Hackers targetting legitimate websites to compromise user security

In the past it was through websites that were riddled with malwares an attacker compromised the Internet user security. Those websites were specifically created for this purpose. By exercising proper caution or by not visiting suspicious or unfamiliar sites an user was able to avoid such malwares.

Now, the focus has shifted. There is a new trend among the hackers/attackers. And it is compromising the security loop holes of legitimate websites.

Today the greatest risk to the user comes from the exposure to such malicious code from legitimate websites. The risk of getting exposed to these codes is huge since it is natural to unsuspectingly visit a legit and reputed website. And that is exactly what has made the hacker shift focus to these kind of websites.

The figures are scary. Scansafe reported that the increase in compromise of legitimate websites is a scary 407 percent and that 68 percent of the all the web based malwares the Scansafe security software blocked came from legitimate websites.

Talking about malicious websites, the Chinese territory of Hong Kong and the People's Republic of China are home to the largest fraction of malicious Web sites, according to a report published by McAfee antivirus company.Reports reveal that the top-level domains with the largest proportion of malicious sites belonged to Hong Kong (. Hk) and China (. Cn) with the Philippines (. Ph) and Romania ( . ro). The company surveyed nearly 10 million heavily-trafficked. A detailed study found out that 19.2 percent of all Web sites ending in the .hk posed a danger to visitors.

But those are websites which can be avoided by a user who excercises caution. The problem is that when it comes to legitimate websites it is difficult to suspect. Since the attacks are not directly carried out by these websites but by the attacker exploiting the security vulnerabilities and compromising the site, even the site owner might be unaware of these. Because of this it might take some time before the security vulnerabilties are fixed.

Some of the legitimate websites that have been reported to have been compromised are Nature.com, Foofighterslive.com, Thecareercompany.co.uk, Acer.co.th, Webster.edu and Photopass.com.

Let us have a look at how these websites are compromised:

1.Use of malicious scripts and iframes designed to silently deliver password stealers and backdoors to visitors' computers.

2.The fastest growing category of threats is backdoor and password-stealing malware. According to the ScanSafe report this increased 855 percent from May 2007 to May 2008, putting sensitive corporate data at serious risk of theft.

3. Use of Web-based malware-viruses, Trojans, password stealers and other malicious code.

4.SQL injection attacks that began in late October 2007 affecting hundreds of thousands of websites.

5. Through the use of stolen credentials FTP.

6.By inserting iframe redirection code or compromise a site to host malicious software.

7. A number of attacks on vulnerabilities in Web-site databases and administration tools has allowed attackers to litter legitimate sites with malicious code .

8.Random JS infection toolkit: It was reported by the security firm Finjan that hackers had bypassed security on at least 10000 legitimate domains to install the this toolkit.

Measures taken by Web browser developers to combact this:

Both Microsoft and Mozilla have through their browsers viz:- Firefox 3 and Internet Explorer 8 will block sites that attempt to infect visitors' computers with malicious code. Opera's new browser Opera 9.5 also has the anti-malware features.

These features will prevent users from downloading programs from Web pages that purposefully or inadvertently attempt to visitors infected with malicious code.

Using these web browsers along with good anti-malwares (updated regularly) and constantly patching up OS security vulnerabilities can help the user in restricting these kind of attacks to a great degree. But there will always be some room for these attackers as they keep on shifting their focus to unexplored terrirtories. So it is always a catch up game. This means that apart from the proper usage of anti-malware softwares and patch ups, the user should constantly keep in touch with the latest threats and security vulnerabilties.


References:
Securityfocus
ScanSafe

Prevent Cross-Site Scripting (XSS) and browser security vulnerabilities

The famous and highly useful NoScript add on has been around for a while. This open source add on has been evolving so much and now it is compatible with Firefox 3.1a1pre (Minefield) along with other features such as Faster Base64 injection checks in Anti-XSS filters, Improved IP based shorthands and Enhanced cross-site POST blocking as an anti-CSRF mitigation.

For those who are not yet aware of what Noscript is:

It is no secret that Firefox is the top dowloaded browser in the world and one of the main reasons for this can be attributed to the add ons feature it provides. There are plenty of them out their to suit the various needs of the users right from file sharing to video downlods.

