• About Me

Bloggle with Harish

~ The Next Thing

Bloggle with Harish

Category Archives: Technology

Pranav Mistry: The thrilling potential of SixthSense technology

03 Saturday Jul 2010

Posted by Young Brain @ Work in Technology

≈ Leave a comment

At TEDIndia, Pranav Mistry demos several tools that help the physical world interact with the world of data — including a deep look at his SixthSense device and a new, paradigm-shifting paper “laptop.” In an onstage Q&A, Mistry says he’ll open-source the software behind SixthSense, to open its possibilities to all.

http://www.ted.com/talks/lang/eng/pranav_mistry_the_thrilling_potential_of_sixthsense_technology.html

ASP.Net 4.0 features

02 Saturday Jan 2010

Posted by Young Brain @ Work in Technology

≈ 1 Comment

All of us heard of the upcoming ASP.Net 4.0 and Visual Studio 2010 due in Q4 2009 so I thought on listing the highlights on the ASP side.

Core Services

   Extensible Output Caching – adds an extensibility point to output caching that enables you to configure one or more custom output-cache providers

   Auto-Start Web Applications – The auto-start feature provides a controlled approach for starting up an application pool, initializing an ASP.NET application, and then accepting HTTP requests

   Permanently Redirecting a Page – adds a new RedirectPermanent helper method that makes it easy to issue HTTP 301 Moved Permanently responses

   The Incredible Shrinking Session State – introduces a new compression option for both kinds of out-of-process session-state providers. When the compressionEnabled configuration option is set to true, ASP.NET will compress (and decompress) serialized session state by using the .NET Framework System.IO.Compression.GZipStream class.

AJAX Functionality in ASP.NET 4.0

   Client Template Rendering – includes a new template engine for client development that meets the following requirements:

  • Performance — The engine must be able to render a typical number of items using a reasonably complex template before users perceive an interruption in their interaction with the application.
  • Simplicity — The template syntax must be very readable and must be optimized for the most common scenario, namely one-way/one-time binding.
  • Expression language — Templates must support an expression language to go beyond the simplest cases.
  • The expression language should use familiar syntax, ideally JavaScript syntax.
  • Interspersed code and markup — It must be possible to perform conditional rendering or to loop over markup by using code that surrounds HTML.
  • XHTML compliance — The template should be able to render XHTML-compliant markup.
  • Components — When using the template syntax, the developer must be able to instantiate client-side controls and behaviors that attach to HTML elements in the page or within templates

   Instantiating Behaviors and Controls Declaratively –  introduces a way to declaratively instantiate client-side controls and behaviors and attach them to HTML elements

   Live Data Binding – ensures that the target value is automatically updated whenever the source value changes

   Using the Observer Pattern with JavaScript Objects and Arrays – The observer pattern enables an object to be notified about changes that occur in another object. (The term observer pattern is often misused in JavaScript frameworks to describe event handling based on the addHandler method and similar techniques.) ASP.NET 4.0 implements the pattern completely

   The DataView Control – The DataView control can bind to any JavaScript object or array, or to any ASP.NET AJAX component

   The AdoNetServiceProxy Class – enables read-write interaction with ADO.NET Data Services from JavaScript

   The DataContext and AdoNetDataContext Classes – provides full support for change tracking in the browser. This enables complete end-to-end AJAX-based data scenarios

   Refactoring the Microsoft AJAX Framework Libraries – one can now choose whether to load all the javascript libraries or only part of them throught the ScriptManager

Web Forms

   Setting Meta Tags with the Page.Keywords and Page.Description Properties – One of the smaller additions that has been made to ASP.NET 4.0 Web Forms is the addition of two properties to the Page class, Keywords and Description. These two properties represent corresponding meta tags in your page

   Enabling View State for Individual Controls – In ASP.NET 4.0, Web server controls include a ViewStateMode property that gives you control-level granularity over whether view state is enabled. This lets you disable view state by default and then enable it only for the controls that require it in the page

   Changes to Browser Capabilities – includes a feature referred to as browser capabilities providers. As the name suggests, this lets you build a provider that in turn lets you use your own code to determine browser capabilities

   Routing in ASP.NET 4.0 – built-in support for using routing with Web Forms

   Setting Client IDs – The new ClientIdMode property addresses a long-standing issue in ASP.NET, namely how controls create the the id attribute for elements that they render

   Persisting Row Selection in Data Controls – Persisted selection is now supported for the GridView and ListView controls in all projects by using the PersistedSelection property

   FormView Control Enhancements – A new RenderTable property is now available that lets you specify whether the FormView control renders using a table

   ListView Control Enhancements – ListView control does no longer require a layout template.

