Category: Web

PayPal could resort to an outright ban of Web browsers that it considers to be old and vulnerable from using its services. Some of the key criteria appears to be the support of the relatively new EV SSL (Extended Validation Secure Sockets Layer) standard as well as some form of anti-phishing protection.

PayPal Chief Information Security Officer Michael Barrett noted:

“In our view, letting users view the PayPal site on one of these [unapproved] browsers is equal to a car manufacturer allowing drivers to buy one of their vehicles without seat belts… At PayPal, we are in the process of reimplementing controls which will first warn our customers when logging in to PayPal of those browsers that we consider unsafe. Later, we plan on blocking customers from accessing the site from the most unsafe—usually the oldest—browsers,” he declared.

EV Certificates are still unproven as it is, though the emphasis is probably on how the green URL bar of an authenticated site will offer a visual cue that users are indeed on the right site.

Both Firefox and Opera have announced their intention to support EV SSL in upcoming releases. There has been no word though, from Apple regarding its Safari Web browser — which has been criticized by PayPal in the past for “lagging behind what it needs to do to protect its customers.” Safari in its current state offers no anti-phishing protection. Left in the quandary would also be the scores of mobile-based Web browser.

Most TechRepublic members will not have any problems, since they are Firefox users, according to our poll on favorite Web browsers just last week. Do you reckon that EV SSL is a step in the right direction, or just another dumbing-down layer waiting for the next phishing hack?

At the same time, I also wonder just how many companies enforce Web browser options for either usability or security reasons.

The good folks over at Ars Technica decided to check out Safari 3.1 for new goodness fresh out from Mac-land. Their verdict? They were blown away with the improvements since Safari 3.0.

The chief kudos here appears to be with that Safari 3.1 brings in support for CSS Web fonts and animations, as well as improving on existing support for SVG and HTML 5. Performance improvements rolled into this release certainly did not hurt, but standards compliance is where it really shines.

Excerpt from Ars Technica:

Standards compliance is impressive. Safari 3.1 scores a 75 on Acid 3, compared with a 53 on Firefox 2.0.0.12, 40 on Opera, and a paltry 12 on IE7 (I only looked at official releases, not betas; Safari on the Mac also scores a 75). Apart from sites using ActiveX and other browser-specific tech (like WM DRM), I had no trouble using sites in my normal browsing rotation, either. I had no trouble accessing American Express, Gmail, Citbank, Yahoo Mail, Digg, etc.

However, some users have complained of repeated crashes of Safari 3.1 on Windows. It does not seem to afflict everyone though, so it might be an issue that afflicts users of certain hardware or software configurations only.

On a separate note, Mozilla’s chief executive, John Lilly, has hit out at Apple for including its Safari browser as a default add-on installation in an update for its popular iTune software.

 Loading ...

So which is your favorite Web browser on Windows?

——————————————————————————–

Stay on top of the latest tech news

Get this news story and many more by subscribing to our free IT News Digest newsletter, delivered each weekday. Automatically sign up today!

BitTorrent, the peer-to-peer file sharing protocol, and its implementation software have received much ire from the content creation industries. However, there are certain fundamental aspects underlying this technology that could solve many issues relating to computing on a wide scale.

The IT department at INHOLLAND University used the BitTorrent protocol for dropping 22TB of patches on 6500 PCs in four hours. The gargantuan amount of downloads aside, that task used to take almost two dozen servers four days in the past.

An excerpt from Ars Technica:

Leo Blom of ITeleo, who came up with the idea of using BitTorrent, told Ars, “Let me put it this way: if INHOLLAND wants to migrate to Windows Vista, they only have to send out an image through BT. All 6,500 desktops can be migrated overnight in two hours’ time—with one push of a button. It’s a real migration killer. Migration used to mean a lengthy and trying process. At INHOLLAND, we took a different approach.”

Bandwidth was an abundant resource when most of the content on the Web was textual. Now, with the proliferation of media, ISPs are facing the pressure and are also demanding pricing schemes that take the data usage patterns into consideration.

Peer-to-peer networks are finding application in making Wi-Fi networks free for Internet access on a voluntary basis.

Perhaps applying the P2P protocols for applications, such as the ones mentioned above, can optimize the usage of bandwidth on a wider scale. Is it not time to ponder the legal applications of BitTorrent?

