Google Chrome 2.0 is even more Secure
Posted by: webhostingtimes.com in Browsers on May 25th, 2009
Google Chrome 2.0 browser includes some new security features with which to arm itself as it competes in a browser market still dominated by Microsoft Internet Explorer. The new Chrome features include protections against cross-site request forgery and clickjacking. UPDATE: Google Chrome 2.0 apparently beats the speed of other browsers in many test by anywhere from 20-32% in performance across multiple systems.
The latest update to Google Chrome came with a few new bells and whistles, and lots of talk about speed. But what about security?
Browser vendors have been struggling to keep pace with the growing Web threat landscape. Internet Explorer 8 added a number of security features. In the latest release of the browser, Google has included some new protections behind the scenes, including defenses against cross-site request forgery and clickjacking. CSRF is an attack whereby a user is forced to execute unwanted actions in a Web application the user is authenticated in. To guard against CSRF in Chrome 2.0, origin information is sent for POST requests for which the server might change state.
“If you’re a bank, you would check the request to make sure that it came from your own site and not from the attacker’s site,” explained Adam Barth, a software engineer for Chrome. That, he said, is where the origin information would come in handy.
In addition to CSRF protection, Google also added HTML 5’s PostMessage to help Website developers build more secure mashup applications.
“As we get into sites that try to do mashups and you take gadgets and interesting things from all over the place, so maybe there’s a cool little gadget that shows a bunch of ponies dancing around, and people like ponies so they want ponies on their Web page,” Chrome Product Manager Ian Fette said. “I might be fine with having ponies on my Web page, but I don’t want to give that gadget permission to muck around with my password … so the PostMessage API allows me to communicate with the ponies gadget … but it doesn’t actually give that gadget the ability to reach out and directly control the rest of my page.”
Google also followed in the footsteps of IE 8 with clickjacking protections and the ability to remove thumbnails from the New Tab page for added privacy.
When the browser was first launched in September 2008, Google tried to make a big splash about its security features, touting Chrome’s sandboxing of the rendering engine, for example. But the company also experienced a few challenges—the initial release of the browser used a vulnerable version of WebKit, and other vulnerabilities appeared as the security community took the browser for a test run.
Looking ahead, Google has said it has no immediate plans to add Website security zones as in Internet Explorer or to add the ability to disable JavaScript within the user interface. It is possible, however, to disable JavaScript through the command line if that seems to be a way to thwart attacks.
“Our approach with Google Chrome has been to make things as secure as possible by default without the user having to take any actions to go and configure settings,” Fette said.
Checklist: Establishing a Web Site
Posted by: webhostingtimes.com in Web Hosting News on April 2nd, 2009
Today’s information technologies are expanding at an astounding rate, with everyone going online. Establishing and maintaining a Web site for your business can be very useful to the future success of your business. The following guide provides basic procedural information and helpful hints for establishing a web site for your business.
* Choose an Internet Service Provider (ISP).
An ISP will provide you with an Internet account. Your Internet account should include e-mail access, the ability to access other computers, the ability to transfer files between networks, and server space for a Web site. Your ISP will charge you a monthly fee for its services.
* Select and Register a Domain Name or Universal Resource Locator (URL).
You should choose a name that represents your product and/or services and is easy to remember. We recomend using EZ DOMAIN NAME Before you decide on a name, a full trademark search should be done. On its Web site, www.uspto.gov, the U.S. Patent and Trademark Office has a free search tool for making limited searches of the federal register of trademarks. You can then search EZ DOMAIN NAME, to determine whether your desired URL is available.
* Design Your Web Site.
We recomend DWHS Web Hosting for this. Think about what you want to accomplish with your site. You can obtain ideas for your site by looking at the Web sites of your competitors. You can then design your site yourself or hire a Web design service or Internet consultant to design the site for you.
* Register Your Site With Different Search Engines.
* Inform Others About Your Site.
Include your URL on your letterhead, business cards, in all advertisements for the company, and in the Yellow Pages.
* Track the Visits to Your Site.
Log data software is available to record the number of hits your site receives. In addition, some ISPs provide access logs. You can ask visitors to your site to complete a questionnaire or to provide input as to your product or services.
* Keep Your Site Current.
No one likes outdated information. Make sure your site is updated.
Spam Volume Returns To Pre-McColo Levels
Posted by: webhostingtimes.com in ISP News on April 2nd, 2009
Spam volumes have finally returned to the same high levels seen prior to the November McColo ISP takedown, according to a Google Postini report.
