Web site virus attack blunted - News - ZDNet:
"Web surfers are no longer playing Russian roulette each time they visit a Web site, security researchers say, now that a far-reaching Internet attack has been disarmed.
The attack, which had turned some Web sites into points of digital infection, was nipped in the bud Friday, when Internet engineers managed to shut down a Russian server that had been the source of malicious code. Compromised Web sites are still attempting to infect Web surfers' PCs by referring them to the server in Russia, but that computer can no longer be reached."
Still, Web surfers should take precautions, as the Internet underground is increasingly using this type of attack as a way to get by network defenses and infect officer workers' and home users' computers.
http://zdnet.com.com/2100-1105_2-5248279.html
Saturday, June 26, 2004
Infected Web site attack prevention
Infected Web site attack prevention:
"Criminal hackers (a.k.a. crackers) have launched a different kind of attack on the Internet this week. By simply visiting certain, infected popular Web sites, home and business Internet surfers using Internet Explorer on a PC may indirectly download a remote-access Trojan horse (RAT) onto their desktop computers, which in turn, may record keystrokes necessary to log into secure sites and relay that information to remote sources. This attack does not, however, slow or otherwise interfere with Internet traffic, and it affects only Internet Explorer browsers. Other browsers, including Opera and Mozilla, are not affected. Systems running Linux, Mac OS, Unix, and other operating systems are also unaffected. Microsoft is urging Web sites running on Windows 2000 servers with IIS Version 5.0 to update with the MS04-011 security patch. However, home and business Internet surfers using Internet Explorer are left with few options. Given the widespread but not yet epidemic nature of this attack, we're assigning this threat a Medium designation. "
How it works
There are two parts to this attack. Part one has already happened and affected Web site hosts. Earlier this week, crackers identified Windows 2000 servers with IIS Version 5.0 that have not applied the latest security patch from Microsoft, MS04-011. Some of these Web sites include popular search engines, shopping, and auction sites. The configurations of these servers were altered to include a small file that is in turn added to each file called upon by users.
The second part of the attack affects home and business users of the Internet and occurs whenever an Internet surfer stumbles upon a Web page served by an infected server. Unfortunately, you cannot immediately discern whether a page is infected, and some known pages include those hosted on major Web sites. The second part of the attack uses two vulnerabilities: one that can be patched with Microsoft security patch MS04-013, and another that can't be patched at this time. The flaws affected Internet Explorer only and allow malicious JavaScript from the infected Web server to execute on the desktop system. The JavaScript, in turn, downloads a remote-access Trojan horse from a remote site. This Trojan can record keystrokes used when logging into bank accounts and auction sites and using a credit card to make a purchase online.
For updates from Microsoft see http://www.microsoft.com/security/incident/download_ject.mspx
End users should install MS04-013, if they have not already done so, plus they should increase their security settings within Internet Explorer and update their antivirus settings to protect against known Trojan horses that may be installed because of this attack.
http://www.microsoft.com/technet/security/bulletin/MS04-013.mspx
http://techrepublic.com.com/5100-6265_11-5247988.html
"Criminal hackers (a.k.a. crackers) have launched a different kind of attack on the Internet this week. By simply visiting certain, infected popular Web sites, home and business Internet surfers using Internet Explorer on a PC may indirectly download a remote-access Trojan horse (RAT) onto their desktop computers, which in turn, may record keystrokes necessary to log into secure sites and relay that information to remote sources. This attack does not, however, slow or otherwise interfere with Internet traffic, and it affects only Internet Explorer browsers. Other browsers, including Opera and Mozilla, are not affected. Systems running Linux, Mac OS, Unix, and other operating systems are also unaffected. Microsoft is urging Web sites running on Windows 2000 servers with IIS Version 5.0 to update with the MS04-011 security patch. However, home and business Internet surfers using Internet Explorer are left with few options. Given the widespread but not yet epidemic nature of this attack, we're assigning this threat a Medium designation. "
How it works
There are two parts to this attack. Part one has already happened and affected Web site hosts. Earlier this week, crackers identified Windows 2000 servers with IIS Version 5.0 that have not applied the latest security patch from Microsoft, MS04-011. Some of these Web sites include popular search engines, shopping, and auction sites. The configurations of these servers were altered to include a small file that is in turn added to each file called upon by users.
