Court backs thumbnail image linking
Search engines' display of miniature images is fair use under copyright law, a federal appeals court ruled Monday, but the legality of presenting full-size renditions of visual works is yet to be determined.
The 9th U.S. Circuit Court of Appeals' decision is a partial win for defendant Arriba Soft--an image search engine now known as Ditto.com--in its case against photographer Leslie Kelly. Kelly sued Arriba Soft in April 1999 for copyright infringement when the company's software had recorded miniatures, or thumbnails, and full sizes of Kelly's digital photos and made them accessible via its search engine.
The court ruled that use of thumbnail images in search engines is legal, confirming an earlier ruling by the same court from February 2002. But the court withdrew a previous decision on the display of full-size images, which it had deemed out of the bounds of fair use because it was likely to harm the market for Kelly's work.
That part of the ruling held Arriba Soft liable for copyright infringement for opening a new window to display full-size images, a practice known as in-line linking or framing. Other visual search engines have used this technique, including Google, Lycos and AltaVista. The case is now ordered to go to trial.
http://news.com.com/2100-1025-1023629.html
Friday, July 11, 2003
Thursday, July 10, 2003
Securing Your Web Server from Prying Eyes
If you get into the mind of potential hackers to your site, you soon realize that it would be a great benefit for them to know what operating system and web server you are running. With this information, they could exploit weaknesses in the web server that have been documented by Microsoft and BugTraq. This article will show you how to hide the identity of your web site by making some configuration changes to IIS and using URLScan or by installing an ISAPI filter. The code for the ISAPI filter is available, or you can use a commercial available product.
http://www.asp101.com/articles/wayne/pryingeyes/default.asp
If you get into the mind of potential hackers to your site, you soon realize that it would be a great benefit for them to know what operating system and web server you are running. With this information, they could exploit weaknesses in the web server that have been documented by Microsoft and BugTraq. This article will show you how to hide the identity of your web site by making some configuration changes to IIS and using URLScan or by installing an ISAPI filter. The code for the ISAPI filter is available, or you can use a commercial available product.
http://www.asp101.com/articles/wayne/pryingeyes/default.asp
Antivirus vendor Sophos on Tuesday warned about a worm that sets a registry entry to reduce security levels for Microsoft Office.
WM97/Adenu-A lowers the Microsoft Office Security settings by making the following registry entry:
HKCU\Software\Microsoft\Office\9.0\Word\Security\Level=01
WM97/Adenu-A also disables the following menu options within Microsoft Word:
Tools|Macro
Tools|Customize
Tools|Templates and Add-Ins
WM97/Adenu-A creates the file GbcHS4664.VBS in the Windows system folder and sets a registry entry. View it and other information at this Sophos page.
http://www.esecurityplanet.com/alerts/article.php/2232551
WM97/Adenu-A lowers the Microsoft Office Security settings by making the following registry entry:
HKCU\Software\Microsoft\Office\9.0\Word\Security\Level=01
WM97/Adenu-A also disables the following menu options within Microsoft Word:
Tools|Macro
Tools|Customize
Tools|Templates and Add-Ins
WM97/Adenu-A creates the file GbcHS4664.VBS in the Windows system folder and sets a registry entry. View it and other information at this Sophos page.
http://www.esecurityplanet.com/alerts/article.php/2232551
PayPal Scam Site Using Legit SSL
Intrusion detection specialists Internet Storm Center (ISC) on Monday raised an alarm for a fake PayPal site using a valid SSL (define) to dupe users into giving up personal information.
By using a legitimate SSL certificate to masquerade as a PayPal site, scammers are now adopting trickier techniques to perpetuate identify theft that are not as easy to spot, the ISC warned.
The SSL (Secure Sockets Layer) protocol is used by Web sites to obtain confidential user information, such as credit card numbers in a secure, encrypted environment. By convention, URLs that require an SSL connection start with https: instead of http:.