Goolag Scanner is a Web auditing tool released by the hacker group Cult of Dead Cows. The tool uses the prowess of the search engine to surface vulnerabilities on Web sites.

A quote from the cDc Web site:

“It’s no big secret that the Web is the platform,” said cDc spokesmodel Oxblood Ruffin. “And this platform pretty much sucks from a security perspective. Goolag Scanner provides one more tool for Web site owners to patch up their online properties.

The hacker group has been famous for its Back Orifice (a pun on Microsoft’s BackOffice Server) software — a tool that grays the line between legitimate network administration and hacking cracking.

There have been several security and auditing tools in the market, but it is also a fact that the Web as a platform is not the most secure of architectures. Having started its life in research labs focused on document sharing among academics, security may not have been the first thing on the minds of the architects who laid the foundation for networking technologies.

Goolag is open source and comes as a standalone application with GUI. You can read the specifications here.

And tools such as Goolag will be a wake up call to security administrators to take a close look at their own sites — before someone else does. How are you preparing to face (or brace) the security scanner?

More information:

• Goolag tool lets Google aid hackers (PC World)
• Hackers launch Goolag : A google vulnerability scanner (Search Engine Land)

——————————————————————————–

Stay on top of the latest tech news

Get this news story and many more by subscribing to our free IT News Digest newsletter, delivered each weekday. Automatically sign up today!

The Coalition Against Domain Name Abuse (CADNA) has released a white paper this week on the practice of “Drop-catching,” which refers to the process whereby a domain name has expired, is released again into the pool of available names, and immediately is registered by another individual.

Here are some really interesting facts, as reported on Website Magazine:

• CADNA tracked 17,000 randomly selected Dot-ORG, Dot-COM, and Dot-NET domain names after their scheduled expiration on September 18th, 2007, and found that 100% of the Dot-COM and Dot-NET domains were instantly registered after they were released.
• 39.8% of Dot-COMs and 32.2% of Dot-NETs were added and dropped again throughout the study via a practice known as kiting. The initial registration of all expiring domains and the subsequent domain tasting and kiting that occurred points to a willingness on the part of drop-catchers to continuously register domain names since they can be repeatedly tested and easily returned with no monetary penalty.
• The results also show that 87% of Dot-COM drop-catchers use the domain names for pay-per-click (PPC) sites. They have no interest in these domain names other than leveraging them to post PPC ads and turn a profit…

You can view the full report here. (pdf)

If anything, let this be a gentle reminder to be diligent when it comes to renewing your company’s domain name. You don’t want your domain snatched due to your forgetfulness!

Timing it with CES 2008, SpaceTime 3D browser v1.0 was officially launched in Las Vegas.

An excerpt from Bizreport:

While this tool is great for users, advertisers could also benefit from the changes made in the 3-D offering. Because users can navigate more simply and can save results for future viewing, it stands to reason that ads viewed in the space - whether paid search, display or video ads - will also results in a higher engagement level.

The 3D browser allows for viewing the pages in a 3D environment as a stack. The browser made its appearance last year.

Industry analysts found no immediate reason for the adoption of the browser, but it will interesting to see whether it can significantly change the Web UI from mobile devices.

The browser is available for free download.

More information:

3-D Web Browsing Gets More ‘Reel’ (InternetNews)

CES 2008: SpaceTime swizzy 3D web browser (Tech Digest)

Domain registrar Network Solutions has been caught front running domain names. Domain names searched via its whois tool are immediately locked, preventing the customer from acquiring the domain from other registrars. The domain name is automatically released if no purchases are made from Network Solutions after five days.

The Vice President of Policy at Network Solutions, Jonathan Nevett, has responded. Rather than reassure, the explanation confirms its unpalatable practice:

After the search ends, we will put the domain name on reserve. During this reservation period, the name is not active and we do not monetize the traffic on these domains. If a customer searches for the domain again during the next 4 days at networksolutions.com, the domain will be available to register. If the domain name is not purchased within 4 days, it will be released back to the registry and will be generally available for registration.

The irony here is that Network Solutions excuses its actions to its desire to “protect” its customers from front running:

This protection measure provides our customers the opportunity to register domains they have previously searched without the fear that the name will be already taken through Front Running.

What is your opinion of this entire snafus?

