Now that Yahoo has begun showing BING search results, it is more important than ever to optimize for BING right?

The simple answer is no.

The actual question that should come to everyone’s mind is will this comprise my overall SEO efforts.

Search Engine Optimization is not magic; this topic is well documented. Many if not all of the SEO methods are shared across all the major search engines, with slight weighting differences amongst them. If you follow good SEO practice you will rank well on all SERPS.

There are however some interesting observations I have made. BING & Google both at first glance seem to weigh On Page SEO very similarly. However Off Page SEO seems to influence BING a little more. BING appears to give more trust to aged domains, along with target keywords anchor link positioning.

With that being said my personal opinion is that you should concentrate on good OVERALL SEO rather than worrying about a specific search engine. 

Remember content is king.

Just dropped 200 bucks on your new webcam (link will be opened in new window) you can use to check up on your pets from across the world? Does it do everything you hoped it would?

News flash – depending upon how it’s configured, it could be doing even more; that same page you browse to in order to check up on Fido may be indexed by search engines such as Google.

Now, 9 times out of 10, the web server is configured to host the content under a non-intuitive URL; while this may deter somebody who is trying to guess the URL used by the software, it also provides those “in the know” with a “one-stop shop” for all of their nefarious needs. As an example, most Panasonic networked cameras have the string “ViewerFrame?Mode=” in the URL, and can easily be located by using the Google search string inurl:”ViewerFrame?Mode=”.  If you’re following along with the links, I’m guessing (without actually accessing this page which was likely intended to be private) the third page on the above Google search (it’s a *.edu) is exactly what a hacker would want to see — and exactly what you don’t want them to see**.

To avoid this, it may be possible (depending upon the software) to at least change the default URL used. If not, consult the support documentation – and if necessary, the vendor – to determine the best course of action by which you can better protect your privacy. Depending upon the software leveraged by the device, you may also be able to create a robots.txt file (file including all pages not to be indexed by the search engine) for the web server as well.  For more detail, see here.

By the way, it’s not just cameras, but printers and telecommunications equipment (read: WOW) as well. A surprisingly vast listing of known devices (and information on their default pages) can be found here.

** The posted information is for educational purposes only, I neither recommend nor condone using the web as a tool for spying on others.  Don’t do it.

“What is Cross Site Scripting?”

Cross site scripting (also known as XSS) occurs when a web application gathers malicious data from a user. The data is usually gathered in the form of a hyperlink which contains malicious content within it. The user will most likely click on this link from another website, instant message, or simply just reading a web board or email message. Usually the attacker will encode the malicious portion of the link to the site in HEX (or other encoding methods) so the request is less suspicious looking to the user when clicked on. After the data is collected by the web application, it creates an output page for the user containing the malicious data that was originally sent to it, but in a manner to make it appear as valid content from the website. Many popular guestbook and forum programs allow users to submit posts with html and javascript embedded in them. If for example I was logged in as “john” and read a message by “joe” that contained malicious javascript in it, then it may be possible for “joe” to hijack my session just by reading his bulletin board post. 

“What are the threats of Cross Site Scripting?”

Often attackers will inject JavaScript, VBScript, ActiveX, HTML, or Flash into a vulnerable application to fool a user (Read below for further details) in order to gather data from them. Everything from account hijacking, changing of user settings, cookie theft/poisoning, or false advertising is possible. New malicious uses are being found every day for XSS attacks. The post below by Brett Moore brings up a good point with regard to “Denial Of Service”, and potential “auto-attacking” of hosts if a user simply reads a post on a message board. 

What’s the easiest way to make an .htaccess file in Unix/Linux so that a directory is password protected? Suppose that your home directory is /home/dmistry and all your webstuff is in /home/dmistry/www/ . Follow these steps:

1. Make an .htpasswd file. The htpasswd command in Unix does this. You should put the password file outside of your web directory. So a command like “htpasswd -bc /home/dmistry/.htpasswd review donotenter” will create a new file using a username of review and a password of donotenter into the file /home/dmistry/.htpasswd . If you were to run the command “cat /home/dmistry/.htpasswd” you might see a line like “review:M1OdtjdGiDn1Y”.
2. Make an .htaccess file. In this case, the file would be located at /home/dmistry/www/.htaccess and it would look something like:
   
AuthUserFile /home/dmistry/.htpasswd
AuthName EnterPassword
AuthType Basic
<Limit GET POST>
require valid-user
</Limit>

Facebook has been having so many security problems lately, the latest one is a bug discovered on Wednesday by a college student. The bug would allow a hacker access to accounts with the power to delete friends and more. Even though this is a serious bug, as of Saturday it was still unpatched.

The college student, Steven Abbagnaro, wrote up proof-of-concept code of an attack that would get all of a users’s publicly available data from their Facebook page and then delete their friends one by one. However, the attack can’t be started until the user clicks on a rigged link while logged into Facebook.

Abbagnaro won’t release the code until a patch is applied but competent hackers could figure it out on their own. The code is based on a previously discovered vulnerability in Facebook that doesn’t check code from user’s browsers properly to make sure they are authorized to make changes on Facebook. Another possible attack that has arisen out of this bug is the ability of hackers to make users “like” things.

This attack and the others that have been cropping up lately stresses the need to educate users about social engineering techniques and to be suspicious of links from people they don’t know or links from friends that seem uncharacteristic.

PC Word has an interesting artical on how to preserve your Laptop Battery Life and debunks some theories it is a very interesting article.

Laptop batteries are like people–eventually and inevitably, they die. And like people, they don’t obey Moore’s Law–You can’t expect next year’s batteries to last twice as long as this year’s. Battery technology may improve a bit over time (after all, there’s plenty of financial incentive for better batteries), but, while interesting possibilities may pop up, don’t expect major battery breakthroughs in the near future.

Read the full article here

A reminder has been posted on the official Windows Team blog regarding support for Windows 2000, Vista RTM, and XP with Service Pack 2. The support for these three operating systems will end soon.

Vista RTM will be the first one out of those three, which will not receive support anymore starting April 13.

For the other two OSs, July 13 is the date of their support termination.

Windows Vista RTM users need to use Windows Update to install the latest service pack.

A fake Facebook password reset email seems to be doing the rounds in the last few days. I fixed two computers today that had been infected by this particular malware.

Instead of having a fake Facebook page to collect the victims passwords (phishing), the email is sent with a malware attachment. The malware is known as “Bredolab” which is a Trojan downloader. In the two computers I repaired today, Bredolab downloaded some rogue antivirus products. However, some sites are saying that it also downloads a password stealing trojan.

If you see it onsite, Malware Bytes seems to deal with the Trojan once you kill the main executable (at least the rogue antivirus variants). Be sure to tell your clients to change their passwords after the infection has been removed as well.

Acer has officially announced its netbook that has the latest Intel Atom processor and Pine Trail platform. It is scheduled to be released later this month.

The netbook, model AO532h, was seen on the company’s support site in mid-December.

The speed of the machine is 1.66GHz. The other specifications are 512KB cache, DDR-2 memory, 667MHz FSB, and 10.1-inch screen.

It comes with Windows 7 Starter Edition and the cost of the machine is $299 according to the article at  The Register.

A website has posted 10 steps on how to install a Mac OS X 10.6 Snow Leopard operating system in Windows 7.

To start off the process, a user need to download and install a software which is VMware Workstation 7. Also, there are two files that need to be downloaded.

VMware Workstation is the program that was used in the guide to install the Apple OS. There are five screen shots included in the article to help a user choose where and what option to press/choose.

Source: Redmond Pie