2008年4月29日 星期二

Google-Hacking Goes To China

Google unveils new image ranking system "VisualRank"
Google's PageRank helps determine a site's value, based on content and scaled from 0-10. The higher the PageRank, the higher the site appears in organic ...

Google-Hacking Goes To China
Andy Greenberg, 04.28.08, 6:40 PM ET

Google has yet to bring its U.S. success to China--only about one in five Chinese Web searches starts at the site. But lately, Google seems to have gained popularity with at least one group of Chinese Web users: some of the country's most successful cybercriminals.

Over the past several weeks, researchers have tracked a hacker exploit that's infected more than half a million pages around the Web, invisibly redirecting visitors to those pages to servers that install malicious software on their PCs. The cybercriminals' exploit uses an increasingly common method to decide which pages to infect: Google (nasdaq: GOOG - news - people ) searches that probe sites en masse for hackable weak points.

According to those who have followed the attack at the SANS Institute's Internet Storm Center, a cybersecurity crisis response organization, the infection tool is partially written in Chinese characters and compiled on a computer with Chinese language settings.

The apparently Chinese cybercriminals are using Google searches to track down sites vulnerable to so-called "SQL injections," says Jeremiah Grossman, chief technology officer of security firm Whitehat Security. By entering certain strings of text into user input boxes on Web sites, cybercriminals are able to confuse their commands with data in a site's Structured Query Language (SQL) database and gain control of it, says Grossman. "They're using Google to get their target list and automatically blasting those targets with their attack," he says.

Cybercriminals and security researchers have used search engines, including Google, for years to scour the Web for instances of outdated code open to intrusions. But this latest "Google hacking" exploit has brought the technique to another level, creating the largest-ever epidemic of compromised Web sites, including some hosted by the U.S. Department of Homeland Security, the United Nations and the British government.

For now, the majority of those infected sites are no longer a threat, says independent Bulgarian security analyst Dancho Danchev. Researchers at SANS and security firm Websense (nasdaq: WBSN - news - people ), in San Diego, notified the Chinese Internet service provider and domain registrar hosting the computers with malicious software. The Chinese companies then disconnected those computers from the Internet over the past weekend, Danchev says.

But most of those sites still remain vulnerable to SQL injection--meaning the same group of hackers or a copycat group could use similar techniques to redirect the sites' visitors to another server hosting malicious software, Danchev argues. "There's a huge, and I mean huge, percentage of legitimate sites that continue remain vulnerable to such remotely exploitable massive injections," he says.

Danchev warns that this kind of wholesale, automated infection of Web sites may be a growing tactic for cybercriminals. "Long tail" hacking, as he calls it, is more effective and more difficult to reverse than compromising a single popular destination, such as the hacking of the Miami Dolphins' Web site before last year's Super Bowl. "Infecting hundreds of thousands of sites results in enormous potential for aggregating and abusing the traffic that they receive, compared to targeting a single high-profile site," Danchev says.

In this case, the hundreds of thousands of attacked sites have something in common: They're all hosted on servers running either Microsoft's (nasdaq: MSFT - news - people ) Internet Information Services software or its SQL database software. Whitehat Security's Grossman speculates that machines running that software were targeted because they allow several commands to be injected in a single user input field on the sites they host, making those sites easier to hijack.

Microsoft's own security researcher Bill Sisk quickly leapt to the company's defense. "Our investigation has shown that there are no new or unknown vulnerabilities being exploited," he wrote in a statement on the Microsoft Security Response Center's Web site on April 25. "This wave is not a result of a vulnerability in Internet Information Services or Microsoft SQL Server."

In fact, Grossman agrees that the sites' vulnerabilities weren't Microsoft's fault as much as the result of sloppy Web coding on the part of the Web sites' own developers, who failed to filter user input for manipulative commands. But that means the problem is even harder to solve: Most of the hundreds of thousands of sites targeted in the attack still remain vulnerable and will likely be targeted again. "This isn't something Microsoft can patch," he says. "We're seeing one exploit today, and we'll see another tomorrow and another the day after. At any point the attack can change in a heartbeat."

See Also:

The No-Tech Hacker

Six Cybersecurity Nightmares

Canning the Real Spam Kings

Spammers Scam Google

Who's Listening To Your Calls?

