Feeds:
Posts
Comments

Posts Tagged ‘Online’

By JORDAN ROBERTSON, AP Technology Writer Wed Aug 27, 5:16 PM ET

SAN FRANCISCO – Intercepting Internet traffic, and spying on the communication between two computers, is a gold mine for hackers. Now Carnegie Mellon University researchers hope software they’ve built will make it harder for criminals to hit that jackpot.

The software, a free download for use with latest version of the Firefox Web browser, creates an additional way for people to verify whether the site they’re trying to visit is authentic.

Most browsers already alert users when a site appears bogus. One way is by warning that a site that claims to be equipped to handle confidential information securely hasn’t been verified by a third party, like VeriSign Inc. or GoDaddy.com Inc. Those are two of many companies that sell so-called Secure Sockets Layer certificates, which generate the padlock icon in the address bar.

The problem, the Carnegie Mellon researchers say, is that many people are perplexed about how to proceed once they get one of those warnings about a bad certificate.

Some click through, going on to malicious sites that steal their personal information, while others retreat, skipping over harmless sites that used less expensive, “self-signed” certificates.

So the researchers — David Andersen, Adrian Perrig and Dan Wendlandt — created a program that performs a novel extra step. It can tap into a network of publicly accessible servers that have been programmed to ping Web sites and record changes in the encryption keys they use to secure data.

Any discrepancy can be a sign that hackers are rerouting traffic through machines under their control, a pernicious type of attack known as a “man in the middle.”

As a result, the new program either overrides the security warning if a site is deemed legitimate, or throws up another warning if the subsequent probes reveal more red flags.

___

On the Net:

Carnegie Mellon researchers’ site:

http://tinyurl.com/6cblaz

Read Full Post »

Shopping offline
Air was code-named “apollo” during its development


Adobe has launched software designed to make it easier for computer users to use online applications offline. Adobe Air allows developers to build tools that still have some functionality even when a computer is no longer connected to the net.

A free download will allow users of Macs, PCs and, later this year, Linux machines to run any Air applications.

The first programs that use the technology, developed by web sites such as eBay, have already been released.

“Air is going to allow applications that run on the web today – that run in the browser – to be brought down to the desktop,” Andrew Shorten, platform evangelist at Adobe told BBC News.

“It’s about taking existing web applications and adding extra functionality whether you want to work offline or whether you want to access data on your disk.”

Seamless vision

Mr Shorten said that the technology is not about replacing the web browser.

eBay

Many firms have already developed Air applications

“It’s about delivering the best experience depending on where you are and what you need to get from the application, ” he said.

“If I’m on the road with my laptop maybe I want to use the desktop version of my application. If I pop into an internet cafe I can still access it through the browser.”

The software is part of a growing number of technologies that aim to make the transition between the on and offline worlds seamless.

In 2006, Microsoft unveiled its Silverlight technology. And last year Google launched Gears.

The tool does not allow the creation of new content but does allow web applications to be used offline.

For example, the developers of the free online office package Zoho use Gears to give users similar functionality to normal desktop office programs.

The nice thing about it is that it works on all the different platforms
John O’Donovan
BBC

Similarly, Adobe is looking into provide Air versions of many of its popular programs such as Photoshop.

A host of other companies and web services have already built Air applications.

For example, Ebay has built a program that allows users to do much of the legwork required in setting up auctions offline. The next time the user connects to the internet the listing would be posted to the website.

The application also allows users to keep up to date with auctions and bids without the need to have a browser open at the eBay page.

Blurred boundary

The BBC is also building prototype applications with AIR.

“The nice thing about it is that it works on all the different platforms – Mac, PC and eventually Linux,” said John O’Donovan, chief architect in the BBC’s Future Media and Technology Journalism division.

The corporation is currently building prototype versions of several applications such as the news ticker, which displays headlines on a desktop, and mini Motty, which provides desktop football commentary.

The current versions of the programs only work on PCs.

Other programs exploit Air’s ability to access both web content and files on a computer’s disk.

For example, the web-version of Finetunes allows users to stream music over the internet

“If you install the Air version on your desktop it can also look at what you have in your iTunes library and then suggest music based on what it finds,” explained Mr Shorten.

“So it’s really taking the essence of what works on the web, brining it to the desktop and then making it more personal to you.”

Some commentators have pointed out that the ability for an application to delve between the web and a computer’s hard drive raises security implications.

