Author: Dr. Bill

Even Microsoft’s search engine is evil! Go figure! Internet Explorer is the most insecure web browser, and apparently Bing is the most insecure web search engine. In keeping with their lack of security capabilities, I would say, “Google on!”

Bing Delivers Five Times as Many Malicious Websites as Google

“Searches on Bing returned five times more links to malicious websites than Google searches, according to an 18-month study from German independent testing lab AV-Test. Though search engines have worked to suppress malicious results, the study concluded that malware infested websites still appear in their top results.

The study looked at nearly 40 million websites provided by seven different search engines. About 10 million results came from Bing and another 10 million from Google. 13 million sites were provided by the Russian service Yandex, with the rest coming from Blekko, Faroo, Teoma and Baidu respectively. Of these 40 million sites, AV-Test found 5,000 pieces of malware—and admittedly small percentage of websites.

Google the Safest
The study concluded that while all the search engines the lab evaluated delivered malware, Google delivered the least. It was followed by Bing, which returned a disconcerting five times as much malware as Google. Yandex, the Russian website, delivered 10 times as many malicious sites.

Thankfully, the 5,000 pieces of malware the study found are concentrated in Yandex results—which had 3,330 malicious links out of the 13 million the AV-Test looked at. Bing had a little under half that, with 1,285 malicious results out of 10 million pages. Google returned a mere 272 malicious results in 10 million while Bleko had even fewer: 203 out of around three million.

SEO Optimized Malware
To move their malware-ridden spawn to the top of Google’s search results, the bad guys are using tried and true search engine optimization tactics—the very same used by corporations and bloggers. According to AV-Test, the attackers use a very simple trick, ‘they first create a multitude of small websites and blogs before selecting the most frequently used search terms from top news stories and using backlinks to optimise these terms for search engines.’

The study went on to say that users ‘are the least suspicious’ when they see a search result attached to a hot news story. More troublingly, AV-Test reports that sites with Trojans or other malware are returned as ‘top’ results.

How Safe Are You?
If you’re a Google user or even a Bing user, the chances that you would encounter a malicious website in your search are low. Doing some quick arithmetic, it looks like the chance of a Googler hitting malware is about one in 40,118.

Of course, those odds are repeated billions of times a day. ‘[It] is important to remember that Google alone deals with a phenomenal total of 2 to 3 billion search requests worldwide every day,’ reads the study. ‘If this total is factored into the calculations, the total number of websites containing malware found by the search engine is enough to make your head spin!’

In 2009, Google reported it handled around 320 million searches a day for America alone and around 2 billion worldwide. That’s potentially about 50,000 malicious sites a day.

Usually, I tell people they can stay safe by being smart, but in this case it’s a bit more complicated. Google is a service people trust, and most users don’t consider that malicious sites are playing a numbers game. Instead, users assume that they’re safe because they’re not important or targeted. The fact that attackers are going out of their way to make their websites attractive for clicking doesn’t help.

Security software can go part of the way, as many will screen your web browsing for potentially dangerous websites. Most modern browsers, like Google Chrome, have anti-malware baked right in.

It is, however, heartening to see that the number of malicious results from Google is so low. I certainly hope that Bing can follow suit and get their numbers down as well.”

This is a post from the Roku Blog from today:

Roku Blog

“Celebrating 5 Million Roku Players!

In May 2008, Roku launched the very first player to stream entertainment to the television. We called this device ‘the Netflix player,’ since Netflix was the first available channel. For the first time, consumers could instantly stream thousands of TV and movie titles on their televisions thanks to the power of the Internet. With the introduction of that first streaming player, we pioneered the streaming era of television.

Over the last five years, we’ve celebrated many milestones as top brands have joined Roku to stream entertainment to the television for the first time. It’s been exciting to see our customers rejoice as we’ve added channels like Amazon Video on Demand in 2009, HBO GO in 2011 and TWC TV in 2013. And today, I’m pleased to share another milestone: thanks to you, we have shipped our 5 millionth Roku streaming player in the U.S.!

Since 2008, we’ve delivered 8 billion streams of video and music to Roku players. Of course we have a few more channels now – about 750 or so.