Google: Regulators Would Approve Deal With Yahoo善用 Google公司資源

如何善用 Google公司資源
我認為要了解google的許多近乎 free的優秀服務 它也有英文版簡介
所以請你們先試用gmails 從它去了解全google 已推薦你們
比較它與既有的mail/ note vs application/calender等等


又譬如說我們要了解現在那些HTMI FIBER CABLE之產品在市面上流通 可從其SHOPPING找

Google: Regulators Would Approve Deal With Yahoo

Would the government like Google-Yahoo better than Yahoo-Microsoft?

April 28, 2008

Google (NASDAQ: GOOG) believes regulators would not bar a potential business deal with Yahoo (NASDAQ: YHOO) because it would be "nonexclusive" and falls short of an outright merger, a person familiar with Google's thinking said on Friday.

Yahoo is exploring alternatives to Microsoft's (NASDAQ: MSFT) $42.7 billion takeover offer, which the Web pioneer has rejected for being too low.

The U.S. Justice Department is questioning the companies about potential competitive issues raised by a partnership, sources said this week, as Yahoo completed a two-week test of Google's system for selling ads alongside Yahoo's Web search results.

Google believes such a partnership would not be anticompetitive because it would be an arrangement in which Yahoo would use Google's more profitable search advertising platform to make more money for itself, said the source, speaking on condition of anonymity.

A deal would be no different from partnerships Google has with other Web companies including Time Warner's (NYSE: TWX) AOL and IAC/InterActiveCorp (NASDAQ: IACI), the source said.

By contrast, Google thinks a takeover by Microsoft of Yahoo would raise far more antitrust concerns because the combined company could corner large chunks of multiple markets, from Web mail to instant messaging, the person said.

Google and Yahoo have said they cooperated with the Justice Department and told the agency about the test.

When Yahoo said two weeks ago that it had begun testing Google's AdSense system, it drew outcry from critics who see Google's domination of the market as a barrier to a deal.

Google is the top search engine, and a tie-up with No. 2 search engine Yahoo would give the two companies more than 80 percent of the market, according to ratings company Hitwise.

Neither company has disclosed the results of the test, under which 3 percent of U.S. Yahoo searches carried advertisements using AdSense. Yahoo President Susan Decker said on Tuesday it was "premature" to speculate on options the company might pursue with Google.

Google remains open to further discussions with Yahoo on hammering out a deal because no final decisions have been made, the source said.

For its part, Microsoft has said a Yahoo-Google partnership would make the market for Web search far less competitive.

"The general rule would be that if the arrangement substantially limits competition in some aspect of their business, that would be problematic," said Aaron Edlin, who teaches antitrust law at the University of California at Berkeley.

"Collaboration that comes short of merger is much more apt to pass muster before antitrust authorities," he said.

Copyright 2007 Reuters. Click for restrictions.

2008年4月23日 星期三

first quarter results (2008)

【季報】美國谷歌08年Q1繼續保持良好勢頭 銷售額比上年同期增長42%



從具體的廣告銷售額來看,以網站上發佈的廣告為收益源的“Google web sites”部門比上年同期增長49%,達到34億41萬美元,通過“Google AdSense”從合作方獲取收益的“Google Network web sites”部門同比增長25%,達到16億8614萬美元。Google AdSense指與谷歌簽訂合約的合作方的網站上,使用谷歌的檢索技術等顯示與網站內容相關的廣告。谷歌向作為廣告項目窗口的合作方支付的手續費(TAC:Traffic Acquisition Costs)為14億9000萬美元,在谷歌廣告銷售額中佔29%。   

從不同地區的銷售額來看,美國以外的銷售額為26億5000萬美元,佔該公司總銷售額的51%。該數字上年同期為47%,上季度為48%,趨於增加。08年第一季度英國的銷售額為8億300萬美元,相當於總銷售額的15%。英國銷售額在總銷售額中的比例,上年同期為16%,上季度為14%。(記者:迦納 徵子)
■日文原文 【決算】米Google社は依然好調,売上高が前年同期比42%増

2008年4月18日 星期五

Google Profit Beats Wall St. Forecast (uploaded in China)