The second part of the attack affects home and business users of the Internet and occurs whenever an Internet surfer stumbles upon a Web page served by an infected server. Unfortunately, you cannot immediately discern whether a page is infected, and some known pages include those hosted on major Web sites. The second part of the attack uses two vulnerabilities: one that can be patched with Microsoft security patch MS04-013, and another that can't be patched at this time. The flaws affected Internet Explorer only and allow malicious JavaScript from the infected Web server to execute on the desktop system. The JavaScript, in turn, downloads a remote-access Trojan horse from a remote site. This Trojan can record keystrokes used when logging into bank accounts and auction sites and using a credit card to make a purchase online.
For updates from Microsoft see http://www.microsoft.com/security/incident/download_ject.mspx
End users should install MS04-013, if they have not already done so, plus they should increase their security settings within Internet Explorer and update their antivirus settings to protect against known Trojan horses that may be installed because of this attack.
http://www.microsoft.com/technet/security/bulletin/MS04-013.mspx
http://techrepublic.com.com/5100-6265_11-5247988.html
MSN Hotmail Joins Storage Race
MSN Hotmail Joins Storage Race:
"Free MSN Hotmail users will be gaining 250 megabytes of storage, up from 2MB today, while premium users, for $19.95 a year, will be receiving 2 gigabytes of storage, MSN will announce."
http://zdnet.com.com/2100-1104_2-5245523.html?tag=adnews
Over the past few years, Yahoo and Hotmail have both taken steps to decrease memory in hopes of convincing free users to become paying subscribers.
http://www.eweek.com/article2/0,1759,1616649,00.asp
"Free MSN Hotmail users will be gaining 250 megabytes of storage, up from 2MB today, while premium users, for $19.95 a year, will be receiving 2 gigabytes of storage, MSN will announce."
http://zdnet.com.com/2100-1104_2-5245523.html?tag=adnews
Over the past few years, Yahoo and Hotmail have both taken steps to decrease memory in hopes of convincing free users to become paying subscribers.
http://www.eweek.com/article2/0,1759,1616649,00.asp
Researchers warn of infectious Web sites - News - ZDNet
Researchers warn of infectious Web sites - News - ZDNet:
"The researchers believe that online organized crime groups are breaking into Web servers and surreptitiously inserting code that takes advantage of two flaws in Internet Explorer that Microsoft has not yet fixed. Those flaws allow the Web server to install a program that takes control of the user's computer.
Late Thursday, Microsoft advised customers to increase their browser security to the highest settings, although that could cause some Web site functions to stop working.
The extent of the attacks is unknown, but the security community has seen numerous cases of personal computers infected when the user merely visits a Web site.
'It is not epidemic, but it is being seen,' said Alfred Huger, senior director of engineering for security company Symantec. 'Do we think it is serious? Yeah. It's a concern and it's insidious.…' "
http://zdnet.com.com/2100-1105_2-5247187.html
"The researchers believe that online organized crime groups are breaking into Web servers and surreptitiously inserting code that takes advantage of two flaws in Internet Explorer that Microsoft has not yet fixed. Those flaws allow the Web server to install a program that takes control of the user's computer.
Late Thursday, Microsoft advised customers to increase their browser security to the highest settings, although that could cause some Web site functions to stop working.
The extent of the attacks is unknown, but the security community has seen numerous cases of personal computers infected when the user merely visits a Web site.
'It is not epidemic, but it is being seen,' said Alfred Huger, senior director of engineering for security company Symantec. 'Do we think it is serious? Yeah. It's a concern and it's insidious.…' "
http://zdnet.com.com/2100-1105_2-5247187.html
Using Accesskeys is Easy
Using Accesskeys is Easy:
"Quite a few Web developers still get a glint of terror in their eyes when someone suggests they add accesskeys to their sites. Well, don't be scared. This article is very short for a very good reason. If you want to use them, accesskeys are so easy to add, you'll wonder why you never did before."
So, what are accesskeys? For the uninitiated, they are a means for people to jump immediately to a specific part of an HTML page by pressing ALT (PC) or CTRL (Mac), followed by the appropriate key on the keyboard, as defined by you via an accesskey parameter.
