Google reveals Chrome security patch details

Earlier today, Google was keeping mum about a three-day-old security fix to its Chrome browser, but now the company has revealed details of two critical-risk vulnerabilities and some lesser issues it says are fixed.
The critical patches relate to buffer overrun vulnerabilities that could have let a remote attacker execute arbitrary software on a Chrome user's computer, said Mark Larson, a Google Chrome program manager, in a mailing list posting Monday afternoon. The first patch fixed a vulnerability in handling long file names, called the SaveAs vulnerability, and the second a vulnerability in dealing with the Web site addresses displayed in Chrome's status area when the user hovers over a link.
Read more »

Lenovo external hard drive responds to touch

I reviewed the WD My Passport external hard drive recently and thought it was really cool with the storage gauge that lights up when plugged in to show how much storage space has been used. Lenovo has gone one step further with an external hard drive concept that can reveal the same information without even being plugged in.

The concept external hard drive features a finger-touch access button, much like a biometric reader, and an external display. Once you touch the button, the display will show the remaining storage space in the form of simple digits.

It's unclear how this works but I would assume that the drive must have a battery of its own that recharges when the hard drive is plugged in.

While this seems rather unnecessary feature to some, it's actually very nice to know how much space left on the media. Personally, I've run into many cases where I ended up having to recopy a huge amount of data just because the free space ran out before the copying process was done.

Via Crave CNET | Source: DesignLaunches.com

At 10 years old, whither Google?

It wasn't long ago that we weren't able to "Google" people, places and things.


But, observes CBS News Science and Technology Correspondent Daniel Sieberg, in just 10 years, Google has grown exponentially from garage startup to Web juggernaut--and a verb as well as a noun.

As Google marks its 10th anniversary this weekend, it's become "part of culture, much like Xerox", points out John Battelle, who wrote a bestseller about the rise of Google called The Search: How Google and Its Rivals Rewrote the Rules of Business and Transformed Our Culture. He notes that the verb "google" quickly became synonymous with speedy learning on virtually every subject.

"Nearly anything and everything to get smart on any topic exists on the Web," says Battelle, "and Google does a good job of organizing it."
Read more »

Security firm spots Chrome "SaveAs" flaw

It's been only a few days since Google released its Chrome browser, and security researchers are still digging into the software in search of the first few flaws.

A company in Vietnam has turned up the latest vulnerability in Chrome, according to a story posted to Information Week's Web site. Bach Khoa Internet Security says that the Chrome 0.2.149.27 release is susceptible to a critical buffer-overflow flaw, which could allow a remote attacker to take control of a PC. BKIS says it has reported the vulnerability to Google.

Here's how BKIS describes the vulnerability and how it could be exploited:

The vulnerability is caused due to a boundary error when handling the "SaveAs" function. On saving a malicious page with an overly long title (title tag in HTML), the program causes a stack-based overflow and makes it possible for attackers to execute arbitrary code on users' systems.

To exploit the Vulnerability, a hacker might construct a specially crafted Web page, which contains malicious code. He then tricks users into visiting his Website and convinces them to save this Page. Right after that, the code would be executed, giving him the privilege to make use of the affected system.

Earlier this week, security researcher Rishi Narang reported a flaw related to how Chrome, still in beta, behaves with undefined handlers, while another researcher, Aviv Raff, developed a proof-of-concept demo that showed Chrome could be hit with a carpet-bombing flaw.

See also: Chrome suffers first security flaw.

Via CNET News

Creating a Facebook for spies

One might expect James Bond's MySpace page to list shaken martinis, Walther PPKs, and Aston Martins among his interests.

While that scenario is a bit far-fetched, agents for the CIA, FBI, and National Security Agency are testing a social-networking site designed for use by analysts within the 16 US intelligence agencies, according to a report on CNN's Web site. Instead of posting thoughts on music and movies, the agents use the site--called A-Space--to share information on terrorist activities and troop movements around the world.

The social networking site has been undergoing testing for months and is expected to officially launch to the nation's entire intelligence community on September 22, CNN reported.

"It's every bit Facebook and YouTube for spies, but it's much, much more," Michael Wertheimer, assistant deputy director of National Intelligence for Analysis, told CNN. "It's a place where not only spies can meet but share data they've never been able to share before. This is going to give them for the first time a chance to think out loud, think in public amongst their peers, under the protection of an A-Space umbrella."
Read more »

Crave is...

The name says it all. Crave is our blog about cool gadgets and other crushworthy stuff.

Drop us an email if you have tips or suggestions.

Crave for...

» Mobile Phones (2215)

» Digital Cameras (974)

» Notebooks (1227)

» PC & Peripherals (1304)

» Handhelds (584)

» Printers (82)

» Home AV (1138)

» Music & Play (887)

» Gadgets (1474)

» Future Tech (391)

» Green Tech (170)

» Lifestyle (154)

» Luxury (22)

» Home Appliances (57)

» Cars (99)

» Games and Gear (245)

» Software (93)

» Web (105)

Previously...

2009

2008

2007

2006

2005

2004

Hot Topics

Subscribe to
Crave

What's Hot

apple apple inc. apple iphone apple ipod asia battery camera game google inc. iphone microsoft corp. microsoft windows mobile phone photograph singapore smart phone software sony corp. video

Today on CNET |  Reviews |  Crave |  Blogs |  CNET TV |  Digital Living |  Downloads