Published: April 17, 2008
SAN FRANCISCO — Google said Thursday that its net income for the first three months of the year rose 31 percent on revenue growth of 42 percent from a year ago, topping estimates from Wall Street analysts.
Skip to next paragraph

Google Earnings Statement
Bits: Google: No Recessionary Problems Here
The company’s shares shot up in after-hours trading.
The Internet search giant said net income was 1.31 billion, or $4.12 a share, compared with $1 billion, or $3.18 a share, in the first quarter of 2007. Revenue climbed to $5.19 billion, from $3.66 billion a year earlier.
Excluding commissions paid to advertising partners, a widely followed measure, Google’s revenue was $3.7 billion, slightly higher than analysts expected. Its profit, excluding the cost of stock options, was $4.84 a share, handily beating forecasts.
On average, Wall Street analysts were expecting Google to report revenue, excluding commissions to advertising partners, of $3.61 billion and income, excluding the cost of stock options, of $4.52 a share.
“Our ongoing innovation in search, ads, and apps helped drive healthy growth globally across our product lines, yielding another strong quarter for Google,” said Eric E. Schmidt, chief executive of Google, in a news release.
Analysts have become obsessed with Google’s “paid clicks,” or the number of times users clicked on its ads. The company said there were up 20 percent from a year ago, though down from 30 percent growth rate of the previous quarter.
Google’s first-quarter report comes amid intense interest and speculation over the impact that a slowing economy may have on the Internet search giant and on the online advertising business overall.
When Google reported financial results for the fourth quarter of 2007, Mr. Schmidt, told investors that the company had seen no adverse effects on its business from a slowing economy. Google gives no guidance to investors on its expected future performance.
But simmering concerns that a slowdown would indeed affect Google, perhaps to a significant degree, boiled over in late February when comScore, the Web audience measuring firm, issued a report indicating a slight decline in paid clicks in January when compared with January 2007. Such clicks are important because Google charges an advertiser only when someone clicks on their ad. Google’s shares tumbled following the comScore report. Investors’ fears were tempered somewhat after some analysts noted that the decline in paid-clicks may have been in part self-inflicted. The analysts, as well as comScore, said that Google had taken measures to improve the usefulness of its ads. They included reducing the clickable area in text ads to avoid accidental clicks. Those improvements might have driven the price of clicks up, leaving investors to guess what effect, if any, the changes had on the company’s revenue.
Still, many analysts cut their estimates for Google’s growth. And the unease has persisted, as subsequent reports from comScore indicated that the slowing trend in paid clicks continued for the remainder of the first quarter. Google shares are down approximately 40 percent from their November peak.
During the quarter, Google completed the acquisition of DoubleClick and investors are watching what impact the advertising technology company will have Google’s revenue and profit margins.

2008年4月12日 星期六

U.N. Teams With Google Earth To Track Refugees

U.N. Teams With Google Earth To Track Refugees, Educate Public

Washington Post Staff Writer
Saturday, April 12, 2008; Page D02

Can Google Earth save the world?

The U.N. High Commissioner for Refugees announced a new partnership with the search engine this week. The goal: To use Google's globe-mapping software to illustrate the plight of parts of the planet's population.

Google Earth, a free, virtual-globe program from the search engine company, lets users zoom in on locations around the planet. Users can also use special programs known as layers, which organizations can build to incorporate video, text or other interactive features.

Under an outreach program, Google has been populating its virtual globe with socially minded projects from such organizations as Greenpeace, the U.S. Holocaust Memorial Museum and UNICEF. Six such layers have been launched in the past two weeks.

Click on the United Nations' "visit a camp" button in Google Earth, for example, and an online depiction of the globe spins and zeroes in on a satellite view of a refugee camp in Chad. There, visitors learn about the refugees who have fled to that country from western Sudan's Darfur region. Click on a button and users can find out how much money it costs to install, say, a new water source at the camp. Click again and users can donate that amount.

"The great thing about Google Earth is it gives you that ability to be there," said Tim Irwin, a spokesman for the U.N. refugee organization. "We're hoping to take something that might be a little abstract for some people and make it very real."

Rebecca Moore, manager of Google Earth Outreach, said she is hoping the software can be used by organizations on a larger scale. "This sort of immersive experience can lead to greater understanding, greater compassion and a desire to help," she said.

