Thursday, April 22, 2004

Yahoo Mail Fixes Security Flaw, Was Open to Account Hijacking

Yahoo Mail was open to hacker attacks due to a file size bug. ZDNet reports that a flaw in the Yahoo Mail system could have let attackers control victims’ Yahoo accounts

Yahoo has fixed a bug in its Yahoo Mail email system that would have allowed attackers to seize control of users’ email accounts. This bug enabled attackers to take control of a user’s account by simply sending them a specially crafted email.

The security flaw, according to eEye Digital Security’s Drew Copley:

Allowed attackers to by-pass the Web-mail system’s Javascript filters. Any message exceeding approximately 100kb in length would not be analysed by the filter, which is meant to strip messages of any potentially malicious Javascript.

“A remarkable note about this bug is that no one seems to have found it before,” Copley’s advisory reads. “As far as anyone knows.”

Technical Description:
———–EXAMPLE EMAIL———

SCRIPT
[->a bunch of chars here [spaces are most stealth], the whole file size will be just about 100KB]
[this causes the filter to not work… the code is then run automatically]

———————————

The pseudo-diagram above explains the scenario rather well. For whatever reason, Yahoo’s email filter simply does not work on files which exceed a certain range. This kind of software issue is relatively common. A remarkable note about this bug is that no one seems to have found it before.

Yahoo has fixed the Yahoo Mail bug.

Tuesday, February 17, 2004

Yahoo Intros New Search Robot - Yahoo! Slurp the Search Engine Journal

Yahoo just got a step closer to dropping the Google search results from its search function and replacing them with Yahoo’s own Inktomi search engine- which will be a bit of a blow to Google, and a sign of potential dominance by Yahoo.

Yahoo has just unleashed a new site indexing robot to crawl the web with - Yahoo! Slurp.

Yahoo’s new robot keeps a similar name to the Inktomi Slurp crawler and some features listed on Yahoo include:

* Yahoo! Slurp has the ability to crawl dynamic links or dynamically generated documents.

* The Yahoo! Slurp crawler collects documents from the web to build a searchable index for search services using the Yahoo! search engine (this helps verify a soon addition of Inktomi to the Yahoo search results). These documents are crawled since other documents on the web contain links to these documents.

* Yahoo! Slurp crawls from your site in the Yahoo! search engines immediately. The documents will be indexed and included into the search database in the near future.

* Yahoo! Slurp will offer cache indexing (similar to Google) and obeys the noarchive meta-tag. If you place: META NAME="robots" CONTENT="noarchive" in the head of your web document, Yahoo! Slurp will retrieve the document, but it will not cache or archive the document for use in the PageCache system.

* Yahoo! Slurp also obeys the noindex meta-tag. If you place: META NAME="robots" CONTENT="noindex" in the head of your website, Yahoo! Slurp will retrieve the document, but it will not index the document or place it in the search engine’s database.

Last year, Yahoo announced that they plan to make the change over to Inktomi results in the first quarter of 2004, which gives them about 40 days to meet that goal. In addition, its nice to see that the Slurp robot and search functions are all branded Yahoo.

It gives it more of a unified feel to have all of its main functions together, indivisble, under the united brand umbrella of Yahooooo!

Thursday, February 12, 2004

Google Cash Review

Recently I did a review of Google Cash. It may not be the best book for a seasoned veteran, but newbies could learn a thing or two from Google Cash.

Here is my Google Cash Review.

- Aaron

Thursday, January 29, 2004

Update Austin: Google Update Florida Again

Recently Google has performed another crazy dance which has struck fear in the hearts of many webmasters. Learn what the did Update Austin: Google Update Florida Again

Monday, January 26, 2004

Microsoft Search Toolbar to Rival Google & Yahoo

Microsoft is reported to announce today that it will introduce a browser based toolbar that includes a window for searching MSN search using. This directly reflects that MSN has decided to take a serious run at establishing itself as a search engine giant, in turn- a search advertising monster.

According to a Wall Street Journal report, the toolbar, which will be voluntarily placed below the control panel on a browser, also includes shortcut buttons to other Microsoft services such as Hotmail e-mail and its MSN Messenger product. However, it is not reported if the toolbar will be automatically added to the browser in future updates.

The search toolbar more or less takes a stab at similar toolbar products launched by rivals Yahoo and Google- which both now include pop up blockers and shortcuts to their own respected services. With the implementation of the toolbar, Microsoft hopes to introduce millions of Internet users to its search technology and other MSN online services.

The intro of the new Microsoft Toolbar comes at a time when MSN, the once search and portal power, has been trying to play catch up with Google and Yahoo for control of the search engine market. Google and Yahoo have also been making many changes recently. Yahoo bought Inktomi and Overture Advertising Services last year which Google has expanded its AdWords advertising program into one of the largest ad networks on the web.

Saturday, January 24, 2004

Booble - The Google or Porn Search

File this one under the ingenius section. If you like dirty movies and sites, or even if you don't, you still may be able to appreciate the silliness behind Booble- the Google of Adult search engines.