What are people streaming on Roku? Tons of TV shows and movies. Netflix, Hulu Plus, Amazon Instant Video, Crackle, HBO GO and VUDU are all top favorites. Music is extremely popular, and consumers enjoy Pandora, VEVO and Spotify among other choices. News, sports, science and foreign languages from around the world are also big hits.

Did I mention games? In 2011, we introduced casual games to the Roku platform with the debut of Angry Birds, which took the leap from mobile to TV for the first time. Angry Birds remains the most popular game on Roku today – by our count more than 3 billion bad piggies have been eliminated!

Today, 25% of Roku players stream more than 35 hours per week to a TV. According to Nielsen, the average American spends 34 hours per week watching live TV. That means one in four Roku customers are enjoying the vast majority of their TV time with Roku, making Roku one of the most coveted streaming platforms.

What does the future of TV look like? There’s no doubt it will be streamed.

Here’s to the next 8 billion streams!

Anthony Wood”

Microsoft’s typical sorry apps need ton’s o’ security patching this month. DO NOT forget to run your updates!

April’s Patch Tuesday to fix two critical flaws in Windows, IE

“In this month’s roundup of security flaws, Microsoft said it will patch nine vulnerabilities in total, two of them rated ‘critical.’

As usual, little information is provided about the flaws to ensure attackers can’t exploit the flaws in advance of the upcoming release. But in today’s advanced security bulletin, the software giant warns of flaws in both Windows, Internet Explorer, Microsoft Office and some of its server software.

The first critical flaw affects all versions of Internet Explorer, including: Internet Explorer 6, 7 and 8 on Windows XP; Internet Explorer 7, 8 and 9 on Windows Vista; and Internet Explorer 8, 9 and 10 in Windows 7. It also affects Internet Explorer 10 on Windows 8 and Windows RT-based tablets.

The vulnerability will fix a flaw that allows a drive-by attack, which hackers can exploit to attack machines running the software using malware-laden websites.

The second critical update affects Windows XP (Service Pack 3), Windows Vista (Service Pack 2) and Windows 7 — but not Windows 8 or Windows RT-based devices, such as Surface tablets. The patch will fix a flaw that allows an attacker to elevate privileges, such as from the more secure ‘user’ to ‘administrator’ privileges, opening up the core system files to attack and thus a greater scope for malware injection.

It’s likely that, in line with previous months, Microsoft may also dish out a number of non-security related fixes to its Surface Pro and Surface RT tablets.

Any machines at home or at work with these affected systems will be patched in just under a week when Microsoft releases the software patches and fixes.

The software fixes will be released on April 9 through the usual update channels, such as Windows and Microsoft Update.”

The NAB is the National Association of Broadcasters. NAB works to ensure broadcasters can operate in a marketplace free of unnecessary regulation, helping to spur the development of new broadcast technologies and services.

The NAB Conferences and Show is being held this year at Las Vegas Convention Center, Las Vegas, Nevada. Techpodcasts netcasters are covering the Convention floor, and will be interviewing exhibitors that will be displaying new broadcast technology innovations and content. It is going to be a great show, and we will have LIVE coverage all this week using LiveStream and TPN!

Stay tuned for great information and what new in the broadcast industry! Live coverage starts tomorrow! Watch the right hand column of our website for continuing coverage as it happens!

Apache has released an Open Source meeting platform ties into Asterisk PBX.

Apache OpenMeetings hits first Open Source Top Level Project Release

“There is alot of excitement in the open source community about the emerging WebRTC standard that will enable browsers to become full real-time communications tools.

It’s important to remember though that there are other open source tools and efforts that are already somewhat mature to enable open source real time communications via a browser. Though OpenMeetings (unlike WebRTC which is plug-in free) can and does benefit from the use of plugins (esp SWF/Flash).

This week the Apache OpenMeetings project released version 2.1 of its open source web conferencing platform. The OpenMeetings 2.1 release is the first release of the project since it graduated from the Apache Incubator to become a top level project, in December of 2012.

The new OpenMeetings 2.1.0 release provides improved integration with the open source Asterisk 11 PBX, which is required on the back-end to fully enable some of the web conferencing capabilities. The improved integration deliver enhanced sound and video.