Apart from this it is also the most safest web browser. But can it be more safer?
Well, as most of you know the best way to visit any site that you are unfamiliar with is to turn off the javascripts, flash plugins, cookies etc etc. So obviously a safe browser can even be more safer with these things turned off. And that is where the NoScript add on comes in.

The NoScript Firefox extension provides extra protection for Firefox, Flock, Seamonkey and others mozilla-based browsers: this free, open source add-on allows JavaScript, Java, Flash and other plugins to be executed only by trusted web sites of your choice.

One of the major feature of this add on is that it provides protection to the infamous Cross-Site Scripting (XSS) vulnerabilities. This sort of vulnerability is highly used by the hackers to steal passwords of the users.

Already there have been many incidents where this vulnerability was used to steal Myspace passwords and online banking passwords. As a person who has written and read a lot about how many browsers were compromised to steal the identity and user authentication using this vulnerability am glad that NoScript has put special attention to this.

Cross-Site Scripting (XSS) vulnerabilities are usually programming errors made by web developers, which allow an attacker to inject his own malicious code from a certain site into a different site. This usually happens when you have a website open in your browser and open another page which executes the vulnerability. Many famous browsers such as even Firefox had this issue before they came up with ant-phishing techniques. But still even the white listed sites are prone to this attacks and NoScript has taken special care to tackle this with its Anti-XSS counter-measures.

One of the best features of NoScript is that it has an unique whitelist based pre-emptive script blocking technique which prevents exploitation of known and unknown vulnerabilities.

When I checked today the No Script website is at 4 among the movers and shakers section list. It is clearly a hit among users especially the ones who are into online transactions.

Related links:
Some people have problems with setting up this add on to its full potential. If you are one of those go here

About Cross-Site Scripting (XSS) and the Anti-XSS feature.

NoScript home page

Some popular and very useful Firefox Add ons

Below is a collection of Firefox add ons/ extensions and they are listed here because of its popularity and the value of the comments from its users. All the add ons listed below are very popular and has racked in some very valuable comments from its users. Hence am sharing it here. Any add ons which have a huge weekly download and is popular , yet have negative feedbacks from its users are not listed here. So enjoy!

DOWNLOAD AND UPLOAD RELATED

Rapidshare HappyChecker
As everyone knows a non premium Rapidshare user has to go through the time wait and then has to fill in the Rapidshare captcha. But rapidshare for its non premium users has come up with the happy hours to give the Rapidshare non premium user some relief. This is a very popular Rapidshare happy hours notifier which notifies the user when Rapidshare Happy Hours are active.

DownThemAll! 1.0.1
DownThemAll is a very useful and popular download manager. It claims to have an advanced accelerator that increases speed up to 400% and it allows you to pause and resume downloads at any time. Users say it is fast, reliable and easy-to-use! It lets you download all the links or images contained in a webpage and much more. Also you can refine your downloads by fully customizable criteria to get only what you really want.

Firefox Universal Uploader
This firefox extension allows you to upload/download files from any website using a friendly interface. Upload files/photos/videos to Flickr, Picasa, Youtube, Box.net(1GB of free space), Facebook, Webshots and OmniDrive in this version. Next versions would support other websites like Google Videos etc. You can add multiple files to the queue at a time. Extension will take care of uploading them for you.

TORRENT RELATED

FoxTorrent 1.13
This is a BitTorrent client integrated into Firefox. Allows you to stream videos as they download and supports Windows, Mac, and Linux. This popular add on has 8,887 weekly downloads.

Torrent Finder Toolbar
Torrent Finder Toolbar is a torrent search toolbar for Firefox, which enables users to search over 180 top torrent sites and trackers from their Firefox browser. This is a great torrent finder and no longer one has to go to individual sites to search for the torrent files.

MUSIC AND VIDEO RELATED

FoxyTunes 2.9.5
FoxyTunes lets you control almost any media player and find lyrics, covers, videos, bios and much more with a click right from your browse Not compatible with Firefox 3. But this is very popular and has earned some great reviews by its users.

Video DownloadHelper 3.0.4
DownloadHelper is a tool for web content extraction. Its purpose is to capture not only videos but image files from many sites directly on your file system. It also works with MySpace, Google videos, DailyMotion, Porkolt, iFilm, DreamHost and others. This is very popular and has earned some great reviews.