Sure, Booble doesn't have a HUGE index, but a search for an adult star's name may give results of sites that sell a paid subscription service to their content. An unnamed New York-based former internet executive has pumped his own money into the new website that has styled itself as a light-hearted parody of the world's largest and best-known search engine, Google.com.

"What was a bit fun and a joke became a business. People like it. It makes people smile. It's funny and I think it'll grow," the man in his mid-40s said.

The adult sites to which Booble users will be directed have been filtered to exclude illegal or extremely hard-core material, using criteria including whether a site is worth the price it charges viewers and the quality of its images. I'm sure each site indexed in Booble's search database is linked to the site's affiliate program. If Google doesn't sue the living hell out of these guys, they may even get to sell some ad space on the site. Will they keep the theme going and do a porno version of AdWords?

Yahoo vs. Google + MSN = Uh Oh!

Yahoo, the old superpower of the search engine world is now going to go head to head with the current superpower of the search engines, Google. Uh-Oh, look out, MSN is starting to play the game too! Ok, let me put it simpler, Google is the super search engine, Yahoo is the super directory and MSN, well, MSN is not much currently. Stay tuned though, Bill Gates is stirring the pot.

The speculation is rampant about Google becoming a public company. Google is in discussion with investment banks about possible offerings within the first quarter. If this is true, then get your cheque books ready, and prepare to spend when Google goes live on the stock exchange. It is speculated that it will be one of the biggest events in years on the global exchange. With a possible 1/3rd of the company going up for public investment. What does this mean? Well, unlike other public search engines, Google is all privately owned, which means you don’t currently see advertisements on the homepage, etc. Once a public company, just like Yahoo, you may begin to see changes depending on what the public advise. This is exactly why Google has become so popular. It is private and delivers quality results, not quality advertisements. Well, did provide quality results until last November. See the impact. A new look Google that annoys you with a homepage just like Yahoo and MSN. Fight through the rubbish to get to search!

With that in mind, Yahoo over the past year has been conducting its own little monopoly with the purchase of Overture and Inktomi. As Yahoo currently enhance their directory results from Google, it is speculated that once Google go public, as Yahoo already is, then Yahoo are going to drop Google like a hot rock and take up results from their own company assets almost immediately. As Yahoo owns All The Web (ATW), and ATW has the largest web search database, it is unknown whether Yahoo will utilise its own ATW or Inktomi database to provide results to Yahoo search results.

All you had to do was rank well in Google and that transferred to Yahoo with little difference. Ranking well in Google will not have any impact on Yahoo in the near future. If your website is not optimized to perform across this wide range of engines, and included within their results, then your in trouble. Yahoo will utilise Inktomi results as it wishes and sell the results to other engines as currently occurs. The good news is, my customers don’t have to worry as my work is never specific to one search engine. I guess that Yahoo paid submissions will once again increase to be listed within their directory. Once officially announced, if Yahoo go with Inktomi, then their price may go up and let the wars begin at Inktomi for rankings.

If Yahoo kicks Google into touch, then guess what? Surprise, surprise, it will also kick Looksmart Australia over the fence from supplying paid sponsored results to them. Yahoo, owning Overture, will utilise Overture results in Australia very soon as they already do in most other countries. Yes, Overture has plans to open in Australia very soon. Hopefully the picture is starting to come together for you.

Here’s the left field player, MSN. MSN are starting to play the game with Internet search and pay a little more attention to their search features and services. MSN have been supplied by Inktomi, but wait, MSN now have “MSNBOT” crawling around the web building a substantial database for themselves. Now with MSN releasing some impressive features lately, targeting broadband users, it is anyone’s guess what is to come next. I believe that Bill Gates has not bothered before because he’s been too busy monopolising world IT and Internet browsing.

Searching the internet is about to get a whole lot more funkier. Good old Bill Gates and his little family, Microsoft, are paying some attention to their own Internet features. Lets see now, Google - “x” Billion dollar company, Yahoo - “xx” Billion dollar company and whoo….. Microsoft, I mean MSN - “x” Trillions of dollars. With Google and Yahoo possibly splitting and Microsoft coming up behind real quick, I somehow think MSN may end up the superpower of search engines in the coming years. Money wins, lets face it. Google can have all the PageRank they want, and Yahoo all the other engines they want, but lets face it, Bills money will buy technology and supremacy if need be.

In conclusion, all those listed with Google will now have to concentrate on Yahoo submissions and ranking to remain listed within Yahoo. You will also need to keep abreast of whatever Microsoft comes up with. No longer will there be one clear winner, but possibly three (3) search engines going head to head to win users. Some SEO’s are about to get a real wakeup call.

Monday, January 19, 2004

Yahoo! Establishes Yahoo! Research Labs

Recently Yahoo! has announced the release of Yahoo! Research Labs to help advance search engine technology an innovation. Yahoo! research labs is to help Yahoo! compete against Google Labs.

by aaron wall @ SEO Book.com