Friday, February 06, 2004

IE security patch nixes some apps - News - ZDNet:
"Some Web developers are complaining that an Internet Explorer patch that's meant to foil Net scams is disabling some applications that didn't put a premium on security.

Microsoft last week announced that a modification to its IE browser would stop the insecure practice of including sensitive information in links. The update, which was released Monday, had some Web site programmers up in arms Wednesday due to complaints from Web users that they could no longer log in to sites that secure entry through credentials included in the URL.

'Microsoft may have legitimate reasons for addressing the issue, but the way they addressed it--an across-the-board kill of an industry standard--is troublesome,' said James Rosko, a software engineer for a data-processing service on the Web. He and other programmers spent Tuesday night making changes to the programs that process login requests for his company's Web site, which he requested not be named."

The incident could be the first known case of Microsoft getting attention for putting security before a feature used by some of its customers. Microsoft promised to put security first when it launched its Trustworthy Computing Initiative more than two years ago. But some critics have claimed that they haven't seen many results.…

The problem occurs when programmers design a Web site to enable a Web user to log in by typing credentials into the URL. In such cases, the Web address might look like this: http://username:password@www.somecompany.com/program.ext. The link gives the person access to a company's Web site when the authentication program verifies the username and password.

Because the username and password are part of the Web address and are not encrypted, embedding the credential in the URL is considered a security risk, said William Kennedy, chief technology officer at ActivMedia Robotics and the co-author of "HTML & XHTML: The Definitive Guide."

"It was a dumb idea to include such functionality in the first place," Kennedy said. "There are millions of other ways of logging in to a site."

However, that sentiment was not what made Microsoft disable the feature. The software giant made the change to stop scam artists from constructing URLs that appeared to link to a legitimate Web site but actually directed people to a fraudulent site. For instance, a URL that appears to go to eBay could actually send the person to a fraudulent site such as: http://www.ebay.com@fraudsite.com.

The fake site will typically ask for a person's username and password and then use that information to complete a scam. Major banks and other financial Web sites, such as PayPal, are popular targets of such fraud, often called "phishing." The Federal Deposit Insurance Corp., the government organization that underwrites U.S. citizens' banks accounts, recently warned of a similar scam.

http://zdnet.com.com/2100-1105_2-5153534.html
Geeks Put the Unsavvy on Alert: Learn or Log Off:
"The tension over the MyDoom virus underscores a growing friction between technophiles and what they see as a breed of technophobes who want to enjoy the benefits of digital technology without making the effort to use it responsibly.

The virus spreads when Internet users ignore a basic rule of Internet life: never click on an unknown e-mail attachment. Once someone does, MyDoom begins to send itself to the names in that person's e-mail address book. If no one opened the attachment, the virus's destructive power would never be unleashed."

"It takes affirmative action on the part of the clueless user to become infected," wrote Scott Bowling, president of the World Wide Web Artists Consortium, expressing frustration on the group's discussion forum. "How to beat this into these people's heads?"

Many of the million or so people who have so far infected their computers with MyDoom say it is not their fault. The virus often comes in a message that appears to be from someone they know, with an innocuous subject line like "test" or "error." It is human nature, they say, to open the mail and attachments.

But computer sophisticates say it reflects a willful ignorance of basic computer skills that goes well beyond virus etiquette. At a time when more than two-thirds of American adults use the Internet, they say, such carelessness is no longer excusable, particularly when it messes things up for everyone else.

http://www.nytimes.com/2004/02/05/technology/05VIRU.html?pagewanted=all&position=

Thursday, February 05, 2004

Do Web search engines suppress controversy?:
"Do Web search engines suppress controversy? by Susan L. Gerhart

Web behavior depends upon three interlocking communities: (1) authors whose Web pages link to other pages; (2) search engines indexing and ranking those pages; and (3) information seekers whose queries and surfing reward authors and support search engines. Systematic suppression of controversial topics would indicate a flaw in the Web’s ideology of openness and informativeness. This paper explores search engines’ bias by asking: Is a specific well–known controversy revealed in a simple search? Experimental topics include: distance learning, Albert Einstein, St. John’s Wort, female astronauts, and Belize. The experiments suggest simple queries tend to overly present the "sunny side" of these topics, with minimal controversy. A more "Objective Web" is analyzed where: (a) Web page authors adopt research citation practices; (b) search engines balance organizational and analytic content; and, (c) searchers practice more wary multi–searching."

http://www.firstmonday.dk/issues/issue9_1/gerhart/

Wednesday, February 04, 2004

Microsoft shrugs off MyDoom attack - News - ZDNet:
"Microsoft has created an alternate Web site for people whose PCs are infected with MyDoom.B and who want to get security information but cannot contact the main site because of a mechanism in the virus that blocks some 65 Web sites, including Microsoft's home page. The alternate site, which starts with 'information' rather than 'www,' lets people see the regular home page content."

http://information.microsoft.com/

http://zdnet.com.com/2100-1105_2-5152702.html
Halting MyDoom Is a Free Download Away:
"MyDoom.A has 'DoS-ed' SCO.com out of commission, forcing the company to establish thescogroup.com in order to maintain its presence on the Internet. Microsoft, thus far, has fared better as MyDoom.B has yet to cripple the software giant's considerable defenses.

But where are individual PC users supposed to turn for relief? "

http://www.enterpriseitplanet.com/security/news/article.php/3307751
Google Ultimate Interface - Fagan Finder

If you want all of Google's tools and options conveniently displayed on a single screen, try FaganFinder.…It even has handy links for typing non-English letters.

http://www.faganfinder.com/google.html
Hidden Google Tools:
"Even if you consider yourself a Google expert, these 'hidden' tools and resources let you push the search engine's capabilities to the max. "

http://searchenginewatch.com/searchday/article.php/3304771
The Search Engine Report - Number 87:
"

+ Search Engine Watch News

+ Preview Of SES New York

+ Search Engine Articles By Danny Sullivan

+
SearchDay Articles

+ Search Engine Articles

+ Search Engine Resources

+ About The Newsletter

"


http://searchenginewatch.com/sereport/print.php/34721_3308131
Microsoft Patches Serious IE Flaw:
"Microsoft Corp. on Monday finally released a patch for a dangerous vulnerability that lets attackers trick Internet users into visiting malicious sites. The flaw has been public knowledge for some time, but Microsoft failed to include a fix for it with January's scheduled patch releases."

http://www.eweek.com/article2/0,4149,1485698,00.asp
IT Losing Ground in Virus Battle:
"After years of success deploying more effective and smarter defenses, anti-virus researchers contacted last week in the wake of the MyDoom outbreak acknowledged for one of the first times that the battle may be getting away from them.

The MyDoom virus, which hit Jan. 26 and infected several-hundred-thousand machines, is the fastest-spreading virus in the history of the Internet, experts said. At its peak late last week, MyDoom had infected one in every 12 pieces of e-mail, according to MessageLabs Inc., a New York-based e-mail security company. MyDoom also is the latest in a line of recent viruses that, while not particularly innovative, have been maddeningly effective."

http://www.eweek.com/print_article/0,3048,a=117996,00.asp

Tuesday, February 03, 2004

Accessible Website Menu: Ultimate Drop Down Menu by Brothercake:
"Ultimate Drop Down Menu v4.0 [beta] by Brothercake

UDM is a lightweight and accessible javascript menu, which provides useable content to all browsers - including screenreaders, search-engines and text-only browsers. But accessibility shouldn't mean compromise, and so UDM has a sophisticated range of design and usability controls, many of which are unique to this script. "

http://af.brothercake.com/dropdown/