Google has just opened its new French headquarters, but it seems that they won't be receiving a warm welcome in the nearest future. The reason is that the company has recently landed itself in hot water over the abuse of its dominant position one more time, facing a lawsuit that demands over $30 million for damages to some navigation software firm.
French company named NAVX is currently suing Google in the Paris Commercial Court over what it believes to be wrongdoing about blocking advertisements from the company. NAVX has appealed to the local antitrust authorities over its treatment by the search giant where it was discovered that competition legislation has been violated. The search giant was ordered to reinstate the NAVX’s advertising, as well as clarify the conditions of its Adwords service for further use. NAVX, which offers content for GPS and smartphones, confirmed that Google did agree to do so.
Nevertheless, the French firm acknowledged that it has lost out on a load of money because of Google’s meddling, so it has demanded damages of around $31 million. NAVX Chief Executive Officer Jean Cherbonnier has announced that the dominant position of Google on the advertising market connected with search engines can’t be disputed, particularly after the investigation carried out by the French Antitrust Authority that concluded a year ago that the search giant undoubtedly holds a dominant position.
NAVX is currently asking the Paris Commercial Court to hand down ruling saying that Google abused its dominant position. The company also hopes the court will order Google to pay damages. Meanwhile, such court case couldn’t come at a worse time for the international corporation. Its CEO has just met with European Commission antitrust boss in a kind of last ditch attempt to stop a formal investigation into the company landing the search giant with a statement of objection over its practices.
Truly, it looks like NAVX isn’t the only company out for Google’s blood after the latter allegedly mistreated them. Such firms as Ciao and Foundem are also enraged at Google’s activities and are currently pushing for intervention of European Commission into what they see as bullying and bullish behavior. In other words, it is very unlikely that some other companies making detrimental claims against the search giant while talks are ongoing do Google any favors.
Tuesday, December 13, 2011
Friday, December 2, 2011
Big Hole Found In Apache
Security experts claim they’ve discovered a yet-to-be-patched vulnerability in the Apache HTTP server. The hole, according to their claims, allows hackers to access protected resources within the internal network. Due to the importance of the issue, Apache developers gathered a conference where they tried to decide how to fix the problem.
All you need for “goodnight Vienna” to happen on the internal network is for some rewrite rules not to be configured correctly. Right after this you can see hackers inside the server doing whatever they want. The big hole hits Apache installations operating in reverse proxy mode – that’s what is used for load balancing, caching and many other operations using multiple servers.
The matter is that while trying to set up Apache HTTPD to work as a reverse proxy, server administrators have to use some specialized modules, such as mod_proxy or mod_rewrite. That’s where it happens: if some rules aren’t determined properly, hackers are able to trick servers into performing unauthorized requests in order to access internal resources. In fact, the trouble has been around for a while, because the patch was released to fix something similar last month.
Nevertheless, after security experts reviewed the patch in question, they realized that it can be easily bypassed thanks to a bug in the procedure for Uniform Resource Identifier scheme stripping. In other words, you have to clearly understand what you are doing, since the fault was something to do with the part of Uniform Resource Identifier coming before the colon. So, if you haven’t mastered your colon, it can become a problem with your Apache server configuration.
As for Apache, they’ve had a discussion about the outlined issue and the problem was allocated to have a look at it. Today the developers aren’t sure what will be better to do with the discovered vulnerability – either to strengthen the earlier released patch in the server code so that it could reject requests of this type or make up something a bit heavier. The reason why they can’t agree on details is the suggestion made by some experts who believe that tinkering with one branch of the code may also have negative consequences. For example, this move can lead to opening another hole somewhere else.
All you need for “goodnight Vienna” to happen on the internal network is for some rewrite rules not to be configured correctly. Right after this you can see hackers inside the server doing whatever they want. The big hole hits Apache installations operating in reverse proxy mode – that’s what is used for load balancing, caching and many other operations using multiple servers.
The matter is that while trying to set up Apache HTTPD to work as a reverse proxy, server administrators have to use some specialized modules, such as mod_proxy or mod_rewrite. That’s where it happens: if some rules aren’t determined properly, hackers are able to trick servers into performing unauthorized requests in order to access internal resources. In fact, the trouble has been around for a while, because the patch was released to fix something similar last month.
Nevertheless, after security experts reviewed the patch in question, they realized that it can be easily bypassed thanks to a bug in the procedure for Uniform Resource Identifier scheme stripping. In other words, you have to clearly understand what you are doing, since the fault was something to do with the part of Uniform Resource Identifier coming before the colon. So, if you haven’t mastered your colon, it can become a problem with your Apache server configuration.
As for Apache, they’ve had a discussion about the outlined issue and the problem was allocated to have a look at it. Today the developers aren’t sure what will be better to do with the discovered vulnerability – either to strengthen the earlier released patch in the server code so that it could reject requests of this type or make up something a bit heavier. The reason why they can’t agree on details is the suggestion made by some experts who believe that tinkering with one branch of the code may also have negative consequences. For example, this move can lead to opening another hole somewhere else.
Monday, November 28, 2011
UK Will Order More ISPs To Block The Pirate Bay
The BPI (British Recorded Music Industry), the voice of the British recorded music bizz, is reported to make desperate efforts of extending its Internet-blocking policy about The Pirate Bay onto other largest broadband providers, including TalkTalk, Virgin Media, Sky, O2, and Orange.
