Monthly Archives: October 2016

Distrusting WoSign and StartCom Certificates


Certificate Authorities (CAs) play a key role in web security by issuing digital certificates to website operators. These certificates are trusted by browsers to authenticate secure connections to websites. CAs who issue certificates outside the policies required by browsers and industry bodies can put the security and privacy of every web user at risk.

Google has determined that two CAs, WoSign and StartCom, have not maintained the high standards expected of CAs and will no longer be trusted by Google Chrome, in accordance with our Root Certificate Policy. This view is similar to the recent announcements by the root certificate programs of both Apple and Mozilla. The rest of this post provides background to that decision and how we plan to minimize disruption while still protecting users.

Background

On August 17, 2016, Google was notified by GitHub's security team that WoSign had issued a certificate for one of GitHub's domains without their authorization. This prompted an investigation, conducted in public as a collaboration with Mozilla and the security community, which found a number of other cases of WoSign misissuance.

The investigation concluded that WoSign knowingly and intentionally misissued certificates in order to circumvent browser restrictions and CA requirements. Further, it determined that StartCom, another CA, had been purchased by WoSign, and had replaced infrastructure, staff, policies, and issuance systems with WoSign's. When presented with this evidence, WoSign and StartCom management actively attempted to mislead the browser community about the acquisition and the relationship of these two companies. For both CAs, we have concluded there is a pattern of issues and incidents that indicate an approach to security that is not in concordance with the responsibilities of a publicly trusted CA.
Action

Beginning with Chrome 56, certificates issued by WoSign and StartCom after October 21, 2016 00:00:00 UTC will not be trusted. Certificates issued before this date may continue to be trusted, for a time, if they comply with the Certificate Transparency in Chrome policy or are issued to a limited set of domains known to be customers of WoSign and StartCom.

Due to a number of technical limitations and concerns, Google Chrome is unable to trust all pre-existing certificates while ensuring our users are sufficiently protected from further misissuance. As a result of these changes, customers of WoSign and StartCom may find their certificates no longer work in Chrome 56.

In subsequent Chrome releases, these exceptions will be reduced and ultimately removed, culminating in the full distrust of these CAs. This staged approach is solely to ensure sites have the opportunity to transition to other Certificate Authorities that are still trusted in Google Chrome, thus minimizing disruption to users of these sites. Sites that find themselves on this whitelist will be able to request early removal once they’ve transitioned to new certificates. Any attempt by WoSign or StartCom to circumvent these controls will result in immediate and complete removal of trust.

We remain committed to ensuring the safety and privacy of Google Chrome users. We appreciate the impact to users visiting sites with affected certificates and to the operators who run these sites, but the nature of these incidents, and the need to protect our users, prevent us from being able to take less disruptive steps.

Uncovering the Truth Behind the Salem Witch Trials with Google Expeditions

As a teacher from Danvers, MA, a town once known as Salem Village, I have been teaching the Salem Witch Trials to my students for years. Students often have difficulty understanding the gravity of what happened in their own backyard until they see the sites themselves during their 4th grade local history tours.

This year, when it came to covering the trials in our classroom, we incorporated a lesson from Google Expeditions allowing students to go through the sites in Danvers tied directly to the Trials again, but this time virtually. Seeing these sites within the classroom gave our students context, allowing them to see the physical places where these events unfolded while we discussed them. This in-classroom experience facilitated a deeper conversation into the mentality of the time. Mandi, an 11th grade student, said that the Expedition “brought a whole new level of understanding to what we are learning”. “It’s almost like we’re there in person” added 11th grader Sarah.

[edu] SalemVillageBlog.jpg

Now, you don’t need to be in from Massachusetts to experience these sites. The new Expeditions invite you to explore the landmarks from the Trials including the Witch House, the home of Witch Trials Judge Jonathan Corwin, and The House of Seven Gables, which tells the story of the writer Nathaniel Hawthorne and his connection to the events of the Salem Witch Trials. This Halloween, students everywhere can take part in learning about this chapter of history.

