Hackers Exploit Software Bugs For 10 Months On Average Before They're Exposed
SHARE:
Symantec's chart shows a distribution of zero-day exploits based on how long they persist before being discovered. The average is close to 10 months. (Click to enlarge.)
Software vendors are constantly on the watch for so-called “zero day” vulnerabilities–flaws in their code that hackers find and exploit before the first day companies become aware of them. But the term “zero-day” doesn’t capture just how early hackers’ head-starts often are: Day zero, it seems, often lasts more than 300 days.
That’s one of the findings of a broad study of hackers’ zero-day exploits by two researchers at the antivirus firm Symantec that they plan to present at the Association for Computing Machinery’s Computer and Communications Security conference in Raleigh, North Carolina this week. Leyla Bilge and Tudor Dumitra used data collected from 11 million PCs running Symantec’s antivirus software to correlate a catalogue of zero-day attacks with malware found on those machines. Using that retrospective analysis, they found 18 attacks that represented zero-day exploits between February 2008 and March of 2010, only seven of which were previously known to have been exploited prior to their public discovery. And most disturbingly, they found that those attacks continued 312 days on average–up to 2.5 years in some cases–before the security community became aware of them.
“In fact, 60% of the zero-day vulnerabilities we identify in our study were not known before, which suggests that there are many more zero-day attacks than previously thought—perhaps more than twice as many,” the researchers write. And they add that their estimate for the average time to discovery of those vulnerabilities may be conservative, too. “While the average duration is approximately 10 months, the fact that all but one of the vulnerabilities disclosed after 2010 remained unknown for more than 16 months suggests that we may be underestimating the duration of zero-day attacks.”
One aspect of zero-day exploits use that’s made them tough to track and count has been how closely targeted they are. Unlike the mass malware infections that typically infect many thousands of machines using known vulnerabilties, the majority of the exploits in Symantec’s study only affected a handful of machines–All but four of the exploits infected less than 100 targets, and four were found on only one computer.
That careful use of zero-day exploits, often reserved for stealthy espionage tactics rather than credit-card harvesting or other for-profit crime, reflects their price. As I reported earlier this year based on conversations with brokers of zero-day exploit code, a single zero-day exploit can cost as much as $250,000, and the fees are often paid in installments based on the vulnerability remaining secret and unpatched.
Unsurprisingly, the study shows that hackers target common software like Microsoft Word, Flash and Adobe Reader. Sixteen of the 18 zero-day exploits discovered and analyzed in the study affected Microsoft and Adobe software.
Symantec's study shows that hackers grab onto new exploits, using them hundreds or thousands of times more often, around the time of their revelation to the public. (Click to enlarge.)
Once a certain vulnerability does come to public light, Symantec’s study shows that hackers quickly pile on to exploit the flaw before it can be fixed by the software’s vendor. In some cases tracked by Symantec, a single exploit jumped from a handful of cases to tens of thousands within days of a bug’s disclosure. (See chart at left.)
Those findings lend some numbers to an issue that’s been a subject of fiery debate in the security community: Whether security researchers should expose vulnerabilities they find to the public or report them privately to the company whose software is affected. Broadcasting bugs to the public, a strategy researchers have labelled “full disclosure,” leads to that spike in attacks before users have access to secure software, as Symantec’s study shows. But in other cases, researchers argue that companies don’t have an incentive to patch bugs reported to them until their users are at risk of being widely attacked. In August, for instance, Oracle waited until thousands of users had been attacked via a bug in its Java program before patching it, despite the fact that Polish researchers had reported the flaw to Oracle four months earlier.
One clear conclusion of Symantec’s study, regardless of that full-disclosure debate, is the value of the benevolent hackers who find and report bugs in software before they’re exploited. Without someone to dig them up and demand they be fixed, those hackable flaws are far more common, and remain secret far longer, than anyone may have realized.
Tuesday, October 16, 2012
Will it work? Social media steps into the spotlight.
With retailers ringing up unusually high sales using Pinterest
—arguably the year’s biggest digital-platform sensation
—marketers are getting ready to pin holiday gift ideas and seasonal content like glittering ornaments to a virtual Pinterest Christmas tree.
“We will post a sharable, interactive gift guide and offer how-to videos and tutorials for looks to help [customers be] party ready,” said Bridget Dolan, Sephora’s vp, digital media. “Pinterest has great potential for the holidays.”
