free hit counter


My Links
Java J2EE Practise
Windows Tips
Windows XP Tips
Troubleshooting Tips
AMCP Tech Blog
Techno-Freek
Technology News Etc
Xtreme Hacking Tips
Showcase for New Blogs
Downloads
Click here to download latest softwares from Amazon.

Software

Thursday, November 24, 2005

How Google ranks its Websites

Lorelle on WordPress » Secret Out - How Google Ranks Websites explains what Google uses to rank your website on their search engine, according to their patent made public back in March.

Read more!

Google for Related Stuff:

posted by sikandar at 10:00 PM 0 comments

Wednesday, November 23, 2005

Trusted Download Program: Certified Non-Invasive Software

The Trusted Download Program is backed by America Online, Yahoo, CNET Networks, Verizon and Computer Associates. The program is set to begin early next year in a trial version, when the Internet partners will get access to a list of applications certified by online privacy watchdog group Truste, according to a statement from the companies. (CNET Networks is the parent company of CNET News.com.)

Spyware and adware have become widely despised for sneaky distribution tactics, unauthorized data gathering, the eating-up of computer processing power and other annoyances. Although adware makers say there are legitimate uses for their programs, an entire anti-spyware market has been spawned to combat the often unwanted software.

The Trusted Download Program won't blacklist adware or spyware. Instead, to be certified, makers of the software have to clearly communicate what their product does. The consumer then has to consent prior to download and again when installing the software.

For example, software that displays advertisements or tracks user behavior must disclose what type of ads will be displayed and what information will be tracked, according to the statement. The disclosure must also include which user settings may be altered, and must obtain consent for the download.

Furthermore, easy instructions to uninstall the software must be provided and displayed ads must be labeled with the name of the ad-serving software.

A "whitelist" of approved applications will be provided to the program sponsors, who can use it to make decisions about advertising, partnering or distributing software, according to the statement. Truste already certifies and monitors Web site privacy and e-mail practices.

Read more!

Google for Related Stuff:

posted by sikandar at 10:43 PM 2 comments

Friday, November 18, 2005

Exploit code targets unpatched Windows flaw

Hackers have developed proof-of-concept code that attempts to take advantage of an unpatched Windows vulnerability to crash systems, Microsoft warned yesterday. Fortunately the risk of attack is low.

The experimental code shows it's possible to knock over machines running Windows XP SP1 and Windows 2000 SP4 in certain configurations by taking advantage of flaws in Windows memory allocation functions. This vulnerability manifests itself when a malformed request is made to the UPnP service in the data section of a call to the GetDeviceList function. In handling this request, memory consumption on vulnerable Windows boxes increase to the point where the system becomes unresponsive. Repeated requests can therefore be used to mount denial of service attacks.

Attacks on Windows XP SP1 would rely on having user authentication, reducing the scope for mischief by remote hackers. Microsoft users running Windows XP Service Pack 2, Windows Server 2003 and Windows Server 2003 Service Pack 1 are not affected by the vulnerability. Win 2000 shops are most at risk but providing systems are properly firewalled then attacks should fail.
Irresponsible disclosure?

Normally the arrival of proof-of-concept illustrates weaknesses that might subsequently by used by hackers for more malign purposes. In this case, however, the attack approach is not especially successful in slowing down systems to a crawl much less as a means to infect vulnerable machines with hostile code. This is a denial of service only risk and the real interest (except to people interested in revisiting the long-running debate about the responsible disclosure of security bugs) is that it is based on an unpatched vulnerability.

Winny Thomas of Nevis Labs in India, the security researcher who developed the proof-of-concept code, readily concedes the Windows RPC memory allocation remote denial of service exploit he highlights is only a moderate risk. Microsoft is yet to develop a security fix. It criticises Thomas of publicising details of the flaw through FrSIRT, a full disclosure web site, instead of submitting it to Microsoft directly first. ®

Read more!

Google for Related Stuff:

posted by sikandar at 9:41 PM 2 comments