Students can also experience a new Expedition for another holiday that falls this week, Day of the Dead. Dia de Muertos, or Day of the Dead, is a two-day holiday that is celebrated throughout Mexico when families honor the role of death in life and connect with those who have died. Far from being a sad occasion, Dia de Muertos is colorful, humorous, and joyful. In this Expedition, students can visit sites like the Mexico City Plaza de las Tres Culturas, The Museo de la Muerte and The Dolores Olmedo Museum.

[edu] DayoftheDeadBlog.jpg

This Fall, these Expedition experiences will allow students to explore their world and bring deeper meaning to their classroom discussions.

Source: Education


Uncovering the Truth Behind the Salem Witch Trials with Google Expeditions

As a teacher from Danvers, MA, a town once known as Salem Village, I have been teaching the Salem Witch Trials to my students for years. Students often have difficulty understanding the gravity of what happened in their own backyard until they see the sites themselves during their 4th grade local history tours.

This year, when it came to covering the trials in our classroom, we incorporated a lesson from Google Expeditions allowing students to go through the sites in Danvers tied directly to the Trials again, but this time virtually. Seeing these sites within the classroom gave our students context, allowing them to see the physical places where these events unfolded while we discussed them. This in-classroom experience facilitated a deeper conversation into the mentality of the time. Mandi, an 11th grade student, said that the Expedition “brought a whole new level of understanding to what we are learning”. “It’s almost like we’re there in person” added 11th grader Sarah.

[edu] SalemVillageBlog.jpg

Now, you don’t need to be in from Massachusetts to experience these sites. The new Expeditions invite you to explore the landmarks from the Trials including the Witch House, the home of Witch Trials Judge Jonathan Corwin, and The House of Seven Gables, which tells the story of the writer Nathaniel Hawthorne and his connection to the events of the Salem Witch Trials. This Halloween, students everywhere can take part in learning about this chapter of history.

Students can also experience a new Expedition for another holiday that falls this week, Day of the Dead. Dia de Muertos, or Day of the Dead, is a two-day holiday that is celebrated throughout Mexico when families honor the role of death in life and connect with those who have died. Far from being a sad occasion, Dia de Muertos is colorful, humorous, and joyful. In this Expedition, students can visit sites like the Mexico City Plaza de las Tres Culturas, The Museo de la Muerte and The Dolores Olmedo Museum.

[edu] DayoftheDeadBlog.jpg

This Fall, these Expedition experiences will allow students to explore their world and bring deeper meaning to their classroom discussions.

Beta Channel Update for Chrome OS

The Beta channel has been updated to 55.0.2883.29 (Platform version: 8872.27.0) for all Chrome OS devices except Cr-48 and some Acer C7 Chromebooks. This build contains a number of bug fixes, security updates and feature enhancements. A list of changes can be found here.

If you find new issues, please let us know by visiting our forum or filing a bug. Interested in switching channels? Find out how. You can submit feedback using ‘Report an issue...’ in the Chrome menu (3 vertical dots in the upper right corner of the browser).

Bernie Thompson
Google Chrome

Keeping the Play Store trusted: fighting fraud and spam installs

Posted by Kazushi Nagayama, Search Quality Analyst, and Andrew Ahn, Product Manager

We strive to continuously make Google Play the best platform for enjoying and discovering the most innovative and trusted apps. Today we are announcing additional enhancements to protect the integrity of the store.

Our teams work every day to improve the quality of our discovery systems. These content discovery systems ensure that users can find and download apps they will love. From time to time, we observe instances of developers attempting to manipulate the placement of their apps through illegitimate means like fraudulent installs, fake reviews, and incentivized ratings. These attempts not only violate the Google Play Developer Policy, but also harm our community of developers by hindering their chances of being discovered or recommended through our systems. Ultimately, they put the end users at risk of making wrong decisions based on inaccurate, unauthentic information.

Today we are rolling out improved detection and filtering systems to combat such manipulation attempts. If an install is conducted with the intention to manipulate an app's placement on Google Play, our systems will detect and filter it. Furthermore, developers who continue to exhibit such behaviors could have their apps taken down from Google Play.

