Hashemian Blog
Web Tools, Financial Markets, Technology
Tuesday, May 29, 2007
Amazon's Look Inside
One of the niceties of shopping for books on Amazon is the "Look Inside" feature. It tries to mimic browsers' experience in a physical bookstore by showing them a few selected pages from a book or a limited number of pages based on a search phrase. It's probably a violation of rules, but one could even print out these pages to reference them later.
As I said, this option is designed to approximate the shopping experience at a physical bookstore, but it's not quite the same. Most physical stores resemble libraries these days. You can select a few books, grab a comfortable armchair and read to your heart's content.
 Not so with Amazon preview. After showing you a few pages, you get a popup informing you that the freeloading interval is over, basically informing you that if you want to read more, buy the book. What's perplexing is this portion of the message:The page you have requested is not available for viewing. For security purposes, we are not able to provide further information about why the page is unavailable. Huh? What? Security purposes? I can't figure out what he devil they mean by this. I wasn't trying to access information on Pentagon's top security database. I guess a clause like that frees them from ever having to answer a question about the preview feature. Couldn't they just say: "Sorry, the browse limit has been reached?"
amazon,books,look inside,book browsingLabels: amazon < Amazon's Look Inside>
// posted by rh
Saturday, May 19, 2007
Yahoo Messenger
I guess this means I'm old and not with the current times, but I just don't get the lure of instant messaging (IM). The whole experience is so unsettling that a long time ago I vowed not to ever use it. What's the point? I have to be a super-typist to have a barely coherent conversation. Then there are all those typo-ridden acronyms (lol, rotfl, u2, b4, cu, wtf) to learn. And if there are more than two people chatting, forget about keeping track of who said what, responding to whom and to which comment. Who needs the hassle.
If I need to send a message, I just use the good old-fashioned email. And for urgent cases, I just pick up the handset. I remember back when IRC chat rooms where in vogue. Out of curiosity, I peeked inside one of the rooms to see what the big deal was. After about two minutes of observing the volley of nonsense by purported teenagers, I had enough. That was my first and last time in an IRC chat room.
So I didn't think I would ever use a messenger program, but surprisingly I have been a happy user of Yahoo Messenger for a couple of years now. No, I don’t use it for IM, voice, or webcam. But I do use it to listen to music, read RSS subscriptions, and check a list of stocks. Yahoo Messenger has become a useful tool for me to that end.
 Anyways, a few days ago I received this popup that alarmed me for a moment. I thought I had picked up a spyware or an adware. Turns out that it was just a system message from Yahoo Messenger. Right, I'm so glad that I can now save my chat logs on Yahoo's servers. Guess I won't be exceeding my storage quota any time soon.
messenger,yahoo messenger,irc,irc chat,im,instant messagingLabels: im, instant messaging, irc chat, technology, web < Yahoo Messenger>
// posted by rh
Monday, May 14, 2007
What is best for ABN shareholders?
The faith of the Dutch ABN Amro will be decided by its shareholders. They will decide between the offers of Barclays Bank of the UK and a consortium of Royal Bank of Scotland, Fortis, and Banco Santander Central Hispano.
Thing got more interested with a Dutch court decision of the $21 billion sale of LaSalle, ABN's U.S. business, to Bank of America as part of the merger ABN-Barclays agreement. The consortium of Royal Bank of Scotland, Fortis, and Banco Santander Central Hispano insists that
LaSalle remains as a part of ABN.
The shareholders vote will also determine the future of ABN Amro's management. Under the Barclays deal, current ABN executives will retain their jobs. It isn't clear though that such provisions are in place with the offer from the consortium.
The consortium's offer includes more cash and a higher price, but more uncertainty. The shareholders will eventually decide what is going to happen. It would be definitely interesting to see the result of the world's biggest merger (acquisition). Meanwhile, The Dutch Authority of
Financial Markets (AFM) ordered today that all information concerning the ABN Amro takeover has to be made public. <What is best for ABN shareholders?>
// posted by amt
Sunday, May 13, 2007
Redirect Hacks and Phishing
A few days ago in a blog entry I touched upon how search engine gamers had been able to use trusted domains and the 302 redirect trick to fool search engines into giving them higher rankings. That window of opportunity is all but closed now, but scammers still use the redirect hack to aid them in their phishing expeditions. They are able to foist their tricks on their unsuspecting victims using two main avenues consisting of spam emails and spam posts.