   Filtering Data with the QueryExtender Control – To make filtering easier, a new QueryExtender control has been added in ASP.NET 4.0. This control can be added to EntityDataSource or LinqDataSource controls in order to filter the data returned by these controls. Because the QueryExtender control relies on LINQ, the filter is applied on the database server before the data is sent to the page, which results in very efficient operations

Dynamic Data

   Declarative DynamicDataManager Control Syntax – The DynamicDataManager control has been enhanced so that you can configure it declaratively, as with most controls in ASP.NET, instead of only in code

   Entity Templates – Entity templates offer a new way to customize the layout of data without requiring you to create a custom page. Page templates use the FormView control (instead of the DetailsView control, as used in page templates in earlier versions of Dynamic Data) and the DynamicEntity control to render Entity templates. This gives you more control over the markup that is rendered by Dynamic Data

   New Field Templates for URLs and E-mail Addresses – ASP.NET 4.0 introduces two new built-in field templates, EmailAddress.ascx and Url.ascx. These templates are used for fields that are marked as EmailAddress or Url with the DataType attribute

   Creating Links with the DynamicHyperLink Control – Dynamic Data uses the new routing feature that was added in the .NET Framework 3.5 SP1 to control the URLs that end users see when they access the Web site. The new DynamicHyperLink control makes it easy to build links to pages in a Dynamic Data site

   Support for Inheritance in the Data Model – Dynamic Data has been modified to understand inherited objects in the data model and to support scaffolding for the inherited tables

   Support for Many-to-Many Relationships (Entity Framework Only) – New ManyToMany.ascx and ManyToMany_Edit.ascx field templates have been added to provide support for displaying and editing data that is involved in many-to-many relationships

   New Attributes to Control Display and Support Enumerations

   Enhanced Support for Filters

 

Visual Studio 2010 Web Designer Improvements

   Improved CSS Compatibility – The Visual Web Developer designer in Visual Studio 2010 has been updated to improve CSS 2.1 standards compliance

    HTML and JScript Snippets – In Visual Studio 2010, IntelliSense snippets are supported for JScript, alongside C# and Visual Basic, which were supported in earlier versions of Visual Studio

   JScript IntelliSense Enhancements – JScript IntelliSense has been redesigned to provide an even richer editing experience. IntelliSense now recognizes objects that have been dynamically generated by methods such as registerNamespace and by similar techniques used by other JavaScript frameworks. Performance has been improved to analyze large libraries of script and to display IntelliSense with little or no processing delay. Compatibility has been dramatically increased to support nearly all third-party libraries and to support diverse coding styles. Documentation comments are now parsed as you type and are immediately leveraged by IntelliSense 

Web Application Deployment with Visual Studio 2010

   Web Packaging – Visual Studio 2010 uses the MSDeploy tool to create a compressed (.zip) file for your application, which is referred to as a Web package. The package file contains metadata about your application plus the following content:

  • IIS settings, which includes application pool settings, error page settings, and so on.
  • The actual Web content, which includes Web pages, user controls, static content (images and HTML files), and so on.
  • SQL Server database schemas and data.
  • Security certificates, components to install in the GAC, registry settings, and so on.
  • A Web package can be copied to any server and then installed manually by using IIS Manager.
  • Alternatively, for automated deployment, the package can be installed by using command-line commands or by using deployment APIs.

   Web.Config Transformation – For Web application deployment, Visual Studio 2010 introduces XML Document Transform (XDT), which is a feature that lets you transform a Web.config file from development settings to production settings

   Database Deployment – A Visual Studio 2010 deployment package can include dependencies on SQL Server databases. As part of the package definition, you provide the connection string for your source database. When you create the Web package, Visual Studio 2010 creates SQL scripts for the database schema and optionally for the data, and then adds these to the package. You can also provide custom SQL scripts and specify the sequence in which they should run on the server. At deployment time, you provide a connection string that is appropriate for the target server; the deployment process then uses this connection string to run the scripts that create the database schema and add the data

   One-Click Publishing – Visual Studio 2010 also lets you use the IIS remote management service to publish a Web application to a remote server. You can create a publish profile for your hosting account or for testing servers or staging servers. Each profile can save appropriate credentials securely. You can then deploy to any of the target servers with one click by using the Web One Click Publish toolbar. With Visual Studio 2010, you can also publish by using the MSBuild command line. This lets you configure your team build environment to include publishing in a continuous-integration model

What cloud computing really means?