“Our advice would be to only install applications from sources that you trust,” said Mr Shorten.


Read Full Post »

By Kate Holton 

LONDON (Reuters) – “Lavenderblu” was a young girl when she got her first taste of domestic violence. After suffering at the hands of her father and witnessing repeated attacks on her mother, she ended up in a violent relationship of her own before finally managing to leave and find refuge with a women’s support group.

Now, at age 40, she is one of many mentors on the new social network Horsesmouth (www.horsesmouth.co.uk) which has been set up to connect mentors with those who are looking for advice.

Launched only about a month ago, the site already has over 20,000 users and offers up mentors to discuss a wide variety of topics, form how to set up a business to how it feels to wear the Muslim hijab for the first time.

In launching the service, the site’s creator, MT Rainey, set out to bring a sense of public purpose to the whole Web 2.0 phenomenon, which allows users to contribute their own content to the Internet.

“No one was creating a social network for a public benefit or for the public good,” she told Reuters in an interview. “I wanted to create somewhere that was safe and somewhere that was fit for purpose, for meaningful interchanges online.

“If you’ve accomplished something, if you’ve been through something and if you’ve got over something, then you have wisdom,” added Rainey, who previously worked in advertising.

She said that people going through a difficult process need to talk, often to someone familiar with the situation, who has been in their shoes before.

“I found that people wanted to give something back,” Rainey said. “You don’t have to be middle-aged or retired to feel that way.”

The Horsesmouth is one of many mentoring sites to spring up recently and the phenomenon could become more important as once-powerful traditional bodies such as the church or unions start to lose their sway in certain countries.

“Physical geographic communities are breaking down and people through the Web are creating communities of interest,” Rainey said.

A HELPING HAND

In the creative industries such as music, advertising, media and the arts, many are turning to the new social network set up by The Hospital Club group.

The private club opened in 2003 in a former London hospital and was based on the vision of musician Dave Stewart, who wanted a “creative melting pot” in the centre of the British capital where members could give something back to the industry.

Five years on, it has also launched a social network at thehospitalclub.com, where users from those industries can post ideas, blogs and their work to communicate with others on the site.

“The key was to create a low pressure environment where people could interact with one another based on their own expertise … and where it is acceptable to approach people to ask for assistance,” said David Marrinan-Hayes, the club’s online manager.

He said the site would allow those entering the industry to post profiles and examples of their work online, meaning the potential mentor would be able to make a qualified decision on whether to provide advice or not.

“Also, we often find that people … need different pieces of advice from a number of different people,” he said.

“For a musician, they could need production advice or legal advice or marketing advice, and that very often doesn’t come from the same person. So three or four people could work together and we’re trying to create a space to manage that whole process.”

There is no charge for using Horsesmouth and TheHospitalClub, but some other mentoring sites like Imantri (www.imantri.com) offer a choice as to whether you pay for the mentor or not.

Other sites offering mentors or advice include American-based score.org, micromentor.org and the business network linkedin.com.

Like Horsesmouth, Marrinan-Hayes said people were happy to help and impart their knowledge. And it can be rewarding for both sides.

“It just makes them feel good,” he said. “They feel like they have something to contribute.”

(Reporting by Kate Holton; editing by Gunna Dickson)

Read Full Post »

Internet law professor Michael Geist examines the shift from locking down content to locking down the network.

A padlock and key

ISPs are increasingly adding content filtering software to their networks

As digital technologies and the Internet began to emerge in the mid-1990s, many content companies responded by betting on the ability of technological protection measures to re-assert the control that was rapidly slipping from their grasp.

The vision of control through technology required considerable coordination – the insertion of encryption on content distributed to consumers, cooperation from electronics makers to respect the technological limitations within their products, and new legal provisions to prohibit attempts to pick the new digital locks.

A decade later, the strategy lies in tatters. Many content owners have dropped digital locks after alienating disgruntled consumers fed up with their inability to freely use their personal property.

Electronics manufacturers have similarly rebelled, frustrated at the imposition of artificial limitations that constrain their products and profitability.

To top it off, the US architect of the legal strategy last year acknowledged that the legislative initiatives to support the digital lock approach have failed.

Network police

Prof Michael Geist (Michael Geist)
Large US ISPs such as AT&T have inexplicably promised to develop new content filters on their networks.
Michael Geist

In recent months, a new strategy has begun to emerge. With the industry gradually admitting that locking down content does not work, it has now dangerously shifted toward locking down the Internet.

