What Happens When Gmail Goes Down

Gmail went down today for a short period of time. I recall it being less than 30 minutes, like 20 minutes tops. But it was in the middle of the work day. So, what happened when Gmail went down? Apparently we all turned to Twitter to complain.

First, we had to check our routers to see if the router was having a problem:

gmail-down-router [Read more...]

Facebook Account Security Flaw: Sites Auto Posting on Users’ Facebook Walls Without Permission

Even after leaving Facebook.com, a serious flaw in Facebook‘s account security allows any website to post and “Like” a page without the user’s knowledge or permission. Simple JavaScript code that is freely available, placed on any web page, will automatically “Like” a URL and post about it on Facebook Users’ walls without their permission or knowledge. A recent test of this JavaScript code revealed that the code was able to auto “Like” and successfully post on over 30 percent of the users’ Facebook walls without their knowledge or permission. This is a serious security flaw in Facebook’s account security that must be fixed.

Imagine visiting your Facebook account, viewing your Facebook Timeline, making a few posts on your Facebook wall, updating your status. Then you leave Facebook.com, without logging out of Facebook, and go to a few other websites. You know, the usual daily routine. For many, it’s easier to just leave Facebook.com and go to other websites without logging out of your Facebook account. When you go back to Facebook.com, you’re already logged in–you don’t to type your Facebook user Id and password again. You can go right to your Facebook timeline, to see all of the updates from your Facebook friends.

That is where this Facebook security flaw comes into play. Devious web site owners (some technically call them “Black Hat” webmasters) are taking advantage of Facebook users. By installing simple JavaScript code on their web site, webmasters are able to “fake” a click on a hidden Facebook “Like” button on their site. And then they post on your Facebook Wall about it, which promotes their URL or web site to all of YOUR Facebook Friends. And you never see the click or the Facebook “Like”, and you most likely will not see that you posted about their web site on your Facebook Status unless you go to Facebook.com and view your Facebook Wall. Most Facebook users will never know that they are promoting web sites that they recently visited unless someone tells them about it–because Facebook is designed in a way for us to see all of our friends’ updates on our timeline. It takes a separate click on the Facebook site to view your own Facebook Status updates.

Security Flaw Effects 31 Percent of Web Site Visitors
In a recent test during a two week period, I installed a version of some “Auto Like” and “Auto Post on Facebook Wall” JavaScript code on a web site that I own. After running the test on the web site for two weeks (the code has now been removed from the site), the results were impressive but disturbing. The average web site visitors to this web site are what I would call “very tech savvy” people. On this particular test web site where I ran the script, the Average Bounce Rate is 52.41 percent. The Average Time on Site is 7:04 minutes. 54.62 percent were New Visits. Here are some statistics about the users to this particular test web site:

52.41% Bounce Rate
7:04 minutes Avg. Time on Site
54.62% New visits
45.64% Firefox Users
34.20% Chrome Users
9.36% Internet Explorer Users

Referring Web Sites:
38.24% New Visits Direct to Site
71.27% New Visits from Google
61.90% New Visits from Facebook.com
83.33% New visits from m.Facebook.com
——————————
30.8% Users who Auto Liked and Auto Posted on their Facebook Wall

Nearly 31 Percent of these tech-savvy users who visited the test web site were still logged into Facebook–and the script caused them to automatically “Like” the page and automatically posted on their Facebook Wall that they liked the web site–promoting the web site to all of their Facebook Friends. And although the about half of the new visits were direct visits to the test web site, the 3rd and 4th most popular referring site was Facebook (I am assuming that they came because someone had promoted the web site on their Facebook status). 62 percent were from Facebook.com and a whopping 83 percent were new visits from the mobile version of Facebook.com.

What is disturbing here is the fact that when you visit a website. Not only will you “Like” a URL of the web site owner’s choosing, the web site will also automatically post on your Facebook Wall without you even knowing it. If you are logged into your Facebook account, even though you are NOT on Facebook.com, any website can automatically post on your Facebook Wall without your knowledge. This is a serious Facebook security flaw that Facebook needs to address right away.

How You can Stop Facebook Account Security Flaw
At this point, there is really only one way that you personally can stop web sites from automatically posting and auto “Liking” when you visit their web site. When you visit Facebook.com you should log in–and when you leave Facebook.com, you should log out. As long at you are technically logged out of Facebook.com, there is no way that a devious web site owner can force you to automatically “like” their web site–and they cannot automatically post to your Facebook Wall.