08 Thursday Oct 2009

Posted by Young Brain @ Work in Technology

≈ 2 Comments

The next big trend sounds nebulous, but it’s not so fuzzy when you view the value proposition from the perspective of IT professionals

Cloud computing is all the rage. “It’s become the phrase du jour,” says Gartner senior analyst Ben Pring, echoing many of his peers. The problem is that (as with Web 2.0) everyone seems to have a different definition.

As a metaphor for the Internet, “the cloud” is a familiar cliché, but when combined with “computing,” the meaning gets bigger and fuzzier. Some analysts and vendors define cloud computing narrowly as an updated version of utility computing: basically virtual servers available over the Internet. Others go very broad, arguing anything you consume outside the firewall is “in the cloud,” including conventional outsourcing.

Cloud computing comes into focus only when you think about what IT always needs: a way to increase capacity or add capabilities on the fly without investing in new infrastructure, training new personnel, or licensing new software. Cloud computing encompasses any subscription-based or pay-per-use service that, in real time over the Internet, extends IT’s existing capabilities.

Cloud computing is at an early stage, with a motley crew of providers large and small delivering a slew of cloud-based services, from full-blown applications to storage services to spam filtering. Yes, utility-style infrastructure providers are part of the mix, but so are SaaS (software as a service) providers such as Salesforce.com. Today, for the most part, IT must plug into cloud-based services individually, but cloud computing aggregators and integrators are already emerging.

InfoWorld talked to dozens of vendors, analysts, and IT customers to tease out the various components of cloud computing. Based on those discussions, here’s a rough breakdown of what cloud computing is all about:

1. SaaS
This type of cloud computing delivers a single application through the browser to thousands of customers using a multitenant architecture. On the customer side, it means no upfront investment in servers or software licensing; on the provider side, with just one app to maintain, costs are low compared to conventional hosting. Salesforce.com is by far the best-known example among enterprise applications, but SaaS is also common for HR apps and has even worked its way up the food chain to ERP, with players such as Workday. And who could have predicted the sudden rise of SaaS “desktop” applications, such as Google Apps and Zoho Office?

Cloud computing is a general term for anything that involves delivering hosted services over the Internet. These services are broadly divided into three categories: Infrastructure-as-a-Service (IaaS), Platform-as-a-Service (PaaS) and Software-as-a-Service (SaaS). The name cloud computing was inspired by the cloud symbol that’s often used to represent the Internet in flow charts and diagrams.

A cloud service has three distinct characteristics that differentiate it from traditional hosting. It is sold on demand, typically by the minute or the hour; it is elastic — a user can have as much or as little of a service as they want at any given time; and the service is fully managed by the provider (the consumer needs nothing but a personal computer and Internet access). Significant innovations in virtualization and distributed computing, as well as improved access to high-speed Internet and a weak economy, have accelerated interest in cloud computing.

A cloud can be private or public. A public cloud sells services to anyone on the Internet. (Currently, Amazon Web Services is the largest public cloud provider.) A private cloud is a proprietary network or a data center that supplies hosted services to a limited number of people. When a service provider uses public cloud resources to create their private cloud, the result is called a virtual private cloud. Private or public, the goal of cloud computing is to provide easy, scalable access to computing resources and IT services.

Infrastructure-as-a-Service like Amazon Web Services provides virtual server instances with unique IP addresses and blocks of storage on demand. Customers use the provider’s application program interface (API) to start, stop, access and configure their virtual servers and storage. In the enterprise, cloud computing allows a company to pay for only as much capacity as is needed, and bring more online as soon as required. Because this pay-for-what-you-use model resembles the way electricity, fuel and water are consumed, it’s sometimes referred to as utility computing.

Platform-as-a-service in the cloud is defined as a set of software and product development tools hosted on the provider’s infrastructure. Developers create applications on the provider’s platform over the Internet. PaaS providers may use APIs, website portals or gateway software installed on the customer’s computer. Force.com, (an outgrowth of Salesforce.com) and GoogleApps are examples of PaaS. Developers need to know that currently, there are not standards for interoperability or data portability in the cloud. Some providers will not allow software created by their customers to be moved off the provider’s platform.

