(Credit:
Google)
Google should promise to protect the privacy of consumers with its Book Search service, the ACLU, Electronic Frontier Foundation and Samuelson Law Technology & Public Policy Clinic at UC Berkeley Law said in a letter to the search giant on Thursday.
"Under its current design, Google Book Search keeps track of what books readers search for and browse, what books they read, and even what they 'write' down in the margins," the groups wrote in a letter (PDF) to Google Chief Executive Eric Schmidt.
"Given the long and troubling history of government and third-party efforts to compel libraries and booksellers to turn over records about readers, it is essential that Google Books incorporate strong privacy protections in both the architecture and policies of Google Book Search," the letter said. "Without these, Google Books could become a one-stop shop for government and civil-litigant fishing expeditions into the private lives of Americans."
In 2006, the U.S. Attorney demanded that Amazon turn over book purchase records of 24,000 customers, the groups said in an e-mail statement.
Specifically, the groups are calling for Google to promise to respond only to properly issued warrants from law enforcement and court orders and notify readers if information about them has been requested; allow readers to search and browse anonymously; give readers control over their purchases and data and prevent others from viewing their activities; allow readers to give books to others without tracking; tell readers what information is being collected and maintained and why data has been disclosed if it has.
Google also should keep search log information for no longer than 30 days and agree not to share reader activity with third parties or link data collected about use of Book Search to any other Google services without user consent, the groups said.
A Google Books representative said it's premature for Google to say what its privacy policy will be, but that Google will continue to discuss the issues with advocates.
"We have a strong privacy policy in place now for Google Books and for all Google products. But our settlement agreement hasn't yet been approved by the court, and the services authorized by the agreement haven't been built or even designed yet," Dan Clancy, engineering director for Google Books, wrote in a blog post on Thursday.
"That means it's very difficult (if not impossible) to draft a detailed privacy policy," he wrote. "While we know that our eventual product will build in privacy protections--like always giving users clear information about privacy, and choices about what if any data they share when they use our services--we don't yet know exactly how this all will work. We do know that whatever we ultimately build will protect readers' privacy rights, upholding the standards set long ago by booksellers and by the libraries whose collections are being opened to the public through this settlement."
Google has negotiated deals with publishers for current works and is also digitizing public-domain works. For out-of-print books still protected by copyright, the company reached a $125 million proposed settlement with U.S. publishers and authors that awaits court approval.
Critics complain that the deal, which is scheduled to be implemented in October, would effectively give Google a monopoly over books that are in copyright but out of print. Google argues that the agreement will make millions of books hidden on library shelves more accessible and give publishers and authors a new opportunity to profit from them.
Earlier this month, the U.S. Department of Justice said it was launching a formal investigation into the proposed settlement. And European Union regulators are also taking a close look.
Cybercriminals have moved on from search engine optimization techniques and are now creating fake search sites designed solely to direct Web surfers to pages hosting malware, Panda Security warned on Wednesday.
Previously, attackers resorted to sending e-mails with malicious code in attachments and with links to malicious Web sites and took measures to push those Web sites higher in search engine rankings. Now, they're also creating fake search engines that are showing up in Google search results, according to a PandaLabs blog posting.
When people use the engines to search for popular terms, like "flu statistics," the results displayed redirect to porn sites that purport to show video but require the visitor to install what they say is the latest version of a video player but which instead is malware, the post said. Searching on the fake search engines for security topics leads to fake antivirus sites, PandaLabs said.
One of the fake search engines has received about 195,000 visits, according to the post.
Web surfers should use reputable search sites to protect themselves, PandaLabs recommends.
This screenshot shows results on a fake search engine that redirects visitors to sites hosting malware, according to PandaLabs.
(Credit: PandaLabs)
Credit card information of 19,000 British Web surfers was exposed on Google search before being removed, according to a report this weekend.
It is unclear exactly when and for how long the information was available to Google searchers, although most of the cards had been canceled, The Telegraph reported the UK payments association APACS as saying. Visible were names, addresses, and credit card data for thousands of people.
Originally, the data was posted on an unsecured server in Vietnam used by criminal gangs that was closed in February, the newspaper said. However, the "cached" version of it on Google remained.
Google offers tools that allow webmasters to make sure content is not cached or is removed. Apparently, whoever leaked the data didn't use those tools.
"Please keep in mind that search engines are a reflection of the content and information that is available on the Internet. Search engines such as Google do not own this content, and do not have the ability to remove content directly from the Internet," a Google spokesman said in a statement.
With Safe Search, color-coded icons accompany all Web results indicating their safety rating. Moving the cursor over the icon displays more information about that rating.
