Transcript

Monday April 21, 2008

Google Turns to Mobile Phones in China to Catch Baidu

Google has been increasingly aggressive in its plans for catching up to search leader Baidu in China’s online search market. Now Google is focusing on the mobile search market in its quest to gain market share in China. Acquiring exclusive rights to process search queries for customers from China Mobile, which is China’s most-used wireless carrier, Google now leads Beijing-based Baidu.com in Chinese wireless searches. Google expects to process more local Web search queries from mobile phones than from computers in Asia by 2011. Despite its recent gains, Google earns less than half the ad revenue of Baidu.com in China. At last count, Baidu's market share was 60 percent, up 2 percent from a year earlier, compared with Google, which had a market share of 26 percent, up 17 percent from the year before.

http://www.bloomberg.com/apps/news?pid=20601204&sid=aqbpFHb9v78I

ISPs' Error Page Ads Let Hackers Hijack Entire Web

According to recent research findings, popular Internet Service Providers including EarthLink, Time Warner, Comcast, Qwest, and Verizon may be putting customers at greater risk of online attacks from identity thieves in their quest to monetize Web site traffic on their networks. EarthLink uses a service called Barefruit to return Web pages with suggested search terms and advertising to customers who mistype a domain name in their browser, but a bug in the software used to redirect users left hackers with the ability to launch various types of Javascript attacks, enabling them to steal users browser cookies, create fake Web sites that appeared to be hosted on legitimate domains, and even log into certain Web sites without authorization. The hole was quickly and quietly patched Friday after IOActive security researcher Dan Kaminsky reported the issue to Earthlink and its technology partner Barefruit. Earthlink users, and some Comcast subscribers, were at risk. The occurrence underscores the potential risks that remain when subdomains are only as secure as the servers of an ISPs chosen ad serving company.

http://blog.wired.com/27bstroke6/2008/04/isps-error-page.html
http://blog.washingtonpost.com/securityfix/2008/04/when_monetizing_isp_traffic_go.html
http://www.theregister.co.uk/2008/04/20/kaminsky_demo_at_toorcon/
http://news.yahoo.com/s/pcworld/20080419/tc_pcworld/144849
http://blogs.computerworld.com/big_phishing_problem_bears_fruit_at_toorcon_and_hes_dead_jim
http://securitywatch.eweek.com/browsers/major_isps_injecting_ads_vulnerabilities_into_entire_web_1.html
http://www.pcworld.com/businesscenter/article/144849/earthlink_redirect_service_poses_security_risk_expert_says.html
http://mashable.com/2008/04/20/holes-in-isps-error-pages/
http://www.pcpro.co.uk/news/190119/error-pages-leave-entire-web-vulnerable-to-hackers.html

[edited by: Vanessa_Zamora at 1:05 pm (utc) on April 22, 2008]