In the software-as-a-service cloud model, the vendor supplies the hardware infrastructure, the software product and interacts with the user through a front-end portal. SaaS is a very broad market. Services can be anything from Web-based email to inventory control and database processing. Because the service provider hosts both the application and the data, the end user is free to use the service from anywhere.

Microsoft Launches Visual Studio 2010 and .Net Framework 4

03 Tuesday Feb 2009

Posted by Young Brain @ Work in Technology

≈ Leave a comment

Microsoft announce to launch the new version of Visual Studio 2010 and microsoft.net Framework 4.0 that fall into the “democratizing ALM” theme.

The aim behind this new version is to give the platform of “Life cycle management of democratize application”.

The two biggest and improved features is modeling and testing. Thus it’s make better fro developers for database pros, architects, and testers to work together in Visual Studio Team System 2010.

Visual Studio 2010 Team System will include some pieces of Microsoft’s “Oslo” modeling approach, as first demonstrated at Microsoft’s TechEd conference earlier this year. The Architecture Explorer allows Architects and developers to build, customize, and see an architectural diagram of an application and enforce architectural consistency to build a piece of software. The software supports the Object Management Group is the unified Modeling Language and domain-specific language. Read more updates about this article click here.

Features and tech. specifications of Visual Studio 2010 and Framework

New Added Features in Visual Studio 2010

  • Design and share multiple diagram types, including use case, activity and sequence diagrams.
  • Discover and identify existing code assets and architecture with the new Architecture Explorer.
  • Enhanced version control capabilities including gated check-in, branch visualization and build workflow.
  • Identify and run only the tests impacted by a code change easily with the new Test Impact View.
  • Improve testing efforts with tooling for better documentation of test scenarios and more thorough collection of test data.

General features

  • Enabling emerging trends
  • Democratizing Application Lifecycle Management
  • Breakthrough Departmental Applications
  • Inspiring developer delight
  • Riding the next generation platform wave

Read more features click here.

Visual Studio 2010 and Framework Leaked Screenshots :-

htaccess Files for Web Site Security

06 Tuesday Jan 2009

Posted by Young Brain @ Work in Technology

≈ Leave a comment

A web site that is powered by a CMS (Content Management System) is a beautiful thing. But, it can also be a target of hackers and other undesirables.

While no web site is truly impervious to attack, webmasters need to take every precaution available, preferably utilizing layered protection. One option available to sites hosted on a Linux/Apache platform is the .htaccess file. If used properly, it will really give your site an additional layer of protection.

In this post, I will be speaking about the way to specifically use the .htaccess file to block access to the CMS portion of your site, for example the /wp-admin folder of your WordPress blog. If an outsider gained access to that, you could really be up the creek – so we want to block unauthorized access.

First – the Disclaimer

.Htaccess CautionIf you don’t know what an .htaccess file is – stop reading now. These files are powerful and are not for noobs. If you do know what these files are, use the following information at your own risk. If you are on a Microsoft IIS web server – stop reading now as I am not going to cover how to do this on a Windows server, but you can Google it for youself.

What We Are Going to Do

This tip will show you how to block ALL IP addresses except the ones that you put on the “approved” list. This means that you should think about any computer(s) that you want to provide with access. Remember, this could also include other writers and blog contributors you have helping you. If a computer tries to access the CMS but their IP address is not on the “approved” list, they will be blocked and given the “Error 403 Forbidden” message.

Here We Go…

The first step is to get the IP addresses of your computer and any that you want to grant access. If you don’t know your computer’s IP address, you can visit this link to get it. Make a note of the IP address.

Now, open Notepad++ or whatever basic text editor you use and start a new document with this content:


# use this to block access to the site administration section
# IMPORTANT – place in the directory that contains your admin information
AuthUserFile /dev/null
AuthGroupFile /dev/null
AuthName “Example Access Control”
AuthType Basic
<LIMIT GET>
order deny,allow
deny from all
allow from ENTER YOUR COMPUTER’S IP ADDRESS HERE
allow from SECOND APPROVED IP ADDRESS HERE
</LIMIT>

Save that file as .htaccess with no file extension.

Upload the .htaccess file to the directory on your web server that contains all your Admin stuff. In WordPress, that directory would be /wp-admin, for example.

IMPORTANT: DO NOT put this file on the root level of your website or you will be the only one that can see your website. Make sure to place it in the directory that handles your web site’s Administration information. That will keep most of the bad guys from snooping around. But, in reality, if someone wants in, they will find a way.