(Credit: Ask/Symantec)Search engine Ask is partnering with Symantec to offer Web surfers ratings on the safety level of sites in search results, the companies were set to announce on Tuesday.
Sites will be rated with a color-coded icon in one of four colors--green for safe, yellow for risky, red for unsafe, and gray for unknown, said Andrew Moers, president of Ask Partner Network. Moving the cursor over the icon will display more information about the rating.
Unsafe sites are ones that pretend to be something they are not and shopping sites that lack security or where the merchants aren't reputable, according to Moers.
Safe Search offers the ratings directly in the search experience so users can conduct searches from the toolbar of Symantec's Norton Safe Web software, which is part of Norton 360. The Web site rating service was introduced in beta by Symantec last August.
Ask also is working on having a beta site open up to the public this week, but the site will not have all the functions that the Norton Safe Web rating service does, Moers said.
The service is similar to an alert system that Google uses, however Google merely displays several warning messages saying that the site "may be harmful to the computer" but does not assign a safety rating. An error last Saturday led to Google warning temporarily that all sites on the Internet were potentially unsafe.
Ask offers adult filtering and re-launched its Ask Kids white list service for children last year.
Botnets increasingly used to perpetrate click fraud, Click Forensics reports.
(Credit: Click Forensics)Thanks in part to armies of compromised computers, click fraud reached an all-time high in the fourth quarter.
Click fraud lets Web sites increase revenue from ads supplied by services such as Google's AdSense or the Yahoo Publisher Network, though those companies take measures to screen out bogus links so advertisers don't have to pay. But that doesn't stop people from trying, according to a new report from Click Forensics, a company that monitors for click fraud and sells detection services.
"The overall industry average click fraud rate grew to 17.1 percent for the fourth quarter of 2008. That's up from 16.0 percent in the third quarter of 2008 and from the 16.6 percent rate reported for the fourth quarter of 2007," the company said Wednesday.
Humans can click on ads, but increasingly fraudsters turn to botnets, the swarms of computers taken over through remote attacks that can do fraudsters' bidding without computer users' knowledge.
"Traffic from botnets was responsible for 31.4 percent of all click fraud traffic in the fourth quarter of 2008. That's up from the 27.6 percent rate reported for the third quarter of 2008 and the 22.0 percent rate reported for the fourth quarter of 2007," Click Forensics said.
Microsoft on Tuesday released its December 2008 security bulletin. The "critical" bulletins affect Windows GDI, Word, Excel, Internet Explorer and Windows Search. The "important" updates affect SharePoint and Windows Media Components.
Microsoft is including within each bulletin an "exploitability index" to help system administrators prioritize the patches. All Microsoft security patches for both Windows and Office software are available via Microsoft Update or via the individual bulletins detailed below.
Exploitability index: 1-2. Microsoft recommends that customers apply the update immediately. Titled "Vulnerabilities in Visual Basic 6.0 Runtime Extended Files (ActiveX Controls) Could Allow Remote Code Execution (932349)", this bulletin affects the Microsoft Visual Basic 6.0 Runtime Extended Files; all supported editions of Microsoft Visual Studio .Net 2002, Microsoft Visual Studio .Net 2003, Microsoft Visual FoxPro 8.0, Microsoft Visual FoxPro 9.0, Microsoft Office Project 2003, and Microsoft Office Project 2007. This bulletin addresses the vulnerabilities detailed in CVE-2008-4252, CVE-2008-4253, CVE-2008-4254, CVE-2008-4255, CVE-2008-4256, and CVE-2008-3704, which could allow remote code execution "if a user browsed a Web site that contains specially crafted content," Microsoft says.
Exploitability index: 2-3. Microsoft recommends that customers apply this update immediately. Titled "Vulnerabilities in GDI Could Allow Remote Code Execution (956802)", this bulletin is rated critical for all supported editions of Microsoft Windows 2000, Windows XP, Windows Server 2003, Windows Vista, and Windows Server 2008. This bulletin addresses the vulnerabilities detailed in CVE-2008-2249 and CVE-2008-3465. Microsoft says "exploitation of either of these vulnerabilities could allow remote code execution if a user opens a specially crafted WMF image file. An attacker who successfully exploited these vulnerabilities could take complete control of an affected system. An attacker could then install programs; view, change, or delete data; or create new accounts with full user rights.
