Friday, February 19, 2010
Friday, February 12, 2010
Thursday, February 11, 2010
Clicking on “Sweet! Check out Buzz” brings you to your initial follower/follow back network of friends:
And as the privacy statement suggested, it automatically determined people who have communicated with me over Gmail and that joined Buzz to follow me. Similarly Buzz made suggestions on whom I should follow. From the Buzz privacy statement:
For me, the default web apps connected to Buzz were my public facing Picasa and Google Reader:
By default, (as stated in the Google Privacy statement) the list of people that I am following and the people following me will be publicly displayed on my profile.
As numerous folks have blogged about (e.g., CNET), this could be a privacy concern for users who do not want to share their social network with the world. As with other social networks, this could be used to gather intelligence on individuals, the corporations/organizations/groups they belong to, and could be used in targeted spear phishing or impersonation attacks. To the general user on the web however, many of the benefits of social networking out-weigh the risks.
In addition to these concerns, there are also a few other items that Google Buzz brings to the table for an attacker. One item in particular is email validation. I clicked on one of my co-worker's that was following me from his default setup for his Buzz profile … I was able to then see the people that he is following and those following him (again, default setting). The people in his social network that I had emailed in the past from my Gmail account have their email address exposed, those that I had not emailed in the past did not have this exposed.
Friday, February 5, 2010
Hindustan Insecticides Limited: A Government of India Enterprise
(I'm sure you can appreciate the irony here, as insecticides are used to kill bugs).
Viewing the source of the page, there is an embedded iframe in the beginning to:
which redirects to: hxxp://cfkrdbfplrla.com/ld/tuta4/and is used to advertise A/V, registry cleaner, etc. wares through:
McAfee SiteAdvisor and other Google results for SearchMagnified lists it as being involved in some suspicious activities.
I was expecting to follow the link and reach an obvious Fake A/V page. Instead I reached:
Note the affiliate ID and the campaign code in the link parameters. The SearchMagnified links are pay-per-click links, so they are making a buck off the Indian Gov't redirect when folks follow the links. The links in this case pointed me to CyberDefender, a legit A/V vendor who are paying affiliates to advertise on the web for them - the problem is that the affiliates may engage in less than legit practices (as is the case here).