Testing it Out

Get someone on a different IP address to try to access to your Admin directory. If they get the “403 Forbidden” message but you can access it with no problem, that means your .htaccess file is doing its job. Just make sure to completely test it out before you call it a day.

And remember – if you are not comfortable with .htaccess files, do not try this. Leave a comment asking for some assistance or do some research on your own before attempting.

This is somewhat of an advanced .htaccess post.

MySql 5.1 Release Premature?

04 Sunday Jan 2009

Posted by Young Brain @ Work in Technology

≈ Leave a comment

After a year of testing, Sun Microsystems announced in April that thatMySql 5.1 was ready for GA release.  That was great news because it would be offering lots of new features and Open Source products are always priced right ) .

However, MySql’s original author, Michael “Monty” Widenius says that release by Sun was premature.  On his blog, he recommends treating the new features of MySQL 5.1 as BETA and to make sure that you test them thoroughly before placing into production.

He says there are 20 verified critical bugs in 5.1 that remain unaddressed and possibly as many as 35.  There are also more than 300 less critical bugs that are on the “to-do” list, but have no fix timetable.

He also documents several bugs, which could lead to database instability:

  • There is a bug that could cause an error when one is upgrading from 5.0 to 5.1 and a table in the database contains triggers – documented here

Check out his blog and you will see a TON more documented bugs.

So why would Sun release something as GA when it should have gone through some additional testing, perhaps?  Monty says:

The reason MySQL 5.1 was declared RC was not because we thought it was close to being GA, but because the MySQL manager in charge *wanted to get more people testing MySQL 5.1*.

Monty’s post is very candid and normally those types of discussions would be held behind closed doors, but such is the way of Open Source.  It is very… open.

So use MySQL 5.1, but be informed before you decide to upgrade and you should definately test it completely before you put it into production.

Koobface Virus Shows Up on Facebook

04 Sunday Jan 2009

Posted by Young Brain @ Work in Technology

≈ Leave a comment

Facebook has quickly become one of the most popular Social Networking websites around and that is something that virus writers, hackers and other bad guys have certainly noticed.

There have been reports of those wacky Nigerians hacking into Facebook accounts and impersonating the user to try to scam money from their friends and reports of a Facebook javascript bug.

Now, there are reports of a virus called Koobface in circulation on Facebook.  Here is how it works:

  • A hacker infects a Facebook user’s PC
  • The hacker then sends messages to the user’s Facebook friends.  The messages say something like “You look just awesome in this new movie” or something seemingly innocent like that.
  • A link contained in the message sends the recipient to a website where they are prompted to download a supposed update of Adobe’s Flash Player, so they can “view the video”.
  • If the recipient clicks the link, their PC is infected and the cycle continues.

The hackers are taking advantage of the climate of trust the exists on Facebook.  Friends feel that any message they receive from one of their friends on Facebook should be trusted because of the privacy features in place.  We tend to let our guard down and not think that our friend’s account could have been hacked or that a message we receive could contain a malicous virus like Koobface.

Making web content disappear based on a passed db parameters

04 Sunday Jan 2009

Posted by Young Brain @ Work in Technology

≈ Leave a comment

I had a task a few days ago where I wanted to make web content appear and disappear depending on some backend DB constraints.

So CSS/DHTML was the obvious choice!!

By setting “style.visibility ” to either ‘visible’ or ‘hidden’ you can reveal or hide web content with ease.

so off I went and coded……….

I made the required div tags <div id=’$id’> around the content that I wanted to appear/disappear (where the $id is from the DB).

On the onmouseover event of the tag, I fired off some javascript and attempted to hide the code with the following.

onmouseover=”hide($id);”

Javascript:

function hide(id){
document.getElementById(id).style.visibility=’hidden’;
}

The idea was to fire off the javascript and hide the tag this way. The id being passed thru is id of the div tag

i.e. <div id=$id>

Well…what do you know….. it would not work.

Javascript would see the id being passed thru as a good parameter, but as an integer, not the required string.

so I changed the code as follows.

I added the letters “tagid_” before the id in the div tag

i.e <div id=’tagid_$id’>

In the javascript I added the following

var this_id=”tagid_”+id;

and then hide it as follows

document.getElementById(this_id).style.visibility=’hidden’;

And THIS worked like a dream..
PS!!… the code below was NOT run in a browser to check for validity.. it is only the idea.