Sephora counts 64,000 followers on Pinterest, a sizable audience for any brand on the young platform—but still not much in terms of social media scale. In contrast, Sephora has 2 million Facebook fans and 712,000 Twitter followers.
But it doesn’t seem to matter how many Pinterest followers brands have; retailers simply hope the buying propensity they’ve seen in recent months continues.
“Our Pinterest referrals spend 70 percent more than nonsocial channels, including search,” said Jane Carpenter, media rep for home furnishings e-retailer Wayfair, which has 1,800 Pinterest followers. “They are 10 percent more likely to purchase when compared to other social channels. And we are on everything—Twitter, YouTube, Facebook.”
Two-and-a-half-year-old Pinterest, per comScore, hit 25 million unique users in September, compared to just 2 million a year ago. Pinterest “is the fastest stand-alone site in U.S. history to reach that [users] level,” said comScore rep Andrew Lipsman.
“It’s been established that more than any other social channel, Pinterest is where folks go to buy stuff,” added Chad White, research director at online marketing firm Responsys. “People don’t go to Twitter to buy products. And it’s well-established that they don’t go to Facebook to buy things.”
Meanwhile, in addition to Sephora’s multimedia pinning plans, merchants have channel-exclusive contests and wish-list tactics in store for the picture-friendly website. Kate Spade New York has 88,000 Pinterest followers and is amped to add the site to its holiday social media mix of Facebook, Twitter, Tumblr and Instagram, said Kristina DiMatteo Fields, digital marketing director for the firm. “We will pin content daily,” she said.
Though not just female-skewed brands are looking to Pinterest for yuletide revenues. MLB Shop, the online store for Major League Baseball (11,000 Pinterest followers), is bolstering resources for the social site. “We are going to put bodies on it to make sure our products and promotions are always there,” said Noah Garden, evp of revenue for Major League Baseball Advanced Media, the digital arm of the pro sports league. “What we are seeing right now are good conversion rates.”
And even the Boston Celtics (4,000 followers) believe Pinterest is a slam-dunk for attracting female holiday shoppers. “Our other digital platforms are roughly 75 percent male, so it lets us target a new fan base,” said Shawn Sullivan, CMO for the NBA franchise. “On average, a Celtics item is repinned 17 times. [That viral] allows us to extend the reach of merchandise to fans who otherwise would not have come to our Pinterest page or online store.”
—arguably the year’s biggest digital-platform sensation
—marketers are getting ready to pin holiday gift ideas and seasonal content like glittering ornaments to a virtual Pinterest Christmas tree.
“We will post a sharable, interactive gift guide and offer how-to videos and tutorials for looks to help [customers be] party ready,” said Bridget Dolan, Sephora’s vp, digital media. “Pinterest has great potential for the holidays.”
Sephora counts 64,000 followers on Pinterest, a sizable audience for any brand on the young platform—but still not much in terms of social media scale. In contrast, Sephora has 2 million Facebook fans and 712,000 Twitter followers.
But it doesn’t seem to matter how many Pinterest followers brands have; retailers simply hope the buying propensity they’ve seen in recent months continues.
“Our Pinterest referrals spend 70 percent more than nonsocial channels, including search,” said Jane Carpenter, media rep for home furnishings e-retailer Wayfair, which has 1,800 Pinterest followers. “They are 10 percent more likely to purchase when compared to other social channels. And we are on everything—Twitter, YouTube, Facebook.”
Two-and-a-half-year-old Pinterest, per comScore, hit 25 million unique users in September, compared to just 2 million a year ago. Pinterest “is the fastest stand-alone site in U.S. history to reach that [users] level,” said comScore rep Andrew Lipsman.
“It’s been established that more than any other social channel, Pinterest is where folks go to buy stuff,” added Chad White, research director at online marketing firm Responsys. “People don’t go to Twitter to buy products. And it’s well-established that they don’t go to Facebook to buy things.”
Meanwhile, in addition to Sephora’s multimedia pinning plans, merchants have channel-exclusive contests and wish-list tactics in store for the picture-friendly website. Kate Spade New York has 88,000 Pinterest followers and is amped to add the site to its holiday social media mix of Facebook, Twitter, Tumblr and Instagram, said Kristina DiMatteo Fields, digital marketing director for the firm. “We will pin content daily,” she said.
