Posts in category internet - page 8

Google tracking outbound links from searches

I’ve never realized but Google use your browser in such a way it tells them which link you followed out from the search results. Searching for “damieng” for example will show my home page as the first result. The browser window will show https://damieng.com but click on it with JavaScript enabled and instead you’ll go somewhere like;

http://www.google.co.uk/url?sa=t&ct=res&cd=1&url=http%3A//damieng.com/&ei=yMf5QoHUJczcQr-YvfAN

Let’s break this down:

  1. http://www.google.co.uk/url (their tracking and redirect page)
  2. sa=t (“t” for normal search area, “l” for right-hand sponsored results)
  3. ct=res (“res” for normal results, “pro” for sponsored results above normal results)
  4. cd=1 (result number for normal results, a unique code for sponsored results)
  5. url=http%3A//www.damieng.com/ (the HTTP encoded version of where you were going)
  6. ei=yMf5QoHUJczcQr-YvfAN (a base-64 encoded request number, no doubt tied to what I searched for)

Google’s page then returns a “302 Not Found” and tells your browser that page can be found at https://damieng.com

Google have apparently been doing this on and off for some time.

It is telling that they have gone to the trouble of hiding the tracking link by using JavaScript when they could just have linked directly to their tracking pages… but then that would have given the game away to anyone copying the links or looking at their status bar I guess…

If you want to see all this for yourself either view the source or try out the excellent Live HTTP Headers extension for Firefox.

[)amien

Firefox for power users, part 2

Here are a few more useful bits and pieces to improve you browsing experience if you’re a Firefox user.

GreaseMonkey

This great extension provides a framework that allows scripts to run against web pages from your own machine. The upshot of this is…

There are many many more at GreaseMonkeyUserScripts.

CuteMenus

Put icons next to some menu items to bring the UI a bit more in line with Microsoft’s tools.

FlashGot

Download multiple files, images etc. from a single click.

Other browsers

Mac users may want to check out Camino which uses the Gecko rendering engine inside a native Cocoa application. It’s pretty fast and cool although it can’t use any of the Firefox plug-ins. Another alternative browser is OmniWeb which uses the Safari rendering engine but provides many more useful commands, options and facilities than Safari itself.

Microsoft fans will have to wait a little longer until the public Internet Explorer 7 betas turn up. We’ve been promised fixed PNG transparencies and improved CSS handling. In related news Bill Gates has been trying Firefox

Postfix

Just a quick note to praise the free Windows blogging application Zoundry that allows WYSIWYG style editing. I’ve managed to use it to clean up some of the previous postings too. Now if only it had a spell checker and auto-pasted in the clipboard URL when you create a hyper link…

My Visual Studio 2005 Beta 2 DVD’s arrived Saturday free of charge courtesy of Microsoft. I’ve just installed them alongside SQL Developer 2005 and will hopefully be posting some tit-bits soon. One heads up is to install IIS before VS2005. The VS2005 installer won’t warn you or error however the SQL 2005 installer will tell you it’s a prerequisite if you want Reporting Services. If you install IIS after VS2005 and before SQL 2005 you’ll receive an unidentified error for the Reporting Services installation.

[)amien

Phishing with IDN’s

Currently “hot news” is the fact that Firefox, Mozilla and Safari browsers have been demonstrated as susceptible to a new form of phishing attack.

Basically all these browsers support International Domain Names (IDN) that let you use the full Unicode set of foreign characters and symbols, and some of these foreign characters while technically different from the Latin ones look identical. In the case demonstrated they have used the Arabic a to replace a Latin a in “PayPal” to get another site. This isn’t really anything new, even the original RFC commented on how this would be a problem and the IETF issued guidelines that would have limited their scope if only Verisign actually implemented them. (Specifically the guideline for preventing mixing of languages within a domain name would reduce the scope for attack considerably).

One thing that is amusing is the Internet Explorer fans reaction that their browser isn’t susceptible. This is true but only because Microsoft hasn’t added IDN support to IE, instead recommending you install a third-party plug-in to do it.

Head over to Verisign, install the plug-in, and you too can have exactly the same “exploit”.

Some 12 hours later it appears the rest of the world twigs and Secunia issues this advisory.

[)amien