The Internet locks approach envisions requiring Internet service providers to install filtering and content monitoring technologies within their networks.

ISPs would then become private network police, actively monitoring for content that might infringe copyright and stopping it from reaching subscribers’ computers.

The support for locking down the Internet revives an old debate – the appropriate role and responsibility of ISPs for the activities that take place on their networks.

French filtering

Nicolas Sarkozy, French president

French president has plans for country-wide ISP filtering

As the content owners were promoting legal protection for digital locks in the 1990s, the ISPs were supporting legal frameworks that treated them as the equivalent of common carriers that transferred data across their networks without regard for the content itself.

While that approach ensured that ISPs did not take an active role in monitoring or filtering Internet-based activity, the recent move toward a two-tiered Internet – one in which the ISPs themselves dream of distinguishing between different content as a new revenue source – revived the notion that ISPs could be called upon to play a more active role in monitoring and blocking content.

With content owners frustrated at the failure of digital locks, last year they seized on this by renewing their focus on the role of the ISP. This movement has been most prominent in Europe, where last summer a Belgian court ordered an ISP to block access to a site alleged to contain copyright infringing materials.

More recently, French President Nicolas Sarkozy unveiled a plan that would mandate country-wide ISP filtering of copyright infringing content.

Although a similar pan-European proposal was defeated earlier this month, few believe that the issue is dead, particularly given the International Federation of the Phonographic Industry’s claim last Thursday that 2008 will be the year of greater ISP responsibility.

Content filtering plans have also begun to emerge in North America. Large US ISPs such as AT&T have inexplicably promised to develop new content filters on their networks and are discussing an implementation plan with content owners.

In Canada, some cultural groups are openly eyeing content filters as a mechanism to adapt Canadian content rules to the online environment, while others have expressed strong support for legal rules that force ISPs to accept heightened “responsibility” for the conduct of their subscribers.

In light of this pressure, some fear that mandatory content blocking could sneak into domestic legislation, despite the likelihood that such laws would face free speech challenges and run the risk of creating a locked-down, censored Internet.


Michael Geist holds the Canada Research Chair in Internet and E-commerce Law at the University of Ottawa, Faculty of Law. He can be reached at mgeist@uottawa.ca or online at http://www.michaelgeist.ca.

Read Full Post »

Erik Larkin, PC World 

If last November you googled one of thousands of innocuous and common search terms, such as “Microsoft excel to access” or “how to teach your dogs to fetch,” you were in line for an Internet attack that infects PCs with spam senders, password stealers, and other kinds of nasty malware.

Beginning on November 24 and continuing for less than a week, bad guys loaded up more than 40,000 Web pages with malicious software and thousands of common search terms. They then employed an automated network of malware-infected computers–known as a botnet–to link to those sites in blog-comment spam and other places. The mentions elevated the position of the poisoned sites in search results, often to the first page.

Click Here for Free Attack

The malicious sites had no useful information. Instead, a simple click on a link to such a site in the search results was enough to launch attacks against your PC. If the attack found any of a number of vulnerabilities in a range of programs, it would load.

“This was a massive wave,” says Alex Eckelberry, president and CEO of security firm Sunbelt Software.

The attack marks a new level of sophistication, using multiple techniques to raise site visibility in search results and deliver malware to a mass audience.

Sunbelt researcher Adam Thomas happened upon the attack when he ran a search of “netgear ProSafe DD-WRT” for router firmware. His trained eye saw a suspicious-looking result on the first page. More research and digging on other phrases turned up the vast array of attack sites.

None of the sites from this wave, or a smaller follow-up group, appear now on Google, and Eckelberry and other experts believe the search giant has blocked those specific domains. But Google isn’t saying what it did to stop this attack, or whether measures are in place to halt a recurrence.

Game On: Google Bombed

This massive attack had three notable features that point to the sophistication and planning behind it. The first is the culprits’ use of botnets to push a dark form of SEO (search-engine optimization), called a “Google bomb,” to boost their sites’ Google rankings.

“They did an extraordinary job optimizing the search results using the bots,” Eckelberry says.

Second, the poisoned sites carried JavaScript code on their pages designed to stop visitors coming via other search engines from being attacked–only visitors who came through a Google search were hit.

“[This trick was a] way of flipping the finger at Google,” says Eckelberry. Experts don’t know the motive behind directing the attacks at Google users, but online crooks have targeted specific sites and companies in the past when they felt threatened. Google recently launched an online form for reporting a site that Web users believe might contain malware.