In the vast majority of cases, no action will be needed. If you are asking someone else to promote your app (e.g., third-party marketing agency), we advise you to make sure that the promotion is based on legitimate practices. In case of questions, please check out the Developer Support Resources.

These important changes will help protect the integrity of Google Play, our developer community, and ultimately our end user. Thank you for your support in building the world's most trusted store for apps and games!

Disclosing vulnerabilities to protect users


On Friday, October 21st, we reported 0-day vulnerabilities — previously publicly-unknown vulnerabilities — to Adobe and Microsoft. Adobe updated Flash on October 26th to address CVE-2016-7855; this update is available via Adobe's updater and Chrome auto-update.

After 7 days, per our published policy for actively exploited critical vulnerabilities, we are today disclosing the existence of a remaining critical vulnerability in Windows for which no advisory or fix has yet been released. This vulnerability is particularly serious because we know it is being actively exploited.

The Windows vulnerability is a local privilege escalation in the Windows kernel that can be used as a security sandbox escape. It can be triggered via the win32k.sys system call NtSetWindowLongPtr() for the index GWLP_ID on a window handle with GWL_STYLE set to WS_CHILD. Chrome's sandbox blocks win32k.sys system calls using the Win32k lockdown mitigation on Windows 10, which prevents exploitation of this sandbox escape vulnerability.

We encourage users to verify that auto-updaters have already updated Flash — and to manually update if not — and to apply Windows patches from Microsoft when they become available for the Windows vulnerability.

Using TensorFlow and JupyterHub in Classrooms

We’ve published a new solution and a companion GitHub repository that guides you through setting up a Google Container Engine cluster to run JupyterHub to automatically provision secure Jupyter containers for each user in a classroom or team. Don’t let the title of this article mislead you, not only does it use TensorFlow and JupyterHub, it’s actually an open source and cloud smorgasbord based on the Jupyter and Kubernetes platforms.



Jupyter is a powerful open source technology that gives you a platform to write and execute code to analyze, visualize and share the discoveries you find in your big data set. You can download a number of different Docker images preconfigured with many different notebook extensions and software packages to help you on any kind of data-science quest.

If you’re exploring on your own, and really want to get started quickly, you can get this all running on your local computer, but what if you want to take your expertise and lead a classroom of people along the same path? You have to either configure everything for them or walk them through configuring their own machines with all the required software.

This is where JupyterHub comes in, as a management layer in front of Jupyter instances, allowing you to configure users, using custom authentication, and giving you a Python interface to spawn new Jupyter instances for each user. Even with JupyterHub, you still need a way to provision physical and virtual hardware for the students.

Enter Kubernetes, an open source system for automating deploying, scaling and managing containerized applications. Google Container Engine is a fully managed service based on Kubernetes, allowing you to create clusters easily on Google Cloud Platform.

This solution comes with a JupyterHub Spawner class that allows it to create Kubernetes Pods, which are Docker images running Jupyter, for each user. It also comes with all the automation scripts required to create a Container Engine cluster and let you easily customize your setup.

When your students log into JupyterHub using Google OAuth2, they can choose from a list of several pre-built Jupyter images, including a newly updated “datalab-jupyter” image, which comes with the Google Datalab open source notebook extension enabling integration with BigQuery, Google Cloud ML, StackDriver, and it also has TensorFlow and the Apache Beam Python SDK for Google Cloud DataFlow installed.  Users can also choose to run any of the pre-configured Jupyter docker-stack images, or you can build your own Docker images to run any special libraries or Jupyter configurations you want.

We hope that this solution allows you to get your classroom or team environment running quickly so you can focus on learning rather than configuring machines.

By Brad Svee, Cloud Solutions Architect

Transfer data from one user to another with the Google Admin app for Android

You can now transfer data from one user to another in the Google Admin Android app, much like you can in the web-based Admin console. The process can be initiated from the User List page or the User Details page and can be done as a standalone action, before suspending a user, or before deleting a user. Just like on the web, you can transfer Google Drive files and Google+ pages. For more detailed instructions, please visit the Help Center.