Early next year, Adobe systems will release the source of its data and messaging framework to further the adoption of rich Internet applications. Christened as BlazeDS, the product will be available under the lesser General Public License (GPL).

An excerpt from News.com:

Called BlazeDS, the software is a subset of Adobe’s full-featured LiveCycle Data Services ES, which it will continue to sell to its corporate customers.

The software is not meant to replace other messaging products, such as enterprise service buses, Costa said. Instead, it can get data from messaging software to move data between databases or enterprise applications and Flash clients, he said.

In addition, Adobe will make available documentation for its Action Message Format (AMF) binary data protocol. This protocol is the format used for supporting BlazeDS communication services. The move will further the development of push-based applications connected to back-end data services.

More information:

Adobe open sources BlazeDS (ZDNet)

Adobe to Open Source Messaging Protocols (InternetNews)

Adobe offers source code for messaging technology (Channel Web)

Proposals for a HTML 5 specification promise to bring in embedded media and APIs in a highly simple and accessible manner, relegating the need for browser-specific workarounds. However, it’s the proper implementation that can never be promised.

An excerpt from Wired:

The proposed HTML5 specification is the brainchild of the W3C and the Web Hypertext Application Technology Working Group, commonly known as the WHATWG, pronounced “What working group.” This is a group made up of people from Opera, Apple, Mozilla, and Microsoft, and its emphasis is on the transformation of the Web from a largely static repository for text and images (the Web of today) into a platform for interoperable applications far more inviting and easy to develop for than current standards allow.

But it is the implementation of these standards in a uniform manner that is the real crux of the issue. Already, Mozilla and Opera have announced support for new HTML tags for embedding videos. This will enable the browsers to play videos as long as the browser supports the codec.

This would also allow users to use open-source tools to embed video (e.g. video encoded in Ogg Theora). Adobe with its Flash Format and Microsoft with its Media Player are doubtful to support the open-source format.

Here’s a preview of the HTML 5 Spec, available at List Apart.

The WHATWG has set aside a time frame of 10 - 15 years for roll out of the new specification. The time line aside, will the clash of interest among the stake holders ever lead to a uniform implementation of the spec?

Forums are abuzz with Hotmail users unable to send e-mails from their accounts. What miffs users more is that they are unable to find a direct contact at Microsoft to report the problem.

An excerpt from iTwire:

According to a consultant who contacted iTWire, the Hotmail issue is affecting a number of business customers significantly.

“One of my customers in the recruitment industry has this problem and job applicants use hotmail rather than their employers email to ensure privacy. Obviously it is hitting their business significantly,” the consultant said.

The technet forum has posts from several users who were unable to send e-mails but had no problem receiving them. It’s interesting that the link to Hotmail’s postmaster page or the troubleshooting page mentions no direct contact e-mail address.

The diagnostic messages seen by users resemble the following:

Reporting-MTA: dns;bay0-omc2-s36.bay0.hotmail.com
Received-From-MTA: dns;BAY116-W19
Arrival-Date: Mon, 26 Nov 2007 08:46:32 -0800
Action: failed
Status: 5.5.0
Diagnostic-Code: smtp;554 Transaction Failed (650058837:169:-2147467259)

The problem seemed to have surfaced after the Thanksgiving holidays. While some users were later able to send e-mails, most users still face the issue.

Are you experiencing problems with your Hotmail account?

Google’s Gmail upgrade is being ridiculed in an increasing number of forums due to various problems. According to users whose accounts have been upgraded to Gmail 2.0, the new Gmail downloads e-mail slowly, fails to load pages, and also crashes browsers.

According to Network World:

Ironically, Gmail 2.0, which features an upgraded contacts manager, is designed to be faster and more stable. Gmail 2.0 is based on what a Google spokesman calls “a major structural code change” upon which new features will be launched in coming months.

Spokesman Jason Freidenfelds wrote via e-mail:

Most users should see a marked improvement in performance. We recommend using IE7 and Firefox 2 to take full advantage of Gmail’s speedier interface.

Google is progressively moving people to Gmail 2.0, so some users will have it while others don’t.

Additional reading:

• Gmail update draws gripes (PC World)
• Google’s Gmail upgrade is pants (The Inquirer)

Gmail users, have you been upgraded to Gmail 2.0 yet? What are your experiences with it so far?

