Saturday, February 05, 2005

The Chargeback Challenge

By John Conde

“Nobody goes into business to lose money. You work hard for every penny, and every penny counts. To have that taken away from you months after a sale was completed is not only bad for business but extremely frustrating. Too many chargebacks usually spells doom for an online merchant.

The best tools for avoiding a chargeback are not available for online merchants. Retail-style businesses can perform certain actions that render them virtually bulletproof to chargebacks (they're still vulnerable, so don't be too envious just yet). They can either swipe the customer's credit card through a processing terminal or get a manual imprint of the card. Plus they can get a signature on that receipt at the time of sale. All of these methods verify that the customer, merchant, merchandise, and credit card were present and satisfactory at the time of sale. It's pretty hard to dispute that.

So what is an online merchant to do? Since giving up is not an option, education and prevention are an online merchant's best weapons. Having some basic policies and procedures in place can significantly reduce the number of chargebacks your business will receive. In this article, we will discuss the realities of chargebacks and identify some strategies that will lower your potential for needing to deal with them.

http://www.sitepoint.com/article/chargeback-challenge

Introduction to Browser-Specific CSS Hacks

By Trenton Moss

“More and more Web developers are ditching tables and coming round to the idea of using CSS to control the layouts of sites. And, given the many benefits of using CSS, such as quicker download time, improved accessibility and easier site management, why not?

The Problem with CSS

Historically, the main problem with using CSS has been a lack of browser support. This is no longer the case, as version 5 browsers, which all provide good support for CSS, now account for over 99% of the browsers in use.

The problem that remains is that browsers can sometimes interpret CSS commands in different ways, which fact alone causes many developers to throw their arms up in the air and switch back to pixel-perfect table layouts. Fear not, though! As you learn more about CSS, you'll gradually start to understand the different browser interpretations and realise that there aren't really that many -- and that, where necessary, their idiosyncrasies can be catered to using various workarounds or hacks.

How CSS Hacks Work

The way CSS hacks works is to send one CSS rule to the browser(s) you're trying to trick, and a second CSS rule that overrides the first command to the other browsers. If you have two CSS rules with identical selectors, the second CSS rule will almost always take precedence.

http://www.sitepoint.com/article/browser-specific-css-hacks

Kazaa's a drag at its own company

By Kristyn Maslog-Levis CNET News.com February 4, 2005, 7:14 AM PT

Employees at peer-to-peer provider Sharman Networks "hate" installing the company's own Kazaa software because it has ill effects on their computers, according to an internal document written by Sharman's chief technology officer.

The document, entitled "Kazaa Technology 2004" and written by Phil Morle, says that Sharman needs to be careful about installing too much adware on a computer upon the installation of Kazaa. The document is part of a bundle for which a request for confidentiality was rejected this week by Justice Murray Wilcox, the judge overseeing a copyright trial against Sharman in Australia.

The adware "slows down users' machines and can affect other activity such as browsing the Internet," Morle wrote. "We are also adding increasing p2p networks to the users' machines. These are good value to users but they use more resources and create confusion for users as to what resources they are sharing and where this can be controlled."

These two issues could be reasons why Kazaa manages to "lose users by over-stepping the mark," the document said, adding that the company should take into account how many employees at Sharman refuse to install the peer-to-peer software.

"Consider how many people that work for Sharman Networks and its partners that hate installing Kazaa on their machine," Morle wrote.”

http://news.zdnet.com/2100-3513_22-5563407.html


Triple worm attack

“Three nasty new worms are on the loose--all are designed to lower the victim's guard, then pounce.

MSN Messenger hit by double-whammy worm
The new Bropia offshoot, which uses MSN Messenger to spread, is packaged with a second, more damaging worm.
February 3, 2005

Saddam Hussein 'death' photos used as worm bait
Mass-mailing worm claims to offer photos that show Saddam Hussein killed after trying to escape from custody.
February 3, 2005

Worm uses funny face to distract from danger
Will a picture of an old man making a silly face keep you from noticing a Trojan being installed on your PC? Someone is hoping it will.
February 3, 2005”

http://news.zdnet.com/2100-1009_22-5562313.html?tag=nl.e589

Wednesday, February 02, 2005

Debunking the myth of style defaults

by Michael Meadhra

This article originally appeared in the Design & Usability Tactics newsletter. Click here to subscribe automatically. Free subscription required.

“There is no such thing as a totally unstyled Web document. Even if you don't link to an external CSS style sheet or add any embedded styles to the document, the page gets formatting information from the browser's built-in default style sheet. It's this built-in style sheet that establishes default formatting, such as the size and bolding of text marked up with the heading tags (h1 - h6) and the space above and below paragraphs.

Most Web builders take default styles for granted. They think of the formatting defaults as things that were standardized in the early days of the Web that will always remain the same. That's not entirely true. Although the default styles are generally quite similar in all the major browsers, there are some small (and not so small) differences in the default style sheets of the various browser brands and versions. These style sheet differences are responsible for a significant portion of the page-rendering inconsistencies between browsers.

