Tag Archives: crome

Google, Tech

Google boosts Web bug bounties to $20,000

Increases payments for bugs in core sites, services and Web apps

Computerworld – Google today dramatically raised the bounties it pays independent researchers for reporting bugs in its core websites, services and online applications.

The search giant boosted the maximum reward from $3,133 to $20,000, and added a $10,000 payment to the program.

The Vulnerability Reward Program (VRP) will now pay $20,000 for vulnerabilities that allow remote code execution against google.com, youtube.com and other core domains, as well as what the company called “highly sensitive services” such as its search site, Google Wallet, Gmail and Google Play.

Remote code flaws found in Google’s Web apps will also be rewarded $20,000.

The term “remote code execution” refers to the most serious category of vulnerabilities, those which when exploited allow an attacker to hijack a system and/or plant malware on a machine.
MCTS Training, MCITP Trainnig

Best Microsoft MCTS Certification, Microsoft MCITP Training
at certkingdom.com
A $10,000 bounty will be paid for SQL injection bugs or “significant” authentication bypass or data leak vulnerabilities, Google said in the revised rules for the program.

Other bugs, including cross-site scripting (XSS) and cross-site request forgery (XSRF) flaws, will be compensated with payments between $100 and $3,133, with the amount dependent on the severity of the bug and where the vulnerability resides.

Google explained the higher bounties as ways “to celebrate the success of this [program] and to underscore our commitment to security.”

The website and web app reward program debuted in November 2010, and followed Google’s January 2010 launch of a bug bounty program for its Chrome browser. Google paid out about $180,000 in Chrome bounties last year.

The maximum award for reported Chrome vulnerabilities remains at $3,133, Google confirmed today.

Since VRP’s introduction, Google today said it has received more than 780 eligible bug reports, and in just over a year, paid out around $460,000 to approximately 200 researchers.

“We’re confident beyond any doubt the program has made Google users safer,” said Adam Mein, a Google security program manager, and Michal Zalewski, a engineer on the Google security team, in a Monday post to a company blog.

Google has shown that upping bounty payments will shake loose vulnerabilities it wasn’t aware existed.

Last month, the company wrote $60,000 checks to two researchers at Pwnium, the Chrome hacking contest it ran at the CanSecWest security conference in Vancouver, British Columbia.

Both researchers revealed bugs and associated attack code that demonstrated how hackers could escape the browser’s isolating, anti-exploit “sandbox, to hijack the browser and plant malware on a machine.

Apple, Google, Microsoft, Tech

Essential browser tools for Web developers

Essential browser tools for Web developers
What the professionals use and recommend to their colleagues

Computerworld – Out of the thousands of cool add-ons out there for Firefox, Chrome and other popular Web browsers, only a select few make it onto the desktops of professional Web developers and designers. Which are the most useful for the day-to-day work of designing and developing websites?

Browser tools for Web devs

Code inspection, editing and debugging
Design assistance
Enhancing performance
Handy utilities
Boosting SEO
Collaboration

 

MCTS Training, MCITP Trainnig

Best Microsoft MCTS Certification, Microsoft MCITP Training at certkingdom.com

Computerworld asked more than 20 professionals from across the country what they recommend to their colleagues and why. While they stuck mostly with free browser extensions, they couldn’t resist throwing in a few highly useful tools and services that are accessed via a browser rather than being true add-ons.

Here’s their hot list, where you’ll find some old favorites and, we hope, discover some new tools for your arsenal.
Code inspection, editing and debugging

These three tools make the job of viewing website code and prototyping page changes fast and easy. No need to touch the live code until you’re ready to commit to changes.

What it does: Inspects, edits and debugs website code within your browser.

Who recommends it:
• Matt Mayernick, vice president of Web development, Hudson Horizons in Saddle Brook, N.J.
• Josh Singer, president, Web312 in Chicago
• Richard Kesey, president and founder, Razor IT in Syracuse, N.Y.
• Ryan Burney, lead Web developer, 3 Roads Media in Greenwood Village, Col.

