Katelyn  Heller

Katelyn Heller

1621484160

Abusing iframes to Steal Cookies - Google CTF

A video writeup on one of the web challenges from the recent Google CTF 2019.

🔗 Links
• Google CTF: https://capturetheflag.withgoogle.com

#web-development #developer

What is GEEK

Buddha Community

Abusing iframes to Steal Cookies - Google CTF
Jon  Gislason

Jon Gislason

1619247660

Google's TPU's being primed for the Quantum Jump

The liquid-cooled Tensor Processing Units, built to slot into server racks, can deliver up to 100 petaflops of compute.

The liquid-cooled Tensor Processing Units, built to slot into server racks, can deliver up to 100 petaflops of compute.

As the world is gearing towards more automation and AI, the need for quantum computing has also grown exponentially. Quantum computing lies at the intersection of quantum physics and high-end computer technology, and in more than one way, hold the key to our AI-driven future.

Quantum computing requires state-of-the-art tools to perform high-end computing. This is where TPUs come in handy. TPUs or Tensor Processing Units are custom-built ASICs (Application Specific Integrated Circuits) to execute machine learning tasks efficiently. TPUs are specific hardware developed by Google for neural network machine learning, specially customised to Google’s Machine Learning software, Tensorflow.

The liquid-cooled Tensor Processing units, built to slot into server racks, can deliver up to 100 petaflops of compute. It powers Google products like Google Search, Gmail, Google Photos and Google Cloud AI APIs.

#opinions #alphabet #asics #floq #google #google alphabet #google quantum computing #google tensorflow #google tensorflow quantum #google tpu #google tpus #machine learning #quantum computer #quantum computing #quantum computing programming #quantum leap #sandbox #secret development #tensorflow #tpu #tpus

What Are Google Compute Engine ? - Explained

What Are Google Compute Engine ? - Explained

The Google computer engine exchanges a large number of scalable virtual machines to serve as clusters used for that purpose. GCE can be managed through a RESTful API, command line interface, or web console. The computing engine is serviced for a minimum of 10-minutes per use. There is no up or front fee or time commitment. GCE competes with Amazon’s Elastic Compute Cloud (EC2) and Microsoft Azure.

https://www.mrdeluofficial.com/2020/08/what-are-google-compute-engine-explained.html

#google compute engine #google compute engine tutorial #google app engine #google cloud console #google cloud storage #google compute engine documentation

Embedding your <image> in google colab <markdown>

This article is a quick guide to help you embed images in google colab markdown without mounting your google drive!

Image for post

Just a quick intro to google colab

Google colab is a cloud service that offers FREE python notebook environments to developers and learners, along with FREE GPU and TPU. Users can write and execute Python code in the browser itself without any pre-configuration. It offers two types of cells: text and code. The ‘code’ cells act like code editor, coding and execution in done this block. The ‘text’ cells are used to embed textual description/explanation along with code, it is formatted using a simple markup language called ‘markdown’.

Embedding Images in markdown

If you are a regular colab user, like me, using markdown to add additional details to your code will be your habit too! While working on colab, I tried to embed images along with text in markdown, but it took me almost an hour to figure out the way to do it. So here is an easy guide that will help you.

STEP 1:

The first step is to get the image into your google drive. So upload all the images you want to embed in markdown in your google drive.

Image for post

Step 2:

Google Drive gives you the option to share the image via a sharable link. Right-click your image and you will find an option to get a sharable link.

Image for post

On selecting ‘Get shareable link’, Google will create and display sharable link for the particular image.

#google-cloud-platform #google-collaboratory #google-colaboratory #google-cloud #google-colab #cloud

Tyrique  Littel

Tyrique Littel

1603450800

Chrome 86 Aims to Bar Abusive Notification Content

Google has added a new feature to Chrome 86 that aims to stomp out abusive notification content.

Web notifications are utilized for a variety of applications – such as prompting site visitors to sign up for newsletters. However, they can also be misused for phishing, malware or fake messages that imitate system notifications for the purpose of generating user interactions. Google has taken steps to battle this issue by automatically blocking the web notifications that display abusive or misleading content.