Though not just female-skewed brands are looking to Pinterest for yuletide revenues. MLB Shop, the online store for Major League Baseball (11,000 Pinterest followers), is bolstering resources for the social site. “We are going to put bodies on it to make sure our products and promotions are always there,” said Noah Garden, evp of revenue for Major League Baseball Advanced Media, the digital arm of the pro sports league. “What we are seeing right now are good conversion rates.”
And even the Boston Celtics (4,000 followers) believe Pinterest is a slam-dunk for attracting female holiday shoppers. “Our other digital platforms are roughly 75 percent male, so it lets us target a new fan base,” said Shawn Sullivan, CMO for the NBA franchise. “On average, a Celtics item is repinned 17 times. [That viral] allows us to extend the reach of merchandise to fans who otherwise would not have come to our Pinterest page or online store.”
Mobile security. The inevitable comparisons with PC's.
NEW YORK (CNNMoney) -- Security experts haev warned for years that our smartphones are due for a major cyberattack. Like PCs back in the early days -- the 1990s -- mobile phones are largely unprotected by antivirus software, and they're a treasure trove of valuable information.
So why hasn't the smartphone Armageddon happened yet?
Basic economics is one reason. Cyberthieves are making so much money attacking Windows PCs that there hasn't been much incentive to change tactics. It's hard to track down exact statistics on how much money is stolen each year through cyberattacks, but most security experts put the dollar figure in the billions. Once single, recent hack that Verizon (VZ) investigated -- debit card numbers stolen from merchants through secretly installed keyloggers -- resulted in a loss of $20 million.
Microsoft (MSFT) Windows is still the low-hanging fruit. With 92% share of the PC market and a two-thirds share of all Internet-connected devices, Windows is the obvious target to attack if you're a hacker looking to make money.
We're about to hit a tipping point, though. ost people still do their online banking and shopping on their PCs, but those transactions are happening on mobile phones more frequently. Where the money goes, cybercrooks follow.
Here are the scary numbers: Cyberattacks on mobile phones rose by a factor of six this year, according to Intel (INTC) subsidiary McAfee. Four in 10 mobile users will click an unsafe link on a smartphone this year, according to Lookout Security.
Yet less than a fifth of the devices run any antivirus software, according to security research organization SANS. And RSA study shows we're much more likely to click on phishing attacks on mobile devices than we are on PCs.
Still, not even one major cyberattack has hit smartphones. What's up?
The good news is that developers learned from the indtustry's long history of cubersecurity debacles. Smartphone operating systems were built from scratch fairly recently -- not much legacy code here -- and wer designed with strong security protections. Though it's possible, int's incredibly difficult to attack a dvice thorugh one program and then own an entire phone.
Fragmentation is also an unexpected protection. With so many different varieties of Google's (GOOG) Android operating system out there, it's hard to write the right code for a swath of devices.
Even users of Android -- the target of almost all mobile malware -- are far less susceptible to attack than PC users. The growth in mobile threats is dramatic, but the 13,000 different kinds of mobile balware McAfee has found this year is still teeny compared with the 90 million threats it detected for PCs.
Still, experts say it's just a matter of time before mobile catches up.
"The money is in mobile, and that's where they're moving," said Stu Sjouwerman, CEO of KnowBe4, a security training company. "Malware on mobile phones is going to be as prevalent as on the PC. It's inevitable, unfortunately."
Smartphones have become personal computers that travel around with us at all times. Mobile attacks are difficult, and the smartphone space may never be as homogeneous as the PC market, but crooks follow the cash. As smartphones become our primary devices, the cybercriminals' motivation for targeting them grows. All it will take is one slip up by Apple (APPL) or Google.
"What will happen is one of these smartphone makers will release a new OS or browser, and there will be a hole," said Alan Wlausk, the managing partner of WDDInc., a software development company. "An attacker will exploit that. That's going to happen for sure."
So why hasn't the smartphone Armageddon happened yet?
Basic economics is one reason. Cyberthieves are making so much money attacking Windows PCs that there hasn't been much incentive to change tactics. It's hard to track down exact statistics on how much money is stolen each year through cyberattacks, but most security experts put the dollar figure in the billions. Once single, recent hack that Verizon (VZ) investigated -- debit card numbers stolen from merchants through secretly installed keyloggers -- resulted in a loss of $20 million.