Why it’s cool: Probably the best known of all the tools listed here, “Firebug is the greatest add-on ever created,” Mayernick says. It’s not just the fact that Firebug lets developers inspect website code and elements, but how it helps with debugging that makes the tool great. “If I am writing JavaScript that’s changing the background color in a row, Firebug will show what’s happening to the CSS code in real time,” he says.
Firebug
Firebug displays the page’s HTML code in the lower left window and its CSS data in the lower right. Click to view larger image.

Firebug inspects the code by presenting the HTML and the CSS code in two side-by-side windows. “Firebug is indispensable. What’s cool is you can turn styles on or off or add styles on the fly. It lets me make changes live on the page without having to save or reload the files,” says Burney.

“It’s great for finding JavaScript errors,” adds Kesey. “When you click on an Ajax link, it reads out what the action is and gives you the response in an https: format so you can see what the headers were and what’s happening behind the scenes.”
Web Developer
Author: Chris Pederick
Browsers supported: Chrome, Firefox
Price: Free
Where to get it: Install Web Developer for Chrome or Web Developer for Firefox

What it does: Provides a toolkit for viewing, editing and debugging websites.

Who recommends it:
• Darrell Armstead, mobile developer, DeepBlue in Atlanta
• Jen Kramer, senior interface developer, 4Web in Keene, N.H.

Why it’s cool: “I love Web Developer because of the control it gives me over any site. It gives me the ability to strip a site down to its core, and lets me modify and tweak things to get it looking and working the way I want it to,” Armstead says. But that’s not all he likes: “I love the Outline Block Level Elements feature because it gives me a visual representation of how a site is built on the front end.”
Web Developer add-on
Web Developer displays the style sheets associated with a page and lets you edit them to quickly see how changes will look before actually making any changes to the website’s code. (Credit: Jen Kramer)
Click to view larger image.

Kramer chimes in: “What I like about it is the ability to look at CSS. It shows all of the style sheets available on the page, and I can edit those on the fly and see how it looks in the browser,” she says. “That’s particularly helpful to me because I work with content management systems. It allows me to style what’s being sent to the browser.

“Firebug has something similar, but I find it more difficult to use. It’s much harder to get a style sheet out of Firebug and into Joomla,” Kramer adds. For me, Web Developer works better.”
Google Chrome Developer Tools
Author: Google
Browser supported: Chrome
Price: Free
Where to get it: Included with the Chrome browser. Right-click on any Web page in Chrome and choose “Inspect Element,” or choose View –> Developer –> Developer Tools from the menu.

What it does: Provides tools for inspecting, editing and debugging website code.

Who recommends it:
• Jason Hipwell, managing director, Clikzy Creative in Alexandria, Va.
• Shaun Rajewski, lead developer at Web Studios in Erie, Pa.
• Ryan Burney, 3 Roads Media

Why it’s cool: Developer Tools is Google’s answer to Firebug for Firefox, but there’s no add-on to download: Google built it right into the Chrome browser.

“It is my favorite ‘extension’ because of its intuitive design, with HTML on the left, CSS on the right,” says Hipwell. “Inspect Element will highlight elements on a page as you hover over them, which makes it easy to find the div tag I am looking for. It gives me the ability to see changes on a live site, but those changes exist only on my local computer, making it a perfect testing environment. Its simplicity is really what makes the tool so effective.”
Chrome Developer Tools
Using Chrome Developer Tools, Clikzy’s Jason Hipwell has replaced the Computerworld logo with his own in just a few clicks. (Credit: Clikzy Creative) Click to view larger image.

Rajewski is also a big fan. “Developer Tools allows you to see the final output of what is rendered to [the] screen, and has the ability to highlight individual elements, view the elements’ CSS tags and inherited tags, and make ‘live’ changes to the code to see what it looks like in the browser without making file changes,” he says.

“One nice thing about Chrome’s Developer Tools is that it will give you the dimensions of things,” says Burney. Click on the image URL and up pops the image with the associated link, image dimensions and file type displayed. That’s something Firebug doesn’t do, he says. “Being able to know at a glance the dimensions of an object, that’s a big time saver.”