——————————————————————————–

Stay on top of the latest tech news

Get this news story and many more by subscribing to our free IT News Digest newsletter, delivered each weekday. Automatically sign up today!

More than 30,000 applications will now be able to run on Nokia’s series of Internet Tablet devices (such as the N770, N800, and N810), according to Access Co. Ltd of Japan. This is possible due to the just-released Garnet VM for the above devices.

Access Co. acquired PalmSource in September 2005, and it used its Palm OS and BeOS assets and expertise to create the ACCESS Linux Platform. The Linux-based Garnet OS and now the Garnet VM are the fruits of its labors.

Excerpt from PalmInfocenter:

The Garnet VM runs compatible Palm OS applications with a 320 x 480 screen resolution. There are settings to change the default storage size, display configuration and storage heap. Basic version of the Address Book, Calculator, Date Book and Memo Pad are included. Users are able to install any Palm OS application and can configure compatibility per app (memory, display and device model).

Also,

Garnet VM… supports over 30,000 software applications, including some of the most popular mobile applications on the market, such as Google Maps, Snappermail, DateBk5 and perennially favorite games like Bejeweled, PacMan, and Sudoku.

Do check out the Nokia Tablet Garnet VM video demo.

A final version is expected to ship before the end of the year.

A Web-based distributor of online video content has filed a complaint with the U.S. Federal Communications Commission, asking for traffic throttling be prohibited by ISPs. The petition was filed by Vuze, which uses the BitTorrent protocol to distribute its contents.

Gilles BianRosa, CEO of Vuze, said, “The ISPs cannot decide unilaterally what to do with third-party Internet services such as us,” stressing the need of designing a solution that works and is fair.

Excerpt from PC World:

Broadband providers often promote their services as being necessary for watching video online, but then they slow access to a service like Vuze’s, said John Fernandes, Vuze’s vice president of marketing. “They say that they’re engaging in reasonable network management, but what they’re doing is slowing down some traffic,” he said.

Additional information about Vuze:

Vuze, based in Palo Alto, California, distributes video in partnership with movie studios and television networks including the BBC, Showtime and PBS. It also distributes PC games, music videos, and audio files. Company officials say the Vuze client has been installed by customers more than 12 million times since the company, formerly called Azureus, rebranded itself in January.

We have previously reported on bandwidth throttling of the BitTorrent protocol by ISPs such as Comcast.

Do you think that this bandwidth throttling issue is serious enough to warrant the FCC’s stepping in?

Firefox has an extensible framework that enables developers to write add-ons, which provide several great features such as blocking ads, scrambling keystrokes, and blocking intrusion.

An excerpt from TechNewsWorld:

One big helper for surfing comfort and speed is provided through an add-on called “Adblock Plus.” As the name suggests, it eliminates ad banners. During installation, the user can subscribe to filter lists that are then automatically updated to recognize and block new domain Over 800,000 High Quality Domains Available For Your Business. Click Here. addresses used to transport ads.

The article talks about several more add-ons such as:

• NoScript : Add-on that checks the running of scripts, which prevents Trojans and malware from sneaking in.
• TrackMeNot: This one sends random queries to search engines to prevent the user’s query from being differentiated.
• KeyScrambler: To encrypt key information and prevent key loggers from accessing keystroke data.
• Bookmark Synchroniser: To organize bookmarks among several computers by loading them onto a server.
• Foxy Tunes: A tool-bar to control music players.

Many more add-ons can be found at the Firefox Web site.

ICANN has elected Peter Dengate Thrush as its new Chairman. He will be replacing Vint Cerf, the man who is often referred to as the father of the Internet.

An excerpt from AFP:

Peter Dengate Thrush “has been elected unanimously as the new Chairman of the Board of the Internet Corporation for Assigned Names and Numbers,” ICANN said in a statement.

“I am delighted that my colleagues have placed their confidence in me for this challenging and important role,” Dengate Thrush, who specializes in intellectual property law and helped draft bylaws for the group, said in the statement.

The new chairman is a New Zealander, and his election adds meat to the point that the board overseeing the Internet is indeed autonomous. He has been a member of ICANN since its inception and will have a challenging task in filling the role vacated by Vint Cerf.

Cerf was the co-inventor of the TCP/IP protocol, a fundamental to the Internet framework, and is presently the Chief Internet Evangelist at Google.