The British Recorded Music Industry outfit officially demanded BT to block access to the “rogue” website known as The Pirate Bay – the world’s largest BitTorrent tracker. This may invoke the MPA against BT case – a well-known and debatable lawsuit which managed to set a precedent in the fight against piracy thanks to the court’s decision to order BT to block access to Newzbin service.
As if it wasn’t enough, now the music industry, with the help of multiple industry trade outfits, wishes that BT would voluntarily restrict access to The Pirate Bay website without court injunction. Meanwhile, if the Internet service provider fails to comply with the requirement, it’s likely that the British Recorded Music Industry would seek justice in the court of law by obtaining the required injunction.
Taking into account the fact that the current censorship system should be extended onto other Internet service providers as well, the anti-piracy outfit has now extended its main objective, that of blacklisting The Pirate Bay BitTorrent tracker, to all of major broadband providers of the United Kingdom. The outfit issued a statement, saying that it is engaging in further dialogue with the Internet service provider BT on this issue. The organization also admitted that it has written to the UK’s other largest broadband providers – Virgin Media, O2, Orange, Sky, and TalkTalk – to ask them to block access to the BitTorrent tracker. Now the outfit is waiting for their responses.
The British Recorded Music Industry outfit officially demanded BT to block access to the “rogue” website known as The Pirate Bay – the world’s largest BitTorrent tracker. This may invoke the MPA against BT case – a well-known and debatable lawsuit which managed to set a precedent in the fight against piracy thanks to the court’s decision to order BT to block access to Newzbin service.
As if it wasn’t enough, now the music industry, with the help of multiple industry trade outfits, wishes that BT would voluntarily restrict access to The Pirate Bay website without court injunction. Meanwhile, if the Internet service provider fails to comply with the requirement, it’s likely that the British Recorded Music Industry would seek justice in the court of law by obtaining the required injunction.
Taking into account the fact that the current censorship system should be extended onto other Internet service providers as well, the anti-piracy outfit has now extended its main objective, that of blacklisting The Pirate Bay BitTorrent tracker, to all of major broadband providers of the United Kingdom. The outfit issued a statement, saying that it is engaging in further dialogue with the Internet service provider BT on this issue. The organization also admitted that it has written to the UK’s other largest broadband providers – Virgin Media, O2, Orange, Sky, and TalkTalk – to ask them to block access to the BitTorrent tracker. Now the outfit is waiting for their responses.
Saturday, November 26, 2011
Intel Introduced Doubtful Security Plan
After Chipzilla had bought the worldwide-known insecurity company McAfee, lots of industry experts wondered why, and recently Intel finally released the results of its collaboration.
Intel has developed a security system called Deepsafe. According to the giant, this system will work outside the operating system at the chip level, watching the hardware for signs of malware being active. The system in question is expected to be quite good at tackling rootkit malware attacks, because they also happen outside the operating system. For example, McAfee’s own threat report quoted the statistics which mentioned the number of rootkit infections discovered in the 6 months of this year being up 32% year-on-year.
At the same time, media reports revealed that the industry observers aren’t quite sure that the new idea of the company will make much difference in this field. For instance, Wendy Nather, which works as a security analyst from the 451 Group and is also known as a former IT security director at UBS, explained that Intel has actually had the security modules the new system is based on in their chipset for a while now. The only problem is that venders could not be even bothered to use them, as this demands development where they thought there was not much market interest.
The security system updates would be a bit more disruptive than the current security software patches – in fact, it would be more about changing the foundations of a building from underneath it. As for the first McAfee product based on this security system, it is Deep Defender, and it’ll be out there in the stores in the beginning of 2012. Wendy Nather pointed out that Intel is simply doing the same things as McAfee has already been doing now and moving them into the chipset. As you can understand, this doesn’t sound too exciting.
Meanwhile, the real area in which chip-level security would be very interesting is embedded systems. This is because they are being used virtually everywhere – from smart meters to mobile devices, in which, as you know, a lot of money are being invested in order to secure them. In short words, Deepsafe is a system which softly hints that the technology isn’t actually being targeted at personal computers at all. Instead, it can mean Intel’s move into the mobile market.
Intel has developed a security system called Deepsafe. According to the giant, this system will work outside the operating system at the chip level, watching the hardware for signs of malware being active. The system in question is expected to be quite good at tackling rootkit malware attacks, because they also happen outside the operating system. For example, McAfee’s own threat report quoted the statistics which mentioned the number of rootkit infections discovered in the 6 months of this year being up 32% year-on-year.
At the same time, media reports revealed that the industry observers aren’t quite sure that the new idea of the company will make much difference in this field. For instance, Wendy Nather, which works as a security analyst from the 451 Group and is also known as a former IT security director at UBS, explained that Intel has actually had the security modules the new system is based on in their chipset for a while now. The only problem is that venders could not be even bothered to use them, as this demands development where they thought there was not much market interest.
The security system updates would be a bit more disruptive than the current security software patches – in fact, it would be more about changing the foundations of a building from underneath it. As for the first McAfee product based on this security system, it is Deep Defender, and it’ll be out there in the stores in the beginning of 2012. Wendy Nather pointed out that Intel is simply doing the same things as McAfee has already been doing now and moving them into the chipset. As you can understand, this doesn’t sound too exciting.
Meanwhile, the real area in which chip-level security would be very interesting is embedded systems. This is because they are being used virtually everywhere – from smart meters to mobile devices, in which, as you know, a lot of money are being invested in order to secure them. In short words, Deepsafe is a system which softly hints that the technology isn’t actually being targeted at personal computers at all. Instead, it can mean Intel’s move into the mobile market.
Subscribe to:
Posts (Atom)