There are some other video download add ons at the Firefox Add on website but the other very popular ones I had a look at had some bad reviews including one of them being detected as spyware by Avira Anti-Virus

Note: You can just use the free VideoLAN player to view .flv videos.

BLOG RELATED

BlogRovr 1.1.779
RovR fetches posts from your favorite blogs about anything you're browsing, and shows you summaries you can open read posts without leaving the web page you were on. Has got some great reviews.

Sage-Too 0.9.1 RSS Feeds etc.
Sage-Too is a lightweight RSS and Atom feed aggregator extension for Mozilla Firefox. Features include: Reads RSS (2.0, 1.0, 0.9x) and Atom feeds, Feed Discovery, Integrates with Firefox's bookmark storage and Live Bookmarks, Imports and exports OPML feed lists, Newspaper feed rendering customizable via style sheets, Technorati and RSS search engine integration, Support for the following locales: Argentine Spanish, Catalan, Chinese, Czech, Danish, Dutch, Finnish, French, German, Greek, Hungarian, Italian, Japanese, Korean, Polish, Portuguese, Russian, Serbian, Slovenian, Spanish, and Swedish This is highly popular with very positive reviews.

DashBlog 1.5
DashBlog lets you quickly collect videos, images, text/quotes, songs and screen-captures from any web page and publish them to your blog (word press, blogger/blogspot, tumblr) and/or twitter.It’s the fastest and easiest way for you post video, text, quotes, images and songs to your blog, tumblr and twitter (all at the same time). This is very popular among bloggers and has a high reputation among its users.

SECURITY/ ANONYMITY RELATED

Netcraft Toolbar 1.2
Blocks phishing sites, helping to protect users from online fraud. This toolbar is only for Firefox 2.0 or later. For earlier versions of Firefox, please download the toolbar direct from http://toolbar.netcraft.com/install

ProxySel 1.3.08a import export proxies
The Proxy selection and processing utility is a Mozilla extension that let you select a proxy from a drop down menu. You may import proxy lists in different formats. This has a Menu to add proxy manually and a Auto Tor, Privoxy detection feature. But some users are facing problems with TOR in the latest version of this.

Tor-Proxy.NET Toolbar 0.3
With this toolbar you can access TOR-Proxy.NET directly.This Addon creates a new toolbar, where you can enter the address you want to take a look at. You also can choose between different anonymization-networks. There are not much reviews on this even if it is popular. So it would be advisable to wait for some more reviews.

Torbutton 1.0.4.01
Torbutton provides a button to easily enable or disable the browser's use of Tor. This has earned some great reviews.

SwitchProxy Tool 1.4.1
SwitchProxy lets you manage and switch between multiple proxy configurations quickly and easily. You can also use it as an anonymizer. BUt this does not work with Firefox 3.

FoxyProxy 2.7.4
FoxyProxy is an advanced proxy management tool that completely replaces Firefox's limited proxying capabilities. It offers more features than SwitchProxy, ProxyButton, QuickProxy, xyzproxy, ProxyTex, TorButton, etc.

OTHERS
CustomizeGoogle 0.72
CustomizeGoogle is a Firefox extension that enhance Google search results by adding extra information (like links to Yahoo, Ask.com, MSN etc) and removing unwanted information (like ads and spam). All features are optional and easily configured.

Yapta 1.3.0.9 for Ticket Fares
An user review sums up this add on very well: "For the frequent traveler, this add-on by Yapta is essential. Every time you're looking at flights it just shows up and allows you to tag/watch those specific flights, thus avoiding (a) a separate trip to the Yapta site to utilize their very unique service, (b) having to go back again and again to the flight listings and check it. They notify you. You know how some add-ons are kind of complicated and you're not really sure how to use them? Nothing overdone on this add-on. It's simple, it works, and it saves you time. Plus it's not intrusive to your browsing experience. I did find a couple small issues, but no show-stoppers and the folks at Yapta have been responsive. Probably already fixed." But..even if this is very popular with 6,077 weekly downloads, it has only two reviews so far.

Shareaholic 1.4
Shareaholic allows you to share, bookmark, and e-mail web pages quickly via a wide array of web 2.0 social websites without cluttering up your browser. This add on is hugely popular and is even recommended by Mozilla/ Firefox.

