Hack may have hit Google users in Iran

AMSTERDAM (AP) — Experts say the Iranian government may have been behind a hacking attack, allowing it to read Google email from dissidents who thought they were using secure connections.

Chicago-based Internet security firm Vasco said Wednesday its Dutch subsidiary, DigiNotar, detected the hack on July 19, compromising its security guarantees for "a number of domains, including Google.com." The company then quietly tried to fix the damage, but was alerted by the Dutch government Monday that it had missed Google, and perhaps others.

Google said in a post on its online security blog that "people affected were primarily located in Iran." It said that after consultation with Microsoft and Mozilla, users of the Chrome, Microsoft Explorer and Firefox browsers will receive warnings if they attempt to visit any website that uses DigiNotar certificates.

DigiNotar is one of the many firms that sells security certificates for the "SSL" cryptographic protocol — in effect, one of the digital notaries that guarantee the privacy of communications between a user's browser and a website.

The company said the hackers were able to get into its infrastructure and issue fake certificates.

Finnish security company F-Secure said such certificates can be used by a government or corrupt Internet service provider to reroute traffic intended for Google without being detected.

"We saw a similar attack in May," the company said in a note on the incident published on its website.

"It's likely the Government of Iran is using these techniques to monitor local dissidents."

DigiNotar did not quickly respond to requests for information about what other bogus certificates were issued or how many users may have been affected, and where.

Vasco said DigiNotar only accounts for a tiny fraction of its business, and "the vast majority" of DigiNotar's offerings — including its security certificates for communication with the Dutch tax authority — were not affected.

Google Says Gmail Attack Focused on Iranian Targets

By Jeremy Kirk, IDG News 

Google said late Sunday that an attack mounted against its Gmail service targeted users primarily located in Iran, although the company has taken steps to block further interception attempts.

Google discovered that attackers had acquired a Secure Sockets Layer (SSL) certificate valid for any website in the google.com domain. The SSL certificate is used to vouch for the authenticity of websites and protect against security threats such as "man-in-the-middle" attacks.

Private companies, known as certificate authorities (CAs), make money from issuing digital certificates, although experts have pointed out there are many weaknesses in how certificates are issued that could undermine security.

In this case a Dutch CA, DigiNotar, issued an SSL certificate for the google.com domain on July 10, without Google's knowledge. It has since revoked the certificate.

Using a fake certificate would allow attackers to capture the login details for a person's Gmail account without a warning coming from the browser that something suspicious is happening, allowing them access to the e-mail account.

Google said "the people affected were primarily located in Iran," although the company did not detail further if it believed their accounts were compromised.

To perform the attack, an attacker would need to "poison" a Domain Name System cache. DNS is used to lookup the IP address for where a domain is located, but many organizations run their own DNS servers that caches the information to speed the lookup process up, updating it periodically.

That tampering could allow a random IP address to appear as a "*google.com" site. Combined with the fraudulent certificate that fools the web browser's warning system, a person would not know they've been hacked.

Google uses a different CA, not DigiNotar, to issue certificates for its domains -- and as an additional security measure, it codes information about that issuer into its Chrome browser. This allowed a Chrome user to flag the DigiNotar-issued certificate for google.com as fake, even though it was technically valid. The additional protection won't work for certificates for other companies' domains, where Google can't know in advance who the issuing authority should be.

Google said on Sunday in a blog post that it had now configured its Chrome browser to revoke SSL certificates coming from DigiNotar while the company investigates.

Mozilla, the organization behind the Firefox web browser, said in a blog post that it plans to issue soon new versions of Firefox along with its Thunderbird e-mail application and SeaMonkey application suite to revoke "trust in the DigiNotar root."

Microsoft said on Monday that it would remove DigiNotar from its trusted certificate providers within its Internet Explorer browser. Apple officials could not be immediately reached.

Facebook ending Deals product after four-month test

By Alistair Barr

(Reuters) - Facebook is getting out of the daily deals business after four months of testing, a move that may ease some competitive pressure on industry leaders Groupon and LivingSocial.

"After testing Deals for four months, we've decided to end our Deals product in the coming weeks," the company said on Friday in a statement emailed to Reuters.

"We think there is a lot of power in a social approach to driving people into local businesses," Facebook added in the statement. "We've learned a lot from our test and we'll continue to evaluate how to best serve local businesses."