More information:

• ICANN picks Cerf’s successor (PC World)
• Net oversight agency gets Kiwi boss (Inquirer)
• ICANN taps New Zealand lawyer to replace Cerf (CNET)

The ICANN (Internet Corporation For Assigned Names and Numbers) committee has decided to leave the WHOIS database as it is.

An excerpt from PC World:

The committee, called the Generic Names Supporting Organization, also voted 17-7 against a proposal that would have allowed “natural persons,” people who register domain names for purposes other than conducting business over the Internet, to list the contact information of designated third parties in the WHOIS database, rather than their own.

Also, the option for domain name registrars to decide on access to information on the WHOIS database was voted down.

As of now, the study into privacy concerns with respect to the WHOIS database are to continue.

Is public access to information on domain name owners such a big privacy risk?

Listas, a tool developed at Microsoft Live Labs, lets you organize your blogs, RSS feeds, shopping lists, and virtually every data that you come across on the Web.

An excerpt from Technology Review:

“Lists are a fundamental data type across the Web,” says Live Labs product manager Alex Daley. “Whether you look at task managers, blogs, RSS, shopping lists, or wish lists, they share a simple, linear list structure. A great deal of the information we produce and consume across the Web is in this structure.” Similarly, says Daley, the virtue of Listas is its generality: it allows users to organize data in whatever way they want and begin to tease out trends.

More and more avenues for information are popping all over the Web. From friend lists to shopping lists, users will increasingly feel the necessity for a tool that will provide a one-stop solution for all their related information.

Microsoft’s research in this area is a good sign that the operating system and productivity software giant is taking definite strides in enhancing user experience on the Web. But the Listas product is still in the works and no definite date has been announced for its release.

Google has unveiled a new domain name in China, www.g.cn, which takes users straight to the main search page.

An excerpt from WebProNews:

G.cn takes users straight to Google.cn, where everything will perform just as it always has (or hasn’t). For Google fans who are at a traditional keyboard, it’s a neat time-saving measure. Where the search giant really hopes to succeed, though, is probably with users who prefer Baidu.

While the name trick may not appear as a major differentiator, it goes to show that Google is trying all and sundry to grab market share from China’s Baidu.com which accounts for about 74.5% of the Chinese search market as opposed to Google’s 14.3%. (ChinaTechNews)

Now, considering that a shorter name might make a big difference on a mobile device, do you feel the idea is nifty?

The Whois service that maintains a database on owners of Internet domain names may be dismantled, if the “sunset” proposal before the Internet Corporation for Assigned Names and Numbers (ICANN) is approved.

An excerpt from Associated Press:

Like a “411″ for the Internet, Whois contains information such as names and phone numbers on the owners of millions of “.com” and other Internet addresses. Bohannon and his staff at the Software and Information Industry Association rely on the free databases daily in their efforts to combat theft and fraud.

The service is a vital source for tracking down owners of domain names, but it also is used by spammers, and many people contend that in its present form, Whois is a threat to privacy (P2Pnet).

As the NY Times aptly states, it’s a question of accountability vs. anonymity on the Web. What side do you think is more relevant?

Mozilla Labs released a tool called Prism (formerly called Webrunner) that runs Web applications directly from the desktop, without requiring a Web browser.

An excerpt from InternetNews.com:

According to Mozilla’s official description, “Prism is an application that lets users split Web applications out of their browser and run them directly on their desktop.” Instead of needing to boot up a browser to access Web-based apps, a simple icon can be clicked on a desktop. The icon would pull up the application inside of a Prism window providing the user with access without the additional browser bloat.

A Windows version of Prism is available here, while a Mac and Linux version are in the pipeline.

Users can place icons for their favorite sites directly on the desktop (such as Gmail and Facebook) , and Prism will run them. Prism competes with similar, more feature-packed services, such as Adobe Interactive Runtime and Microsoft’s Silverlight.

It is debatable whether the Prism represents a major shift in user experience since it’s a stripped-down version of a browser. But this is just the beginning stage. The main point is that Prism represents an open platform that’s based on Firefox, where any application that works on a standard browser (TechNewsWorld) can be executed.

More information:

Mozilla Prism : Refracting the Web on to your Desktop (Wired)

Mozilla’s Prism to bring Web Apps to desktops (Webware)

Do you think Prism is a radical Web application innovation or just a nifty feature app?