for iOS and Android have also been released and include minor improvements. The iOS version of the browser now supports Apple’s Passbook application.

The update to the Stable version of Chrome for Windows, Mac OS X, Linux and Chrome Frame (for running Chrome inside of Internet Explorer) brings it to version 23.0.1271.91. The update closes a security vulnerability in the Mac OS X version of the browser that is caused by a severe rendering bug with the operating system’s driver for Intel graphics cards. This problem was rated by Google as High priority, as was a buffer underflow problem in libxml and a use-after-free bug in the browser’s SVG filters, which have also been fixed.

The Beta Channel of Chrome for Windows, Mac OS X, Linux and Chrome Frame has been updated to version 24.0.1312.25, which includes a number of bug fixes for running applications within the browser, fixes stability issues, and solves two problems with the taskbar in Windows 8. The Beta version of Chrome for Chrome OS is now 23.0.1271.94; the update improves network stability and updates the included Pepper Flash plugin.

In the Developer Channel, Chrome for Windows, Mac OS X and Chrome Frame has been updated to version 25.0.1337.0 which includes a number of fixes and improvements, most noticeably improvements to the Live Tiles functionality for Windows 8 and bug fixes for Flash on Mac OS X. Chrome for the Chrome OS Developer Channel is now at version 25.0.1324.1, which includes a firmware update.

Chrome for iOS has been updated to version 23.0.1271.91 which has introduced the ability to open PDFs in other applications and enables users to save their airline boarding passes and tickets in Apple’s Passbook. The update also brings some security and stability improvements. Chrome for Android is now at version 18.0.1025469 on ARM and version 18.0.1026322 on x86 devices; both updates fix stability issues.

An overview over the different desktop Chrome release channels and platform is available from the Chromium Project, the open source upstream of Chrome. The listing includes download links for the different versions of the browser. All versions of Chrome should update themselves automatically; on some mobile platforms the user will be prompted to perform the update.

Source

Google Acquires VirusTotal

This is what we read in latest post from VirusTotal in their blog:

vt-blog-logoOur goal is simple: to help keep you safe on the web. And we’ve worked hard to ensure that the services we offer continually improve. But as a small, resource-constrained company, that can sometimes be challenging. So we’re delighted that Google, a long-time partner, has acquired VirusTotal. This is great news for you, and bad news for malware generators, because:

  • The quality and power of our malware research tools will keep improving, most likely faster; and
  • Google’s infrastructure will ensure that our tools are always ready, right when you need them. 

VirusTotal will continue to operate independently, maintaining our partnerships with other antivirus companies and security experts. This is an exciting step forward. Google has a long track record working to keep people safe online and we look forward to fighting the good fight together with them.

VirusTotal Team

Google’s New Favicon

Google Operation System Blog: Google has a new favicon that looks like the icon from Google’s mobile search apps for Android and iOS. The same icon was also used for the Google Search app from the Chrome Web Store.

Most likely, Google wanted to use the same icon irrespective of the platform so that it becomes instantly recognizable.
Here’s the new favicon:

new-google-favicon2[4]

… and the old favicon, which was launched back in 2009:

old-google-favicon-2012[2]

favicon-address-bar[2]

This screenshot shows the first three Google favicons. As you can see, the new favicon has a lot in common with the second favicon used by Google. “We felt the small ‘g’ had many of the characteristics that best represent our brand: it’s simple, playful, and unique. We will be looking to improve and enhance this icon as we move forward,” said Google back in 2008, when it changed the favicon for the first time.

google-favicon-jan-2009[2]

If you don’t see the new favicon when you visit google.com, try clearing your browser’s cache.

Google Wallet now accepts multiple cards

google-wallet.top

NEW YORK (CNNMoney) — Google just took your phone a step closer to replacing your wallet in the mobile payment revolution.

The company expanded its mobile payments platform, Google Wallet, to accept multiple credit cards. Users can now connect their Visa , MasterCard, American Express, or Discover cards with the new version of Google Wallet. It’s an update from the company’s previous partnership with MasterCard, Citigroup and Sprint.

Instead of swiping a card, users enter their card info into the service and are able to tap their phones at venues accepting Google Wallet payments. It’s a step forward for the company looking to delve into the mobile payment realm – an increasingly crowded space.

Continue Reading in CNNMoney: http://money.cnn.com/2012/08/02/technology/google-wallet/