Exploitability index: 1-3. Microsoft recommends that customers apply this update immediately. Titled "Vulnerabilities in Microsoft Office Word Could Allow Remote Code Execution (957173)," this bulletin is rated critical for supported editions of Microsoft Office Word 2000 and Microsoft Office Outlook 2007. For supported editions of Microsoft Office Word 2002, Microsoft Office Word 2003, Microsoft Office Word 2007, Microsoft Office Compatibility Pack, Microsoft Office Word Viewer 2003, Microsoft Works 8, Microsoft Office 2004 for Mac, Microsoft Office 2008 for Mac, and Open XML File Format Converter for Mac, this security update is rated important. This bulletin addresses the issues detailed in CVE-2008-4024, CVE-2008-4025, CVE-2008-4026, CVE-2008-4027, CVE-2008-4030,CVE-2008-4028, CVE-2008-4031, and CVE-2008-4837 . Microsoft says this bulletin resolves "eight privately reported vulnerabilities in Microsoft Office Word and Microsoft Office Outlook that could allow remote code execution if a user opens a specially crafted Word or Rich Text Format (RTF) file. An attacker who successfully exploited these vulnerabilities could take complete control of an affected system. An attacker could then install programs; view, change, or delete data; or create new accounts with full user rights."
Exploitability index: 1-2. Microsoft recommends that customers apply the update immediately. Titled "Cumulative Security Update for Internet Explorer (958215)", this bulletin is rated critical for Internet Explorer 5.01 and Internet Explorer 6 Service Pack 1, running on Microsoft Windows 2000; Internet Explorer 6 running on Windows XP; and Internet Explorer 7. For Internet Explorer 6 running on Windows Server 2003, this security update is rated "moderate." This update addresses the vulnerabilities detailed in CVE-2008-4258, CVE-2008-4259, CVE-2008-4260, and CVE-2008-4261. Microsoft says the vulnerabilities could allow remote code execution if a user views a specially crafted Web page using Internet Explorer.
Exploitability index: 1-2. Microsoft recommends that customers apply the update immediately. Titled "Vulnerabilities in Microsoft Office Excel Could Allow Remote Code Execution (959070)." This bulletin is rated critical for all supported editions of Microsoft Office Excel 2000. For all supported editions of Microsoft Office Excel 2002, Microsoft Office Excel 2003, Microsoft Office Excel Viewer 2003, Microsoft Office Excel 2007, Microsoft Office Compatibility Pack, Microsoft Office Excel Viewer, Microsoft Office 2004 for Mac, Microsoft Office 2008 for Mac, and Open XML File Format Converter for Mac, this security update is rated important. For Internet Explorer 6 running on Windows Server 2003, this security update is rated moderate. This update addresses the vulnerabilities detailed in CVE-2008-4265, CVE-2008-4264, and CVE-2008-4266. Microsoft says if a user opens a specially crafted Excel file an attacker could exploit these vulnerabilities and take complete control of an affected system.
Exploitability index: 1-2. Microsoft recommends that customers apply the update immediately. Titled "Vulnerabilities in Windows Search Could Allow Remote Code Execution (959349)" This bulletin is rated critical for all supported editions of Windows Vista and Windows Server 2008. This update addresses the vulnerability detailed in CVE-2008-4268 and CVE-2008-4269. Microsoft says that "these vulnerabilities could allow remote code execution if a user opens and saves a specially crafted saved-search file within Windows Explorer or if a user clicks a specially crafted search URL. An attacker who successfully exploited these vulnerabilities could take complete control of an affected system."
Exploitability index: 1. Microsoft recommends that customers apply the update at the earliest opportunity. Titled "Vulnerabilities in Windows Media Components Could Allow Remote Code Execution (959807)", this bulletin is rated important for Windows Media Player 6.4, Windows Media Format Runtime 7.1, Windows Media Format Runtime 9.0, Windows Media Format Runtime 9.5, Windows Media Format Runtime 11, Windows Media Services 4.1, Windows Media Services 9 Series, and Windows Media Services 2008. This update addresses the vulnerabilities detailed in CVE-2008-3009 and CVE-2008-3010. Microsoft says the "most severe vulnerability could allow remote code execution. If a user is logged on with administrative user rights, an attacker who successfully exploited this vulnerability could take complete control of an affected system."
Exploitability index: 1. Microsoft recommends that customers apply the update at the earliest opportunity. Titled "Vulnerability in Microsoft Office SharePoint Server Could Cause Elevation of Privilege (957175)", this bulletin is rated important for all supported editions of Microsoft Office SharePoint Server 2007 and Microsoft Search Server 2008. This update addresses the vulnerability detailed in CVE-2008-4032. Microsoft says the "vulnerability could allow elevation of privilege if an attacker bypasses authentication by browsing to an administrative URL on a SharePoint site. A successful attack leading to elevation of privilege could result in denial of service or information disclosure."
- prev
- 1
- next