Note: I have listed the add ons here which I felt are fine to use, after reading the reviews. Like I mentioned above all the add ons listed below are very popular and has racked in some very valuable comments from its users. Hence am sharing it here. Any add ons which have a huge weekly download and is popular but yet has very feedbacks from its users are not listed here. But it does not necessarily mean that I am right. Its just my belief and it does not mean that readers have to cater to that. All the extensions/ add ons listed above are submitted to the Firefox Addons website by individual developers and it does not necessarily mean that all of them are safe to use or not safe to use. So it is always advisable to read reviews about them before using them and its entirely upto the readers' discretion as to whether to use them or not after reading the reviews carefully. Its always great to use your logic and analytical skills before using them. Each individual add on has a longer description at the Firefox site and user reviews along with the developers' remarks. So choose wisely.

Megaupload download slot for your country solved - Firefox extension

Megaupload's download slot restriction is really frustrating especially when it repeatedly keeps on saying "All download slots assigned to your country is currently in use". And according to them the Megaupload tool bar is the only way that you can get around this. But of course no one knows how safe the tool bar is. One of the most simplest ways to get around this restriction is the Firefox add on/ extensions. There are currently two add ons available to beat the Megaupload download slot limitations.

1. Megaupload SX.3.2 3.2
This add on which is available directly from the Mozilla's Firefox site has been around for a while and it is still working well with Megaupload. This is a great Firefox extension (add on) which can be used to solve the Megaupload download slot limit for other countries apart from USA.

All one has to do is to go to the related add ons area in Mozilla and then install it by clicking on the "Add to Firefox" button. Once it is installed you can click on tools menu in your browser > click on addons > click on the enable button on the add on before visiting the Megaupload page. Sometimes it might get disabled automatically so make sure that you enable it and then refresh the page again. Go directly to the Megaupload add on page here.

One thing am not yet sure is that whether the developer of this add on has modified it to work with Firefox 3. But it works with the previous Firefox versions and still has a whopping 47,588 weekly downloads.

2. Megaupload Integration 1.0
This extension/ Add on works with Firefox 3 along with the older versions and has been updated on June 1st 2008. This add on is in the experimental stage and the success rate of this is yet to be seen when compared to the above extension/ add on.

Go directly to the Megaupload Integration 1.0 add on here.

Thanks to all you developers out there who steadfastly work on bringing out all these wonderful add ons and hats off to Mozilla for providing the wonderful open platform.

Gadget to put your DVDS, CDS, LPs and Cassettes to Ipod etc.

This amazing gadget prized at USD 200 will let you convert all the favorite audio and video you've collected over the years directly to a USB mass storage device such as iPod with the touch of a button.

Every form of audio or video media, yes everything that you can think of, can be put on a iPod or a portable Play Station without using a computer or any software.

Now, this is what it means by bridging the technology generation gap. Read more here.

Holy smokes! An Electronic Cigarrette for your lips

Hello smokers! how about a way to eat your cake and keep it too? Yes, there is a way for those smokers who really want to quit smoking and at the same time can't get over the habit of dragging in that hazardous smoke. Well thanks to the Gamucci Micro Electronic Cigarette, now all of you smokers can have your way.

They claim that it tastes like a cigarette. Since I never tried it, I am not sure. But if tastes like one and is absolutely free of all the negative effects that a tobacco brings then I would definitely give it a try. "No flame, no tobacco, no carcinogens, and unaffected by the smoking ban" is what the makers claim.

To give the smokers a real feeling simulated smoke is emitted as you exhale. This is only vapour and evaporates in seconds. This is made possible because of a state of the art micro-electronic technology (they don't say exactly what it is) and a tiny battery vapourises liquid inside the cigarette producing smoke. By inserting cartridges that releases nicotine one can get the real feeling or one can choose to skip the nicotine altogether and just puff away on what is virtually nothing.

Now if you are really excited and wanna read more, check it out here.

Printer that receives Emails without computer or Internet

This amazing technology is brought to you by the Presto Printing Mail Box. With this you don't even need a computer or Internet to receive not just emails but attachments too, such as pictures etc., from your friends or dear ones. And this printer will print them out automatically so that you can read them or view the pictures in the good old fashion on a piece of paper and even file it up without even having the fear of a hard drive crash or Virus.