Microsoft (MSFT) Windows is still the low-hanging fruit. With 92% share of the PC market and a two-thirds share of all Internet-connected devices, Windows is the obvious target to attack if you're a hacker looking to make money.
We're about to hit a tipping point, though. ost people still do their online banking and shopping on their PCs, but those transactions are happening on mobile phones more frequently. Where the money goes, cybercrooks follow.
Here are the scary numbers: Cyberattacks on mobile phones rose by a factor of six this year, according to Intel (INTC) subsidiary McAfee. Four in 10 mobile users will click an unsafe link on a smartphone this year, according to Lookout Security.
Yet less than a fifth of the devices run any antivirus software, according to security research organization SANS. And RSA study shows we're much more likely to click on phishing attacks on mobile devices than we are on PCs.
Still, not even one major cyberattack has hit smartphones. What's up?
The good news is that developers learned from the indtustry's long history of cubersecurity debacles. Smartphone operating systems were built from scratch fairly recently -- not much legacy code here -- and wer designed with strong security protections. Though it's possible, int's incredibly difficult to attack a dvice thorugh one program and then own an entire phone.
Fragmentation is also an unexpected protection. With so many different varieties of Google's (GOOG) Android operating system out there, it's hard to write the right code for a swath of devices.
Even users of Android -- the target of almost all mobile malware -- are far less susceptible to attack than PC users. The growth in mobile threats is dramatic, but the 13,000 different kinds of mobile balware McAfee has found this year is still teeny compared with the 90 million threats it detected for PCs.
Still, experts say it's just a matter of time before mobile catches up.
"The money is in mobile, and that's where they're moving," said Stu Sjouwerman, CEO of KnowBe4, a security training company. "Malware on mobile phones is going to be as prevalent as on the PC. It's inevitable, unfortunately."
Smartphones have become personal computers that travel around with us at all times. Mobile attacks are difficult, and the smartphone space may never be as homogeneous as the PC market, but crooks follow the cash. As smartphones become our primary devices, the cybercriminals' motivation for targeting them grows. All it will take is one slip up by Apple (APPL) or Google.
"What will happen is one of these smartphone makers will release a new OS or browser, and there will be a hole," said Alan Wlausk, the managing partner of WDDInc., a software development company. "An attacker will exploit that. That's going to happen for sure."
Oh Google. What now?
Google told to fix privacy policy by EU data regulators
CNIL's president said Google might face legal action if it did not make the requested changes
Continue reading the main story
Related Stories
EU demands Google privacy rethink
Google to pay record privacy fine
Privacy watchdog to meet Google
EU watchdogs have said Google must revise its privacy policy.
It follows the firm's decision in March to consolidate 60 separate privacy policies into a single agreement.
The move allowed it to pool data from across its products, including use of its video site YouTube, social network Google+ and smartphone system Android - potentially helping it target adverts.
French data privacy regulator CNIL - which led the inquiry - said the US company had "months" to make changes.
Google has been told it should give clearer information about what data is being collected and for what purpose. It has also been told to give users more control over how the information is combined.
It has been warned that if it took no action, CNIL would "enter a phase of litigation".
Google said it needed more time to provide a detailed response.
"We have received the report and are reviewing it now," said Peter Fleischer, its global privacy counsel.
Rory Cellan-Jones
Technology correspondent
Google had a lot riding on the decision from the EU data protection watchdogs.
The revised privacy policy, which came into force on 1 March, gives its advertisers access to a much richer pool of data from users across its many services.
Now CNIL has issued a critical report on the policy, and called for changes, with a warning that there could be litigation if Google does not respond.
But the search giant has gone into spin mode, pointing out that that its policy has not been ruled illegal and it hasn't been asked to roll it back.
A spokesman was also eager to point out that Microsoft had unveiled a similar privacy code this week.
But Google - like Microsoft before it - is now firmly in the sights of the world's regulators, with an EU competition ruling the next hurdle to clear.
The search firm insists that everything it does is in the interest of its users - its problem is that the world is no longer quite so inclined to see it as a big friendly giant.
"Our new privacy policy demonstrates our long-standing commitment to protecting our users' information and creating great products. We are confident that our privacy notices respect European law."