Third, the manipulated pages carried code that kept the attack sites from appearing in results if the entered search term included certain expressions that security researchers commonly use. For example, Eckelberry had recently written about using “inurl” and “site,” two of the singled-out terms.

Despite Google’s steps to eliminate the impact of comment spam on its search result rankings, the use of SEO techniques is growing in the online criminal underground. And bad guys don’t employ the trick just to infect people’s PCs. WhiteHat Security chief Jeremiah Grossman says that whoever hacked Al Gore’s Web site recently added a link that could be seen only in the site’s source code.

The link, which pointed to an online pharmacy site, was designed to give the drug site more relevance. Grossman says that, according to underground contacts, the top result for “buy Viagra online” is worth about $50,000 a month.

How to Search Safely

Though this attack was crafty and effective, security experts say there’s no need to stop using Google, as long as you take some precautions. Most important: Keep your software patched and up-to-date. The attack sites used a programming kit called the “404 exploit framework,” which hits known software vulnerabilities, says Roger Thompson, president of security software maker Exploit Prevention Labs. You can close most of the targeted holes by enabling the automatic-update features for Microsoft Windows, Mozilla Firefox, Apple QuickTime, and other critical software, but you should also update to the latest version of WinZip, a targeted program that doesn’t have an auto-update feature.

And don’t let your guard down just because your software is current. Attack sites will often employ social-engineering tricks when they can’t worm into your PC through software holes. On its blog, Sunbelt provides an image of a common attack pop-up that attempts to trick you into installing a fake video codec that then tries to exploit a vulnerable PC. Your sharp eye can also catch many of these bogus results before you click. Watch for seemingly garbled text such as “vpn passthrough sting maphack light Motorola” in the text snippet shown for each search result. If the listing is for an oddly named page such as “leuwusxrijke.cn/769.html,” it could very well be a land mine.

Free downloads such as McAfee‘s SiteAdvisor and Exploit Prevention Labs’ LinkScanner Lite identify potentially dangerous search results with small icons. And the leading commercial security software suites offer browser protection. Keep a close eye on what you click on, too, and you’ll keep search paranoia at bay, as Eckelberry has. “I’m a Google fanatic,” he says. “I haven’t stopped using Google because of this.”

Read Full Post »

By AMANDA FEHD, Associated Press Writer 

SAN FRANCISCO – EBay Inc. said Tuesday it will cut by up to 50 percent the fees it charges sellers to list their goods online, in an effort to boost listings and keep pace with other burgeoning e-commerce sites.

To balance the fee cut, the company plans to increase its commission on items that do sell, a method the company says sellers prefer because it lowers their risk if items do not sell.

The greatest fee increase will come for goods selling for less than $25. EBay‘s fee for those transactions will rise 67 percent, to 8.75 percent of the final sale price.

“A majority of sellers will see their fees go down,” said company spokesman Usher Lieberman. “We are basing our success on their success and we want to encourage sellers to list more items with us.”

The new fee structure, announced to a gathering of 200 of eBay’s top North American sellers in Washington, goes into effect Feb. 20 in the United States. More pricing changes are coming shortly in the United Kingdom and Germany.

EBay has struggled with flattening growth in recent years and a temporary drop in the number of items for sale on its site.

Listings on eBay’s various sites in the fourth quarter rose 4 percent, reversing two straight quarters of declines, the company reported last week. The number of people actively using the site has also stagnated, rising just 2 percent from a year ago.

The online auctioneer has faced increasing competition from other e-commerce sites such as Amazon.com, which does not charge a listing fee.

EBay’s various fees have long been a point of contention for its sellers, which range from mom-and-pop vendors to online stores with large inventories.

The changes come as longtime chief executive Meg Whitman announced she would retire at the end of March. Incoming CEO John Donahoe, president of eBay Marketplaces, which encompasses its shopping sites and classifieds, has said he will aggressively change eBay’s product, customer approach and business model.

Along with changes to the fee structure, eBay said it will change how sellers show up on customer searches. Those with high rates of customer dissatisfaction will get lower exposure in a search, the company said.

Read Full Post »

By ANICK JESDANUN, AP Internet Writer

NEW YORK – To plan an upcoming hike in the Alps, John Higham scoured scores of photos plotted along his route on a digital map for clues to the steepness of trails and the availability of accommodations or camp sites.These images were just like all the other vacation photos shared by travelers and amateur photographers, except they’d been tagged with location information in an emerging practice known as “geotagging.”

