Skip to main content

Safety note from Google Security team

Google Security Team on one of its blog post tells that, listen to the all warnings on search results and on browsers even the source is trusted one. Because for surely those trusted sites will be under attack. The Security team is confident about the warnings given by scanners.

here is the post published on Online Security Blog
This week in particular, a lot of web users have become vulnerable. A number of live public exploits were attacking the latest versions of some very popular browser plug-ins. Our automated detection systems encounter these attacks every day, e.g. exploits against PDF (CVE-2010-2883), Quicktime (CVE-2010-1818) and Flash (CVE-2010-2884).

We found it interesting that we discovered the PDF exploit on the same page as a more “traditional” fake anti-virus page, in which users are prompted to install an executable file. So, even if you run into a fake anti-virus page and ignore it, we suggest you run a thorough anti-virus scan on your machine.

We and others have observed that once a vulnerability has been exploited and announced, it does not take long for it to be abused widely on the web. For example, the stack overflow vulnerability in PDF was announced on September 7th, 2010, and the Metasploit project made an exploit module available only one day later. Our systems found the vulnerability abused across multiple exploit sites on September 13th.

Here’s a few suggestions for protecting yourself against web attacks:
  • Keep your OS, browser, and browser plugins up-to-date.
  • Run anti-virus software, and keep this up-to-date, too.
  • Disable or uninstall any software or browser plug-ins you don’t use — this reduces your vulnerability surface.
  • If you receive a PDF attachment in Gmail, select “View” to view it in Gmail instead of downloading it.
By Panayiotis Mavrommatis and Niels Provos, Security Team 

Popular posts from this blog

Access Gmail Offline On enabling offline access, Gmail will load in your browser even if you don't have an Internet connection. You can read messages, star, label and archive them, compose new mail and messages ready to be sent will wait in your Outbox until you're online again. It's built on the Gears platform, which has already been used to offline-enable Google Docs, Google Reader, and other third-party web  applications   To get started with offline Gmail - - Sign in to Gmail and click 'Settings'. - Click the 'Labs' tab and select 'Enable' next to 'Offline Gmail'. - Click 'Save Changes.' - In the upper righthand corner of your account, next to your username, there will be a new 'Offline' link. Click this link to start the offline synchronization process. Standard Edition users can follow these instructions immediately, while Premier and Education Edition users will first need their  domain  admins to enable Gmail Labs from

3 new Buzz tips

To deliver interesting  posts to your inbox, to disable comments which cause heavy load for you and the favicons for shared links to identify the source.  with these new options you will be able to forward your favorite buzz post and its comments directly to your inbox so that you will keep in touch with that post.Disable comments opt will be used to stop the activity.

Firefox4 Beta for Android and Maemo

Forefox4 beta is available  for Android and Nokia's Maemo supported devices . This version includes Firefox Sync a major thing which Sync browsing history, bookmaks, tabs, passwords and form-fill data. so we can access all these things on desktop and mobile. Your Firefox data is completely encrypted between your devices so you can only have access to it.  Developers have the power to use the latest Web technologies like HTML5, CSS and JavaScript.