Although Google has not been directly accused of acting illegally, it has been accused of providing "incomplete and approximate" details raising "deep concerns about data protection and the respect of the European law".
French investigation
CNIL carried out the investigation into Google on behalf of the 27 members of the European Union. Although Greece, Romania and Lithuania have yet to sign up to the findings, non-EU states Croatia and Liechtenstein have done so.
After studying Google's revised policy in depth, the agency said it believed Google had failed to place any limit on the "scope of collection and the potential uses of the personal data", meaning it might be in breach of several of the bloc's data protection principles.
Specifically, CNIL said it was unhappy that users were unable to determine or control what kinds of data were being processed and for what use.
It noted that the revised privacy policy did not distinguish between search engine queries, typed-in credit card numbers or telephone communications.
Furthermore it highlighted the wide range of potential uses Google might have for the data including product development, security, advertising and academic research.
It said that EU data protection laws place limits on such activities and proposed the following changes:
Google must "reinforce users' consent". It suggests this could be done by allowing its members to choose under what circumstances data about them was combined by asking them to click on dedicated buttons.
The firm should offer a centralised opt-out tool and allow users to decide which of Google's services provided data about them.
Google should adapt its own tools so that it could limit data use to authorised purposes. For example, it should be able to use a person's collated data to improve security efforts but not to target advertising.
Auke Haagsma, from Microsoft-funded lobby group Icomp on the Google decision
CNIL's president Isabelle Falque-Pierrotin said the company had "three or four months" to make the revisions, otherwise "authorities in several countries can take action against Google".
'Important step'
UK-based privacy campaign group Big Brother Watch welcomed the news.
"It's absolutely right that European regulators focus on ensuring people know what data is being collected and how it is being used," said the organisation's director, Nick Pickles.
"Unless people are aware just how much of their behaviour is being monitored and recorded it is impossible to make an informed choice about using services.
"This ruling is an important step to putting consumers in control of their personal information and ensuring that companies like Google are not able to easily disregard people's privacy in pursuit of more information and greater profits."
The news coincides with Google's test of a new unified search tool that works across several of its products.
Users involved in the trial are able to check through the contents of their Gmail, Google Calendar and Drive cloud storage services through the main search tool on the site's Google.com homepage.
Participants in a trial can do a unified search of Google's Drive file storage service and other services
The pilot is being limited to participants in the US at this time.
Google still faces the results of a separate investigation by the EU into whether it has abused its position as the most popular internet search tool by directing users to its own services by placing them high in its results.
News site Search Engine Land has also reported that the US Federal Trade Commission (FTC) is "strongly considering" its own investigation into whether Google and others have complied with guidelines for the disclosure of information about how paid advertisements appear in search results and whether the rules should be updated.
CNIL's president said Google might face legal action if it did not make the requested changes
Continue reading the main story
Related Stories
EU demands Google privacy rethink
Google to pay record privacy fine
Privacy watchdog to meet Google
EU watchdogs have said Google must revise its privacy policy.
It follows the firm's decision in March to consolidate 60 separate privacy policies into a single agreement.
The move allowed it to pool data from across its products, including use of its video site YouTube, social network Google+ and smartphone system Android - potentially helping it target adverts.
French data privacy regulator CNIL - which led the inquiry - said the US company had "months" to make changes.
Google has been told it should give clearer information about what data is being collected and for what purpose. It has also been told to give users more control over how the information is combined.
It has been warned that if it took no action, CNIL would "enter a phase of litigation".
Google said it needed more time to provide a detailed response.
"We have received the report and are reviewing it now," said Peter Fleischer, its global privacy counsel.
Rory Cellan-Jones
Technology correspondent
Google had a lot riding on the decision from the EU data protection watchdogs.
The revised privacy policy, which came into force on 1 March, gives its advertisers access to a much richer pool of data from users across its many services.
Now CNIL has issued a critical report on the policy, and called for changes, with a warning that there could be litigation if Google does not respond.
But the search giant has gone into spin mode, pointing out that that its policy has not been ruled illegal and it hasn't been asked to roll it back.
A spokesman was also eager to point out that Microsoft had unveiled a similar privacy code this week.
But Google - like Microsoft before it - is now firmly in the sights of the world's regulators, with an EU competition ruling the next hurdle to clear.