 

Here is the basic sample code in full:

1. The div tags:

<div id=’tagid_$id’ >

2. The Onmouseover() event:

onmouseover=”hide($id);”

3.The javascript read:

 

function hide(id){
var this_id=”tagid_”+id;
document.getElementById(this_id).style.visibility=’hidden’;
}

And this seemed to work great.

Hope this helps someone out.

Are Web 2.0 ventures really profitable

01 Thursday Jan 2009

Posted by Young Brain @ Work in Technology

≈ 4 Comments

Here is a quote from Oreilly, ” Web 2.0 is an attitude, not a technology”. This speaks all about the idea behind web 2.0 ventures. Let us first of all try to look at different web 2.0 ventures that are available in the market today. Some of them are based on – Social Networking, Social Bookmarking, Rich Interactive media, Blogging, Podcast etc. Major crux of web 2.0 websites are that it is community oriented. The main reason for success of web 2.0 sites has been that it has empowered users to express themselves. It is an innate behavior in human beings to showcase their ideas, thoughts and concepts to everyone. Web 2.0 sites have made maximum utilization of this need in everyone, and hence explains the success. Any and every business can be a success if it can satisfy some deep human urge and need.

We have heard so much hullabaloo about these web 2.0 websites. But are these ventures really profitable. Let me tell you, if it was not profitable, then thousands of Venture Capitalists in the world would not have had invested so heavily in these ventures. To reiterate my point of view, you can Click Here to view the list of all the web 2.0 companies who have received venture funding so far. Believe me, VCs invest because they want their money back, and in manifold times as well. The point is that we need to understand that the source of revenue in web 2.0 ventures do not come in the conventional way. The highlight of these sites are that most of the features are provided free of cost to the end users. Very few websites charge their users for making use of the features, and those who are charging their members have had limited success.

The goal for every web 2.0 ventures entrepreneurs should be to increase the member base as much as possible. Once the website has a huge number of membership, the remaining things are automatically taken care of. There are many ways of increasing the membership in these kind of websites – we can take that up in a different article. One mistake, though often it is taken as a well planned strategy, that web 2.0 ventures try to address a limited group. Targeting a niche audience is fine, but we should not forget that business can be successful only when we have scalability inherent in its business model. So my suggestion to all would be web 2.0 entrepreneurs will be to target a niche audience, but not to limit themselves.

There are basically 3 source of revenue for web 2.0 ventures: Selling advertising, Paid user subscriptions, Getting acquired. Paid User subscriptions is a good option to attract revenue, but there is a word of caution here – Do not make basic features as paid features. The members will turn away from your side, if you do that. Anybody and everybody likes free meal. Besides, if people can get some free features elsewhere, they will go for it and never return to your website. Paid members should be provided real value added services. Selling advertisements on web 2.0 websites is the most important source of revenue. Advertisement, positioned intelligently on the website can be huge revenue earner for the site. But care should be taken to monetize the site in a way, so that it does not interfere with the regular feature usage. Getting acquired is the long term option. Thousands of members can lead to valuation of millions. Usually this is what most of the web 2.0 venture gun for.

So to conclude, I will say, definitely there is money in web 2.0. Its the way the site is operated and marketed, that makes the difference, eventually.

Serious security flaw found in IE

19 Friday Dec 2008

Posted by Young Brain @ Work in Technology

≈ Leave a comment

Users of Microsoft’s Internet Explorer are being urged by experts to switch to a rival until a serious security flaw has been fixed.

The flaw in Microsoft’s Internet Explorer could allow criminals to take control of people’s computers and steal their passwords, internet experts say.

Microsoft urged people to be vigilant while it investigated and prepared an emergency patch to resolve it.

Internet Explorer is used by the vast majority of the world’s computer users.

It’s a shame Microsoft have not been able to fix this more quickly
Darien Graham-Smith
PC Pro magazine

Q&A: Stay safe online

“Microsoft is continuing its investigation of public reports of attacks against a new vulnerability in Internet Explorer,” said the firm in a security advisory alert about the flaw.

Microsoft says it has detected attacks against IE 7.0 but said the “underlying vulnerability” was present in all versions of the browser.

Other browsers, such as Firefox, Opera, Chrome, Safari, are not vulnerable to the flaw Microsoft has identified.

Browser bait

“In this case, hackers found the hole before Microsoft did,” said Rick Ferguson, senior security advisor at Trend Micro. “This is never a good thing.”