PayPal, the eBay-owned online billing/payment firm, uses SSL to secure its Web-based interaction with millions of users. By using a legitimate SSL certificate to masquerade as a PayPal site, the ISC warns that scammers are now adopting trickier techniques to perpetuate identify theft.
"Usually it is the goal of these sites to extract information from users which will be used in identity theft or credit card fraud. The page is usually advertised via spam and looks just like a regular PayPal/eBay page," the monitoring service said, noting that users are usually directed to a Web site to confirm billing information.
A standard technique to mask the actual URL and make it look valid, the ISC explained, is the addition of username/password prefixes that are prepended to the URL.
In most cases, the scam sites are easily spotted because they are not using SSL. "Sometimes they attempt to hide this fact by increasing the browser window size to push the lower part of the browser window off the screen, so users will not see the open browser lock," the monitoring service noted.
However, the latest scam spotted making the rounds in inbox uses a valid SSL certificate which makes it tougher to spot the fake. The ISC found that the e-mail spam message lures users into going to a URL that looks like a secure PayPal site but it actually uses a CGI script to redirect the user to a fake page.
To spot the scam, users are urged to be wary of overly long URLs that redirect to strange-looking domains, such as https://www.paypal.com:ac=alksdjflakdjflkasdjruoiwehjrlkajdf@KI54fT. WoRlDiSpNeTwOrK.CoM/i.CgI?billing@yourdomain.com.
http://www.internetnews.com/ec-news/article.php/2232421
Intrusion detection specialists Internet Storm Center (ISC) on Monday raised an alarm for a fake PayPal site using a valid SSL (define) to dupe users into giving up personal information.
By using a legitimate SSL certificate to masquerade as a PayPal site, scammers are now adopting trickier techniques to perpetuate identify theft that are not as easy to spot, the ISC warned.
The SSL (Secure Sockets Layer) protocol is used by Web sites to obtain confidential user information, such as credit card numbers in a secure, encrypted environment. By convention, URLs that require an SSL connection start with https: instead of http:.
PayPal, the eBay-owned online billing/payment firm, uses SSL to secure its Web-based interaction with millions of users. By using a legitimate SSL certificate to masquerade as a PayPal site, the ISC warns that scammers are now adopting trickier techniques to perpetuate identify theft.
"Usually it is the goal of these sites to extract information from users which will be used in identity theft or credit card fraud. The page is usually advertised via spam and looks just like a regular PayPal/eBay page," the monitoring service said, noting that users are usually directed to a Web site to confirm billing information.
A standard technique to mask the actual URL and make it look valid, the ISC explained, is the addition of username/password prefixes that are prepended to the URL.
In most cases, the scam sites are easily spotted because they are not using SSL. "Sometimes they attempt to hide this fact by increasing the browser window size to push the lower part of the browser window off the screen, so users will not see the open browser lock," the monitoring service noted.
However, the latest scam spotted making the rounds in inbox uses a valid SSL certificate which makes it tougher to spot the fake. The ISC found that the e-mail spam message lures users into going to a URL that looks like a secure PayPal site but it actually uses a CGI script to redirect the user to a fake page.
To spot the scam, users are urged to be wary of overly long URLs that redirect to strange-looking domains, such as https://www.paypal.com:ac=alksdjflakdjflkasdjruoiwehjrlkajdf@KI54fT. WoRlDiSpNeTwOrK.CoM/i.CgI?billing@yourdomain.com.
http://www.internetnews.com/ec-news/article.php/2232421
Tuesday, July 08, 2003
NetMeeting Resource Kit
The Microsoft Windows NetMeeting 3 Resource Kit provides information to help administrators and information systems professionals understand, customize, deploy, and support NetMeeting in an organization.