The search firm insists that everything it does is in the interest of its users - its problem is that the world is no longer quite so inclined to see it as a big friendly giant.
"Our new privacy policy demonstrates our long-standing commitment to protecting our users' information and creating great products. We are confident that our privacy notices respect European law."
Although Google has not been directly accused of acting illegally, it has been accused of providing "incomplete and approximate" details raising "deep concerns about data protection and the respect of the European law".
French investigation
CNIL carried out the investigation into Google on behalf of the 27 members of the European Union. Although Greece, Romania and Lithuania have yet to sign up to the findings, non-EU states Croatia and Liechtenstein have done so.
After studying Google's revised policy in depth, the agency said it believed Google had failed to place any limit on the "scope of collection and the potential uses of the personal data", meaning it might be in breach of several of the bloc's data protection principles.
Specifically, CNIL said it was unhappy that users were unable to determine or control what kinds of data were being processed and for what use.
It noted that the revised privacy policy did not distinguish between search engine queries, typed-in credit card numbers or telephone communications.
Furthermore it highlighted the wide range of potential uses Google might have for the data including product development, security, advertising and academic research.
It said that EU data protection laws place limits on such activities and proposed the following changes:
Google must "reinforce users' consent". It suggests this could be done by allowing its members to choose under what circumstances data about them was combined by asking them to click on dedicated buttons.
The firm should offer a centralised opt-out tool and allow users to decide which of Google's services provided data about them.
Google should adapt its own tools so that it could limit data use to authorised purposes. For example, it should be able to use a person's collated data to improve security efforts but not to target advertising.
Auke Haagsma, from Microsoft-funded lobby group Icomp on the Google decision
CNIL's president Isabelle Falque-Pierrotin said the company had "three or four months" to make the revisions, otherwise "authorities in several countries can take action against Google".
'Important step'
UK-based privacy campaign group Big Brother Watch welcomed the news.
"It's absolutely right that European regulators focus on ensuring people know what data is being collected and how it is being used," said the organisation's director, Nick Pickles.
"Unless people are aware just how much of their behaviour is being monitored and recorded it is impossible to make an informed choice about using services.
"This ruling is an important step to putting consumers in control of their personal information and ensuring that companies like Google are not able to easily disregard people's privacy in pursuit of more information and greater profits."
The news coincides with Google's test of a new unified search tool that works across several of its products.
Users involved in the trial are able to check through the contents of their Gmail, Google Calendar and Drive cloud storage services through the main search tool on the site's Google.com homepage.
Participants in a trial can do a unified search of Google's Drive file storage service and other services
The pilot is being limited to participants in the US at this time.
Google still faces the results of a separate investigation by the EU into whether it has abused its position as the most popular internet search tool by directing users to its own services by placing them high in its results.
News site Search Engine Land has also reported that the US Federal Trade Commission (FTC) is "strongly considering" its own investigation into whether Google and others have complied with guidelines for the disclosure of information about how paid advertisements appear in search results and whether the rules should be updated.
Really a security chip? For what?
Apple's Lightning Cable Contains Possible Security Chip
Wired News | October 16, 2012
Apple?s migration of the iPhone from the 30-pin connector to Lightning connector hasn?t been without its issues. Even with the 30-pin adapter, some older high-end peripherals may not work. Plus, Apple has beefed up the rules for third-party vendors hoping to sell their own Lightning cables. Now a teardown reveals that Apple is getting serious about security or just wants low-quality cables off the market.
Wired News | October 16, 2012
Apple?s migration of the iPhone from the 30-pin connector to Lightning connector hasn?t been without its issues. Even with the 30-pin adapter, some older high-end peripherals may not work. Plus, Apple has beefed up the rules for third-party vendors hoping to sell their own Lightning cables. Now a teardown reveals that Apple is getting serious about security or just wants low-quality cables off the market.
More Google
Celebrating Dart’s birthday with the first release of the Dart SDK
A year ago we released a technology preview of Dart, a project that includes a modern language, libraries and tools for building complex web applications. Today, after plowing through thousands of bug reports and feature requests from the web community, a new, more stable and comprehensive version of Dart is now available and ready to use.
With this version of the Dart SDK, we’ve made several improvements and added many features:
A faster Dart Virtual Machine that on some Octane tests outperforms even V8.
A new Dart to JavaScript translator that generates fast and compact output.