Facebook absolutely needs to take action right away so that this cannot continue to happen. Facebook must protect the integrity of the Facebook “Like” system, or a Facebook “Like” will be meaningless in the future. A good start would be for Facebook to implement some sort of Captcha Code as a part of the Facebook “Likes”, which would be a good step in the right direction here.

Facebook Privacy Gone Awry: Search Engines Indexing Email Addresses from Facebook

Private email addresses of individuals who have Facebook accounts are getting indexed by the search engines, including Google, Yahoo!, and Microsoft’s Bing.com. There are certain web pages on Facebook, mainly the Facebook Email Opt Out web page, that are getting indexed by the search engines. There is a problem because these web pages contain email addresses that can easily be harvested.

To see for yourself, go on over to Google and search for something like this:
site:facebook.com “Do you want to stop receiving Facebook emails”

Or, you can simply go to Google.com and search for the page itself:
site:www.facebook.com/o.php

Google is not alone in indexing personal email addresses of Facebook users. In fact, Yahoo! Site Explorer reveals over 5700 email addresses:

Bing.com, on the other hand, has been very slow at indexing these web pages, and that’s probably due to the fact that Microsoft has been very slow at indexing ANY web page on the internet. In fact, there are websites that are actually complaining about the fact that Bing has not indexed their entire website. (For those of you who want their pages indexed more quickly by Bing, I recommend that you start getting more links to your web pages, the deep links).

I have yet to figure out exactly how the search engines are indexing these web pages, as they actually contain people’s personal email addresses. If this were a really bad problem, there would be a lot more than 5000 email addresses from Facebook being indexed in the search engines. We already know that there are a lot more than 5000 Facebook users, so it doesn’t seem to be a really big issue. There are, though, a few ways that the search engines could be picking up on this:

- A Facebook application gone awry. Perhaps these users all have a certain common Facebook application that they’re using that is causing this data to be indexed. Perhaps the URLs are being recorded somewhere, on another server, and the search engines have started indexing those URLs.

- There’s some issue with the real-time feed data that is causing Google and Yahoo! to index those URLs. I have seen this happen before with other sites like Twitter. My main Twitter ID, @bhartzer, for a while had a source code (parameters) associated with it. I had a feeling Google was picking it up somehow, but couldn’t narrow down exactly where they were picking up the URL. It’s just recently that a search for “bhartzer” on Google has been showing http://www.twitter.com/bhartzer

So, what can you do to combat issues like this?
One of the best things you can do is start using a social media monitoring tool to start tracking mentions of you, your company, and your brand online. If there’s an issue like this, if you’ve set up a tracking tool properly, you will be notified if your brand, your company name, your domain name, or even your email address shows up.

You can also set up a Google alert for something like “billhartzer.com”. Whenever that’s mentioned, and if there is a new mention of it, most likely you’ll be notified. Setting up the alert to track the ‘keyword’ your domain name without the www part of it will most likely help in notifying you in the event that your email address shows up online. Certainly that won’t work for “@gmail.com” or other generic emails, but you get my point.

Certainly, Facebook has been plaugued by all sorts of privacy issues, and the fact that email addresses from an opt out web page on their own website are being indexed is not a good thing. ALL Facebook had to do was to make sure that their “opt out” page, the one that contains email addresses, isn’t allowed to be indexed by the search engines.

A hat tip goes out to Cory Watilo for finding this gem.

Update: June 4, 2010 – Apparently Facebook has taken care of this issue. The way they did it, though, was to add a directive in their robots.txt file to disallow the search engines from spidering the o.php file like this:

Disallow: /o.php

Apparently, this was enough, as both Yahoo! and Google have stop indexing that file and they have stopped indexing the o.php file.

Via Google Buzz, I have found an “official” response by Matt Cutts who posted it here. He says that they found those email addresses by crawling publicly-available web pages:

We found those pages by crawling normal links on public web pages. It also would have been nice if the author of that blog post had asked us before claiming that the “only way” Google could have possibly found pages was by following links in emails. We could have saved him the trouble of making up a new conspiracy theory.

WOT Web of Trust Launches New Version

web-of-trust-logo.jpg
A while back you may recall that I wrote about Web of Trust, the world’s first online tool for reputation rating. Web of Trust has launched a new version.

wot-ratings.jpg

Web of Trust has launched a new version of the WOT safe surfing add-on with customizable protection. Experienced Web users who prefer “Light” protection get a simple warning if they surf to a page with a poor reputation, whereas selecting “Maximum Safety” will prevent a risky page from loading. Parents with young children can choose the “Parental Control” mode which blocks access to sites that contain pornography or other adult content.

Web of Trust has four convenient one-click protection options that can be changed instantly depending on the situation:
• “Light” protection suits experienced Web users
• “Basic” protection guides the user by giving warnings
• “Maximum Safety” stops dangerous Web sites from loading
• “Parental Control” blocks access to Web sites with a poor child safety rating and no rating at all

Web of Trust offers Internet users preventive protection against Web-based attacks, online scams, identify theft, and unreliable shopping sites. The WOT security add-on provides safety ratings to search results when using Google, Yahoo!, Digg and other popular sites, helping users protect their computers and personal information. Web site ratings are continuously updated by the user community and from numerous trusted sources, such as phishing site listings. The free Internet security add-on works with Internet Explorer and Firefox browsers and can be downloaded at http://www.mywot.com.

Interesting Facts about WOT
• WOT has been downloaded by 4 million users
• Information on 22 million websites
• 1 in every 20 websites is harmful
• WOT users contribute by rating and commenting on websites
• WOT also receives information from a large number of trusted sources, such as PhishTank, hpHosts, DNS-BH Malware Domain list and Artists Against 419.
• Available in 14 languages, now also in Chinese and Japanese

Web of Trust Launches First Online Reputation Rating Community

web-of-trust-logo.jpg

WOT, also known as Web of Trust, has launched the world’s first online tool for reputation rating. This new community-based browser add-on allows you to assess the trustworthiness of websites. The Web of Trust’s community’s new website, including free download, can be found at www.mywot.com.

wot-ratings.jpg

The concept of the WOT is fairly simple: WOT community members exchange their knowledge about web sites by using a user interface. Membership is free and you don’t have to register. You can submit website ratings but it’s not required.

The Web of Trust has been in beta testing for over a year now, and the community has acquired reputation data on over 16 million sites. WOT uses four components to rate a website’s reputation: trustworthiness, vendor reliability, privacy, and child safety. They then enrich the data they get from the users with information from trusted sources such as listings of phishing sites.

wot-ratings-search.jpg

The WOT system processes ratings and produces a reputation rating for each web site. Any attempts to manipulate the reputation data are effectively countered using algorithms. Once WOT has been downloaded, checking a site’s reputation is easy. A WOT reputation icon is displayed next to each link on search engine results pages. WOT supports Google and most other major search engines. According to Web of Trust, 99 percent of current users surveyed found WOT useful and 98 percent would recommend it to a friend.

Behind the community, there is a team developing the WOT service. Headed by Esa Suurio, Against Intuition Inc. focuses on developing and providing software and services for the WOT community, and promoting the community’s goals. Against Intuition was founded in Finland in 2006 by two visionary postgraduate students, Timo Ala-Kleemola and Sami Tolvanen, who are now engaged in further system development with a group of talented software developers, designers, and database administrators. It’s no coincidence that WOT comes from the country that repeatedly has been named one of world’s least corrupt countries.

Yahoo Stores Down on Cyber Monday

Yahoo! Small Business

Unbelievable. According to reports, many Yahoo! store merchants were going strong with their “cyber Monday” sales and suddenly the Yahoo! Stores have gone down. Some merchants report that they have lost more than 4 hours’ worth of online sales.

the 3 million is Y!SB Web hosting and domains customers, not the 45,000 Yahoo! Store accounts (last publicly available number I have)

There are sporadic reports this afternoon, November 26, 2007, that Yahoo! web hosting customers are experiencing an outage. Some are reporting that they’ve seen these reports on CNBC.

Yahoo! Stores Down

The latest updates are being reported on the Updates page on the Yahoo! Small Business site:

8:31 AM (PST) – Error Message During Checkout

Some merchants are reporting that shoppers are receiving an error message indicating “system unavailable” during the checkout process. We are aware of this issue and are currently investigating. More information will be provided as it becomes available.

This is yet another reason why e-tailers should have backup plans. Online retailers who rely on their sites being up and running 24/7 should be prepared for situations like this. As an online retailer, what can you do to make sure that your site is always up and running?

- Consult with your current web host to see what type of backup plan(s) they have.
- Consider setting up a backup server on another web host. Keep additional content up and running on that other web host. The backup content does not have to be your full shopping cart. It could actually consist of a well-designed web page explaining that you’re experiencing difficulties…shoppers can place their orders by calling a particular phone number. Having this content on another web host would allow you to change the nameservers of the domain name if your current site goes down.

Whatever the case, whether you sell merchandise online, have a corporate website, or if you have a blog, you need a backup plan. Some way of dealing with technical issues that arise from time to time.

Updates to this Post
Reuters is reporting that – Yahoo Inc’s payment processing system is “suffering periodic outages” … “that prevent some consumers from completing shopping transactions, according to a company Web site for merchants.”

CNBC reports that “Yahoo Can’t Cope with Cyber Monday”… “On a day that’s arguably one of the most important for online shoppers during the holiday shopping season, the so-called “Cyber Monday,” Yahoo’s shopping and transaction algorithm appears to be down.” Catherine Seven was mentioned in the article: “Search engine optimization consultant Catherine Seven runs seowhat.com and says she works with 22 clients who use Yahoo Shopping: None she’s spoken to today have had any transactions processed. She’s sending notes out to all her clients warning them that there is an issue.”

Yahoo Stores Crashing on Cyber Monday – “This is absolutely devastating to a small business that relies upon cyber Monday for a large portion of its business.”

Black Monday for Yahoo! Merchant Services – “The solution is unclear as I would expect Yahoo! To be a great partner for merchants as they already receive more internet traffic than any other site.”

Yahoo’s E-Commerce Services Buckle Under Cyber Monday Traffic – “Yahoo’s services for powering shopping carts for small businesses are suffering from intermittent outages today as shoppers flock to e-commerce sites on company time.”

CNET News is reporting that the outage was “a deliberate attack”…”A three-hour outage today on Yahoo was the result of a malicious attack intentionally aimed at disabling the service, according to company executives….Yahoo president Jeff Mallett said a “distributed denial of service attack” overwhelmed its Web hosting company’s routers beginning at around 10:20 a.m. PST, and apparently ending shortly after 1 p.m. PST.”

Updated: Yahoo Small Business Servers Struggle on ‘Cyber Monday’: Report – “The moniker “Cyber Monday” is something of a PR creation, but Yahoo (NSDQ: YHOO) is looking at a PR problem today due to glitchy small business servers, which power third party e-commerce sites. “

NetAlter: an Alternative to the World Wide Web?

NetAlter  Red Herring Winner

NetAlter Software Ltd., a company based in India, is developing a P2P-based system as a “secure and trusted alternative to the World Wide Web”. Once developed, this new system will be called “NetAlter” and will offer a more secure, trusted, spam and virus-free software and network for businesses and end users.

NetAlter is also working on a web browser called the “NetAlter Service Browser” that will be free for everyone to use. The “NetAlter Service Browser” will allow you to connect, communicate, and share stuff with other users directly from your PC via a true P2P network. There won’t be any domain names.

Once this new system is in place, you won’t have to worry about your personal or financial information being stolen or abused. The NetAlter web browser won’t allow unauthorized scripts or programs to run and it will also protect intellectual property, which is owned by the creators of the content and applications.

NetAlter’s new system, when complete, will have features for communication such as email, file sharing, information sharing, and messaging. You will also be able to create personal and business networks using it’s secure P2P technology.

The NetAlter system also has an integrated intelligent clustered semantic search engine that is e-commerce enabled. You will be able to search and find precise information and resources within the NetAlter browser and then store the search results and associated content to your PC. You can then access that content offline, if necessary.

NetAlter Grid

The NetAlter system has a Democratic Grid concept where end users in the network share the idle resources of their PC with a global Grid pool and then use the same grid to run grid enabled applications on a quid pro quo basis.

When you want to make use of NetAlter GRID system for supercomputing and you want to process their application on 10 computers on the GRID, you can make use of the 10 hours credited to your account to avail of 1 hour of NetAlter GRID supercomputing resources equivalent to the power of 10 computers. If the you want the application to be distributed over 20 computers, the NetAlter GRID will provide equivalent supercomputing resources of 30 minutes.

NetAlter Software Ltd. is a winner of the “Red Herring Asia 100″ award in Hong Kong. NetAlter is a patented system that offers a domain-less alternative to web and internet based solutions.

NetAlet’s website is at www.NetAlter.com.

GoDaddy Offers Extended Validation Certificates

GoDaddy.com(R), largest world’s largest registrar, is now offering the new Extended Validation (EV) SSL Certificates. You can use GoDaddy now to purchase them and install them immediately.

EV SSLs set a higher standard for secure sites. GoDaddy.com now offers three types of SSL certificates: Go Daddy(R) Turbo SSL(R), High Assurance SSL, and now the EV SSL. This new EV SSL offers 256-bit encryption and adds a thorough, standardized verification process. The new EV SSL offers the most stringent vetting process for SSL encryption available today.

If you’re not familiar with EV SSL, GoDaddy.com says that “the EV SSL vetting process involves verifying the applying organization’s identity and typically requires a letter from a representing attorney or accountant. While the new guidelines are strict, Go Daddy EV SSL certificates can be issued within two to four hours after all required documentation is received.” [Read more...]