So I saw this today:

Google will allow its advertisers to use your image and comments in ads for their products, via a new feature called Shared Endorsements. This change raises privacy concerns for some people, and if you use Google Plus, the company's competitor to Facebook, you need to understand these changes.From November 11, the names, images and comments of Google Plus users will be available to Google advertisers for incorporation into the advertisements that appear when users run searches on the site. The changes are reflected in new Terms of Service that are understood to be accepted whenever you use Google services.

While this may not qualify as 'evil' (as in the famous Google "don't be evil" motto that they used to use), it seems like adding a 'feature' like this that sin't opt-in is kinda a douche move and a particularly poorly timed one in the post-Snowden era where privacy is currently such a touchy subject. Although Google may claim they didn't give the NSA access to private user data, giving it to advertisers is apparently OK.

(and yes I know this blog is on blogger - owned by Google).

Remember Johnny Long's Google Hacking database?

Well it's back! 

The team at Exploit Database have recently resurrected the GHDB to help you harness the power of google to do reconnisance or just be nosey. Use it to check out your webservers or network and your users before the bad guys do!

Richard pointed out that the ever-amusing xkcd has a cartoon today that relates to the point I was making in an earlier post (except the bit about google turning evil...didn't that happen already?)

Google have released a beta of their SSL-enabled search page. An interesting concept in that while it protects the end user while performing searches, any ssl protection is lost when the searcher clicks on a link and goes directly to the desired page.

An important point is: "...Google will still maintain search data to improve your search quality and to provide better service. Searching over SSL doesn’t reduce the data sent to Google — it only hides that data from third parties who seek it."

Personally i'd prefer a version of their search engine that didn't maintain my search data, but given some of Google's other recent actions and CEO Eric Schmidt's views on privacy, I'm guessing it isn't coming soon....

On the other hand they are making the recent awesome interactive 'pac man' google logo a permanent feature! (although not everyone thinks it was a good idea...)

iSec has published a brief report [pdf] into the widely-reported "Aurora" attacks on Google (and others) that allegedly orginated from the Chinese Government. The report provides an interesting insight into a recent sophisticated attack that I suspect few organizations would have been able to repel, and is well worth reading.

An important point from the end of the report is that the:
"...most interesting aspect of this incident is that a number of small to medium sized companies now join the ranks of major defense contractors, utilities and major software vendors as potential victims of extremely advanced attackers. This is concerning for many reasons, not the least of which is that even most Fortune-500 companies will not be able to assemble security teams with the diversity of skills necessary to respond to this type of incident."