An HTML library that works transparently on modern browsers.
A library to interoperate with JavaScript code.
An easy to use editor.
Pub, a new package manager
Dartium, a Chromium build with native Dart support.
A server-side I/O library.
A language specification describing the Dart semantics, including new features.
Over the following months, we will continue to work hard to evolve the SDK, improve Dart’s robustness and performance, and fine-tune the language while maintaining backwards compatibility.
You can download the Dart Editor from dartlang.org. It comes with a copy of the open-source SDK and Dartium. Thanks again for all your feedback - keep it coming.
A year ago we released a technology preview of Dart, a project that includes a modern language, libraries and tools for building complex web applications. Today, after plowing through thousands of bug reports and feature requests from the web community, a new, more stable and comprehensive version of Dart is now available and ready to use.
With this version of the Dart SDK, we’ve made several improvements and added many features:
A faster Dart Virtual Machine that on some Octane tests outperforms even V8.
A new Dart to JavaScript translator that generates fast and compact output.
An HTML library that works transparently on modern browsers.
A library to interoperate with JavaScript code.
An easy to use editor.
Pub, a new package manager
Dartium, a Chromium build with native Dart support.
A server-side I/O library.
A language specification describing the Dart semantics, including new features.
Over the following months, we will continue to work hard to evolve the SDK, improve Dart’s robustness and performance, and fine-tune the language while maintaining backwards compatibility.
You can download the Dart Editor from dartlang.org. It comes with a copy of the open-source SDK and Dartium. Thanks again for all your feedback - keep it coming.
Now for Google. Gmail search + Google Drive
10/15/12
Find your stuff faster in Gmail and Search
(Cross-posted on the Official Gmail Blog)
When you’re looking for something, you should be able to find what you need quickly and easily without needing to think about where it might be, whether it's in your email or out on the public web. That’s why this past August we opened a field trial allowing you to sign up to get information from Gmail right from the Google search box.
We’ve gotten very positive feedback from those of you testing it out -- such as this note: “The Gmail results feature is awesome! The fact that it's all integrated into one screen is huge.” Many testers have requested being able to find Drive files as well -- as one of you put it, “It would be awesome if I could search my google drive from google search as well :)”.
So starting today, you can sign up for a new and expanded field trial that makes it easier to find your stuff across Google, whether you’re searching on Google.com or searching in Gmail.
In Gmail, as you begin to type into the search box, you'll instantly start seeing relevant emails from Gmail as well as results from Google Drive, Google Calendar, and more:
Similarly, when you search on Google.com, your results will include relevant information and messages from Gmail (something familiar to those who joined the original field trial) and now -- new in this field trial -- also files, documents, spreadsheets and more from Google Drive:
To give this a try, please visit the updated field trial page and select Join the field trial. Please note that this trial is only accessible in English and for @gmail.com addresses (not available on Google Apps accounts). And keep the feedback coming!
Posted by Bram Moolenaar, Software Engineer
Find your stuff faster in Gmail and Search
(Cross-posted on the Official Gmail Blog)
When you’re looking for something, you should be able to find what you need quickly and easily without needing to think about where it might be, whether it's in your email or out on the public web. That’s why this past August we opened a field trial allowing you to sign up to get information from Gmail right from the Google search box.
We’ve gotten very positive feedback from those of you testing it out -- such as this note: “The Gmail results feature is awesome! The fact that it's all integrated into one screen is huge.” Many testers have requested being able to find Drive files as well -- as one of you put it, “It would be awesome if I could search my google drive from google search as well :)”.
So starting today, you can sign up for a new and expanded field trial that makes it easier to find your stuff across Google, whether you’re searching on Google.com or searching in Gmail.
In Gmail, as you begin to type into the search box, you'll instantly start seeing relevant emails from Gmail as well as results from Google Drive, Google Calendar, and more:
Similarly, when you search on Google.com, your results will include relevant information and messages from Gmail (something familiar to those who joined the original field trial) and now -- new in this field trial -- also files, documents, spreadsheets and more from Google Drive:
To give this a try, please visit the updated field trial page and select Join the field trial. Please note that this trial is only accessible in English and for @gmail.com addresses (not available on Google Apps accounts). And keep the feedback coming!
Posted by Bram Moolenaar, Software Engineer
Subscribe to:
Posts (Atom)