The U.S. Holocaust Memorial Museum launched "World is Witness," a layer that traces a recent trip to Rwanda to learn about the 1994 genocide there.

Last year, the museum was the first nonprofit organization to launch a Google Earth layer. The museum credited the program for increasing traffic to its "How can I help" page from 2,500 visitors a month to more than 50,000.

"It has been hugely helpful in terms of our outreach efforts," said John Heffernan, director of the museum's Genocide Prevention Initiative.


華盛頓郵報報導,到Google地球中點按聯合國(United Nations),再點按「參觀難民營」(visit a camp),即可看到在查德一個難民營的衛星圖像。參觀者可藉由圖像,了解從蘇丹達富爾地區逃到這個難民營中難民的情形。再點按後,使用者可看到花多少錢 可替難民營裝設一個新水源的資料。再點按,使用者還可捐錢做這件善事。


Google地球同時與綠色和平、美國大屠殺紀念博物館、聯合國兒童基金會合作,提供特定的資訊與圖解。大屠殺紀念博物館與Google地球合作的「世界 見證」(World is Witness),最近作了盧安達探索,可協助使用者了解1994年當地種族屠殺的種種。

2008年4月2日 星期三

Google to Lay Off About 300 at DoubleClick

這篇提到取消/出售the search engine marketing business 說法值得一記

Google to Lay Off About 300 at DoubleClick

Published: April 2, 2008

In the first sizable layoffs in its history, Google is cutting about 300 jobs from the American operations of DoubleClick, the advertising technology company that it acquired recently, according to a person with direct knowledge of Google’s plans.

The cuts represent about a quarter of DoubleClick’s American work force of about 1,200. The company has about 1,500 employees worldwide, and the chief executive of Google, Eric E. Schmidt, has suggested that job cuts would also affect DoubleClick’s overseas operations at a later date.

Google declined to confirm the number of layoffs.

In a statement, the company said: “Since our acquisition of DoubleClick closed on March 11, we have been working to match and align DoubleClick employees in the U.S. with our organizational plan for the business. As with many mergers, this review has resulted in a reduction in headcount at the acquired company.”

Google said it also planned to sell a DoubleClick unit, Performics Search Marketing, that helps marketers place ads on search engines, including those owned by Google and its main rivals, Yahoo and Microsoft.

“It is clear to us that we do not want to be in the search engine marketing business,” Tom Phillips, director of DoubleClick integration at Google, wrote on the company’s official blog. “At Google, maintaining objectivity in both search and advertising is paramount to our mission and core to the trust we ask from our users.”

The decision to sell Performics Search Marketing is not surprising, said Ellen Siminoff, chairman of search marketing company Efficient Frontier. Google’s job is to get paid as much as possible for the ads that appear on its pages.

“If you are a search marketing agency, your goal is to get the most for your customers’ money,” Ms. Siminoff added, noting that those two goals could be in conflict.

Mr. Phillips said Google would retain the affiliate marketing portion of the Performics unit, which helps advertisers establish networks of Web sites that can refer customers to them.

Mr. Phillips did not identify a buyer but said he had “received preliminary interest” from a number of Google’s existing partners.

Some DoubleClick employees are being laid off Wednesday, while others are being offered transitional roles, Google said. The transitional roles are expected to end after the two companies are fully integrated, said the person with knowledge of Google’s plans.

The cuts follow Google’s largest acquisition ever and were widely expected. But the number is higher than some analysts predicted and suggests that Google, which has hired aggressively in the last several years, may have become more cautious.

“This obviously flies in the face of the notion that Google is managing for continuing excess growth, not only in operations but also in work force,” an equity analyst with Standard & Poors, Scott Kessler, said.

Others, however, noted that 300 employees was not “material” given Google’s size.

“It shouldn’t be surprising to see some head count reduction, given the areas of overlap between the two companies,” an analyst with Cantor Fitzgerald, Derek Brown, said.

Google added more than 6,100 workers in 2007 and ended the year with 16,805 employees worldwide. Amid shareholder concerns about its fast-rising expenses, Mr. Schmidt promised investors last year that Google would slow its rate of hiring.