All you have to do is plug in the AC plug and a telephone line. No new telephone service is needed. No internet service is required. This comes at a price of 150 dollars and you need to go for an annual subscription for setting up an account by calling up Presto for the meager amount of 99 dollars/annum.

The best thing is that it will have no spam mails since you set up the account by setting up the account by choosing what e-mail addresses can send mail to the mailbox. Presto will give the receiver an email address and the sender can use this to send pictures or letters to the printer.

But yes, unfortunately there is no way you can send a video attachment or one can reply using this machine. But oh well does this is a printer which is not just any other printer one can just marvel at all the positives this can bring. And this is only the beginning of what is in store, technology wise.

Kudos to those who mold the technology to suit and enhance the life of common men.

My Tech related News Picks for Today

Steve Jobs of Apple Tops the list of Highest paid CEOs -- Despite a $1 yearly salary, Apple chief executive Steve Jobs still managed to top Forbes' list of highest paid CEOs for 2006, raking in more than $646 million through stock-based compensation -- more than twice that of the next highest paid boss. Read more here.

World's fastest Jet propelled Toilet-- Now this is something unique. With a top speed in excess of 7o mph this one definitely rocks but the $10,ooo price tag would make one constipated. The article at gizmodo.com has some great pics of this unique toilet and a video too. The toilet has been fitted with wheels and it farts fire..literally.

Top 7 things administrators forget to do-- According to this article the 7 things administrators forget to do are 1. Forgetting to Delete a Former User's Account 2. Forgetting to Regularly Search for Rootkits 3. Forgetting to Use a Trouble Ticket Tracking System 4. Forgetting to Set Up Technical Documentation and Creating a Knowledge Base 5. Forgetting the Risks of Flash Memory Drives 6. Forgetting to Manage Partial Root Access 7. Forgetting Courtesy.
This article is an interesting read and a very informative one for anyone irrespective of whether they hold a network administrator privelege or not.

Fighting the spammers-- This article at BBC's clickonline talks in simple terms how one can fight the spammers. Spam is a very big problem. "There are billions of e-mails sent every day and 80 - 90% of them are junk." And ofcourse there is no denying of this fact. This needs to be eradicated. But still the spammers stay one step ahead and before we even ready to send out our emails to our friends the spammers would have already sent one to our email address! That is how they operate. The article talks about how to keep away from spam in the lay man's language.

Top 100 Most Influential People in IT, Part 4 -- This is a great slide show at eweek.com with the pics and related info about the most influential people in IT.At no. 12 it is no surprise to find Blake Ross of FireFox. After all FireFox is on fire. And at no. 1 is..yes you guessed it..it is the duo from Google--Serge Bin and Larry Page.

What if an YouTube video sucks?

All right what if? Okay, the answer lies with Vidavee Graffiti. They call it the "artful vandalism". Yes with the tool you find at that site you can "graffitize" any video you want to and the pass it around.

There is an instruction video that starts playing as soon as you land at the site. The only problem I find with the video is the hair cut of the girl who gives out the instruction. It just seems that someone has already vandalized her hair. The cool thing is that you can work on that instruction video itself to get a glimpse of what all you can do.

Ok, now the really fuming ones can go mess up some videos or the creative ones can use some creative ideas to add their personal style to the videos with some artful touch.

Disadvantages of iphone.

After a whole lot of hype the iphone was finally launched but apart from all the hype, when it comes to the practical aspects it seems the iphone has not lived upto it's image. Here is why:

• The iPhone will not sync to Outlook or allow you to sync with other 3rd party PIM applications.

• It will not allow you to view or edit Office documents.

• It may not work as a modem for a MacBook or laptop

• iphone only responds to skin touch with no fingernail or stylus response.

• Can only be used with Cingular (maybe for as long as 2 years).

• It has a closed Mac OS X variant operating system.

• Has no removable battery.

• It has no memory expansion slot.

• iphone has no GPS.

• Currently the iphone has no voice dialing capability.

• The 8GB memory can be a bit too limiting and if it has to be a complete multimedia device this kind of memory won't be enough.

• Since there are no physical keys and only the touch screen feature it can be very limiting for people who are on the go, especially the ones who are driving.