The NetMeeting Resource Kit contains the following components:
NetMeeting Resource Kit Documentation -- a 240-page handbook for deploying and administering NetMeeting in the enterprise (also available online at right)
NetMeeting Resource Kit Wizard -- a utility that enables you to customize the NetMeeting program file (.exe) for distribution in your organization
NetMeeting policy file (Conf.adm) -- a Conf.adm file that enables you to customize NetMeeting by using the Windows System Policy editor or the Internet Explorer Administration Kit
Online Meeting Guidelines (end-user Web pages) -- designed to provide general tips for hosting and participating in online meetings using NetMeeting
The latest version of NetMeeting 3.01
http://www.microsoft.com/windows/NetMeeting/Corp/reskit/
The Microsoft Windows NetMeeting 3 Resource Kit provides information to help administrators and information systems professionals understand, customize, deploy, and support NetMeeting in an organization.
The NetMeeting Resource Kit contains the following components:
NetMeeting Resource Kit Documentation -- a 240-page handbook for deploying and administering NetMeeting in the enterprise (also available online at right)
NetMeeting Resource Kit Wizard -- a utility that enables you to customize the NetMeeting program file (.exe) for distribution in your organization
NetMeeting policy file (Conf.adm) -- a Conf.adm file that enables you to customize NetMeeting by using the Windows System Policy editor or the Internet Explorer Administration Kit
Online Meeting Guidelines (end-user Web pages) -- designed to provide general tips for hosting and participating in online meetings using NetMeeting
The latest version of NetMeeting 3.01
http://www.microsoft.com/windows/NetMeeting/Corp/reskit/
Use System Restore to Undo Changes if Problems Occur
Windows XP Professional makes it easier to resolve problems if they occur in your system. You can use System Restore to remove any system changes that were made since the last time you remember your computer working correctly. System Restore does not affect your personal data files (such as Microsoft Word documents, browsing history, drawings, favorites, or e–mail) so you won’t lose changes made to these files. Windows XP creates “restore points” every day, as well as at the time of significant system events (such as when an application or driver is installed). You can also create and name your own restore points at any time. Creating a restore point can be useful any time you anticipate making changes to your computer that are risky or might make your computer unstable. If something goes wrong, you select a restore point and Windows XP undoes any system changes made since that time.…
http://www.microsoft.com/windowsxp/pro/using/howto/gethelp/systemrestore.asp
Windows XP Professional makes it easier to resolve problems if they occur in your system. You can use System Restore to remove any system changes that were made since the last time you remember your computer working correctly. System Restore does not affect your personal data files (such as Microsoft Word documents, browsing history, drawings, favorites, or e–mail) so you won’t lose changes made to these files. Windows XP creates “restore points” every day, as well as at the time of significant system events (such as when an application or driver is installed). You can also create and name your own restore points at any time. Creating a restore point can be useful any time you anticipate making changes to your computer that are risky or might make your computer unstable. If something goes wrong, you select a restore point and Windows XP undoes any system changes made since that time.…
http://www.microsoft.com/windowsxp/pro/using/howto/gethelp/systemrestore.asp
Monday, July 07, 2003
Spam blockers blind to the blind
An increasingly popular technique for preventing e-mail abuse is frustrating some visually impaired Net users, setting the stage for a conflict between spam busters and advocates for the disabled.
Many companies have recently begun requiring users to pass a verification test in order to access their services--typically by typing into a Web form a few characters that appear on the form in a guise that prevents a computer or software robot from recognizing and copying them. The technique, now used by Web giants Yahoo, Microsoft, VeriSign and others, seeks to block software bots from signing up for Web-based e-mail accounts that can be used to launch spam and from scraping e-mail addresses from online databases.
The scheme is winning high marks in the battle against unwanted junk e-mail. But it is also increasingly hindering the progress of Web surfers with visual disabilities--raising the ire of advocates for the blind, spurring plans for alternatives from a key Web standards group, and eliciting warnings from legal experts who say that the practice could expose companies to lawsuits brought under the Americans with Disabilities Act.