As many as 10,000 websites have been compromised since the vulnerability was discovered, he said.

“What we’ve seen from the exploit so far is it stealing game passwords, but it’s inevitable that it will be adapted by criminals,” he said. “It’s just a question of modifying the payload the trojan installs.”

MICROSOFT SECURITY ADVICE
Change IE security settings to high (Look under Tools/Internet Options)
Switch to a Windows user account with limited rights to change a PC’s settings
With IE7 or 8 on Vista turn on Protected Mode
Ensure your PC is updated
Keep anti-virus and anti-spyware software up to date

Said Mr Ferguson: “If users can find an alternative browser, then that’s good mitigation against the threat.”

But Microsoft counselled against taking such action.

“I cannot recommend people switch due to this one flaw,” said John Curran, head of Microsoft UK’s Windows group.

He added: “We’re trying to get this resolved as soon as possible.

“At present, this exploit only seems to affect 0.02% of internet sites,” said Mr Curran. “In terms of vulnerability, it only seems to be affecting IE7 users at the moment, but could well encompass other versions in time.”

Richard Cox, chief information officer of anti-spam body The Spamhaus Project and an expert on privacy and cyber security, echoed Trend Micro’s warning.

“It won’t be long before someone reverse engineers this exploit for more fraudulent purposes. Trend Mico’s advice [of switching to an alternative web browser] is very sensible,” he said.

This could be the moment when the minnows in the browser wars finally score a significant victory
Rory Cellan-Jones
BBC technology editor

Read the dot.life blog in full

PC Pro magazine’s security editor, Darien Graham-Smith, said that there was a virtual arms race going on, with hackers always on the look out for new vulnerabilities.

“The message needs to get out that this malicious code can be planted on any web site, so simple careful browsing isn’t enough.”

“It’s a shame Microsoft have not been able to fix this more quickly, but letting people know about this flaw was the right thing to do. If you keep flaws like this quiet, people are put at risk without knowing it.”

“Every browser is susceptible to vulnerabilities from time to time. It’s fine to say ‘don’t use Internet Explorer’ for now, but other browsers may well find themselves in a similar situation,” he added.

← Older posts

Pages

  • About Me

Recent Posts

  • TOP 10 MOBILE APPLICATION DEVELOPMENT COMPANIES
  • The Ten Golden Rules on Living the Good Life
  • Android M vs. Android Lollipop: What Are The Sweet New Features And Changes?
  • The iOS Design Guidelines
  • 7 Project Management Tools that are making Life Simpler for Project Managers

Categories

  • Android (4)
  • General (16)
  • Humor (5)
  • iPhone (28)
  • life (7)
  • Motivational (21)
  • My story (1)
  • PhoneGap (1)
  • Project Management (27)
  • Technology (13)
  • Uncategorized (4)

Calendar

January 2021
M T W T F S S
 123
45678910
11121314151617
18192021222324
25262728293031
« Oct    

Archives

  • October 2016 (1)
  • July 2015 (3)
  • November 2013 (4)
  • September 2013 (2)
  • February 2012 (6)
  • September 2010 (1)
  • August 2010 (4)
  • July 2010 (3)
  • June 2010 (6)
  • January 2010 (6)
  • October 2009 (3)
  • September 2009 (2)
  • August 2009 (3)
  • July 2009 (6)
  • May 2009 (8)
  • April 2009 (4)
  • March 2009 (8)
  • February 2009 (8)
  • January 2009 (21)
  • December 2008 (23)
  • November 2008 (4)

Recent Comments

  • Rogelio on 7 Ways to Make a Good Impression
  • garcinia on iPhone 4G features. What do you want?
  • http://jeanperal.wordpress.com on Avoiding iPhone App Rejection From Apple
  • online payday loan companies on Avoiding iPhone App Rejection From Apple
  • Tracie on Avoiding iPhone App Rejection From Apple

Blog Stats

  • 12,040 hits

Top Clicks

  • None

RSS Top News

  • An error has occurred; the feed is probably down. Try again later.

Categories Cloud

Android General Humor iPhone life Motivational My story PhoneGap Project Management Technology Uncategorized

Enter your email address to follow this blog and receive notifications of new posts by email.

Join 4 other followers

Create a free website or blog at WordPress.com.

Privacy & Cookies: This site uses cookies. By continuing to use this website, you agree to their use.
To find out more, including how to control cookies, see here: Cookie Policy