Launch Details
Release track:
Launching to both Rapid release and Scheduled release

Editions:
Available to all G Suite editions

Rollout pace:
Gradual rollout (potentially longer than 3 days for feature visibility)

Impact:
Admins only

Action:
Admin action suggested/FYI

More Information
Help Center: Manage user accounts from an Android device


Launch release calendar
Launch detail categories
Get these product update alerts by email
Subscribe to the RSS feed of these updates

U.S. election results LIVE on YouTube

From candidates announcing their run for office to the political conventions, you’ve come to YouTube to get informed on the U.S. election.

In fact, over the past few weeks you spent over 20 million hours watching - and rewatching - the presidential debate live streams on YouTube. That’s the equivalent of over 2,288 years of time!

With just over a week until election day, all eyes are on the candidates as they work to earn your vote. As in 2012, YouTube is back live streaming election results coverage and this year, you can choose from more news organizations than ever before.

Head to YouTube starting at 7 p.m. ET on Tuesday, November 8, and select your favorite news channel to follow all the action:


Also, tune in to a special election night event at YouTube Space NY, where host Complex News will deliver live results coverage and celebrate the momentous occasion.

If you haven’t already sent in your ballot, head to Google, search “how to vote” and get all the info you need to make your voice heard.

Brandon Feldman, YouTube News and Politics, recently watched ”U.S. Government & Politics

Source: YouTube Blog


Global Spotlight: The untapped potential for content in Hindi

More and more users from all over the world are gaining access to information online. For current AdSense publishers, this presents an opportunity to grow your audience globally. Our  Global Spotlight series is designed to help educate, inspire, and provide you with insights into how you can grow your business and share your content in emerging markets.

We’re happy to continue our Global Spotlight and bring you to India, a nation with the second largest population in the world and a large percentage of the population coming online for the first time.

Think with Google published a thought provoking article titled Why Hindi Matters in the Digital Age and left us with a key takeaway:

“With nearly 500M Hindi speakers in India and around the world, businesses that invest in Hindi content today stand to gain a whole new set of consumers tomorrow.”

Today we’ll look at the untapped potential for original content that’s created in Hindi for a Hindi audience. This graphic, from the article Why Hindi Matters in the Digital Age accurately represents the opportunity to create Hindi content for Hindi speaking users.



So if you have a large user base in India or if you’re looking to grow in this strategic emerging market, catering your content to Hindi speakers is key. Check out this infographic to learn more:

Keen to start creating? Here’s three things you can do to start publishing Hindi content online:

1. Create Hindi content that is unique and provides value to your users.You know the importance of doing your research to better understand the market, so use those same tools (Google Trends in Search and YouTube) to identify trending content for Hindi speakers: Entertainment, News, Jobs/Education, Sports esp. Kabbadi & Wrestling!. You can also see a selection of high quality Hindi content from fellow publishers at hindiweb.com.

2. Get a professional translation, or have a native speaker review content.If you plan to translate your site for Hindi speakers, ensure you provide high quality and accurate translations. Avoid auto-translation as it risks a low quality user experience. Check out these Webmaster Quality Guidelines to learn more.

3. Use Devanagari script. Access up to 40 free, beautiful fonts for publishing your Hindi content and benefit from better indexing of your site. Select Devanagari script at Google Fonts to add fonts to your collection.




Learn more about this opportunity and many others by joining our live Hangout on Air session on November 17th, 2016. We’ll talk through best practices and share ways for you to grow your business. Be sure to register here. If you’re new to monetizing your content in India, start turning your #PassionIntoProfit today by signing up for Google AdSense.
In our next few blog posts, we’ll be sharing with you a 3-step strategy to start expanding your business to India, or building a new site for an Indian audience. In the meantime, check out the other posts from our Global Spotlight series.

Posted by: Jatin Nagpal, from the AdSense team

Source: Inside AdSense