WebProWorld IT Forum |
Browser bar will not access Paypal URL ?
We have a Sony laptop..vaio PCG F807K ...this worked ok till we managed to pick up a virus...the machine was taken away and all the old memory was wiped and the recovery program re installed...all works ok now but one problem we cannot find a answer too.
Linux, Sun Cobalt [ FTP stop working]
Would any one know what I could do to this Linux OS to get my FTP to work? I can FTP from the Machine to its self and it authenticates, but it is blocking all out side access or its not working I don't know what to do, need Help
SmarterMail Whitelisting
I've got a client who is using SmarterMail Professional Edition v.2.6.1921.27523 I've got domain admin access to the mail server, so I can control the spam filtering and content filtering for all emails within the domain. I have set up various points on the website to send emails when they're visited (using ASP and CDONTS).
|
|
 |
Recent
Articles |
Mytob Worm Threat May Be Serious
Security researchers urge users and administrators to update antivirus signature files and verify their systems have been patched.
Cisco VoIP Phones Have DoS Problem
A software flaw in Cisco's Internet phones could create problems for users by crashing their phones. The flaw, one which makes Cisco's phones vulnerable to a Denial of Service attack...
Trend Micro Buys Small Anti-Spyware Company
Trend Micro has entered into an agreement to acquire anti-spyware product developer, InterMute.
Introduction: IP Spoofing
An article on "Security Problems in the TCP/IP Protocol Suite" by S.M.Bellovin in 1989 initially explored IP Spoofing attacks . He described how Robert Morris, creator of the now infamous Internet Worm, figured out how TCP created sequence numbers...
Flip the Switch: Your PC Can Now Better Protect Itself
Your computer is full of confidential data, hard work, and critical information. Hackers, thieves and scammers are itchy to get their fingers into this treasure trove.
A
Gentle Introduction to Cryptography
With the increasing incidence of identity thefts, credit card frauds, social engineering
attacks, the digital world is facing challenges in the years ahead. Obviously,
cryptography, a young science, will play a prominent role in the security of protecting
digital assets.
Securing
wVoIP
Wireless security software developer Columbitech recently announced wireless VPN
support for securing wireless voice applications (wVoIP).
AOL
Takes Action Against Phishing
America Online announced a major new initiative to combat "phishing" -- the practice
of using fraudulent e-mail and fake web sites to solicit sensitive personal information
from users.
Instant
Messaging – Expressway for Identity Theft, Trojan Horses, Viruses, and Worms
Never before with Instant Messaging (IM) has a more vital warning been needed
for current and potential IM buddies who chat online.
Mozilla
Updates For Security
To address security vulnerabilities, the Mozilla Foundation has put out new versions
of Firefox and the Mozilla suite of programs.
Fake
Windows Security Update Really Virus
There is an e-mail scam going around that appears to be a message from Microsoft
warning Windows users of a security update which turns out to be a virus.
|
|
|
06.06.05
Cookies And PIE - An Introduction
To Flash Security
 By Trevor
Bauknight
Web-enabled consumers are tossing their cookies in greater numbers; and although
this phenomenon is related to the stomach-churning activities of some Internet
marketers and their offerings, it has more to do with taking back control of their
Web browsing, and less to do with violent physiological reactions to bad snack
food.
JupiterResearch reported that 58% of Internet users have deleted their cookies
in the last year, and that 39% of consumers are deleting them monthly from their
primary computers. And while I find these numbers suspect, the increased awareness
and use of anti-malware software tools, which sometimes identify cookies as problematic,
may be contributing heavily to the trend. So maybe the numbers are accurate, even
if consumers are deleting cookies unwittingly.
A New York company called United Virtualities has
begun offering technology that allows Internet marketers to undermine the
increasing number of Internet-savvy consumers concerned enough about their privacy
to take control of cookies, the little bits of text left behind by some websites
to track your visits and preferences. They're offering PIE as a substitute.
What is PIE?
According to United Virtualities, a persistent identification element is a Flash
object that a bit of JavaScript can tag to the browser of a visitor to a PIE-enabled
website in order to restore deleted cookies and act as a cookie backup. It uses
a Flash MX feature called local shared objects that are less familiar to browsers
and, hence, not as likely to be disabled. Shared objects are, essentially, the
Flash equivalent of cookies, and yet, being Flash, are a good deal more capable
because of their ability to gather information from other websites and to communicate
with other Flash applications that may be running.