Facebook, the world's largest social network, launched Facebook Deals in April, bringing competition to daily deals leader Groupon and rival LivingSocial.

Facebook started making offers in five cities and had a small sales team arranging deals with local merchants. But the company also ran offers that were set up by 11 other daily deal companies, including ReachLocal, Gilt City and Zozi.

Facebook's exit means Groupon has one less major competitor as it prepares for a $750 million initial public offering later this year.

"It is surprising that Facebook ended their deals product after just four months," said Vinicius Vacanti, co-founder of Yipit.com, which aggregates daily deals and tracks the industry. "On the other hand, Facebook Deals had been an underwhelming product and experience."

However, Facebook's decision not to pursue the business may mean the company thinks the approach lacks merit.

"The Groupon group buying phenomenon is a commodity. There are no barriers to entry. It's just not going to work because everybody offers it and therefore the margins go down," said Jeremiah Owyang, a partner at research firm Altimeter Group.

The end of Facebook Deals is "certainly good" for Groupon and other daily deal services, Vacanti said.

"I don't believe this means daily deals are not a viable business," he added. "It more suggests that large media and tech companies can't just 'turn on' daily deals and expect them to work. It has to be more thoughtfully integrated into their existing product."

Facebook stressed on Friday that it is committed to developing other products, such as Ads, Pages and Sponsored Stories, which connect local businesses with potential customers.

The company also is sticking with its Check-in Deals offering. This lets Facebook users check in at local businesses and see offers from those merchants.

"Facebook is doing some major re-thinking around local," Vacanti said.

(Reporting by Alistair Barr and Alexei Oreskovic; Editing by Tim Dobbyn and Carol Bishopric)
http://www.reuters.com/article/2011/08/26/us-facebook-deals-idUSTRE77P6Q820110826

Carats in the Milky Way – Discovery of the Diamond Planet

Aug 28, 2011 6:23 AM By Avi Krawitz

RAPAPORT... Don’t go counting your carats just yet, but the single largest diamond discovery has just been made. Where, you ask? About 4,000 light-years away, as part of the Milky Way’s plane of stars, about an eighth of the way towards the Galactic Center from the Earth.

If that sounds like something out of a far-fetched Star Trek episode, think again. Astronomers at the University of Manchester announced they have found a planet made of just that, diamonds.

The team first detected an unusual star called a pulsar - a small star about 20 kilometers in diameter that emits a beam of radio waves - and followed up to discover the gravitational pull of a small companion planet orbiting the pulsar. The pulsar in question, they explain, is a millisecond pulsar that spins at more than 10,000 times per minute.

The astronomers believe that the diamond planet is all that remains of a once massive star, most of whose matter was siphoned off towards the pulsar. Given the close proximity between the pulsar and its companion, the star would have lost its outer layers and over 99.9 percent of its original mass.

“This remnant is likely to be largely carbon and oxygen, because a star made of lighter elements like hydrogen and helium would be too big to fit the measured orbiting times,” said Dr Michael Keith (CSIRO), one of the research team members.

The density means that this material is certain to be crystalline: that is, a large part of the star may be similar to a diamond, the team explained.

Certainly, they believe the occurrence of such a phenomenon is as uncommon as a diamond, if not more.

“The rarity of millisecond pulsars with planet-mass companions means that producing such ‘exotic planets’ is the exception rather than the rule, and requires special circumstances,” said Dr Benjamin Stappers from The University of Manchester.

A gem of a discovery indeed, but one that is unlikely to excite gemologists as much as astronomers.

Google+ Lets Users Ignore, Block Other Users

Google follows new Facebook privacy controls with options to ignore and block users at a time when the social media noise is building on the nascent network.

A few days after Facebook added more granular privacy features for its vast network of nearly 800 million users, Google+ has added two more grains of private sharing: the "ignore" and "block" options.

Ignore means users will see less of what a person is sharing. The new block option limits the ways a person can interact with what a Google+ user is sharing, as Google+ software engineer Olga Wichrowska explained in this video. Both are designed to curb some of the social media clutter on Google+.

When users choose to ignore someone, they won't see any of those users' posts in their Google+ Stream, receive notifications about what they do on +, or even see them on their + Circles page.