This screenshot from SmugMug.com shows photos from John Higham's round-the-world trip tagged by location on the photo-sharing site. The pins on the world map show the location where some his photos were made; the featured one is from China's Great Wall and is tagged to the spot on the map for Beijing. (AP Photo/SmugMug.com, John Hingham)AP Photo: This screenshot from SmugMug.com shows photos from John Higham’s round-the-world trip tagged by location on…

Armed with such data, Higham didn’t have to search endless combinations of keywords and guess how photographers would describe images in captions. By zooming in on the map, he could easily find geotagged photos along the Via Alpina and gain a fresh perspective.

“I do like to see a place before I go and study more about it,” said Higham, 47, of Mountain View, Calif. “This affords me a way of seeing not just a map or satellite image but the landscape of where I want to go.”

That’s just one of the growing number of uses for geotagging, which is largely practiced by tech-savvy and professional photographers but is likely to expand. Global positioning is becoming omnipresent as more cell phones and digital cameras have built-in GPS support.

“It’s something that will become integral to the way digital imaging works,” said Aimee Baldridge, a New York-based writer and photographer who tracks trends with digital imaging. “I think it’s definitely headed for the mainstream.”

If a picture is worth a thousand words, a picture with geotagging can add a few hundred more.

Now, naturalists can map their bird sightings or chart out seal populations. Archaeologists can mark where they unearth artifacts. Travelers can wow family and friends and bring life to slideshows.

“When you add a map to a presentation, you’ve added another dimension, especially if you say, `I took this great trip to China, and it was 5,000 miles over the course of a month’ and they see a route,” said Andy Williams, general manager with the photo-sharing site SmugMug Inc.

Higham has used geotagging to help friends and family track his yearlong journey around the world and a rafting trip later down the Colorado River.

For paintball competitions, Mitch Richardson of Salt Lake City geotags photos of an abandoned mining town nearby — he can mark places to hide and hazards to avoid on a map.

Typically, a photographer carries a standard GPS device that records location and altitude data every few seconds. That information then is matched with the time stamp on photos, using software like Pretek Inc.’s RoboGEO.

Devices that already support geotagging include some GPS-enabled camera phones from Sprint Nextel Corp. and a newly unveiled gadget from Pharos Science & Applications Inc. High-end cameras from Nikon Corp. and Ricoh Co. can directly connect to GPS devices, while the upcoming PhotoFinder from ATP Electronics Inc. will write GPS information directly on a camera’s memory card.

And photo-sharing services like SmugMug, Google Inc.‘s Picasa and Panoramio and Yahoo Inc.‘s Flickr let you manually add photos to a map. Zoom in to New York’s Central Park, for instance, to find individual photos taken at Strawberry Fields and other landmarks.

Google, meanwhile, extended geotagging to its YouTube video-sharing site last summer.

Professional aerial photographer Allan Goldstein gave up selling archival images from the Chicago area years ago, finding specific photos too cumbersome to locate on demand. He started the business again in October after discovering he could simply tag each image with its GPS coordinates.

But relatively few photos are posted with location information yet — Flickr estimates 5 percent.

There are privacy considerations, and the failure of satellite-dependent GPS to work reliably indoors. Also complicating matters is the fact that GPS devices tag the location of the photographer, while the landmark being photographed could be miles away (British entrepreneur Richard Jelbert attempts to solve that by embedding a compass that can help calculate the landmark’s actual location.)

But most importantly, geotagging still typically involves carrying an extra gadget and fiddling with software on a computer back home.

John Hanke, director of product management for geolocation services at Google, said he expects more camera manufacturers to include GPS this year and make it less cumbersome.

Dan Catt, senior software engineer with Flickr, sees huge potential as more people become aware of GPS and geotagging.

“That mainly comes down to GPS devices in cars and mobile phones raising people’s awareness of location-based services,” he said. “It wasn’t really in people’s consciousness even a year ago. … We’re very much at the beginnings.”

___

On the Net:

Geotagged photos on Flickr: http://www.flickr.com/map

Geotagged photos on Panoramio: http://www.panoramio.com/map

Geotagged photos on SmugMug: http://maps.smugmug.com

Jelbert’s geotagging site: http://picturemystreet.com

Read Full Post »

Older Posts »