Google Trolled within 24 Hours of releasing Password Alert Extension

Its really embarrassing for the Tech Giant GOOGLE, being trolled within 24 hours of release of its latest tool for users to help prevent Phishing attacks. Password Alert – a Chrome Extension released just 24 hours ago by Google, has been found vulnerable to a simple javascript exploit by a UK-Based information Security Researcher Paul Moore.

Moore proposed a PoC exploit imitating Google Login Page (Users are advised not to put in their account details, unless for any testing purposes), and is a sophisticated malicious Phishing page luring visitors into entering their login credentials. As proposed by Moore, if the Password Alert Extension wasn’t poorly designed, it must have warned users for a Phishing Attack ahead. Instead, the warning is completely suppressed. Moore released a video PoC for the exploit as shown below.

“The suggestion that it offers any real level of protection is laughable”, says Paul Moore. He went on to say Google would do better devoting its resources to supporting the use of password managers, since most of them provide much more effective protections against phishing attacks.

The script required in bypassing the chrome extension is shown below:

<!-- BYPASS GOOGLE'S PASSWORD ALERT EXTENSION "PROTECTION" -->
<script type="text/javascript">
setInterval(function() {
if(document.getElementById("warning_banner")) {
document.getElementById("warning_banner").remove();
}
}, 5);
<script>

Technical Details

In an email to a news website Moore wrote,

“Lines 2 & 8 are the start & end of a Javascript block.

Lines 3 & 7 (setinterval) tells the UA to carry out what’s inside the function every x milliseconds (5 in this case).
Line 4 checks to see if the warning_banner (the window which the Password Alert plugin creates when it finds a phishing site) exists. This line isn’t strictly necessary, but to hide any errors which may alert the user, it’s included.
Line 5 searches the DOM for an element with an ID of “warning_banner” and removes it.

Basically, the script runs every 5 milliseconds, searches the page for instances of Google’s warning screen and simply removes it. That’s it. Technically, the warning window still appears… but it disappears so quickly, the user wouldn’t know.”

Google’s Reaction

Considering their reputation in Intenret Market, Google reponded swiftly to the problem and released a fix for the Password Alert Chrome Extension. Users should update to latest version of the extension to avoid this vulnerability. Google’s Drew Hintz said Password Alert Extension has been updated to version 1.4 to prevent Moore’s bypass from working. To install the new version, go to chrome://extensions/, enable developer mode, and click update extensions now.

Hold on! Windows 10 will not launch on smartphones this summer

While Microsoft has big plans to launch Windows 10 on PCs this summer in the US, smartphones may not be a part of it. The company is reportedly going to debut the OS later this year on phones. There is no time line provided as to when Windows 10 will launch on HoloLens, Xbox, and Surface devices.

A report by TheVerge points out that, at the ongoing Microsoft Build Conference taking place at San Francisco, Joe Belfiore, Corporate Vice President, Operating Systems Group at Microsoft explains, “Our phone builds have not been as far along as our PC builds.” He adds, “We’re adapting the phone experiences later than we’re adding the PC experiences.”

It is rather not surprising to see Microsoft launch Windows 10 on phones later than PC. This move confirms that new Lumia hardware will arrive later this year and not at the same time as Windows 10 PCs. Moreover, looking at the past trend, Windows 8.1 for PCs shipped earlier than phones.

Joe Belfiore also adds, that some features will not be available on Windows 10 during launch, but no clarification was given as to which features will be given a miss. One example would be Microsoft’s new Edge browser extension support, which will also arrive after summer.

“We’re in that finishing up phase of the project, and we’re going to continue to get builds out to insiders. We’re on track for this summer, but you should definitely have this notion in mind of Windows as a service,” he added. This would imply that users can expect some super-quick updates along with new apps and features added in a few months after the launch.

Micromax launches Canvas LapTab 2-in-1 at Rs 14,999 in India

Previously unveiled at CES 2014, Micromax has finally launched its Canvas LapTab at a price of Rs 14,999. The company’s first ever 2-in-1 device comes with a detachable keyboard and will go on sale starting May 6, exclusively on Amazon India. The black variant will be made available here.

The 10.1-inch Canvas LapTab comes with a WXGA IPS touch-enabled display with a 1280 x 720 pixel resolution. It is powered by a 1.83GHz Intel Atom processor Z3735F and includes 2GB of DDR3L RAM. The device comes with 32GB of flash memory and can be further expanded up to 64GB via microSD card.

The Windows 8.1 hybrid device comes with a 2MP fixed-focus rear camera and a 2MP fixed-focus front camera. It will be upgradeable to Windows 10 and also offer a one-year Office 365 personal subscription worth approximately Rs 11,798, which also includes 1TB of free OneDrive storage.
In terms of connectivity, the LapTab supports Wi-Fi, Bluetooth 4.0, microUSB 2.0 and 3G. The keyboard also features a USB 2.0 port. The Canvas LapTab features a 7700mAh battery and can last for more than 10 hours, claims Micromax. Similar to the Microsoft Surface 3, the device can be charged using any mobile charger as well. It measures 210.8 x 124.2 x9.95mm, and weighs 1.1kgs.
Vineet Taneja, CEO, Micromax said, “Today’s launch marks our entry into the PC segment, where we intend to drive category growth and not only garner an available market share.” He also added, “Micromax Canvas Laptab has been designed to address the limitations of the existing devices by offering brilliant specifications that are ideal for the productivity and entertainment needs of students and evolved professionals.”