Google+ users may ignore users in multiple ways, including by clicking ignore after notifications in the Google+ bar or notifications stream, from incoming messages and from the Circles page. Users will highlight those they want to ignore and click ignore.

Blocking a user is a different animal, the ultimate brush-off.

When users want to block someone, a control that is available from Circles, a user's + profile, anywhere the ignore option appears and from the notifications widget, that user is removed both from Circles and extended Circles.

This also means those who blocked someone won't see any of their new posts in the Stream or see anything the blocker shares with their Circles, and cannot comment on + posts a blocker makes.

To skirt the hurt-feelings issue, Google+ doesn't alert users who have been ignored or blocked. Some will undoubtedly find out anyway and get the idea, but the implementation is so subtle that it's doubtful it will lead to many big issues.

Moreover, users who want to stop ignoring or blocking other users can do so, said Wichrowska. To un-ignore a user, + users can navigate to the list of ignored users under "more actions" on their + Circles page. To unblock someone, simply access their profile and begin following them again.

These two tiny features have the potential to provide big timing savings for users weary of sifting through the clutter of their Google+ streams and notifications.

That's a big deal, particularly when Google+ is competing with Facebook and other social media Websites for user eyeballs and engagement.

The move also comes two days after Facebook spruced up its privacy-control features, making it easier to limit shared items to certain groups and see at a glance what people can see.

Moreover, Facebook profile elements from music and books to addresses and phone numbers can be individually checked on or off to display to everyone, or be limited to friends or to a customized list.

Meanwhile, privacy watchdogs are monitoring the Facebook-Google privacy one-upmanship with interest. The Electronic Frontier Foundation and Electronic Information Privacy Center have taken both companies to task for perceived privacy intrusions.

Today is Chinese Valentine's Day

Today is Chinese Valentine's Day in the chinese lunar calendar. July 7 of Every year's lunar calendar commemorate the legend of the Cowhand and Weaver Maid.

Down from generation to generation,Weaver is one of Jade Emperor in Heaven's the seven daughters. She came down from Heaven to fall in love with Cowhand and gave birth to the child in once ,Jade Emperor in Heaven know the things to rage,He caught Weaver to went back Heaven and create "The Milky Way".

Through struggle,The Jade Emperor in Heaven's wife were they moved,She agree Cowhand's family to stay on Heaven and allowed to meet once through the bridge of magpies.

Andriod faces malicious software to threatens,Security market have large opportunity

"Fortune" magazine writing about said,With the Android systerm turn into popularity,Andriod apply security put on the agenda.

Germany say facial recognition technology of facebook break the law

AFDPIS said on wednesday,Facial recognition technology of facebook violate europe's and germany's data protection act.Facebook must deleted related data.

Chinese Writer rights union of china sent letters from lawyers:Baidu already delete links,Apple has not action

Author:HongJuanYuan

Executor of chinese Writer rights union is ChengZhiBei introduced yestoday,chinese Writer rights union sent letters form lawyers to Baidu Company and Apple Company.To data,The two companies contact union by phone,Baidu says they already delete links of tort,but Apple can't take any action about infiringing works.

ChengZhiBei says,July 20,Writer rights union sent letters from lawyers to apple,accusing it infringes transmission ritht of 23 of works for six writer in network,require they to stop tort and compensate for damage,close Apple Store before fix up question of tort."If unable to meet the requirements,we will be civil prosecution and assigning blame of Apple compeny illegal business with administration."

Sony group reported in the first of fiscal 2011 earings

Tokyo,July 28,2011-Sony grop reported in the first of fiscal 2011 earings.

  Consolidated operating income of 27.5 billion yen (340 million U.S. dollars) was recorded in the current
      quarter, despite year-on-year declines in sales and operating income due mainly to the negative impact
      of the Great East Japan Earthquake as well as the deterioration of the electronics business environment.
  Business operations that had been negatively affected by the Earthquake are recovering faster than
      anticipated in the May forecast.
  Despite lower projected annual LCD television unit sales compared to the May forecast and further
      unfavorable foreign exchange rates anticipated for the remainder of the fiscal year contributing to a
      lower consolidated sales forecast, the consolidated operating income forecast for the current fiscal year
      remains unchanged because the performance of most businesses is anticipated to exceed the May
      forecast.