Tuesday, December 19, 2006

Thursday, April 22, 2004

Yahoo Mail Fixes Security Flaw, Was Open to Account Hijacking

Yahoo Mail was open to hacker attacks due to a file size bug. ZDNet reports that a flaw in the Yahoo Mail system could have let attackers control victims’ Yahoo accounts

Yahoo has fixed a bug in its Yahoo Mail email system that would have allowed attackers to seize control of users’ email accounts. This bug enabled attackers to take control of a user’s account by simply sending them a specially crafted email.

The security flaw, according to eEye Digital Security’s Drew Copley:

Allowed attackers to by-pass the Web-mail system’s Javascript filters. Any message exceeding approximately 100kb in length would not be analysed by the filter, which is meant to strip messages of any potentially malicious Javascript.

“A remarkable note about this bug is that no one seems to have found it before,” Copley’s advisory reads. “As far as anyone knows.”

Technical Description:

[->a bunch of chars here [spaces are most stealth], the whole file size will be just about 100KB]
[this causes the filter to not work… the code is then run automatically]


The pseudo-diagram above explains the scenario rather well. For whatever reason, Yahoo’s email filter simply does not work on files which exceed a certain range. This kind of software issue is relatively common. A remarkable note about this bug is that no one seems to have found it before.

Yahoo has fixed the Yahoo Mail bug.

Tuesday, February 17, 2004

Yahoo Intros New Search Robot - Yahoo! Slurp the Search Engine Journal

Yahoo just got a step closer to dropping the Google search results from its search function and replacing them with Yahoo’s own Inktomi search engine- which will be a bit of a blow to Google, and a sign of potential dominance by Yahoo.

Yahoo has just unleashed a new site indexing robot to crawl the web with - Yahoo! Slurp.

Yahoo’s new robot keeps a similar name to the Inktomi Slurp crawler and some features listed on Yahoo include:

* Yahoo! Slurp has the ability to crawl dynamic links or dynamically generated documents.

* The Yahoo! Slurp crawler collects documents from the web to build a searchable index for search services using the Yahoo! search engine (this helps verify a soon addition of Inktomi to the Yahoo search results). These documents are crawled since other documents on the web contain links to these documents.

* Yahoo! Slurp crawls from your site in the Yahoo! search engines immediately. The documents will be indexed and included into the search database in the near future.

* Yahoo! Slurp will offer cache indexing (similar to Google) and obeys the noarchive meta-tag. If you place: META NAME="robots" CONTENT="noarchive" in the head of your web document, Yahoo! Slurp will retrieve the document, but it will not cache or archive the document for use in the PageCache system.

* Yahoo! Slurp also obeys the noindex meta-tag. If you place: META NAME="robots" CONTENT="noindex" in the head of your website, Yahoo! Slurp will retrieve the document, but it will not index the document or place it in the search engine’s database.

Last year, Yahoo announced that they plan to make the change over to Inktomi results in the first quarter of 2004, which gives them about 40 days to meet that goal. In addition, its nice to see that the Slurp robot and search functions are all branded Yahoo.

It gives it more of a unified feel to have all of its main functions together, indivisble, under the united brand umbrella of Yahooooo!

Thursday, February 12, 2004

Google Cash Review

Recently I did a review of Google Cash. It may not be the best book for a seasoned veteran, but newbies could learn a thing or two from Google Cash.

Here is my Google Cash Review.

- Aaron

Thursday, January 29, 2004

Update Austin: Google Update Florida Again

Recently Google has performed another crazy dance which has struck fear in the hearts of many webmasters. Learn what the did Update Austin: Google Update Florida Again

Monday, January 26, 2004

Microsoft Search Toolbar to Rival Google & Yahoo

Microsoft is reported to announce today that it will introduce a browser based toolbar that includes a window for searching MSN search using. This directly reflects that MSN has decided to take a serious run at establishing itself as a search engine giant, in turn- a search advertising monster.

According to a Wall Street Journal report, the toolbar, which will be voluntarily placed below the control panel on a browser, also includes shortcut buttons to other Microsoft services such as Hotmail e-mail and its MSN Messenger product. However, it is not reported if the toolbar will be automatically added to the browser in future updates.

The search toolbar more or less takes a stab at similar toolbar products launched by rivals Yahoo and Google- which both now include pop up blockers and shortcuts to their own respected services. With the implementation of the toolbar, Microsoft hopes to introduce millions of Internet users to its search technology and other MSN online services.

The intro of the new Microsoft Toolbar comes at a time when MSN, the once search and portal power, has been trying to play catch up with Google and Yahoo for control of the search engine market. Google and Yahoo have also been making many changes recently. Yahoo bought Inktomi and Overture Advertising Services last year which Google has expanded its AdWords advertising program into one of the largest ad networks on the web.

Saturday, January 24, 2004

Booble - The Google or Porn Search

File this one under the ingenius section. If you like dirty movies and sites, or even if you don't, you still may be able to appreciate the silliness behind Booble- the Google of Adult search engines.

Sure, Booble doesn't have a HUGE index, but a search for an adult star's name may give results of sites that sell a paid subscription service to their content. An unnamed New York-based former internet executive has pumped his own money into the new website that has styled itself as a light-hearted parody of the world's largest and best-known search engine, Google.com.

"What was a bit fun and a joke became a business. People like it. It makes people smile. It's funny and I think it'll grow," the man in his mid-40s said.

The adult sites to which Booble users will be directed have been filtered to exclude illegal or extremely hard-core material, using criteria including whether a site is worth the price it charges viewers and the quality of its images. I'm sure each site indexed in Booble's search database is linked to the site's affiliate program. If Google doesn't sue the living hell out of these guys, they may even get to sell some ad space on the site. Will they keep the theme going and do a porno version of AdWords?