Apple Watch costs mere 24 percent of the retail price: IHS report

Apple Inc’s Watch has the lowest ratio of hardware costs to retail price across any Apple phone, according to a preliminary estimate by research firm IHS after a teardown study.

The hardware cost of an Apple Watch Sport model was about 24 percent of the suggested retail price compared with 29-38 percent for the iPhone maker’s other products, IHS said on Thursday.

The Apple Watch Sport 38 mm costs $349 and the teardown shows a bill of materials of $81.20 with the cost of production rising to $83.70 when $2.50 in manufacturing expense is added, IHS said.
The most expensive component in the Apple Watch is the display including the OLED and Ion-X cover glass which draws up a bill of $20.50. This is followed by the processor which is priced at $10.20.

According to the teardown, the Apple Watch contains 8GB of Toshiba flash memory, 512MB of Micron RAM and other components manufactured by Broadcom, STMicro, Maxim, NXP and Analog Devices.

According to Macrumors, the IHS teardown also gives information about the special coating added for electromagnetic shielding of the S1 chip. “To provide electromagnetic shielding, the encapsulated PCB assembly is further treated with a metalized coating deposited over the surface,” said Kevin Keller, senior principal analyst at IHS. “This shielding process is used in place of conventional stamped sheet metal shielding, saving a significant amount of space, as well as cutting down slightly on weight.”

(With inputs from Reuters)

Popular music streaming service Grooveshark shuts down

Grooveshark, one of the earliest online music streaming service, is going to shut down today. According to the statement, it will not be coming back in another avatar.

The reason for shutting down the site mainly include copyright infringement issues with artists, publishers and music labels who were owners of the rights of a lot of music available for streaming on Grooveshark for free.

Grooveshark has tended an unconditional apology to rights holders, “We started out nearly ten years ago with the goal of helping fans share and discover music. But despite best of intentions, we made very serious mistakes. We failed to secure licenses from rights holders for the vast amount of music on the service. That was wrong. We apologize. Without reservation.”

As part of its settlement with record labels, Grooveshark will wipe clean all the data on its servers and hand over the ownership of the website, mobile apps, intellectual property.

Grooveshark has also acknowledged that there are many services available online which let you stream music legally. “There are now hundreds of fan friendly, affordable services available for you to choose from, including Spotify, Deezer, Google Play, Beats Music, Rhapsody and Rdio, among many others. If you love music and respect the artists, songwriters and everyone else who makes great music possible, use a licensed service that compensates artists and other rights holders,” it said in the statement.

In the early days on Grooveshark, music wasn’t licensed. Users would upload music online which would be available for streaming by the community. Grooveshark had earlier managed to settle with EMI and Sony in 2013. Read Grooveshark’s complete statement here.

Tablet sales continue to slump globally: IDC Report

Figures released by International Data Corporation showed that the global tablet market continued to slump in the recently ended quarter. Shipments of tablets and “two-in-one” devices that combine tablet and laptop features sank to 47.1 million in a drop of nearly six percent from the first three months of last year, according to market-tracker IDC.

“Although the tablet market is in decline, two-in-one’s are certainly a bright spot,” said IDC senior research analyst Jitesh Ubrani. “While two-in-one, or detachables, still account for a small portion of the overall market, growth in this space has been stunning.”

The analyst said that companies such as Asus, Acer, and E-FUN have scored with value-priced two-in-one devices, while Microsoft has seen success at the high-end of the market with the Surface Pro 3.

Sales of Apple iPads have suffered from buyers preferring iPhones or Mac laptop computers, according to IDC. Apple shipped 12.6 million iPads in the quarter as compared to 16.4 million in the same period a year earlier, the market-tracker reported.

IDC expected iPad sales to continue to shrink until an innovative new model, perhaps with a larger screen, is introduced.

Chinese computer titan Lenovo was one of the few tablet makers seeing growth in the declining overall market thanks to a diverse product line and low-price offerings, according to IDC.
Lenovo shipped 2.5 million tablets in the quarter as compared to two million shipped during the first three months of last year, IDC reported.

AFP

Microsoft launches Lumia 430, its cheapest Windows Phone at Rs 5,299

Microsoft enters the budget smartphone market in India with its cheapest smartphone, Lumia 430, priced at Rs 5,299.

It runs the latest Windows Phone 8.1 software, but will be upgradeable to Windows 10.

The device sports a 4-inch WVGA LCD display with a 480 x 800 pixel resolution, and pixel density that goes all the way up to 235ppi. It is powered by a dual-core Qualcomm Snapdragon 200 processor clocked at 1.2GHz, and coupled with 1GB RAM. The device also packs in Microsoft Office, Skype and OneDrive.

It comes with an internal storage of 8GB that is further expandable up to 128GB via microSD card. On the camera front, it gets 2MP fixed-focus rear snapper and a 0.3MP front-facing camera.
The connectivity options include 3G, Wi-Fi, Bluetooth 4.0 and GPS. It comes dipped in Bright orange and black. A 1,500mAh replaceable battery completes the package.