They're particularly useful for people with mobility issues who don't use a mouse and have a keyboard for their every movement on a computer. Accesskeys allow them quickly and easily to hop around the content of your Web pages. Able-bodied users can find them equally useful as shortcuts, too.…
http://www.sitepoint.com/print/accesskeys
"Quite a few Web developers still get a glint of terror in their eyes when someone suggests they add accesskeys to their sites. Well, don't be scared. This article is very short for a very good reason. If you want to use them, accesskeys are so easy to add, you'll wonder why you never did before."
So, what are accesskeys? For the uninitiated, they are a means for people to jump immediately to a specific part of an HTML page by pressing ALT (PC) or CTRL (Mac), followed by the appropriate key on the keyboard, as defined by you via an accesskey parameter.
They're particularly useful for people with mobility issues who don't use a mouse and have a keyboard for their every movement on a computer. Accesskeys allow them quickly and easily to hop around the content of your Web pages. Able-bodied users can find them equally useful as shortcuts, too.…
http://www.sitepoint.com/print/accesskeys
Exhibitor Shortage Puts Brakes on Comdex
Exhibitor Shortage Puts Brakes on Comdex:
"Last year's Comdex, the first run by MediaLive, attracted more than 40,000 qualified technology buyers and 550 exhibiting companies, according to MediaLive officials.
But the show's total attendance was just 51,000, compared to nearly 125,000 in 2002, according to the Las Vegas Convention and Visitors Authority. That lowered Comdex's nongaming economic impact on Vegas to just $69 million from $170 million the year before, according to the LVCA.
The LVCA projected numbers virtually identical to those of 2003 for this year's Comdex.… "
http://www.eweek.com/article2/0,1759,1616762,00.asp
"Last year's Comdex, the first run by MediaLive, attracted more than 40,000 qualified technology buyers and 550 exhibiting companies, according to MediaLive officials.
But the show's total attendance was just 51,000, compared to nearly 125,000 in 2002, according to the Las Vegas Convention and Visitors Authority. That lowered Comdex's nongaming economic impact on Vegas to just $69 million from $170 million the year before, according to the LVCA.
The LVCA projected numbers virtually identical to those of 2003 for this year's Comdex.… "
http://www.eweek.com/article2/0,1759,1616762,00.asp
Experts Study Developing Internet Attack, Infection Tries to Implant Software
Chicago Tribune | Experts Study Developing Internet Attack:
"Government and industry experts warned late Thursday of a mysterious, large-scale Internet attack against thousands of popular Web sites. The virus-like infection tries to implant hacker software onto the computers of all Web site visitors.
Industry experts and the Homeland Security Department were studying the infection to determine how it spreads across Web sites and find adequate defenses against it.
'Users should be aware that any Web site, even those that may be trusted by the user, may be affected by this activity and thus contain potentially malicious code,' the government warned in one Internet alert.… "
http://www.chicagotribune.com/technology/sns-ap-internet-attack,1,905229.story
"Government and industry experts warned late Thursday of a mysterious, large-scale Internet attack against thousands of popular Web sites. The virus-like infection tries to implant hacker software onto the computers of all Web site visitors.
Industry experts and the Homeland Security Department were studying the infection to determine how it spreads across Web sites and find adequate defenses against it.
'Users should be aware that any Web site, even those that may be trusted by the user, may be affected by this activity and thus contain potentially malicious code,' the government warned in one Internet alert.… "
http://www.chicagotribune.com/technology/sns-ap-internet-attack,1,905229.story
Wednesday, June 23, 2004
Online Journalism Review article: States' Shield Laws Might Not Cover Online Journalists
States' Shield Laws Might Not Cover Online Journalists:
"The Internet has lowered the barriers to entry for publishers. This complicates the question of who qualifies as a journalist when it comes to laws designed to protect the confidentiality of sources. How inclusive should shield laws be? A test case for this murky issue has yet to emerge. First in a two-part series."
http://ojr.org/ojr/law/1086825172.php
"The Internet has lowered the barriers to entry for publishers. This complicates the question of who qualifies as a journalist when it comes to laws designed to protect the confidentiality of sources. How inclusive should shield laws be? A test case for this murky issue has yet to emerge. First in a two-part series."