"It seems that they have jumped on a technological idea without thinking through the consequences for the whole population," said Janina Sajka, director of technology research and development for the American Foundation for the Blind in Washington, D.C. "These systems claim to test whether there's a human on the other end. But it's only technology that can challenge certain human abilities. So someone who doesn't have that particular ability is excluded from participation. That's really inappropriate."
Efforts to create tests aimed at distinguishing humans from machines go back decades, with the most famous formulation of the problem posed in 1950 by the English mathematician and World War II "Enigma" code breaker Alan Turing. Turing's controversial hypothesis was that a machine could be defined as "intelligent" if a questioner could be fooled into believing it was a person.
Visual tests in a sense turn that theory on its head, assuming that a machine is defined by its inability to perform a task that is easy for most humans to accomplish.
The increase in use of visual tests--Yahoo in recent weeks has started springing them on users of its mail service--comes as Internet service providers and other companies are acknowledging and attacking the spam problem with unprecedented energy. Assaults on spam have come fast and furious this year on the litigation, legislation and technology fronts.
Companies that have implemented the technique call it a winner. Microsoft last month said it had achieved a 20 percent reduction in e-mail account registrations after implementing the test.
Some Web sites using visual tests provide work-arounds for the visually impaired; some don't. But existing work-arounds are less than perfect and less than universally implemented.
The increasingly popular visual test, and the difficulty of using current work-arounds, has raised enough hackles among advocates for the disabled that working groups within the World Wide Web Consortium's (W3C) Web Accessibility Initiative have begun discussions on how to standardize an alternative.
Two WAI working groups are hashing out proposals to guide Web sites in designing blind-friendly bot repellants, and the WAI hopes to address the issue in the next working draft of its Web Accessibility Guidelines, Version 2.0, which is due by year's end. So far, published working drafts of the guidelines are silent on the issue.
"What visual verification is testing is whether someone is a sighted human, even if that's not the intent of the organizations using it," said Judy Brewer, director of the WAI. "This has been a known problem for several years, and I know that we've received different complaints about it. But it's not necessarily an easy problem to solve."
Brewer did not specify what alternatives the WAI working groups were debating.
http://zdnet.com.com/2100-1104_2-1022814.html
An increasingly popular technique for preventing e-mail abuse is frustrating some visually impaired Net users, setting the stage for a conflict between spam busters and advocates for the disabled.
Many companies have recently begun requiring users to pass a verification test in order to access their services--typically by typing into a Web form a few characters that appear on the form in a guise that prevents a computer or software robot from recognizing and copying them. The technique, now used by Web giants Yahoo, Microsoft, VeriSign and others, seeks to block software bots from signing up for Web-based e-mail accounts that can be used to launch spam and from scraping e-mail addresses from online databases.
The scheme is winning high marks in the battle against unwanted junk e-mail. But it is also increasingly hindering the progress of Web surfers with visual disabilities--raising the ire of advocates for the blind, spurring plans for alternatives from a key Web standards group, and eliciting warnings from legal experts who say that the practice could expose companies to lawsuits brought under the Americans with Disabilities Act.
"It seems that they have jumped on a technological idea without thinking through the consequences for the whole population," said Janina Sajka, director of technology research and development for the American Foundation for the Blind in Washington, D.C. "These systems claim to test whether there's a human on the other end. But it's only technology that can challenge certain human abilities. So someone who doesn't have that particular ability is excluded from participation. That's really inappropriate."
Efforts to create tests aimed at distinguishing humans from machines go back decades, with the most famous formulation of the problem posed in 1950 by the English mathematician and World War II "Enigma" code breaker Alan Turing. Turing's controversial hypothesis was that a machine could be defined as "intelligent" if a questioner could be fooled into believing it was a person.
Visual tests in a sense turn that theory on its head, assuming that a machine is defined by its inability to perform a task that is easy for most humans to accomplish.
The increase in use of visual tests--Yahoo in recent weeks has started springing them on users of its mail service--comes as Internet service providers and other companies are acknowledging and attacking the spam problem with unprecedented energy. Assaults on spam have come fast and furious this year on the litigation, legislation and technology fronts.
