Jan 27, 2010

Google Toolbar Tracks Your Browsing, Even When Off

Are we supposed to be surprised? Isn't this what it's designed to do?

Google Toolbar Tracks Your Browsing, Even When Off: "garg0yle writes 'Google's Toolbar is supposed to allow the user to disable it. However, it was discovered by a researcher that it was still sending information even when disabled. A patch is now available, and Google claims this was just a bug, not a feature.'

Jan 22, 2010

Microsoft "Zero-Day" Really a "180-Day"

Doesn't this make it a "180-Day", since they have known about it since September? I never understand why they don't patch these things sooner. If they really knew about it, why the delay? Is there some kind of denial system deep in the bowels of the Microsoft machine?

Threat Level Report on Microsoft's Latest Zero-Day IE Vulnerability

Jan 13, 2010

GMail Enables HTTPS by Default

I've always wondered why this wasn't the case to begin with...

To disable this feature, go to Gmail's settings page, select 'Don't always use https' and click on 'Save changes'. If you can't use Gmail offline when this feature is enabled, try this workaround.

Gmail's HTTPS Access Is Enabled by Default: "Unlike other popular webmail services, Gmail allows you to read your messages using a secure connection by visiting https://mail.google.com. In 2008, Gmail added an option that redirected you to the https version and now this option is enabled by default.

'Using https helps protect data from being snooped by third parties, such as in public wifi hotspots. We initially left the choice of using it up to you because there's a downside: https can make your mail slower since encrypted data doesn't travel across the web as quickly as unencrypted data. Over the last few months, we've been researching the security/latency tradeoff and decided that turning https on for everyone was the right thing to do,' explains Gmail's blog.

Even if this feature is restricted to Gmail, there's an interesting side-effect: if you open Google Calendar, Google Docs, Google Sites and Google Reader by clicking on Gmail's navigational links, you'll use the https versions of those services.