The above information was gathered from Matthew Miller's article he posted at his blog. He also gives a comparison of the iphone with the Nokia N95 and Cingular 8525. It is a very informative reading. I suggest people who are inclined towards shelling out that US$450 read his article and get some insight before making that decision.

New Blogger related tips and links.

Here are some tips and useful links I gathered from the web which would be helpful to the bloggers who have started using the new Blogger.

1. Christine's Blogger template: This webpage is maintained by Christine. Check this page if you want to have a customizable Blogger template for the new Blogger. Each of the template costs $15.


2.How to upload a banner into the New Blogger: This article will help you to upload a banner into the new Blogger. The method used here is to remove the Header widget by going to Layouts and clicking on "Edit" and then "Remove this page element". But the problem is that many of the users does not have a "Remove this page element" button on the Header's Edit options. But there is way around to get the "Remove this page element" option on your Header's Edit options. To get that what you have to do is:

Go to 'Edit HTML' and look up for this line of text: (between <> brackets)

b:widget id='Header1' locked='true' title='Your Title (Header)' type='Header'/

Then change 'true' to 'false'. Save the template and go to 'Page Elements', now the button 'Remove Page Element' in Header should appear.

The credit for this idea goes to Pinzón Azul.

3.How to remove the Blogger nav. bar from your blog: This post I came across at Betabloggerfordummies will help you to get rid of the Blogger nav. bar from the new Blogger. Please do read about the legal issues before you do it. You can also find a link on that page which lets the bloggers using the old Blogger to get rid of the nav.bar. There are also many other Blogger related articles on this page like:

How to add picture to beta blog header.
How to customize your header.
How to insert banner link to your blog.
How to add banner link in footer.
How to add widget to provide button link to your blog.

I hope these links provided here helps the bloggers to have a cherishable blogging experience.

Related reading:
14 things to be avoided for SEO (Search Engine Optimization)
Adsense inside the article/post in new blogger(beta).

Tools to optimize Google Reader.

As most of you are aware Google Reader is an excellent tool to subscribe to news feeds. And along with a new and popular tool one can always expect third party add ons. And that is beauty of the Internet. Just when you start to fall in love with a tool these adds can make you fall head over heels in love with an amazing tool. And as it was inevitable several add ons have popped up that will make your experience with Google Reader a more rewarding one.


So without further adieu here are some of the Google Reader add ons that add more spice:

Google Reader Notifier (For Mac OS X Tiger users): Google Reader Notifier is a private open source project utilizing the unofficial Google Reader API, and is not related to Google. This tool displays the unread items of your Google Reader account right from the menubar of Mac OS X Tiger. This keeps track of new items within your entire reading list or just for a particular tag.

Godita: This tool is a Google Reader Del.icio.us Tagging bookmarklet. This tool lets you copy Reader items that interest you to del.icio.us, along with all the other items you've bookmarked over the Web.

Google Reader Optimized: This is a tool that optimizes the Reader taking away all the unnecessary UI elements. It's a skin that can be applied using either the Stylish user styles Firefox Add-On, or the Greasemonkey Add-On. This set of user styles maximizes the reading area.

Using your cell phone to Control Google Reader (Mac users): Romeo is a tool that is available for free which allows the user to control their MAC remotely using a blue tooth and a compatible mobile device. It lets you control your iTunes and DVD Player, as well as presentation applications. Now Ben Wong has come up with a Google Reader Romeo Script that lets you control your Google Reader using a blue tooth enabled mobile device.

Google Reader button for Internet Explorer 7: This a button that integrates with the Google Tool bar for Internet Explorer 7 and notifies the user about new items through an icon that offers a color change (green) to notify a user of new content.

And finally, for those who are not yet aware of the Google Reader keyboard short cuts, take a look here.

Reference:
The Official Google Reader blog.

Opera users should update to 9.1

Secunia has reported that Opera 9.x has two vulnerabilities which can be used by an attacker to compromise a users system.

The two errors that have been reported are:

1) A error within the processing of JPEG files can be exploited to cause a heap-based buffer overflow via a JPEG file with a specially crafted DHT marker.

2) An error within createSVGTransformFromMatrix() can be exploited by passing an incorrect object to the said function.

Opera has been going through a phase without any big vulnerabilites being reported. But this has changed that. The last reported vulnerability with Opera before this one was the URL Parsing Heap Overflow Vulnerability.