When visitors encounter a webpage with malicious notification content, the webpage will be blocked and a Chrome alert on the upper navigation bar will warn them that the website might be trying to trick them into displaying intrusive notifications. It will ask them to “Continue Blocking” or “Allow” – the latter option will let users continue on to the webpage.

“Abusive notification prompts are one of the top user complaints we receive about Chrome,” according to PJ McLachlan, product manager with Google, on Wednesday. “Our goal with these changes is to improve the experience for Chrome users and to reduce the incentive for abusive sites to misuse the web-notifications feature.”

In order to detect sites that send abusive notification content, Google will first subscribe occasionally to website push notifications (if the push permission is requested) via its automated web crawling service.

Notifications that are sent to the automated Chrome instances will be evaluated for abusive content, and sites sending abusive notifications will be flagged for enforcement if the issue is unresolved, said Google.

When a site is found to be in “failing” status for any type of notification abuse, Google will send a warning email to the registered owners of the site 30 days before cracking down. During this time, websites can address the issue and request another review.

Google first implemented controls that went against abusive notifications with Chrome 80, when it introduced a “quiet notification permission UI [user interface]” feature. Then, in Chrome 84, it announced auto-enrollment in quiet notification UI for websites with abusive-notification permission requests, such as sites that use deceptive patterns to request notification permissions.

However, the new enforcement in Chrome 86 takes it a step further by focusing “on notification content and is triggered by sites that have a history of sending messages containing abusive content,” said Google. “This treatment applies to sites that try to trick users into accepting the notification permission for malicious purposes, for example sites that use web notifications to send malware or to mimic system messages to obtain user login credentials.”

In an upcoming release, Chrome will revert the notification permission status from “granted” to “default” for abusive origins, preventing further notifications unless the user returns to the abusive origin and re-enables them. That’s because “prior to the release of Chrome’s abusive notifications protections, many users have already unintentionally allowed notifications from websites engaging in abusive activity,” it said.

Google this week also warned of an update to its Chrome browser that patches a zero-day vulnerability in the software’s FreeType font rendering library that was actively being exploited in the wild.

#web security #abusive content #abusive notifications #blocking #browser #browser notifications #chrome 80 #chrome 84 #chrome 86 #google #google chrome #malicious notification #safe browsing #web security

Pink  Rosenbaum

Pink Rosenbaum

1597228207

Google Fixes Mysterious Audio Recording Blip in Smart Speakers

Google Home devices reportedly recorded noises even without the “Hey Google” prompt due to the inadvertent rollout of a home security system feature.

After Google Home users started receiving mysterious alerts when their fire alarms went off or their plates smashed in their homes, Google acknowledged that it accidentally rolled out a feature causing the smart devices to record sounds without the voice prompt.

Reports of the privacy faux pas began after one Reddit user reported earlier in August that Google sent him a phone notification saying that the smoke detector in his home had been triggered. Others said they were notified of possible glass breaking when some dishes broke or when they were watching television. These reported incidents surprised Google Home users as the devices are only supposed to record audio when prompted with specific commands, including “Hey Google” or “OK Google.”

Google for its part said that the alerts are part of a subscription service called “Nest Aware,” first launched in May. As part of this service, users of Google cameras, speakers and displays can pay for the devices to detect any “critical” sound in their home and send them an alert on their phones while they are away from their homes. But, while users can sign up for service, Google said that the feature was inadvertently turned on for some users.

“We are aware of an issue that inadvertently enabled sound detection alerts for sounds like smoke alarms or glass breaking on speakers that are not part of a Nest Aware subscription,” a Google spokesperson told Threatpost. “The issue was caused by a recent software update and only impacted a subset of Google Home, Google Home Mini, and Google Home Max speakers. We have since rolled out a fix that will automatically disable sound detection on devices that are not part of Nest Aware.”

#iot #privacy #adt #google #google home #google nest #google privacy #security #smart home