Suppose you receive an email with the following embedded URL:
http://www.ygdte682hdfajh1a.com/offer.htm?url=http://example.comWould you click on this email? Most likely not, and nor will many others. You just can't tell who that weird URL belongs to, so you would skip over it. Now consider the following URLs: http://froogle.google.com/%66%72%6F%6F%67%6C%65%5F%75%72%6C?%71=%68%74%74%70%3A%2F%2F%31%39%32%2E%30%2E%33%34%2E%31%36%36http://www.aol.com/%72%65%64%69%72%2E%61%64%70?%5F%75%72%6C=%68%74%74%70%3A%2F%2F%31%39%32%2E%30%2E%33%34%2E%31%36%36http://cgi1.ebay.com/aw-cgi/ebayISAPI.dll?RedirectEnter&loc=http://us.ebayobjects.com/2c;47586106;12593038;l?%68%74%74%70%3A%2F%2F%31%39%32%2E%30%2E%33%34%2E%31%36%36Notice how the URLs indicate domains from Google, AOL, and eBay. Some people may still be skeptical about clicking, but others may not be so paranoid. After all those domains emanate from highly trusted sources. The URLs have some encrypted data, but we are all accustomed to seeing long URLs on various sites, and might attribute that to strong security. This is no trick. Those pages are indeed legitimate pages from well-known sites. But they are specially crafted pages to redirect users to other destinations. They were most likely designed to be used by their respective sites themselves and for other legitimate uses from the outside. But in this case they were hijacked to gain users' confidence prompting them to dutifully click on them. For these samples, users are safely redirected to example.com, but they could have been redirected to a wicked phishing site instead. Phishers also post the same types of links on various online boards, article sites, or other user submission areas, and they can gain users' trust just the same. Why wouldn't these links be automatically filtered by email servers or web sites? For the same reason average users see no threat in them. Filters might block or distort links they do not recognize, but many may give these links a free pass, convinced that they are from highly trusted sites and are therefore innocuous. Some well-known sites have started to take defensive measures to foil these types of redirect tricks, but abuse-ready redirect pages still abound. So the next time you come across these types of links in a spam email or on a site, think twice before clicking on them. They may just be the bait-and-switch kind. http redirect, phishing, hackers, spamLabels: hackers, http redirect, phishing, spam < Redirect Hacks and Phishing>
// posted by rh
Wednesday, May 09, 2007
End of the Road for Old Blogger
When Google bought blogger.com from Pyra Labs over 4 years ago, there was a lot of head-scratching. Blogosphere wasn't new but it was a fraction of what it is today. Google wasn't new either, but it was just search engine site, a really good one. And it still was just a private company.
Today, blogger.com is just a part of Google's public empire and it has become a popular site for the myriad blogging enthusiasts. Count me in as one of the enthusiasts. I have been a pretty satisfied user of blogger.com since I started blogging on this site. About 2 years ago Google set out to revamp blogger.com by adding new features, improving some of the existing ones and, most prominently, migrating the accounts to its own login infrastructure.
I converted this blog to the new version a few months ago. The process was relatively smooth with a few minor glitches. Today blogger.com finally retired its old version for good, hailing: "Old Blogger is dead! Long live Blogger!". What tipped me off was the missing blogger image button at the bottom of my blog pages. According to blogger.com's terms of service users are (or were) required to display this button on their pages.
 I am not sure if the terms of service still require displaying this button. Right now it seems flaky (look to the right). Sometimes it loads, other times it fails. For now I'm going to leave it, but if it continues to remain missing, I'll assume that it's now a relic of the past and its presence is no longer required. Then perhaps it's time to toss it.
google,blogs,blogger,blogger.com,pyra labsLabels: google, web < End of the Road for Old Blogger>
// posted by rh
Sunday, May 06, 2007
Redirect Hacks and SEO
In web terms a redirect hack is an umbrella concept that refers to various strategies to redirect visitors from one web page to another. There are several legitimate reasons a site may use this technology. These are generally necessary conditions where, for example, a site has migrated to another, or a page needs to temporarily send its visitors to another location.