That's the bad news. The good news is that you can do something about it.

http://techrepublic.com.com/5100-22_11-5435275.html?tag=em.e099.020105


Declare independence from tech support!

We recently ran a story on how to survive common technical-support nightmares, such as support reps who speak only eight words of English and 30-minute hold times. Our advice is all good, if I do say so, but I'm here today with an extreme, alternative perspective: Just say no to tech support. Go rogue. Secede from the union and run your own tech country, as it were.

I didn't realize it until recently, but I've been moving in this direction myself for years, dodging tech support whenever I can. After spending a few too many hours listening to synthesizer variations of "Song Sung Blue" during interminable holds, something in my limbic system must have finally switched from tech-support fight into tech-support flight. It's been working out great for me. I can't recommend that a tech novice (Hi, Mom!) follow this route, but I've found that building a support-free computing setup is actually rewarding, if you have the patience and the knack for it. So here's the plan:

Don't ask for trouble
Some products will need tech support, and some are much less likely to. Your task is to actively avoid the former and try to acquire the latter. For example, I'm in the market for a printer, in particular a networked, color all-in-one. I had my eyes on the HP OfficeJet 7410, to which we gave a good review to and that has all the features I want. But the user feedback on this printer is running two to one against, mostly because of an unwieldy software suite that many of CNET's users have said doesn't install correctly, necessitating calls to tech support. Others complain about finicky duplexers, leading to more of the same. I really want this printer, but I don't want the trouble. I'd rather give up some features than use a product that's going to force me onto the tech-support lines.


Monday's monster: Hold times from hell Tuesday's terror: The case of the techie who spoke no English
Wednesday's witch: Warranty woes Thursday's thriller: Attack of the data-eating support zombies
Friday's fiend: The user who fixed his own computer (and lived to tell the tale)

http://reviews-zdnet.com.com/AnchorDesk/
4520-7297_16-5636612.html?tag=adss&tag=nl.e501-2

MySQL worm hits Windows systems

“A worm that takes advantage of administrators' poor password choices has started spreading among database systems.

The malicious program, known as the "MySQL bot" or by the name of its executable code, SpoolCLL, infects computers running the Microsoft Windows operating system and open-source database known as MySQL, the Internet Storm Center said in an advisory published Thursday. Early indications suggest that more than 8,000 computers may be infected so far, said the group, which monitors network threats.

The worm gets initial access to a database machine by guessing the password of the system administrator, using a long list of common passwords. It then uses a flaw in MySQL to run another type of program, known as bot software, which then takes full control of the system.

Because it infects Windows systems running database software, the program resembles the Slammer worm, which spread widely nearly two years ago. However, unlike Slammer, a well-chosen password is protection against SpoolCLL, according to current analyses. The MySQL database is uncommon in Windows operating systems. That means only a small fraction of computers connected to the Internet could be compromised by the MySQL bot.

The flaw used by the worm to gain control of a vulnerable system was discovered in mid-2004, and code to take advantage of the flaw was published in late December. Known as the MySQL UDF Dynamic Libray flaw, the vulnerability occurs because the database software does not do adequate security checks on user-defined functions (UDFs). It's not clear whether the bug has been fixed. ”

http://news.zdnet.com/2100-1009-5553570.html?tag=nl.e550


Monday, January 31, 2005

Defeating Microsoft Windows XP SP2 Heap protection and DEP bypass

“In October 2004 it was discovered by MaxPatrol team that it is possible to defeat Microsoft® Windows® XP SP2 Heap protection and Data Execution Prevention mechanism. As a result it is possible to implement:
  1. Arbitrary memory region write access (smaller or equal to 1016 bytes)
  2. Arbitrary code execution
  3. DEP bypass.
Details are described in the article by our expert: PDF format, HTML format.


http://www.maxpatrol.com/ptmshorp.asp

Thinking Differently About Site Mapping and Navigation

“Visitors don’t necessarily care where something lives as long as they have no problem finding it. Via traditional navigation, that reflects (usually) a site map and it’s hierarchy, is only one way people can go through a site and frankly I feel that in most cases it’s pretty straightforward and, if anything, designers and stakeholders only complicate things by trying to make sure everything is ‘living comfortably.’

The site map is important, but not as important as addressing the paths that people follow through your site in their search for information. Another thing stakeholders tend to want to do is make sure content is prioritized. This is fine when talking about internal goals, and has some relevance when it comes to a site’s visitors, but…and this is a big but…when someone is looking for content that piece of content they’re currently looking for is the most important bit. I guess what I’m getting at is that as business goals shift, and audience and user needs change the value placed on different sections and groupings of content will change as well.

It’s pretty hard to create a hierarchical site map that adjusts in real time to shifting priorities, goals and needs—regardless of where the originate.

Shouldn’t more time be spent on addressing the user’s real needs? We should be helping them to find the information they’re looking for and giving them options to keep them on track when traditional navigation fails.

http://www.7nights.com/asterisk/archive/2005/01/
thinking-differently-about-site-mapping-and-navigation