As a full web conferencing solution, OpenMeetings also has chat capabilities. With the 2.1.0 release private chat amongst web conference users is now supported.”

Two Lucasarts games by Raven have been released to Open Source!

After LucasArts closure, Jedi Outcast and Jedi Academy go open source

Reported on Ars Technica:
“We’re all still reeling from Disney’s shuttering of LucasArts yesterday, and tributes to the once-indomitable game studio are sprouting up all over the Web. One such tribute sure to bring a smile to programmer geeks everywhere comes from development house Raven, which has this morning released the source code for its two Star Wars titles: Jedi Outcast and Jedi Academy. The two FPS titles were released in 2002 and 2003 and continued the story of Kyle Katarn, the bounty hunter and Jedi first introduced in 1995’s Dark Forces.

‘We loved and appreciated the experience of getting to make Jedi Knight II: Jedi Outcast and Jedi Academy for LucasArts,’ noted Raven in a statement. ‘As a gift to the persistently loyal fanbase for our Jedi games and in memory of LucasArts, we are releasing the source code for both games for people to enjoy and play with.’

The two titles were very popular at release, with Jedi Outcast featuring one of the first deathmatch multiplayer experiences set in the Star Wars universe. According to Kotaku Australia, the code released this morning is only for the single-player portion of both games. This is typical of source code releases for major titles, as the networking code used in multiplayer often uses licensed or proprietary chunks of code that cannot be licensed as open source. Both games are available under the GPLv2 license.

We’re working on our own ‘Ars remembers LucasArts’ tribute post, which should be up later today.”

Does Google adopting Blink mean that they are preparing for a “Post-PC” era? Are we already in a “Post-PC” era? And, what about Naomi? (A reference to the old PBS show, “The Electric Company.)

The real reason why Google forked WebKit

“Yesterday came the surprise news that Google was going to kick Apple’s WebKit rendering engine to the curb and replace it with a new open source rendering engine called Blink, based on WebKit.

According to Google, the reason behind the switch is the fact that WebKit has grown too complicated, and making the switch to its own rendering engine will benefit projects such as the Chrome browser and Chrome OS.

‘Chromium uses a different multi-process architecture than other WebKit-based browsers, and supporting multiple architectures over the years has led to increasing complexity for both the WebKit and Chromium projects,’ writes Adam Barth, software engineer at Google.

‘This,’ he continues, ‘has slowed down the collective pace of innovation.’

It seems like Google has given this a lot of thought, and the company believes that it will be able to remove seven build systems and delete more than 7,000 files from its rendering engine compared to WebKit, which means some 4.5 million fewer lines of code.

This has already tempted Opera to adopt Blink.

Now, I’m all for simplification, and getting rid of 4.5 million lines of code from a project is undoubtedly good for stability and security. And, as noted by Barth, having multiple rendering engines will no doubt lead to more innovation.

But there’s more to this switch than meets the eye.

The fact that Google focused on simplifying the WebKit is telling. Sure, Google is interested in adding new features, but in such a multi-platform world, the idea of filling Blink with features that are incompatible with other rendering engines is almost unimaginable.

The reason Google wants Blink is down to one thing — the post-PC era. WebKit is long in the tooth, and is a product of PC thinking. Google wants to change that.

There’s no doubt that Apple has effectively managed the project and transformed it into a capable post-PC era rendering engine, but it is clear that if Google can eliminate 4.5 million lines of code from the project, then there’s a lot of dead wood in there. And while having all that dead wood buried in the codebase might be fine on desktop and notebook systems with a beefy processor and bags of RAM, on mobile systems with limited processing power, storage, RAM and power, a more focused, streamlined rendering engine would be better for all.

Google, it seems, is also very good at optimizing code when it comes to browsers. It’s done an excellent job of the V8 JavaScript engine, creating a fast, capable engine. Given its track record there, it makes sense for the company to take control of its own rendering engine.

Another reason why having its own rendering engine will be good for Google is differentiation. If Google can make Blink significantly better than WebKit (faster, less buggy, safer), then this gives products such as Android, Chrome, and Chrome OS an advantage over the competition. Given the world we now live in, a faster, more efficient, safer browser is something that would be welcomed by many.

Blink could be big for Google.”