It is advised that all Opera users update their browser to Opera 9.1 which was released very recently with a whole lot of innovative features including the Real-Time Anti-Fraud technique.

14 things to be avoided for SEO (Search Engine Optimization)

Ok, folks I came across a very informative article related to some basics of search engine optimization at Google Blogoscoped, a blog that covers Google and the tech world since 2003 with 80% focus on Google. The person behind Google Blogoscoped is Philipp Lenssen and his posts are widely read.

(Philipp Lenssen has also interviewed Matt Cutts, Google’s Gadgets Guy back in Nov.2005. If you are interested, read the interview here.)

In this article he gives some basic tips about search engine optimization and somehow what caught my eye was the 14 steps he has mentioned, that should certainly be avoided while trying to optimize your search engine rankings and I thought of sharing it with all the fellow bloggers who have just started setting their sights on the Blogosphere.

Here is the 14 things that are an absolute no no:

• Don’t stuff too many keywords into places where they don’t belong.

• Don’t optimize for search engines at the cost of human visitors; if someone told you adding a dash to the domain name helps your rankings, but you feel that dash might confuse your customers, then don’t add it.

• Don’t trust people who promise you “instant #1 rankings”, “guaranteed top 10 positions” or anything of the sort.

• Don’t link to others from your site just because they promised a link back to you.

• Don’t link to others just because they paid you, unless you know exactly what you’re doing (i.e. you know about “bad neighborhoods,” the “nofollow” attribute, PageRank, JavaScript-ads vs text links, what it means to get googleaxed and so on).

• Don’t create multiple pages with exactly the same content.

• Don’t let others people “litter” URLs on your site; if you have a web forum, keep it spam-free.

• Don’t “litter” your URL on other people’s sites.

• Don’t invest in a cheap server that won’t be able to cope with your traffic; don’t build your whole site on free website tools only – if you want to have a high-quality site & server, you need to pay for it.

• Don’t worry about a page’s meta descriptions, meta keywords and such; your time is better spent creating content.

• Don’t use tools that automatically submit your site’s URL to directories, search engines and such.

• Don’t present different content to search engines than you present to users; for example, don’t hide your text to visitors and show it to search engines.

• Don’t “over-optimize"; relax, if search engines required webmasters to heavily optimize, they’d be doing a very bad job.

• In general, don’t try to outsmart search engines (unless perhaps you intend to dedicate your life to that task); those maintaining search engines are paid to outsmart webmaster tricks, so in the long run, chances for successful tricks are low.

You can read the basics of Search engine Optimization at Google Blogoscoped.

Wipe out your Hard Disk or memory cards.

In these days of computer literacy, still floats the stories of people's personal data being compromised because they were just not deligent enough to wipe out the data from their hard disk before selling an old hard drive or exchanging it for a new one. Stories were people's social security numbers, credit card numbers, personal photos etc:- landing in the wrong hands have not become a news but more like a daily affair now a days. It was not long ago I read a news where a woman who works in a news channel sold her old PC to another guy without even caring enough to wipe out the datas and how that guy ended up with a lot of private pics of that woman.

It is amazing how careless some people can be or may be in some cases it is the lack of awareness.

Everyone should be aware that before you sell your old PC with the hard disk, or go for an exchange or just sell your hard disk , the personal datas needs to be destroyed. And just formatting your hard disk is not going to ensure that. Even a hard disk that has crashed can reveal the datas when proper tools and techinques are used for that.

So, that is where one needs to use special tools that ensures that the personal datas on your hard disk are totally destroyed.

One such tool is the Darik's Boot and Nuke ("DBAN"). DBAN prevents or thoroughly hinders all known techniques of hard disk forensic analysis.

An excellent post I came across at the Thisblogblo takes you through a step by step instruction on how to use DBAN and erase the personal datas.

Also, talking about personal datas falling into the wrong hands, now a days datas are not just stored on hard disks. But in this age where alternate forms of digital storage such as compact flash cards found in cameras, or Sony Memory Sticks are used one needs to be aware of how your personal datas can be destroyed from those storage devices before it passes hands.

So, here is an article from Informit that touches that aspect, about how to destroy personal datas from a media card using the freely available tool Photorec.