Mookie Tanembaum, founder and CEO of United Virtualities, justifies his company's
technology by suggesting that he's simply trying to help out consumers who are
too stupid to know what they want to control: "The user is not proficient enough
in technology to know if the cookie is good or bad, or how it works," he is reported
to have said. He also said, apparently with a straight-face, that he discourages
the abuse of PIE technology to thwart the end-user: "We believe people should
use this technology responsibly. If people don't want cookies in place, then (their
browsers) shouldn't be tagged." Uh-huh...I'm not sure who he thinks his market
is. The company charges marketers $.03 per 1000 impressions (CPM) for use of its
"platform".
Who's vulnerable?
Vulnerability, with regard to cookies, is relative. We actually support the responsible
use of cookies to better serve visitors to your website; but that support begins
and ends at your site and we recognize that cookies can be and have been abused
by rogue Internet marketers and other website operators. With that in mind, let's
take a look at who might be impacted by the use of PIE technology:
You, more than likely. The makers of Flash, Macromedia, Inc., claim that some
98% of Internet-enabled computers are equipped with the ability to view Flash,
so security vulnerabilities associated with the technology should be a primary
concern for anyone, especially as Flash seems to be emerging as the premier vehicle
for building great user interfaces for rich Web applications.
Macromedia has established a website with a hideously long URL (http://www.macromedia.com/support/)
dedicated to securing your local Flash-player installation, and even though we
use Flash extensively here at Cafe ID (http://www.cafeid.com)
for parts of our own application's user interface, we had never really explored
checking to see that the security settings of our Flash Players were locked down
until United Virtualities forced the issue. And because we use Flash, we're keenly
interested in any abuse of Flash technology that may cause antipathy toward it
and, by extension, us.
How do you avoid PIE?
One way to avoid having PIE attach itself to your browser is to simply jack up
your security settings under IE to the highest level available. Unfortunately,
this is less than desirable, as it will cause many other, non-PIE-enabled websites
to become inoperable. This is like bricking up your windows and doors to keep
out thieves.
You may have experienced a pop-up asking questions about privacy or storage space
when visiting sites with Flash content, and this is the way most people see their
Flash Player settings for the first time. But a visit to the Macromedia site above
shows you how to access your Flash player's settings directly and describes the
settings in some detail. That's a great place to start, so let's run through a
few of the settings you may find particularly useful:
The Settings Manager tool that loads displays a five-tabbed interface across the
top. Clicking on the tabs doesn't give you a great deal of feedback, but it does
allow you to move between them. (Note that these panels allow you to control the
behavior of the Flash Player in your future visits to Flash-based sites. To control
the behavior of websites you have already specified settings for or are visiting
currently, simply right-click in the window while the Flash application is running
and choose Settings... from there.)
The first tab brings up the Global Privacy Settings Panel. Here, you can select
whether websites will be allowed to ask you to use your computer's camera and
microphone. At least there's no "Always Allow" setting -- that would make for
some interesting viewing at the other end, no doubt.
The second tab brings up the Global Storage Settings Panel, on which you can specify
how much of your local drive space you want to allow Flash applications to use
to store information about you. Pushing the slider all the way to the left causes
Flash to ask you each time an application wants to store information. Pushing
it all the way to right gives Flash unlimited space to store information, and
there are intermediate levels between the extremes. We recommend having Flash
ask, if for no other reason than to make sure you know when information about
you is being stored.
The third tab is the Global Security Settings Panel. Here, you can specify whether
Flash authors are able to use an older technology to get information from other
sites. The recommendation, as usual, is to always ask, as the other options either
provide no control or no desired functionality.
Read the Rest of the Articles.
About the Author:
Trevor Bauknight is a web designer and writer with over 15 years of experience
on the Internet. He specializes in the creation and maintenance of business and
personal identity online and can be reached at trevor@tryid.com.
Stop by http://www.cafeid.com for a free tryout
of the revolutionary SiteBuildingSystem and check out our Flash-based website
and IMAP e-mail hosting solutions, complete with live support. |