Try http://www.cnnfn.com/ and notice how your browser is redirected to http://money.cnn.com/. When CNNfn shut down its doors it moved its operations to this new site, and used a redirect to take its faithful readers to its new abode. Same is true with Microsoft when it acquired Great Plains Software and renamed the business to Microsoft Dynamics. The URL http://www.greatplains.com/ now redirects to http://www.microsoft.com/dynamics/. These types of redirects are known as 301 or permanent redirects, referring to the code sent by a web server to a browser asking it to redirect to a new URL. The other type of redirect is known as 302 or temporary. It is used to announce a temporary relocation of a page or a site and results in the same type of redirection. The difference is mainly in how a browser or a search engine is supposed to treat the redirection.
Since temporary redirects are supposed to be, well, temporary, visiting programs are supposed to treat the original URLs as valid, like any other legit web page. For example, per rules, a search engine should continue to keep the original URL in its index and give the referee the same weight and value as the original URL.
Soon enough, unethical search engine optimization (SEO) guys discovered this rule (or loophole) and started gaming search engines by placing links on various sites that bounced off certain URLs from well-known web sites and redirected visitors to their own sites. When search engines encountered such links, they would give the referenced sites high rankings because the links were from trusted and well-regarded sites.
Take a look at this sample URL (it still works as of this writing):
http://www.aol.com/redir.adp?_url=http://www.example.com
It appears that AOL has redirected one of its own pages to example.com. Most likely AOL uses this page for its own site, but as is, it can't stop others from using it too. In reality you can replace example.com with any page's URL and any search engine (or your browser) would be faithfully ushered there, courtesy of AOL servers. As a benefit, the search engine would bestow a high ranking on that final URL by proxy, because that page is believed to be somehow associated with AOL.
A High ranking means more frequent appearances on or near the top of search engine results pages, which means that gamers can garner a lot of traffic on their sites for little work, and traffic translates to money. In simple cases visitors are greeted with pay-per-click or other types of ads, stock pump-and-dump schemes, or they might be scammed into buying stuff. In more insidious cases visitors might be tricked into installing spyware or malware on their computers to track their activities and annoy them with incessant popup ads, or worse, ship their private information to the bad guys waiting to wipe clean bank and trading accounts.
Fortunately major search engines have now optimized their systems to forestall redirect hacks and most gamers don't see much (if any) gain from employing this tactic. But don't count out redirect hacks just yet. A more nefarious redirect usage involving phishing is alive and well, and still thriving. More on that in the next blog entry.
redirect hack,seo,phishing,301 redirect,302 redirect,http redirect,search enginesLabels: http redirect, phishing, search engines, seo < Redirect Hacks and SEO>
// posted by rh
Thursday, May 03, 2007
Microsoft's bCentral LinkExchange Banner Network Shuts Down
 I Received the inevitable email from Microsoft today. It was inevitable because in the face of all the acquisitions, consolidations, and new technologies to deliver ads on the web, it was a miracle that LinkExchange even lasted as long as it did.
LinkExchange opened its operations in 1996. It created a banner exchange marketplace where sites could get their banner ads displayed on other members' sites in exchange for participating in the program and displaying banners from others. The company made money by selling a percentage of the banner placements to paid advertisers.
In 1998 (fortuitously before the dotcom implosion) Microsoft acquired LinkExchange for $265 million and rolled it into its small business services initiative, dubbed bCentral. Eventually newer players (read Google) and newer technologies made the old boring banner exchanges obsolete but LinkExchange soldiered on, until now.
Now that Microsoft is shifting its bCentral operations to live.com and adCenter has been positioned to compete with google's AdWords and Yahoo's Panama, it was time to decommission the old banner exchange. Microsoft stopped taking new LinkExchange applications on Nov. 15th, 2006 and as of June 4th, 2007 will stop serving banners.
So as LinkExchange takes its final bow, scroll to the bottom of this page to say your farewells. Soon there will be an empty spot in its place.
Microsoft,LinkExchange,banners,advertising,bCentral,banner networkLabels: advertising, Microsoft, web < Microsoft's bCentral LinkExchange Banner Network Shuts Down>
// posted by rh
Tuesday, May 01, 2007
eBay Phishing
 Phishing is not a new phenomenon. Just like anyone else I've been getting them for years now. They are so obvious that I just report them as spam without opening them and move on. I wonder when these guys will get tired of the usual impersonations and get on with more exciting trickeries. At least that'll keep the cat and mouse game more interesting. I'm tired of the garden variety names consisting of WaMu, Citibank, Chase, Amazon, and eBay.