http://ojr.org/ojr/law/1086825172.php
Online Journalism Review article: The Best (and Worst) Video Feeds Online
The Best (and Worst) Video Feeds Online:
"Video quality has improved, but it's still a struggle to find feeds on many news sites."
http://ojr.org/ojr/technology/1087947933.php
"Video quality has improved, but it's still a struggle to find feeds on many news sites."
http://ojr.org/ojr/technology/1087947933.php
Web Page Analyzer - free test speed, optimization, performance analysis, load test tool
Web Page Analyzer - free website speed test website optimization performance analysis faster web page download time load test webpage speed tool:
"Test your web site speed and improve website performance with our free web-based analyzer. Enter a URL below to calculate page size, composition, and page download time. The script calculates the size of individual elements and finds the total for each type of web page component. Based on these page characteristics the script then offers advice on how to improve page display time and website speed. The script incorporates best practices from HCI research into its recommendations."
http://www.websiteoptimization.com/services/analyze/
"Test your web site speed and improve website performance with our free web-based analyzer. Enter a URL below to calculate page size, composition, and page download time. The script calculates the size of individual elements and finds the total for each type of web page component. Based on these page characteristics the script then offers advice on how to improve page display time and website speed. The script incorporates best practices from HCI research into its recommendations."
http://www.websiteoptimization.com/services/analyze/
The real reason you should care about web standards
Design by Fire: The real reason you should care about web standards:
"The real reason you should care about web standards.
A well-written entry for a new, original reason why Web sites should be designed to follow Web standards. More and more corporate sites are making the move to standards "
http://www.designbyfire.com/000099.html
"The real reason you should care about web standards.
A well-written entry for a new, original reason why Web sites should be designed to follow Web standards. More and more corporate sites are making the move to standards "
http://www.designbyfire.com/000099.html
Monday, June 21, 2004
Dynamic Text Replacement: A List Apart
Dynamic Text Replacement: A List Apart:
"Text styling is the dull headache of web design. There are only a handful of fonts that are universally available, and sophisticated graphical effects are next to impossible using only standard CSS and HTML. Sticking with the traditional typefaces is smart for body text, but when it comes to our headings — short, attention-grabbing blocks of text — it would be nice to have some choice in the matter. We’ve become accustomed to this problem and we cope with it either by making the most of the few fonts we have, or by entirely replacing our heading-text with images.
Most sites that replace text with images do so using hand-made images, which isn’t so terrible when there are a set number of headings, but it quickly becomes unmanageable on a site that is updated several times per day. However the replacement is performed, each image needs to be bound to the text it is replacing. That binding usually manifests itself as an <img> tag, an embedded style sheet, or a custom id attribute. And over time, through layout changes and redesigns, that binding needs to be managed by someone.
We can forget all that nonsense. No more <img> or <span> tags, no more id attributes or wasted time in Photoshop, and no more messy CSS hacks. Using JavaScript and PHP, we can generate accessible image-headings using any font we like. And we don’t have to change the structure of our HTML or CSS at all.…"
http://www.alistapart.com/articles/dynatext/
"Text styling is the dull headache of web design. There are only a handful of fonts that are universally available, and sophisticated graphical effects are next to impossible using only standard CSS and HTML. Sticking with the traditional typefaces is smart for body text, but when it comes to our headings — short, attention-grabbing blocks of text — it would be nice to have some choice in the matter. We’ve become accustomed to this problem and we cope with it either by making the most of the few fonts we have, or by entirely replacing our heading-text with images.
Most sites that replace text with images do so using hand-made images, which isn’t so terrible when there are a set number of headings, but it quickly becomes unmanageable on a site that is updated several times per day. However the replacement is performed, each image needs to be bound to the text it is replacing. That binding usually manifests itself as an <img> tag, an embedded style sheet, or a custom id attribute. And over time, through layout changes and redesigns, that binding needs to be managed by someone.
We can forget all that nonsense. No more <img> or <span> tags, no more id attributes or wasted time in Photoshop, and no more messy CSS hacks. Using JavaScript and PHP, we can generate accessible image-headings using any font we like. And we don’t have to change the structure of our HTML or CSS at all.…"
http://www.alistapart.com/articles/dynatext/
Subscribe to:
Posts (Atom)
Posts