Companies that have implemented the technique call it a winner. Microsoft last month said it had achieved a 20 percent reduction in e-mail account registrations after implementing the test.
Some Web sites using visual tests provide work-arounds for the visually impaired; some don't. But existing work-arounds are less than perfect and less than universally implemented.
The increasingly popular visual test, and the difficulty of using current work-arounds, has raised enough hackles among advocates for the disabled that working groups within the World Wide Web Consortium's (W3C) Web Accessibility Initiative have begun discussions on how to standardize an alternative.
Two WAI working groups are hashing out proposals to guide Web sites in designing blind-friendly bot repellants, and the WAI hopes to address the issue in the next working draft of its Web Accessibility Guidelines, Version 2.0, which is due by year's end. So far, published working drafts of the guidelines are silent on the issue.
"What visual verification is testing is whether someone is a sighted human, even if that's not the intent of the organizations using it," said Judy Brewer, director of the WAI. "This has been a known problem for several years, and I know that we've received different complaints about it. But it's not necessarily an easy problem to solve."
Brewer did not specify what alternatives the WAI working groups were debating.
http://zdnet.com.com/2100-1104_2-1022814.html
Microsoft moves U.S. jobs to India
Microsoft is starting to shift U.S.-based jobs to India as it seeks to lower technical support and development costs, the company said Wednesday.
The Redmond, Wash.-based software giant, long seen as a growing company immune to job losses, is now considering cutbacks in the United States while increasing staff in India, which turns out tens of thousands of English-speaking software engineers each year.
"With lots of English-speaking talent, we were thinking of a better way to tap into that," said S. Somasegar, Microsoft's vice president of Windows engineering services.
So far, Microsoft has about 200 engineers developing software in Hyderabad, the south India city where, five years ago, it opened its first product development center outside the United States.
Microsoft, whose Windows operating system and Office desktop software run on more than 90 percent of the world's personal computers, is recruiting people for a customer support center being launched in Bangalore as part of a pilot program.
Initially, Microsoft is hiring 150 people, but industry sources said the center could easily be scaled up to at least 1,000 people in about two years, if the pilot plan is successful.
"To meet the needs of our customers worldwide, we expect to continue to invest in a technical work force in India to assist us with our expanding product development, information technology and customer support functions," a representative of Microsoft in India said.
The software giant is betting on India's vast pool of low-cost technical workers and engineers who can be hired for roughly one-fifth what their counterparts earn in the United States.
http://zdnet.com.com/2100-1104_2-1023213.html
Microsoft is starting to shift U.S.-based jobs to India as it seeks to lower technical support and development costs, the company said Wednesday.
The Redmond, Wash.-based software giant, long seen as a growing company immune to job losses, is now considering cutbacks in the United States while increasing staff in India, which turns out tens of thousands of English-speaking software engineers each year.
"With lots of English-speaking talent, we were thinking of a better way to tap into that," said S. Somasegar, Microsoft's vice president of Windows engineering services.
So far, Microsoft has about 200 engineers developing software in Hyderabad, the south India city where, five years ago, it opened its first product development center outside the United States.
Microsoft, whose Windows operating system and Office desktop software run on more than 90 percent of the world's personal computers, is recruiting people for a customer support center being launched in Bangalore as part of a pilot program.
Initially, Microsoft is hiring 150 people, but industry sources said the center could easily be scaled up to at least 1,000 people in about two years, if the pilot plan is successful.
"To meet the needs of our customers worldwide, we expect to continue to invest in a technical work force in India to assist us with our expanding product development, information technology and customer support functions," a representative of Microsoft in India said.
The software giant is betting on India's vast pool of low-cost technical workers and engineers who can be hired for roughly one-fifth what their counterparts earn in the United States.
http://zdnet.com.com/2100-1104_2-1023213.html
Subscribe to:
Posts (Atom)
Posts
