free hit counter


My Links
Java J2EE Practise
Windows Tips
Windows XP Tips
Troubleshooting Tips
AMCP Tech Blog
Techno-Freek
Technology News Etc
Xtreme Hacking Tips
Showcase for New Blogs

Downloads
Click here to download latest softwares from Amazon.

Software

Thursday, March 17, 2005

Yahoo 360 takes spin through blogosphere

Yahoo is stepping into social networking and blogging, with a new service that promises to offer a simpler way to keep in touch with people.

Dubbed Yahoo 360, the new service is accepting invitation-only beta testers for now, the Sunnyvale, Calif.-based Web giant said Wednesday. The test will be opened to a broader audience on March 29.

Yahoo 360 combines a new blogging tool along with several longtime Yahoo products, including instant messaging, photo storage and sharing, and Internet radio. It also offers tools for sharing recommendations about places to eat, favorite movies, music and so on.


"It's really about keeping connected to people you know," said Julie Herendeen, vice president for network services at Yahoo. "Yahoo 360 allows consumers to conveniently connect with the people they care about by creating and sharing blogs, photos and other content across Yahoo."

Herendeen said Yahoo had no immediate plans to add advertising to the service. "We're focused on engaging people first," she said.

Yahoo's move comes as social networking and blogging draw increased interest from rivals, including Microsoft and Google.

Microsoft in December added a blog product for its MSN Web service, called MSN Spaces. Google, meanwhile, owns Web log service Blogger and social networking site Orkut.
Source: http://news.com.com/

Read more!

Google for Related Stuff:

Wednesday, March 09, 2005

DNS-Based Phishing Attacks on The Rise

Phishing fraudsters are using a pair of DNS exploits to help give them the illusion of credible domains, the latest ploy to dupe people into handing over their sensitive information.
According to research firm Netcraft, phishers have begun to use wildcard DNS records to help trick unsuspecting users into giving up information about their identity.

Wildcard DNS help users arrive at their intended Web destination by redirecting mistyped and/or errant addresses. But wildcard DNS has been used against Barclays Banks in the U.K with e-mail using an additional sequence of characters that ultimately leads the user to a phisher's site.

A similar type of attack vector specific to Microsoft Internet Explorer was reported last month by security researcher Bitlance Winter. In that attack, an identifiable URL also has a string of characters or additional domain information added that directs a user to a different address than the one they see in the visible toolbar.

The technique, known as DNS cache poisoning, is also being utilized by phishers in an attack know known as "pharming" where a poisoned DNS server redirects users to the phisher's Web site. The "poison" is essentially false DNS information that is injected into a vulnerable DNS server.

According to Netcraft, an attack this past Saturday exploited a known vulnerability in Symantec's firewall product. The firewall vulnerability had not been patched by Symantec last year. The Saturday attack redirected user requests from eBay, Google and weather.com to a trio of phisher-directed sites.

Dave Jevans, chairman of the Anti-Phishing Working Group, told internetnews.com that he has seen an increase in Wildcard DNS and DNS pharming attacks with several new ones this year targeting North American institutions.

"UK has seen an increase since December 2004," Jevans said. "Some of these attempt to implement man-in-the-middle attacks too."

The DNS system itself has been the subject of proposed enhancements like DNSsec to guarantee better security for users. DNSsec is short for DNS Security Extensions, which are supposed to include integrity and authentication checks to DNS data.

"DNS-sec has been in the works for some time, but not really rolled out except maybe at the Verisign root. Recent events are going to spur something here, I think," Jevans said.

DNSsec however won't necessarily stop all pharming activity though.

"Most pharming is using DNS poisoning at the personal PC level (eg. add entries to the local hosts file). Fixing DNS servers won't prevent this," Jevans explained. "Mutual authentication (possibly two-factor) would be a big help, however."

The APWG recently reported that phishing attacks rose by 42 percent from December 2004 to January 2005.

Read more!

Google for Related Stuff:

Sunday, March 06, 2005

Adding Persistent Searches to Gmail

As told by the creator....
Persistent searches (a.k.a. smart folders or saved searches) seem to be the feature du jour of email clients. Thunderbird has them, Evolution has them, and Mail.app soon will. On the other hand, Gmail is the web mail app to use. While one doesn't normally think of web apps as having such advanced power user features, it recently occurred to me that it should be possible to add persistent searches to Gmail:


If you haven't already, install the excellent greasemonkey Firefox extension.
Open up this user script (in Firefox).
From the "Tools" menu, select "Install User Script.." and confirm all of the various prompts.
Go to your Gmail account (some refreshing may be necessary).
There should now be a "Searches" box on the left size, below the "Labels" and "Invite a friend" ones.
Clicking on a search executes the saved query. To refresh result counts, click on the refresh icon in the upper right corner.
Use the "Edit searches" link to customize your persistent searches.
As a bonus feature, all threads now have a "Toggle font" link which switches the message font to a fixed size one - great for reading source code.
There are some caveats. Saved searches are stored in a cookie. This means that you cannot easily share them between computers. Ideally this could be remedied by storing the searches within Gmail itself (perhaps as a dummy contact or a special filter), but I'm not quite sure how to do that yet. Furthermore, result counts may not be accurate beyond a certain limit (e.g. Gmail itself reports "about 80" results when there are in fact 77). In general, the smaller the result size, the more accurate the search is.

The user script has a pretty straightforward implementation. It looks for the "Labels" box, and if it finds one, it inserts a "Searches" one. As previously mentioned, I store all the searches in a cookie. To actually perform a search, I created a an XMLHttpRequest object and use it to fetch the search results for each saved search. The response contains in it the total number of messages that matched the query. It would've been nice to use the DOM (and then a JavaScript eval()) to parse it, but this turned out to be more difficult than expected (XMLHttpRequest only provides a parsed DOM for XML documents).

Rather than specifying all of the CSS properties inline or via the JavaScript style object, an approach which separated appearance from structure was used. Effectively, a style sheet was embedded into the user script and inserted upon initialization. This style sheet was also used for the toggling of the font (the message body always appears to be in a <div> of class mb). It also has the advantage of making the script self-contained, since it doesn't depend on an external CSS file. Also for the same goal of encapsulation, the font toggling icon was embedded in the script itself via a data: URL (generated with hixie's tool).

Read more!

Google for Related Stuff: