The Internet Archive has released a Wayback Machine extension for Chrome that will automatically take users to an archived copy when they hit a dead webpage. Once installed on Chrome, whenever a link returns a 404 error message or 'page not found', the Wayback Machine extension will search the Wayback Machine web archives to see if an older version is available. If one is, users will see a notice offering the option to visit the archived copy. Not much can be done to stop the growth of so-called 'link rot', or once-working URLs that no longer go anywhere, but as Mark Graham, co-founder of the Internet Archive, notes, the extension will help temper its effects. "For the past 20 years, the Internet Archive has recorded and preserved webpages, and hundreds of billions of them are available via the Wayback Machine. This is good because we are learning the web is fragile and ephemeral," Graham writes. "The Wayback Machine Chrome extension is designed to help mitigate link rot and other … [Read more...] about Google Chrome gets Wayback Machine extension: End to the pain of 404 errors?
Web 500 error
The 404 Not Found page. It’s always a tiny bit frustrating when you land on one of these after mistyping a website address or because the page has been taken down.However, the Brussels-based Missing Children Europe organization, working with Child Focus, has found a way to make use of these otherwise empty pages with the launch of its NotFound initiative designed to spread the word about missing children.If a company signs up to be part of the NotFound 404 project, which launched this week, web users who land on one of its deleted web pages will be met with the message, “Page not found, neither is [name of missing person]”. A photo of the missing child, together with some information about that person, is also displayed.Francis Herbert, secretary-general of Missing Children Europe, said in a release, “The idea of integrating missing person messages into 404 pages immediately seemed very interesting to us. We are always looking for new communication … [Read more...] about 404 error pages put to good use in missing children project
A new study commissioned by content-acceleration provider Akamai Technology and conducted by JupiterResearch claims that the average online shopper will wait as along as four seconds for a page to load before potentially abandoning an online retailer. And, besides prices, what was the most-cited factor contributing to poor online shopping experiences? Long load times. “The critical takeaway from this research is that online shoppers not only demand quality site performance, they expect it,” said Brad Rinklin, Akamai’s VP of marketing, in a release. “Four seconds is the new benchmark by which a retail site will be judged, which leaves little room for error for retailers to maintain a loyal online customer base. Site performance becomes even more critical as retailers add more dynamic content and applications to their site.” Of course, the results are nicely self-serving for Akamai: the company’s business is caching its clients media and content … [Read more...] about Web Shoppers Only Wait Four Seconds?
Safeguarding Web services is a lot like protecting your Web-based applications from attack. The current crop of application-layer security solutions can look for malformed Web traffic, URL tampering, and the like, but it does not look deep into SOAP messages or scrub XML for malicious content, thus leaving Web services exposed.Web services come with their own specific vulnerabilities and security needs. By design, each one has an associated WSDL document that is basically a blueprint for the service. The document details the messaging request and response for the service in XML, what parameters (including data type) the service expects, and what operations are available via the service -- a return, a stock quote, or account update, for example. By analyzing a service’s WSDL document, a hacker knows exactly what the service is supposed to do and which parts are open to attack via techniques such as malformed SOAP messages and other XML parser attacks.Forum XWall Web Services … [Read more...] about Forum XWall provides powerful protection for Web services
Web services are almost irresistible. Every popular IDE makes them easy to build — to unlock the data and business logic in legacy systems, to provision common functions that can be shared across multiple platforms, or to provide partner organizations direct access to information or applications. And by their nature, Web services helpfully describe themselves, allowing one system to find and interact with another with little or no human intervention.Yet the very virtues that make Web services compelling — their use of trusted ports and protocols, their ease in exposing back-end systems, their eagerness to describe exactly what services are offered and how to get at them, and their use of multiple intermediaries — also make them a potential windfall for criminals crossing an enterprise’s perimeter (see also "Web services security standards aren't enough").“You’re taking all of these systems that you would never put on the Internet — you would … [Read more...] about Shielding Web services from attack
Soasta is offering developers a cloud service for testing Web applications under simulated conditions, with hits coming from globally distributed locations.Available on Wednesday, the company's CloudTest Global Platform simulates Web traffic and conditions by leveraging cloud platforms, such as Amazon EC2, Rackspace, 3Tera AppLogic, and Enormally. Real-world Web conditions are simulated from different geographies and time zones at different levels of scale, Soasta said.[ Cloud computing is shaping up to be a big trend for 2009. ]Load generation is produced from virtually thousands of servers from more than 15 locations worldwide, according to Soasta. This provides the most accurate representation of real-world Web traffic and usage, the company said.Developers can simulate customers coming from places like London, Los Angeles, or Hong Kong, said Soasta CEO Tom Lounibos. "It gives them a more real-world feel to how traffic is coming in," he said.With the growing importance of Web sites, … [Read more...] about Soasta cloud platform tests Web apps globally
It's the worst thing that can happen to a computer security vendor: This weekend, Moscow's Kaspersky Lab was hacked.A hacker, who identified himself only as Unu, said that he was able to break into a section of the company's brand-new U.S. support Web site by taking advantage of a flaw in the site's programming.On a conference call with reporters, Kaspersky Senior Research Engineer Roel Schouwenberg said that while he believes that the hacker did not access any customer information such as e-mail addresses, the hack would hurt the company's image. "This is not good for any company, and especially a company dealing with security," he said. "This should not have happened, and we are now doing everything within our power to do the forensics on this case and to prevent this from ever happening again."Schouwenberg blamed the breach on a Web programming flaw that was introduced in a Jan. 29 redesign of the support site, meaning that the bug was live on Kaspersky's site for about 10 days. … [Read more...] about Kaspersky: Web Hack ‘Should Not Have Happened’
In the constant battle against malicious Web server activity you have an ally in the form of ModSecurity, an open source Apache module designed to provide intrusion detection and prevention of HTTP exploits. The module does this by filtering requests before they are handed off to the Web server or even another module. ModSecurity can handle POST requests as well as the standard GET requests, provide detailed audit logs, and investigate post-decrypted HTTPS requests. The module engine natively understands HTTP, allowing very detailed filtering to be done. Let's take a look at how to get ModSecurity installed and go over some basic and advanced techniques for securing your Apache Web servers.The latest stable version of ModSecurity (1.7.4 as of this writing) can be obtained here, along with the source code and other distribution formats such as RPMs and Debian packages. When installing from source you have a couple options. First, you can install the module as a dynamic shared object … [Read more...] about SolutionBase: Set up ModSecurity on Apache for Web intrusion detection
Exchange ActiveSync for Exchange Server 2003 allows mobile phones or devices running Windows Mobile 2002, 2003, and Windows Mobile 5.0 to access information on the Exchange Server. The ActiveSync service will synchronise e-mail, contacts and calendar information with the portable device via the Internet.Direct Push was introduced in Exchange Server 2003 SP2 as a means to ‘improve the user experience'. A Windows Mobile 5.0 device makes a HTTPS request to the Exchange server; if any changes occur on the Exchange server within the lifespan of this request, then a sync command is issued. If not, then a new request is made and so on. This means the time between a new message being received by the Exchange Server and it being picked up by the mobile device is reduced. Without Direct Push, Windows Mobile will synchronise with the Exchange Server adhering to a predefined schedule. I don't think there's any doubt that Direct Push was introduced in response to the Blackberry.Whilst dealing … [Read more...] about Enabling Exchange ActiveSync: HTTP_500 error explained and solved
By Lonnie Benavides In the physical world it is very easy to understand what an indicator of compromise would mean for a robbery. It would simply be all the things that clue you in to the event's occurrence. In the digital world however, things are another story. My area of expertise is breaking into web applications. I've spent many years as a penetration tester attempting to gain access to internal networks through web applications connected to the Internet. I developed this expertise because of the prevalence of exploitable vulnerabilities that made it simple to achieve my goal. In a world of phishing and drive-by downloads, the web layer is often a complicated, over-looked, compromise domain.A perimeter web server is a gem of a host to control for any would-be attacker. It often enjoys full Internet connectivity with minimal downtime while also providing an internal connection to the target network. These servers are routinely expected to experience attacks, … [Read more...] about Top three indicators of compromised web servers