So today, just for fun, I decided to open up a couple of these emails and check them out. Both were purportedly from eBay bidders sending me messages about some product I hadn't listed on eBay, the last time I listed an item on eBay was some 4 years ago. Both were obviously sent from the same source.
 Inspecting the message sources I noticed that the links were actually crafted using the redirection facilities of a couple of big online names. One was via an AOL page, and the other via a Froogle page. Clicking on either whisked my browser to a page that looked uncannily like an eBay login page.
I must admit that I was impressed. The login page was absolutely identical to that of eBay's. The dead giveaway was the URL line displayed in the browser, but I could see how someone would just overlook that oddity. The host portion was actually an IP address (instead of signin.ebay.com), and even a non-standard port number was specified; 82 instead of the missing port which would default to 80. The rest of the URL however bore a total resemblance to what you would normally see for the eBay login page.
Switching from my IE 6 to Firefox 2, I was happy to see that the site had already been reported as a phishing site and Firefox immediately popped up a forgery warning, alerting me to the site's dubious status. Then I tried IE 7 and I was happy again to see that the site raised a red flag with that browser as well. Obviously the anti-phishing measures in those browsers were working, at least in this case.
I then proceeded to enter some bogus login credentials and I got what I expected. Upon submitting the information, the page displayed a pathetic apology message about being sorry for the inconvenience and even tried to relieve any possible alarm by exclaiming: "Rest assured that your private data is in a safe place."
No doubt my fake data was safely and warmly embraced by the phisher and no sooner had I submitted the page than it was being tested on the real eBay login screen by the miscreant. Of course the average absent-minded user would just grunt at the error message and then click on a now-legit link to go to the real eBay login page, mindless of the fact that his credentials had just "safely" fallen into the wrong hands.
That user wouldn't even notice the suspicious signs in the error message itself, like "apparently" spelled with one "p" or the misuse of the word "costumers" instead of "customers". With all their technological prowess and creativity, don't these guys have a basic spellchecker to at least feign a professional apearance, er, appearance?
phishing,ebay,firefox,ie,hackers,redirection hackLabels: ebay, firefox, hackers, ie, phishing, redirection hack < eBay Phishing>
// posted by rh
|
Links
Technorati Profile
TMCnet.com
ARCHIVES
09/01/2003 - 10/01/200303/01/2004 - 04/01/200404/01/2004 - 05/01/200405/01/2004 - 06/01/200406/01/2004 - 07/01/200407/01/2004 - 08/01/200408/01/2004 - 09/01/200409/01/2004 - 10/01/200410/01/2004 - 11/01/200411/01/2004 - 12/01/200412/01/2004 - 01/01/200501/01/2005 - 02/01/200502/01/2005 - 03/01/200503/01/2005 - 04/01/200504/01/2005 - 05/01/200505/01/2005 - 06/01/200506/01/2005 - 07/01/200507/01/2005 - 08/01/200508/01/2005 - 09/01/200509/01/2005 - 10/01/200510/01/2005 - 11/01/200511/01/2005 - 12/01/200512/01/2005 - 01/01/200601/01/2006 - 02/01/200602/01/2006 - 03/01/200603/01/2006 - 04/01/200604/01/2006 - 05/01/200605/01/2006 - 06/01/200606/01/2006 - 07/01/200607/01/2006 - 08/01/200608/01/2006 - 09/01/200609/01/2006 - 10/01/200610/01/2006 - 11/01/200611/01/2006 - 12/01/200612/01/2006 - 01/01/200701/01/2007 - 02/01/200702/01/2007 - 03/01/200703/01/2007 - 04/01/200704/01/2007 - 05/01/200705/01/2007 - 06/01/200706/01/2007 - 07/01/200707/01/2007 - 08/01/200708/01/2007 - 09/01/200709/01/2007 - 10/01/200710/01/2007 - 11/01/200711/01/2007 - 12/01/200712/01/2007 - 01/01/200801/01/2008 - 02/01/200802/01/2008 - 03/01/200803/01/2008 - 04/01/200804/01/2008 - 05/01/200805/01/2008 - 06/01/2008
|