Overall, the Google Postini spam report indicated that spam growth during the first quarter of 2009 was the strongest it had been in more than a year, increasing an average of 1.2 percent a day. The 2009 growth represented a slight increase over the first quarter of 2008, in which spam volume increased at a slightly slower rate of 1 percent per day.
Spam levels continued to rise steadily in 2008 before taking a nosedive in November of that year following the takedown of ISP McColo. Upstream providers disconnected from McColo after a security report emerged indicating that the ISP was reputed to host phishing, child pornography and malware sites.
Meanwhile, data suggest that spammers are adopting new strategies to prevent future McColo-type takedowns that would permanently disconnect them from their upstream providers. Specifically, the report states that recent spam trends indicate that spammers are building botnets that are more sophisticated but send out diminished total quantities of spam.
The most significant development in spam was the appearance of location-based spam, in which users click on an embedded link in a message and are subsequently directed to a Web site that contains a phony news headline describing a crisis or disaster in a major nearby city.
The attack, which appears legitimate due to its specificity, actually customizes the user’s location by determining the user’s source IP and then identifying the nearest major city. The phishing messages will often lure users with news of an area that has relevance to their home town and will often contain a video or malicious link that the user is instructed to open. However, once opened, the downloader will often contain malicious code designed to steal sensitive information and record keystrokes.
In addition, spammers are continuing to send out messages capitalizing on the weak economy, the credit crisis, widespread layoffs and resume help services. Spam also spiked near the presidential inauguration and St. Patrick’s Day — major news events and holidays that historically have generated higher-than-average Web traffic.
In malware trends, payload viruses — spam messages with attached viruses — have experienced a nine-fold increase between February and March 2009, according to the report. Google researchers say that one explanation for the uptick could be that spammers resorted to payload viruses after finding limited success with other kinds of targeted attacks.
In addition, viruses delivered from blended attacks — phishing messages sent via e-mail, which then redirect users to a malicious Web site to download malware — were also on the rise. E-cards, in particular, were a popular vehicle in blended threats, especially during Valentine’s Day this year, when users were more likely to open e-cards and other attachments sent from unknown sources.
Welcome to our new site
Posted by: webhostingtimes.com in Other, Web Hosting Times on February 6th, 2009
Hello,
Web Hosting Times has taken anew path. We will now be a directory for web hosting article submission and web hosting services. We will have a nominal fee to have any news or information about web hosting to be posted. We will also have a small fee for a permanent link to web hosting services, the link will be on every page of Web Hosting Times.
Article listing on Web Hosting Times: $25 one time for a permanent article listing.
Link listing on Web Hosting times: $50 one time for a permanent listing on all pages of Web Hosting Times.
DWHS Upgrades php to version 5
Posted by: webhostingtimes.com in Web Hosting News on April 12th, 2008
We are officially upgrading all servers to PHP5 as of 03-07-2007.
PHP5 has been in positive production levels for over three months and has been proven solid on our test servers.
This shouldn’t effect any scripts running unless the script is no being upgraded to standard php practices.
http://www.dwhswebhosting.com/hostingforum/viewtopic.php?t=6312
Thank you,
DWHS Inc.
DWHS Inc. partners with Tear2hosting
Posted by: webhostingtimes.com in Web Hosting News on May 5th, 2007
This merger will help both companies provide a better overall hosting solution. Look forward to increased support and back end solutions for better service.
http://www.dwhswebhosting.com/hostingforum/viewtopic.php?t=4966
Thank you,
DWHS Inc.
DWHS partners with Fantastico
Posted by: webhostingtimes.com in Web Hosting News on January 12th, 2007
DWHS is working on a long standing partnership with Fantastico. When finished DWHS Web Hosting will off all the free tools and software that comes with Fantastico for free!
For more details click here: Fantastico Web Hosting
Happy New Year!
Posted by: webhostingtimes.com in Web Hosting News on January 1st, 2007
DWHS Web Hosting sais Happy New Year! To kick things off we are raising our bandwidth limits, and we have added better flash tutorials, a new stats selector in cpanel x, and faster servers. We hope this is your best year yet. Thank you, DWHS Web Hosting
DWHS gets a new logo!
Posted by: webhostingtimes.com in Web Hosting News on January 12th, 2006
As you may of heard DWHS Has signed on logomatic to create new corperate logo. DWHS has used a text only logo for almost 4 years and decided to completely re-create a new one. Thanks to the feedback, voting, and the decisions of James, Charles, and Paul, the new logo has been chosen and put on the website already.