MCTS Training, MCITP Trainnig

Best Microsoft MCTS Certification, Microsoft MCITP Training at certkingdom.com

MCITP, mcitp certification, MCITP Training, MCSE, MCSE Certification, MCSE Training, Microsoft, Windows 7

Best Networking Tweaks for Windows Server, Vista and XP

Like most Sys Admins, my job includes managing both Linux and Windows machines. This is the start of a two-part series regarding tweaks I have found for networking in each type of system. First up: Windows.

I have labeled my findings based on where you’ll find it: either as an operating system feature, or in the device manager of the Ethernet adapter you’re using.
IPv6 tunneling, TCP, gigabit adapters and more will all work better with these simple adjustments

Best Microsoft MCTS Training – Microsoft MCITP Training at Certkingdom.com


Driver: Interrupt Coalescing / Moderation

Gigabit adapters in particular implement new algorithms to try to accommodate different forms of network traffic: especially when a good portion of it may not need that kind of speed (think web-facing adapters on 10/100 lines). However, it has been my own experience that Quickbooks can be particularly jumpy with this feature enabled. It goes by several different names (depends on the vendor) but you should only need to leave this on if you’re using a gigabit interface on an Internet-facing server.

Driver: Offloading (IP / TCP / UDP)

Many adapter drivers come with a form of offload engine for layer 3 or 4 protocols; there is also a “Large Segment Offload” feature on some adapters. These features are meant to reduce CPU overhead by having the network adapter do more of the work: however, a lot of network adapters are sub-par, and there is no harm in having the CPU do these tasks (disabling the offloads) for anything short of a server-grade adapter. The exception would be checksum offloading: that seems to be easily doable by any hardware.

2003 & Older: SMB tweaking

Microsoft has offered a set of registry tweaks that should improve file sharing performance on older Windows systems: they will have little or no impact on newer systems, for they use SMB version 2.

XP & Newer: Automatic IPv6 Tunneling

At GoGoNet Live, I was fortunate to question a Cisco engineer that took credit for having Windows implement automatic tunneling with XP and newer: he believed that providing IPv6 access, “native” or not, would spur application developers to honor API changes and continue to embrace the new protocol. Now that 2010 is almost out: 6to4 has been maligned by Google and Apple for breaking website access; ISATAP can be hard to work with; Teredo tunneling can be hit or miss (Microsoft does host some servers for use); and that desired application uptake has been largely ignored by the likes of Pidgin, Steam, and others. The speaker can be forgiven that his intentions went awry, when quite a few people (Linux and Windows) think the best way to handle IPv6 is to turn it off completely. Fortunately, you don’t have to slay the IPv6 beast: its a known fact we’ll be living with it starting in 2011, like it or not.

1. Commands to use on an “administrator” command prompt…
netsh interface ipv6 6to4 set state state=disabled
netsh interface ipv6 isatap set state state=disabled
netsh interface ipv6 set teredo disable

2. On Windows XP systems, you can also disable the “IP Helper” service: however, you’ll lose use of the portproxy function.

3. If you want to use IPv6, and your ISP doesn’t have it, consider free (and stable) tunnel services from HE, GoGoNet, and SixXS.

XP x64 & Server 2003: Compound TCP

With the Vista networking stack, a modified TCP stack was introduced. I use this “Compound TCP” when I can on the newer systems: fortunately, it has been backported to the 2003-based systems via hotfix 949316.

Vista & Newer: Standard Networking Tweaks

1. I make prudent use of Compound TCP, TCP timestamping, and TCP Chimney: the latter is a function of Windows that does partial TCP offloading when able. At the “administrator” command prompt…
netsh interface tcp set global congestion=ctcp
netsh interface tcp set global time=enabled
netsh interface tcp set global chimney=enabled

2. I prefer not to use IPv6 privacy addressing for troubleshooting purposes; it can be disabled with the following command…
netsh interface ipv6 set privacy state=disable

3. There is an additional tweak that can help deal with proper traffic routing: however, many routers don’t implement it correctly, and Battlefield Heroes doesn’t like it at all. Use at your caution.
netsh interface tcp set global ecn=enabled

And there you have … my list of favorite tweaks. Next up: Linux.